ONYPHE
datascan ctl threatlist sniffer vulnscan riskscan

Returning 10 result(s) out of 43,687 in 0.052 second(s)

  • 63.40.235.229:6668 (tcp/unknown) - last seen on 2024-11-21 at 08:53:00 UTC

    • IP
      63.40.235.229
      Network
      63.40.0.0/15
      Domain(s)
      myvzw.com
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      Reverse DNS
      host229.sub-63-40-235.myvzw.com
      ASN
      AS6167
      Organization
      CELLCO-PART
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      dc2d9cdab814eb46c5bdb1e3d83ad5d1 
    • \x1b\x1a\x05\x00\x00
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:53:00.000Z",
   "app" : {
      "length" : 5
   },
   "asn" : "AS6167",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "\\x1b\\x1a\\x05\\x00\\x00",
   "datamd5" : "dc2d9cdab814eb46c5bdb1e3d83ad5d1",
   "datammh3" : -1105511214,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "myvzw.com"
   ],
   "geolocus" : {
      "asn" : "AS6167",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "myvzw.com",
         "verizon.com",
         "verizon.net",
         "verizonbusiness.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "NETBLK-UUNET97DU",
      "organization" : "Verizon Business",
      "subnet" : "63.40.0.0/13"
   },
   "host" : [
      "host229"
   ],
   "hostname" : [
      "host229.sub-63-40-235.myvzw.com"
   ],
   "ip" : "63.40.235.229",
   "ipv6" : "false",
   "latitude" : "39.2909",
   "location" : "39.2909,-76.6096",
   "longitude" : "-76.6096",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CELLCO-PART",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 6668,
   "protocol" : "unknown",
   "reverse" : [
      "host229.sub-63-40-235.myvzw.com"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subdomains" : [
      "sub-63-40-235.myvzw.com"
   ],
   "subnet" : "63.40.0.0/15",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 178.218.118.145:6668 (tcp/http) - last seen on 2024-11-21 at 08:52:59 UTC

    • IP
      178.218.118.145
      Network
      178.218.112.0/20
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://178.218.118.145:6668/ 200

      ASN
      AS49403
      Organization
      AVK-Wellcom Ltd.
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      F5 Nginx
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      6f1d995ad1e612af69a1f1dc48de85af
      HTTP Header MD5
      02a88d0b55d926fb60eeacd022b3c97e
      HTTP Body MD5
      19ce80ad916050c19153c60cf2c04363 
    • HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Nov 2024 08:52:58 GMT
Transfer-Encoding: chunked
Connection: close
Cache-control: no-store

e8
<!DOCTYPE html>
<html>
  <script type="text/javascript">
    var uri = location.pathname + location.search + location.hash;
    var URL = 'https://' + location.hostname + ':5001' + uri;
    location.replace(URL);
  </script>
</html>
0


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:52:59.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "19ce80ad916050c19153c60cf2c04363",
         "bodymmh3" : -2028702394,
         "headermd5" : "02a88d0b55d926fb60eeacd022b3c97e",
         "headermmh3" : 675713311
      },
      "length" : 386
   },
   "asn" : "AS49403",
   "country" : "RU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 21 Nov 2024 08:52:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: close\r\nCache-control: no-store\r\n\r\ne8\r\n<!DOCTYPE html>\n<html>\n  <script type=\"text/javascript\">\n    var uri = location.pathname + location.search + location.hash;\n    var URL = 'https://' + location.hostname + ':5001' + uri;\n    location.replace(URL);\n  </script>\n</html>\r\n0\r\n\r\n",
   "datamd5" : "6f1d995ad1e612af69a1f1dc48de85af",
   "datammh3" : -288649625,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS49403",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "RU",
      "countryname" : "Russia",
      "domain" : [
         "avk-wellcom.com",
         "avk-wellcom.ru"
      ],
      "isineu" : "false",
      "latitude" : "61.52401",
      "location" : "61.52401,105.318756",
      "longitude" : "105.318756",
      "netname" : "AVK-WELLCOM-NET",
      "organization" : "AVK-Wellcom Ltd.",
      "subnet" : "178.218.112.0/20"
   },
   "ip" : "178.218.118.145",
   "ipv6" : "false",
   "latitude" : "55.7386",
   "location" : "55.7386,37.6068",
   "longitude" : "37.6068",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AVK-Wellcom Ltd.",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 6668,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "178.218.112.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 65.215.106.85:6668 (tcp/http) - last seen on 2024-11-21 at 08:52:58 UTC

    • IP
      65.215.106.85
      Network
      65.215.104.0/21
      Device

      <enterprise field>: device.class

      URL

      http://65.215.106.85:6668/ 407

      HTTP Title
      407 Proxy Authentication Required
      ASN
      AS701
      Organization
      UUNET
      Protocol
      http
      Source
      datascan

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      bbdd0ef18ac1bb935546f899a9c15b82
      HTTP Header MD5
      7b6af4d669f1735012ccbd9b5f402335
      HTTP Body MD5
      d0733a01623260995e3203769289c13f 
    • HTTP/1.0 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="proxy"
Connection: close
Content-type: text/html; charset=utf-8

<html><head><title>407 Proxy Authentication Required</title></head>
<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:52:58.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d0733a01623260995e3203769289c13f",
         "bodymmh3" : -533483165,
         "headermd5" : "7b6af4d669f1735012ccbd9b5f402335",
         "headermmh3" : 1023953321,
         "realm" : "proxy",
         "title" : "407 Proxy Authentication Required"
      },
      "length" : 401
   },
   "asn" : "AS701",
   "city" : "Queens",
   "country" : "US",
   "data" : "HTTP/1.0 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"proxy\"\r\nConnection: close\r\nContent-type: text/html; charset=utf-8\r\n\r\n<html><head><title>407 Proxy Authentication Required</title></head>\r\n<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>\r\n",
   "datamd5" : "bbdd0ef18ac1bb935546f899a9c15b82",
   "datammh3" : 709695866,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS701",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "verizon.com",
         "verizon.net",
         "verizonbusiness.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "UU-65-215-104",
      "organization" : "Verizon Business",
      "subnet" : "65.215.104.0/21"
   },
   "ip" : "65.215.106.85",
   "ipv6" : "false",
   "latitude" : "40.7247",
   "location" : "40.7247,-73.8957",
   "longitude" : "-73.8957",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "UUNET",
   "port" : 6668,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Proxy Authentication Required",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 407,
   "subnet" : "65.215.104.0/21",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 12.189.149.74:6668 (tcp/http) - last seen on 2024-11-21 at 08:52:56 UTC

    • IP
      12.189.149.74
      Network
      12.189.149.0/24
      Device

      <enterprise field>: device.class

      URL

      http://12.189.149.74:6668/ 407

      HTTP Title
      407 Proxy Authentication Required
      ASN
      AS7018
      Organization
      ATT-INTERNET4
      Protocol
      http
      Source
      datascan

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      bbdd0ef18ac1bb935546f899a9c15b82
      HTTP Header MD5
      7b6af4d669f1735012ccbd9b5f402335
      HTTP Body MD5
      d0733a01623260995e3203769289c13f 
    • HTTP/1.0 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="proxy"
Connection: close
Content-type: text/html; charset=utf-8

<html><head><title>407 Proxy Authentication Required</title></head>
<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:52:56.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d0733a01623260995e3203769289c13f",
         "bodymmh3" : -533483165,
         "headermd5" : "7b6af4d669f1735012ccbd9b5f402335",
         "headermmh3" : 1023953321,
         "realm" : "proxy",
         "title" : "407 Proxy Authentication Required"
      },
      "length" : 401
   },
   "asn" : "AS7018",
   "city" : "Boxborough",
   "country" : "US",
   "data" : "HTTP/1.0 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"proxy\"\r\nConnection: close\r\nContent-type: text/html; charset=utf-8\r\n\r\n<html><head><title>407 Proxy Authentication Required</title></head>\r\n<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>\r\n",
   "datamd5" : "bbdd0ef18ac1bb935546f899a9c15b82",
   "datammh3" : 709695866,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS7018",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "att.com",
         "att.net"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "PROXYWOW93-149",
      "organization" : "AT&T Services, Inc.",
      "subnet" : "12.189.149.0/24"
   },
   "ip" : "12.189.149.74",
   "ipv6" : "false",
   "latitude" : "42.4852",
   "location" : "42.4852,-71.5211",
   "longitude" : "-71.5211",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "ATT-INTERNET4",
   "port" : 6668,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Proxy Authentication Required",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 407,
   "subnet" : "12.189.149.0/24",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 46.38.231.43:6668 (tcp/unknown) - last seen on 2024-11-21 at 08:52:34 UTC

    • IP
      46.38.231.43
      Network
      46.38.224.0/19
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      ASN
      AS197540
      Organization
      netcup GmbH
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      68b329da9893e34099c7d8ad5cb9c940 
    • 

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:52:34.000Z",
   "app" : {
      "length" : 1
   },
   "asn" : "AS197540",
   "city" : "Nuremberg",
   "country" : "DE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "\n",
   "datamd5" : "68b329da9893e34099c7d8ad5cb9c940",
   "datammh3" : -1840324437,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "ip" : "46.38.231.43",
   "ipv6" : "false",
   "latitude" : "49.4423",
   "location" : "49.4423,11.0191",
   "longitude" : "11.0191",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "netcup GmbH",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 6668,
   "protocol" : "unknown",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "46.38.224.0/19",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 102.165.5.66:6668 (tcp/http) - last seen on 2024-11-21 at 08:52:33 UTC

    • IP
      102.165.5.66
      Network
      102.165.5.0/24
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://102.165.5.66:6668/ 407

      ASN
      AS61317
      Organization
      Hivelocity LLC
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      a3c163caff2b5ede401bd97e6eaec7a0
      HTTP Header MD5
      301b287c0ec9681166665a260d42ad42
      HTTP Body MD5
      d41d8cd98f00b204e9800998ecf8427e 
    • HTTP/1.1 407 Proxy Authentication Required
Content-Length: 0
Proxy-Authenticate: Basic realm="Proxy"
Connection: close


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:52:33.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "301b287c0ec9681166665a260d42ad42",
         "headermmh3" : 1246278672,
         "realm" : "Proxy"
      },
      "length" : 125
   },
   "asn" : "AS61317",
   "city" : "London",
   "country" : "GB",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 407 Proxy Authentication Required\r\nContent-Length: 0\r\nProxy-Authenticate: Basic realm=\"Proxy\"\r\nConnection: close\r\n\r\n",
   "datamd5" : "a3c163caff2b5ede401bd97e6eaec7a0",
   "datammh3" : -992123332,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS61317",
      "continent" : "AF",
      "continentname" : "Africa",
      "country" : "ZA",
      "countryname" : "South Africa",
      "domain" : [
         "ipxo.com"
      ],
      "isineu" : "false",
      "latitude" : "-30.559482",
      "location" : "-30.559482,22.937506",
      "longitude" : "22.937506",
      "netname" : "AQUA-Networks-Limited",
      "organization" : "AQUA Networks Ltd.",
      "subnet" : "102.165.5.0/24"
   },
   "ip" : "102.165.5.66",
   "ipv6" : "false",
   "latitude" : "51.5074",
   "location" : "51.5074,-0.1196",
   "longitude" : "-0.1196",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Hivelocity LLC",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 6668,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Proxy Authentication Required",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 407,
   "subnet" : "102.165.5.0/24",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 50.230.241.85:6668 (tcp/http) - last seen on 2024-11-21 at 08:52:32 UTC

    • IP
      50.230.241.85
      Network
      50.230.240.0/23
      Device

      <enterprise field>: device.class

      URL

      http://50.230.241.85:6668/ 407

      HTTP Title
      407 Proxy Authentication Required
      ASN
      AS7015
      Organization
      COMCAST-7015
      Protocol
      http
      Source
      datascan

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      bbdd0ef18ac1bb935546f899a9c15b82
      HTTP Header MD5
      7b6af4d669f1735012ccbd9b5f402335
      HTTP Body MD5
      d0733a01623260995e3203769289c13f 
    • HTTP/1.0 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="proxy"
Connection: close
Content-type: text/html; charset=utf-8

<html><head><title>407 Proxy Authentication Required</title></head>
<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:52:32.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d0733a01623260995e3203769289c13f",
         "bodymmh3" : -533483165,
         "headermd5" : "7b6af4d669f1735012ccbd9b5f402335",
         "headermmh3" : 1023953321,
         "realm" : "proxy",
         "title" : "407 Proxy Authentication Required"
      },
      "length" : 401
   },
   "asn" : "AS7015",
   "country" : "US",
   "data" : "HTTP/1.0 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"proxy\"\r\nConnection: close\r\nContent-type: text/html; charset=utf-8\r\n\r\n<html><head><title>407 Proxy Authentication Required</title></head>\r\n<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>\r\n",
   "datamd5" : "bbdd0ef18ac1bb935546f899a9c15b82",
   "datammh3" : 709695866,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS7015",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "comcast.com",
         "comcast.net"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "CCCH3-4",
      "organization" : "Comcast Cable Communications, LLC",
      "subnet" : "50.230.240.0/23"
   },
   "ip" : "50.230.241.85",
   "ipv6" : "false",
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "COMCAST-7015",
   "port" : 6668,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Proxy Authentication Required",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 407,
   "subnet" : "50.230.240.0/23",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 211.83.6.92:6668 (tcp/http) - last seen on 2024-11-21 at 08:52:00 UTC

    • IP
      211.83.6.92
      Network
      211.80.0.0/13
      Device

      <enterprise field>: device.class

      URL

      http://211.83.6.92:6668/ 200

      ASN
      AS4538
      Organization
      China Education and Research Network Center
      Protocol
      http
      Source
      datascan
    • Product
      Apache HTTP Server
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      ee36497e74f3bb24c9f273cf63a7a0f1
      HTTP Header MD5
      97eb73c41d2d1f332d0a4ddd4c85c3de
      HTTP Body MD5
      8ac46d7676552fc7798a02e57db02aeb 
    • HTTP/1.1 200 ok
Server: Apache
Content-Length:  220
Cache-Control: no-cache
Connection: close

<script>top.self.location.href='http://211.83.41.225/eportal/index.jsp?wlanuserip=<srcip>&wlanacname=NAS&ssid=Ruijie&nasip=10.100.100.114&mac=000000000000&t=wireless-v2-plain&url=http://<ip>:6668/'</script>


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:52:00.000Z",
   "app" : {
      "extract" : {
         "ip" : [
            "10.100.100.114",
            "211.83.41.225"
         ],
         "url" : [
            "http://211.83.41.225/eportal/index.jsp?wlanuserip="
         ]
      },
      "http" : {
         "bodymd5" : "8ac46d7676552fc7798a02e57db02aeb",
         "bodymmh3" : -23074341,
         "headermd5" : "97eb73c41d2d1f332d0a4ddd4c85c3de",
         "headermmh3" : -1266196829
      },
      "length" : 311
   },
   "asn" : "AS4538",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 ok\r\nServer: Apache\r\nContent-Length:  220\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<script>top.self.location.href='http://211.83.41.225/eportal/index.jsp?wlanuserip=<srcip>&wlanacname=NAS&ssid=Ruijie&nasip=10.100.100.114&mac=000000000000&t=wireless-v2-plain&url=http://<ip>:6668/'</script>\r\n\r\n",
   "datamd5" : "ee36497e74f3bb24c9f273cf63a7a0f1",
   "datammh3" : -1404635226,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4538",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "211.in-addr.arpa",
         "apnic.net",
         "cernet.edu.cn",
         "scut.edu.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "CERNET",
      "organization" : "China Education and Research Network",
      "subnet" : "211.80.0.0/13"
   },
   "ip" : "211.83.6.92",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "China Education and Research Network Center",
   "port" : 6668,
   "product" : "HTTP Server",
   "productvendor" : "Apache",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "ok",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "211.80.0.0/13",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 162.255.213.122:6668 (tcp/http) - last seen on 2024-11-21 at 08:52:00 UTC

    • IP
      162.255.213.122
      Network
      162.255.212.0/23
      Device

      <enterprise field>: device.class

      URL

      http://162.255.213.122:6668/ 407

      HTTP Title
      407 Proxy Authentication Required
      ASN
      AS7018
      Organization
      ATT-INTERNET4
      Protocol
      http
      Source
      datascan

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      bbdd0ef18ac1bb935546f899a9c15b82
      HTTP Header MD5
      7b6af4d669f1735012ccbd9b5f402335
      HTTP Body MD5
      d0733a01623260995e3203769289c13f 
    • HTTP/1.0 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="proxy"
Connection: close
Content-type: text/html; charset=utf-8

<html><head><title>407 Proxy Authentication Required</title></head>
<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:52:00.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d0733a01623260995e3203769289c13f",
         "bodymmh3" : -533483165,
         "headermd5" : "7b6af4d669f1735012ccbd9b5f402335",
         "headermmh3" : 1023953321,
         "realm" : "proxy",
         "title" : "407 Proxy Authentication Required"
      },
      "length" : 401
   },
   "asn" : "AS7018",
   "city" : "Boston",
   "country" : "US",
   "data" : "HTTP/1.0 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"proxy\"\r\nConnection: close\r\nContent-type: text/html; charset=utf-8\r\n\r\n<html><head><title>407 Proxy Authentication Required</title></head>\r\n<body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>\r\n",
   "datamd5" : "bbdd0ef18ac1bb935546f899a9c15b82",
   "datammh3" : 709695866,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS7018",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "CA",
      "countryname" : "Canada",
      "domain" : [
         "xnstg.com"
      ],
      "isineu" : "false",
      "latitude" : "56.130366",
      "location" : "56.130366,-106.346771",
      "longitude" : "-106.346771",
      "netname" : "XNS-TECHNOLOGY-GROUP-INC-1",
      "organization" : "XNS Technology Group Inc.",
      "subnet" : "162.255.212.0/23"
   },
   "ip" : "162.255.213.122",
   "ipv6" : "false",
   "latitude" : "42.3611",
   "location" : "42.3611,-71.0518",
   "longitude" : "-71.0518",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "ATT-INTERNET4",
   "port" : 6668,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Proxy Authentication Required",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 407,
   "subnet" : "162.255.212.0/23",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 4.49.74.7:6668 (tcp/http) - last seen on 2024-11-21 at 08:51:55 UTC

    • IP
      4.49.74.7
      Network
      4.48.0.0/13
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://4.49.74.7:6668/ 400

      HTTP Title
      400 Bad Request
      ASN
      AS3356
      Organization
      LEVEL3
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      Apache HTTP Server 2.4.57
      HTTP Component(s)
      OpenSSL OpenSSL 3.0.7
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      6e99d4c57f5c379b14f155d108dd158a
      HTTP Header MD5
      f353cd0bbb3511f7ebf3a301176c3936
      HTTP Body MD5
      6efda5878ab25f4f28a89bbb3f9fa41c 
    • HTTP/1.1 400 Bad Request
Date: Thu, 21 Nov 2024 08:51:55 GMT
Server: Apache/2.4.57 (Rocky Linux) OpenSSL/3.0.7
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:51:55.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "6efda5878ab25f4f28a89bbb3f9fa41c",
         "bodymmh3" : -645452522,
         "component" : [
            {
               "product" : "OpenSSL",
               "productversion" : "3.0.7",
               "productvendor" : "OpenSSL"
            }
         ],
         "headermd5" : "f353cd0bbb3511f7ebf3a301176c3936",
         "headermmh3" : -1265109031,
         "title" : "400 Bad Request"
      },
      "length" : 627
   },
   "asn" : "AS3356",
   "city" : "San Marcos",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nDate: Thu, 21 Nov 2024 08:51:55 GMT\r\nServer: Apache/2.4.57 (Rocky Linux) OpenSSL/3.0.7\r\nStrict-Transport-Security: max-age=15552000; includeSubDomains\r\nContent-Length: 362\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\nReason: You're speaking plain HTTP to an SSL-enabled server port.<br />\n Instead use the HTTPS scheme to access this URL, please.<br />\n</p>\n</body></html>\n",
   "datamd5" : "6e99d4c57f5c379b14f155d108dd158a",
   "datammh3" : 87742596,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS3356",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "centurylink.com",
         "level3.com",
         "lumen.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "LVLT-ORG-4-8",
      "organization" : "Level 3 Parent, LLC",
      "subnet" : "4.48.0.0/14"
   },
   "ip" : "4.49.74.7",
   "ipv6" : "false",
   "latitude" : "29.8737",
   "location" : "29.8737,-97.9361",
   "longitude" : "-97.9361",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "LEVEL3",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 6668,
   "product" : "HTTP Server",
   "productvendor" : "Apache",
   "productversion" : "2.4.57",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "4.48.0.0/13",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}