ONYPHE
datascan ctl threatlist sniffer vulnscan riskscan

Returning 10 result(s) out of 7,858,095 in 0.315 second(s)

  • 122.19.52.235:8000 (tcp/http) - last seen on 2024-11-21 at 08:30:07 UTC

    • IP
      122.19.52.235
      Network
      122.16.0.0/12
      Domain(s)
      ocn.ne.jp
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://122.19.52.235:8000/ 200

      Reverse DNS
      p1194235-ipngn3802niigatani.niigata.ocn.ne.jp
      ASN
      AS4713
      Organization
      NTT Communications Corporation
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      lighttpd lighttpd 1.4.32
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      c38858d74df5b6a620b5cfe2d50b6b22
      HTTP Header MD5
      25fddd8ba30b2cf5c64dc2249a4b2317
      HTTP Body MD5
      f2b89e5374ba99a1f338f60894b36189
      Favicon MD5
      c002b931e14450e406e1ea733ff76047
      Favicon MMH3
      2107438913 
    • HTTP/1.1 200 OK
Content-Type: text/html
Accept-Ranges: bytes
ETag: "1774319342"
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 1072
Connection: close
Date: Thu, 21 Nov 2024 08:23:31 GMT
Server: lighttpd/1.4.32

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
<!-- proxyd need 'no-cache'.
     For example, at nk1080 home page, top link(i.e., index.html) is same to nvr home page.
-->
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate"/>
    <meta http-equiv="Pragma" content="no-cache"/>
    <meta http-equiv="Expires" content="0"/>
    <title></title>
</head>
<body>
    <script type="text/javascript" src="detect.min.js"></script>
    <script type="text/javascript">
        try{
            var ua = detect.parse(navigator.userAgent);
            if(ua.device.type !== 'Desktop'){
                window.location = './svc/mviewer.html';
            }else{
                if(ua.browser.family === 'IE'){
                    window.location = './main.htm';
                }else{
                    window.location = './wespjs/index.html';
                }
            }
        }catch(err){
            window.location = './main.html';
        }
       </script>
</body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:30:07.000Z",
   "app" : {
      "favicon" : {
         "image" : "AAABAAEAEBAQAAAAAAAoAQAAFgAAACgAAAAQAAAAIAAAAAEABAAAAAAAgAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAA/4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABERERERAAAAEREREREAAAARAAAAEQAAABEAAAARAAAAEQAAABEAAAARAAAAEQAAABEAAAARAAAAEQAAABEAAAARAAAAEQAAABEAAAARAAAAEREREREAAAAREREREQAAAAAAAAAAAAAAAAAAAAAAD//wAA//8AAOAHAADgBwAA5+cAAOfnAADn5wAA5+cAAOfnAADn5wAA5+cAAOfnAADgBwAA4AcAAP//AAD//wAA",
         "imagemd5" : "c002b931e14450e406e1ea733ff76047",
         "imagemmh3" : 2107438913,
         "length" : 318,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "f2b89e5374ba99a1f338f60894b36189",
         "bodymmh3" : 1033080940,
         "header" : [
            {
               "name" : "ETag",
               "value" : 1774319342
            },
            {
               "value" : "Thu, 01 Jan 1970 00:00:00 GMT",
               "name" : "Last-Modified"
            }
         ],
         "headermd5" : "25fddd8ba30b2cf5c64dc2249a4b2317",
         "headermmh3" : 1075227448
      },
      "length" : 1307
   },
   "asn" : "AS4713",
   "city" : "Iwaki",
   "country" : "JP",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nETag: \"1774319342\"\r\nLast-Modified: Thu, 01 Jan 1970 00:00:00 GMT\r\nContent-Length: 1072\r\nConnection: close\r\nDate: Thu, 21 Nov 2024 08:23:31 GMT\r\nServer: lighttpd/1.4.32\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n    <meta charset=\"utf-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n<!-- proxyd need 'no-cache'.\n     For example, at nk1080 home page, top link(i.e., index.html) is same to nvr home page.\n-->\n    <meta http-equiv=\"Cache-Control\" content=\"no-cache, no-store, must-revalidate\"/>\n    <meta http-equiv=\"Pragma\" content=\"no-cache\"/>\n    <meta http-equiv=\"Expires\" content=\"0\"/>\n    <title></title>\n</head>\n<body>\n    <script type=\"text/javascript\" src=\"detect.min.js\"></script>\n    <script type=\"text/javascript\">\n        try{\n            var ua = detect.parse(navigator.userAgent);\n            if(ua.device.type !== 'Desktop'){\n                window.location = './svc/mviewer.html';\n            }else{\n                if(ua.browser.family === 'IE'){\n                    window.location = './main.htm';\n                }else{\n                    window.location = './wespjs/index.html';\n                }\n            }\n        }catch(err){\n            window.location = './main.html';\n        }\n       </script>\n</body>\n</html>\n",
   "datamd5" : "c38858d74df5b6a620b5cfe2d50b6b22",
   "datammh3" : 1276921697,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "ocn.ne.jp"
   ],
   "geolocus" : {
      "asn" : "AS4713",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "JP",
      "countryname" : "Japan",
      "domain" : [
         "nic.ad.jp",
         "ocn.ad.jp",
         "ocn.ne.jp"
      ],
      "isineu" : "false",
      "latitude" : "36.204824",
      "location" : "36.204824,138.252924",
      "longitude" : "138.252924",
      "netname" : "OCN",
      "organization" : "NTT Communications Corporation",
      "subnet" : "122.16.0.0/12"
   },
   "host" : [
      "p1194235-ipngn3802niigatani"
   ],
   "hostname" : [
      "p1194235-ipngn3802niigatani.niigata.ocn.ne.jp"
   ],
   "ip" : "122.19.52.235",
   "ipv6" : "false",
   "latitude" : "37.0516",
   "location" : "37.0516,140.8816",
   "longitude" : "140.8816",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "NTT Communications Corporation",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8000,
   "product" : "lighttpd",
   "productvendor" : "lighttpd",
   "productversion" : "1.4.32",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "p1194235-ipngn3802niigatani.niigata.ocn.ne.jp"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "niigata.ocn.ne.jp"
   ],
   "subnet" : "122.16.0.0/12",
   "tld" : [
      "ne.jp"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 45.173.159.253:8000 (tcp/http) - last seen on 2024-11-21 at 08:30:07 UTC

    • IP
      45.173.159.253
      Network
      45.173.158.0/23
      Device

      <enterprise field>: device.class

      URL

      http://45.173.159.253:8000/accounts/login?next=/admin/ 200

      HTTP Title
      SGP
      ASN
      AS268816
      Organization
      TurboNet Luz
      Protocol
      http
      Source
      datascan::redirect::1
    • Product
      F5 Nginx 1.14.2
      HTTP Component(s)
      Bootstrap Bootstrap jQuery jQuery 3.3.1
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      9cb2232473cbecb186867bf140bed20f
      HTTP Header MD5
      65d018bed52b58301b555a5419e971d0
      HTTP Body MD5
      2fc41e50c37b74d21e85af691cd900e8 
    • HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 21 Nov 2024 08:30:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 3762
Connection: close
Vary: Cookie, Origin
Expires: Thu, 21 Nov 2024 08:30:07 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Set-Cookie: csrftoken=yVUrCjXPo8RMqzhUuPbaHnR7cyt8bG9oLaEzWo2Ot6m1Gc36gTR6P2TQ5zTp7Xov; expires=Thu, 20-Nov-2025 08:30:07 GMT; Max-Age=31449600; Path=/



<! DOCTYPE html>
<html>
  <head>
    <title>SGP</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="robots" content="noindex">
    <meta name="googlebot" content="noindex">
    <meta property="og:title" content="TurboNet Telecom">
<meta property="og:description" content="">
<meta property="og:image" itemprop="image" content="/public/logo/og/">
<meta property="og:updated_time" itemprop="image" content="2024-11-21T05:30:07+00:00">   
    
    <link rel="icon" href="/static/all/img/logo/favicon.png?v=4"/>
    <link rel="stylesheet" href="/static/bootstrap4/bootstrap.min.css">
    <link rel="stylesheet" href="/static/font/ioicon/css/open-iconic-bootstrap.min.css">
    <link rel="stylesheet" type="text/css" media="screen" href="/static/all/css/login_default.css?v=1"/>
    <link rel="stylesheet" type="text/css" media="screen" href="/static/all/css/login_default.css?v=14"/>    
  </head>
  <body>

  <div class="conten-wraper">
    <div class="container">
      <div class="row h-100">
        <div id="logo" class="d-none d-lg-block col-lg-6 align-self-center  cont" style="text-align:right">
        <img src="/static/all/img/logo/sgp-logo.svg?v=3"></div>
        <div id="login" class="col-12 col-lg-6 align-self-center cont" style="text-align:left;">
          <div class="d-block d-lg-none col-12" style="text-align:center;"><img style="max-width:90%" src="/static/all/img/logo/sgp-logo.svg?v=3"></img></div>
          <div class="col-12 form-cont" style="text-align:center;">   
              
                
                <form action="/accounts/login/" method="post" id="login-form">
                <input type='hidden' name='csrfmiddlewaretoken' value='4kxmetiN0zpqb74HM0iWUFncfSA13f6bhzhuyynM5xUFrKQTy4YS2kpV8T0iZwli' />
              <div class="form-row align-items-center">
              <div class="col-12">
                <label class="sr-only" for="inlineFormInputGroup">Usuário</label>
                <div class="input-group mb-2">
                <div class="input-group-prepend">
                  <div class="input-group-text"><span class="oi oi-person"></span></div>
                </div>
                <input type="text" id="id_username" autocomplete="off" name="username" class="form-control" id="inlineFormInputGroup" placeholder="Usuário" required>
                </div>
              </div>
              <div class="col-12">
                <label class="sr-only" for="inlineFormInputGroup">Senha</label>
                <div class="input-group mb-2">
                <div class="input-group-prepend">
                  <div class="input-group-text"><span class="oi oi-key"></span></div>
                </div>
                <input type="password" name="password" autocomplete="off" class="form-control" id="inlineFormInputGroup" placeholder="Senha" required>
                </div>
              </div>
              <div class="col-auto" id="YD4Yw">
                <input type="hidden" name="next" value="/admin/"/>
                <button type="submit" id="entrar" class="btn mb-2">Acessar</button>
              </div>
              </div>
            </form>
            
          </div>

        </div>
        <div class="col-12 footer" style="margin:auto;">
          <p class="text-center small" style="line-height:100%;padding-top: 50px;">&copy; 2024 TSMX.</p>
          <p class="text-center small" id="version" style="line-height:100%;padding-top: 50px;">Ver. 1.0.202L</p>
      </div>
    </div>
  </div>

  <script type="text/javascript">
      document.getElementById('id_username').focus()
  </script>
  
  <script src="/static/all/js/jquery-3.3.1.min.js" ></script>
  <script src="/static/bootstrap4/bootstrap.min.js"></script>
  </body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:30:07.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "2fc41e50c37b74d21e85af691cd900e8",
         "bodymmh3" : -1033312061,
         "component" : [
            {
               "product" : "Bootstrap",
               "productvendor" : "Bootstrap"
            },
            {
               "productversion" : "3.3.1",
               "productvendor" : "jQuery",
               "product" : "jQuery"
            }
         ],
         "headermd5" : "65d018bed52b58301b555a5419e971d0",
         "headermmh3" : 1334044603,
         "title" : "SGP"
      },
      "length" : 4199
   },
   "asn" : "AS268816",
   "city" : "Luz",
   "country" : "BR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nServer: nginx/1.14.2\r\nDate: Thu, 21 Nov 2024 08:30:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 3762\r\nConnection: close\r\nVary: Cookie, Origin\r\nExpires: Thu, 21 Nov 2024 08:30:07 GMT\r\nCache-Control: no-cache, no-store, must-revalidate, max-age=0\r\nSet-Cookie: csrftoken=yVUrCjXPo8RMqzhUuPbaHnR7cyt8bG9oLaEzWo2Ot6m1Gc36gTR6P2TQ5zTp7Xov; expires=Thu, 20-Nov-2025 08:30:07 GMT; Max-Age=31449600; Path=/\r\n\r\n\n\n<! DOCTYPE html>\n<html>\n  <head>\n    <title>SGP</title>\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <meta name=\"robots\" content=\"noindex\">\n    <meta name=\"googlebot\" content=\"noindex\">\n    <meta property=\"og:title\" content=\"TurboNet Telecom\">\n<meta property=\"og:description\" content=\"\">\n<meta property=\"og:image\" itemprop=\"image\" content=\"/public/logo/og/\">\n<meta property=\"og:updated_time\" itemprop=\"image\" content=\"2024-11-21T05:30:07+00:00\">   \n    \n    <link rel=\"icon\" href=\"/static/all/img/logo/favicon.png?v=4\"/>\n    <link rel=\"stylesheet\" href=\"/static/bootstrap4/bootstrap.min.css\">\n    <link rel=\"stylesheet\" href=\"/static/font/ioicon/css/open-iconic-bootstrap.min.css\">\n    <link rel=\"stylesheet\" type=\"text/css\" media=\"screen\" href=\"/static/all/css/login_default.css?v=1\"/>\n    <link rel=\"stylesheet\" type=\"text/css\" media=\"screen\" href=\"/static/all/css/login_default.css?v=14\"/>    \n  </head>\n  <body>\n\n  <div class=\"conten-wraper\">\n    <div class=\"container\">\n      <div class=\"row h-100\">\n        <div id=\"logo\" class=\"d-none d-lg-block col-lg-6 align-self-center  cont\" style=\"text-align:right\">\n        <img src=\"/static/all/img/logo/sgp-logo.svg?v=3\"></div>\n        <div id=\"login\" class=\"col-12 col-lg-6 align-self-center cont\" style=\"text-align:left;\">\n          <div class=\"d-block d-lg-none col-12\" style=\"text-align:center;\"><img style=\"max-width:90%\" src=\"/static/all/img/logo/sgp-logo.svg?v=3\"></img></div>\n          <div class=\"col-12 form-cont\" style=\"text-align:center;\">   \n              \n                \n                <form action=\"/accounts/login/\" method=\"post\" id=\"login-form\">\n                <input type='hidden' name='csrfmiddlewaretoken' value='4kxmetiN0zpqb74HM0iWUFncfSA13f6bhzhuyynM5xUFrKQTy4YS2kpV8T0iZwli' />\n              <div class=\"form-row align-items-center\">\n              <div class=\"col-12\">\n                <label class=\"sr-only\" for=\"inlineFormInputGroup\">Usu\u00e1rio</label>\n                <div class=\"input-group mb-2\">\n                <div class=\"input-group-prepend\">\n                  <div class=\"input-group-text\"><span class=\"oi oi-person\"></span></div>\n                </div>\n                <input type=\"text\" id=\"id_username\" autocomplete=\"off\" name=\"username\" class=\"form-control\" id=\"inlineFormInputGroup\" placeholder=\"Usu\u00e1rio\" required>\n                </div>\n              </div>\n              <div class=\"col-12\">\n                <label class=\"sr-only\" for=\"inlineFormInputGroup\">Senha</label>\n                <div class=\"input-group mb-2\">\n                <div class=\"input-group-prepend\">\n                  <div class=\"input-group-text\"><span class=\"oi oi-key\"></span></div>\n                </div>\n                <input type=\"password\" name=\"password\" autocomplete=\"off\" class=\"form-control\" id=\"inlineFormInputGroup\" placeholder=\"Senha\" required>\n                </div>\n              </div>\n              <div class=\"col-auto\" id=\"YD4Yw\">\n                <input type=\"hidden\" name=\"next\" value=\"/admin/\"/>\n                <button type=\"submit\" id=\"entrar\" class=\"btn mb-2\">Acessar</button>\n              </div>\n              </div>\n            </form>\n            \n          </div>\n\n        </div>\n        <div class=\"col-12 footer\" style=\"margin:auto;\">\n          <p class=\"text-center small\" style=\"line-height:100%;padding-top: 50px;\">&copy; 2024 TSMX.</p>\n          <p class=\"text-center small\" id=\"version\" style=\"line-height:100%;padding-top: 50px;\">Ver. 1.0.202L</p>\n      </div>\n    </div>\n  </div>\n\n  <script type=\"text/javascript\">\n      document.getElementById('id_username').focus()\n  </script>\n  \n  <script src=\"/static/all/js/jquery-3.3.1.min.js\" ></script>\n  <script src=\"/static/bootstrap4/bootstrap.min.js\"></script>\n  </body>\n</html>\n",
   "datamd5" : "9cb2232473cbecb186867bf140bed20f",
   "datammh3" : -1905278105,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "forward" : "45.173.159.253",
   "geolocus" : {
      "asn" : "AS268816",
      "continent" : "SA",
      "continentname" : "South America",
      "country" : "BR",
      "countryname" : "Brazil",
      "domain" : [
         "cert.br",
         "gmail.com"
      ],
      "isineu" : "false",
      "latitude" : "-14.235004",
      "location" : "-14.235004,-51.92528",
      "longitude" : "-51.92528",
      "netname" : "12.489.132/0001-08",
      "organization" : "TurboNet Luz",
      "subnet" : "45.173.158.0/23"
   },
   "hostname" : [
      "45.173.159.253"
   ],
   "ip" : "45.173.159.253",
   "ipv6" : "false",
   "latitude" : "-19.8432",
   "location" : "-19.8432,-45.6783",
   "longitude" : "-45.6783",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "TurboNet Luz",
   "port" : 8000,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.14.2",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-21",
   "source" : "datascan::redirect::1",
   "status" : 200,
   "subnet" : "45.173.158.0/23",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/accounts/login?next=/admin/"
}

  • 69.118.27.160:8000 (tcp/http) - last seen on 2024-11-21 at 08:30:05 UTC

    • IP
      69.118.27.160
      Network
      69.118.0.0/15
      Domain(s)
      optonline.net
      Device

      <enterprise field>: device.class <enterprise field>: device.productvendor <enterprise field>: device.product

      Operating System
      Linux Linux Kernel
      URL

      http://69.118.27.160:8000/ 200

      Reverse DNS
      ool-45761ba0.dyn.optonline.net
      ASN
      AS6128
      Organization
      CABLE-NET-1
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      Hikvision DNVRS-Webs
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      e82a3964b99e429aec97a280b364fa96
      HTTP Header MD5
      86854ed3749a913afa00a67025516a4d
      HTTP Body MD5
      13b8369f911fb613be01e0f8564c9b79
      Favicon MD5
      89b932fcc47cf4ca3faadb0cfdef89cf
      Favicon MMH3
      999357577 
    • HTTP/1.1 200 OK
Date: Thu, 21 Nov 2024 03:23:50 GMT
Server: DNVRS-Webs
ETag: "0-176a-1e0"
Content-Length: 480
Content-Type: text/html
Connection: close
Last-Modified: Tue, 09 May 2017 03:44:40 GMT

<!doctype html>
<html>
<head>
	<title></title>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta http-equiv="X-UA-Compatible" content="IE=edge" >
	<meta http-equiv="Pragma" content="no-cache" />
	<meta http-equiv="Cache-Control" content="no-cache, must-revalidate" />
	<meta http-equiv="Expires" content="0" />
</head>
<body>
</body>
<script>
	window.location.href = "/doc/page/login.asp?_" + (new Date()).getTime();
</script>
</html>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:30:05.000Z",
   "app" : {
      "favicon" : {
         "image" : "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkJCSYJCQksmQkJL/kJCS/5CQkv+QkJL/kJCS/5CQkv+QkJL/kJCS/5CQkv+QkJL/kJCS25CQknIAAAAAkpKUb6Cgov/ExMr/0tLY/9LS2P/S0tj/0tLY/9LS2P/S0tj/0tLY/9LS2P/S0tj/0tLY/8nJzv+np6r/kpKUkJWVlti/v8D/xsbI/8bGyP/CwsT/jo6Q/11dXv8vLy//KCgp/1FRUv+OjpD/wMDC/8bGyP/Gxsj/xcXH/5iYmf+YmJn/x8fI/8fHyP/Dw8T/aGhp/xISEv8HBwf/FxcV/x4eHP8JCQn/CAgI/z09Pf/CwsL/x8fI/8fHyP+goKH/m5ud/8jIyf/IyMn/kJCQ/xEREf8YGBf/R0dG/2BgZf9/fYT/pqaj/1paVf8CAgL/X19g/8jIyf/IyMn/o6Ol/5+fof/Kysv/w8PD/yEgIf8XFxf/NDQ0/ygpLP8SECj/Cwk5/0VEdP+rqLT/b3Fs/wAAAP+jo6T/ysrL/6enqP+ioqT/zMzN/4ODhP8TExP/IiIi/wwNDf8AAAD/AAAm/ywpcP8rKW//JiNp/5eWnP8sLCn/OTk6/8zMzf+pqav/pqao/8/Pz/9ZWVn/Ghoa/xUUE/8mIA7/FxQQ/wAAMP9xbb3/jYnQ/wsLTP9CQWP/UFBK/wUFBf/Pz8//ra2v/6urrf/T09T/XV1d/xsbHv8iHxL/s5tV/0E4H/9wY0L/LSg1/wICPv8AADD/Hx5C/0pKRv8HBwb/09PU/7KytP+vr7H/3t7f/4iIif8nJyv/FhQL/8etXf+mkU7/V04y/y0pF/8AAAD/AAAM/ycmNP80NDP/Kysr/97e3/+3t7n/srK0/+Pj5P/Fxcb/SkpL/wMFBf+WgkT/07Vj/6+WUv9HPSH/BQQA/wUFBf82Njb/FRUU/4qKi//j4+T/u7u8/7a2uP/o6Or/6Ojq/4+Pj/84ODv/AAAA/415Qf+xmFT/SD4i/wYFBf8dHR3/JiYm/ysrK//l5ef/6Ojq/7+/wf+5ubz/7u7w/+7u8P/p6ev/l5eY/z9AQf8JCw7/AAAC/wcHCP8XFxf/Hx8f/0tLTP/f3+D/7u7w/+7u8P/CwsX/vLy/2+vr7f/z8/X/8/P1//Pz9f/ExMb/hYWG/0xMTv8/QUH/aGho/6Ojpf/z8/X/8/P1//Pz9f/y8vT/wMDD/7+/wXLNzc//7u7x//b2+f/29vn/9vb5//b2+f/29vn/9vb5//b2+f/29vn/9vb5//b2+f/x8fT/1NTX/7+/wZAAAAAAwcHDcsHBw9vBwcP/wcHD/8HBw//BwcP/wcHD/8HBw//BwcP/wcHD/8HBw//BwcP/wcHD6sHBw4EAAAAAgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAEAAA==",
         "imagemd5" : "89b932fcc47cf4ca3faadb0cfdef89cf",
         "imagemmh3" : 999357577,
         "length" : 1150,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "13b8369f911fb613be01e0f8564c9b79",
         "bodymmh3" : 1400196417,
         "header" : [
            {
               "value" : "0-176a-1e0",
               "name" : "ETag"
            },
            {
               "name" : "Last-Modified",
               "value" : "Tue, 09 May 2017 03:44:40 GMT"
            }
         ],
         "headermd5" : "86854ed3749a913afa00a67025516a4d",
         "headermmh3" : 959668794
      },
      "length" : 687
   },
   "asn" : "AS6128",
   "city" : "Great Neck",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nDate: Thu, 21 Nov 2024 03:23:50 GMT\r\nServer: DNVRS-Webs\r\nETag: \"0-176a-1e0\"\r\nContent-Length: 480\r\nContent-Type: text/html\r\nConnection: close\r\nLast-Modified: Tue, 09 May 2017 03:44:40 GMT\r\n\r\n\ufeff<!doctype html>\r\n<html>\r\n<head>\r\n\t<title></title>\r\n\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\r\n\t<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" >\r\n\t<meta http-equiv=\"Pragma\" content=\"no-cache\" />\r\n\t<meta http-equiv=\"Cache-Control\" content=\"no-cache, must-revalidate\" />\r\n\t<meta http-equiv=\"Expires\" content=\"0\" />\r\n</head>\r\n<body>\r\n</body>\r\n<script>\r\n\twindow.location.href = \"/doc/page/login.asp?_\" + (new Date()).getTime();\r\n</script>\r\n</html>",
   "datamd5" : "e82a3964b99e429aec97a280b364fa96",
   "datammh3" : -426968316,
   "device" : {
      "class" : "<enterprise field>: device.class",
      "product" : "<enterprise field>: device.product",
      "productvendor" : "<enterprise field>: device.productvendor"
   },
   "domain" : [
      "optonline.net"
   ],
   "geolocus" : {
      "asn" : "AS6128",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "alticeusa.com",
         "optonline.net"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "OOL-CPE-WRWKNY-69-112-0-0-22",
      "organization" : "Optimum Online",
      "subnet" : "69.112.0.0/12"
   },
   "host" : [
      "ool-45761ba0"
   ],
   "hostname" : [
      "ool-45761ba0.dyn.optonline.net"
   ],
   "ip" : "69.118.27.160",
   "ipv6" : "false",
   "latitude" : "40.7890",
   "location" : "40.7890,-73.7262",
   "longitude" : "-73.7262",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CABLE-NET-1",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8000,
   "product" : "DNVRS-Webs",
   "productvendor" : "Hikvision",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "ool-45761ba0.dyn.optonline.net"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "dyn.optonline.net"
   ],
   "subnet" : "69.118.0.0/15",
   "tld" : [
      "net"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 184.191.227.186:8000 (tcp/http) - last seen on 2024-11-21 at 08:29:39 UTC

    • IP
      184.191.227.186
      Network
      184.191.224.0/19
      Domain(s)
      cox.net
      Device

      <enterprise field>: device.class

      Operating System
      FreeBSD FreeBSD
      URL

      http://184.191.227.186:8000/ 303

      Reverse DNS
      wsip-184-191-227-186.fv.ks.cox.net
      ASN
      AS22773
      Organization
      ASN-CXA-ALL-CCI-22773-RDC
      Protocol
      http
      Source
      datascan
    • Operating System
      FreeBSD FreeBSD
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      4975be841dedf769d587b80e3df68777
      HTTP Header MD5
      d7c693398e793e8dd83b7a14c2e50f03
      HTTP Body MD5
      d41d8cd98f00b204e9800998ecf8427e 
    • HTTP/1.1 303 OK
SS-UUID: AZbKKVDhcllmhNR6PehH
Content-Length: 0
Location: /reload.html
Keep-Alive: timeout=20, max=100
Connection: Keep-Alive


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:29:39.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "d7c693398e793e8dd83b7a14c2e50f03",
         "headermmh3" : -1330905381
      },
      "length" : 150
   },
   "asn" : "AS22773",
   "city" : "Rogers",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 303 OK\r\nSS-UUID: AZbKKVDhcllmhNR6PehH\r\nContent-Length: 0\r\nLocation: /reload.html\r\nKeep-Alive: timeout=20, max=100\r\nConnection: Keep-Alive\r\n\r\n",
   "datamd5" : "4975be841dedf769d587b80e3df68777",
   "datammh3" : 604384771,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cox.net"
   ],
   "geolocus" : {
      "asn" : "AS22773",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "cox.com",
         "cox.net"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "NETBLK-AR-CBS-184-191-224-0",
      "organization" : "Cox Communications Inc.",
      "subnet" : "184.191.224.0/19"
   },
   "host" : [
      "wsip-184-191-227-186"
   ],
   "hostname" : [
      "wsip-184-191-227-186.fv.ks.cox.net"
   ],
   "ip" : "184.191.227.186",
   "ipv6" : "false",
   "latitude" : "36.3170",
   "location" : "36.3170,-94.1568",
   "longitude" : "-94.1568",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "ASN-CXA-ALL-CCI-22773-RDC",
   "os" : "FreeBSD",
   "osvendor" : "FreeBSD",
   "port" : 8000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "wsip-184-191-227-186.fv.ks.cox.net"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 303,
   "subdomains" : [
      "fv.ks.cox.net",
      "ks.cox.net"
   ],
   "subnet" : "184.191.224.0/19",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 1.248.254.201:8000 (tcp/http) - last seen on 2024-11-21 at 08:29:36 UTC

    • IP
      1.248.254.201
      Network
      1.248.224.0/19
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://1.248.254.201:8000/ 301

      ASN
      AS9318
      Organization
      SK Broadband Co Ltd
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      lighttpd lighttpd
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      f98d9b99809f729e1d42183124f34931
      HTTP Header MD5
      1a61c8a17e7f452ddf9aa4eb4746c804
      HTTP Body MD5
      d41d8cd98f00b204e9800998ecf8427e 
    • HTTP/1.1 301 Moved Permanently
Via: CAC/1.16
Date: Thu, 21 Nov 2024 08:29:35 GMT
Content-Length: 0
Connection: close
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store, no-cache, must-revalidate, private
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
X-Download-Options: noopen
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self';object-src 'none';connect-src 'self' ws: wss:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval'; img-src 'self' blob:;frame-ancestors 'self';font-src 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Cache-Status: BYPASS
Server: lighttpd
Keep-Alive: timeout=10


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:29:36.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "1a61c8a17e7f452ddf9aa4eb4746c804",
         "headermmh3" : 1678358474
      },
      "length" : 784
   },
   "asn" : "AS9318",
   "city" : "Gwangjin-gu",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 301 Moved Permanently\r\nVia: CAC/1.16\r\nDate: Thu, 21 Nov 2024 08:29:35 GMT\r\nContent-Length: 0\r\nConnection: close\r\nContent-Encoding: gzip\r\nX-Frame-Options: SAMEORIGIN\r\nCache-Control: no-store, no-cache, must-revalidate, private\r\nPragma: no-cache\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nX-Permitted-Cross-Domain-Policies: master-only\r\nX-Download-Options: noopen\r\nReferrer-Policy: no-referrer\r\nContent-Security-Policy: default-src 'self';object-src 'none';connect-src 'self' ws: wss:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval'; img-src 'self' blob:;frame-ancestors 'self';font-src 'self'\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Cache-Status: BYPASS\r\nServer: lighttpd\r\nKeep-Alive: timeout=10\r\n\r\n",
   "datamd5" : "f98d9b99809f729e1d42183124f34931",
   "datammh3" : -674269032,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS9318",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "nic.or.kr",
         "skbroadband.com"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "broadNnet",
      "organization" : "SK Broadband Co Ltd",
      "subnet" : "1.248.224.0/19"
   },
   "ip" : "1.248.254.201",
   "ipv6" : "false",
   "latitude" : "37.5409",
   "location" : "37.5409,127.0762",
   "longitude" : "127.0762",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "SK Broadband Co Ltd",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8000,
   "product" : "lighttpd",
   "productvendor" : "lighttpd",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved Permanently",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 301,
   "subnet" : "1.248.224.0/19",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 220.86.99.84:8000 (tcp/http) - last seen on 2024-11-21 at 08:29:35 UTC

    • IP
      220.86.99.84
      Network
      220.86.0.0/16
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://220.86.99.84:8000/ 200

      HTTP Title
      HCMSActiveX Viewer
      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      094bc93e2f61d16b562e139aaec0d29c
      HTTP Header MD5
      ba860b3caca90736d63774a542763ca1
      HTTP Body MD5
      8f19f39e50fc1dc9aab5d79f727447ca 
    • HTTP/1.0 200 OK
Content-type: text/html
Date: Thu, 21 Nov 2024 08:29:34 GMT
Connection: close
Accept-Ranges: bytes
Last-Modified: Wed, 09 Dec 2015 07:14:08 GMT
Content-length: 776

<html>
<head>
<title>HCMSActiveX Viewer</title>
<script language="JavaScript">
<!--
function start()
{
	var href = document.URL.split("//");
	var host;
	if (href.length > 1) {
		host = href[1].split("/")[0];
	} else {
		host = href[0].split("/")[0];
	}

	host = host.split(":");

	var address = host[0];
	var port = 80;
	if (host.length > 1) {
		port = Number(host[1]);
	} else {
		port = 80;
	}

	HCMSActiveX.Connect(address, port);
}

function stop()
{
	HCMSActiveX.Disconnect();
}
//-->
</script>
</head>
<body onload="start()" onUnload="stop()">
<object id="HCMSActiveX"
	width=1050 height=700
	classid="clsid:91B34397-1200-4BCA-BC91-8B3D12BE75C2"
	codebase="http://www.eznetdns.com/HCMSActiveX/v0.2.0.10602/HCMSActiveX.cab#version=0,2,0,10602">
</object>
</body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:29:35.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "eznetdns.com"
         ],
         "hostname" : [
            "www.eznetdns.com"
         ],
         "url" : [
            "http://www.eznetdns.com/HCMSActiveX/v0.2.0.10602/HCMSActiveX.cab"
         ]
      },
      "http" : {
         "bodymd5" : "8f19f39e50fc1dc9aab5d79f727447ca",
         "bodymmh3" : 434931466,
         "header" : [
            {
               "name" : "Last-Modified",
               "value" : "Wed, 09 Dec 2015 07:14:08 GMT"
            }
         ],
         "headermd5" : "ba860b3caca90736d63774a542763ca1",
         "headermmh3" : -1517608690,
         "title" : "HCMSActiveX Viewer"
      },
      "length" : 965
   },
   "asn" : "AS4766",
   "city" : "Seoul",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.0 200 OK\r\nContent-type: text/html\r\nDate: Thu, 21 Nov 2024 08:29:34 GMT\r\nConnection: close\r\nAccept-Ranges: bytes\r\nLast-Modified: Wed, 09 Dec 2015 07:14:08 GMT\r\nContent-length: 776\r\n\r\n<html>\n<head>\n<title>HCMSActiveX Viewer</title>\n<script language=\"JavaScript\">\n<!--\nfunction start()\n{\n\tvar href = document.URL.split(\"//\");\n\tvar host;\n\tif (href.length > 1) {\n\t\thost = href[1].split(\"/\")[0];\n\t} else {\n\t\thost = href[0].split(\"/\")[0];\n\t}\n\n\thost = host.split(\":\");\n\n\tvar address = host[0];\n\tvar port = 80;\n\tif (host.length > 1) {\n\t\tport = Number(host[1]);\n\t} else {\n\t\tport = 80;\n\t}\n\n\tHCMSActiveX.Connect(address, port);\n}\n\nfunction stop()\n{\n\tHCMSActiveX.Disconnect();\n}\n//-->\n</script>\n</head>\n<body onload=\"start()\" onUnload=\"stop()\">\n<object id=\"HCMSActiveX\"\n\twidth=1050 height=700\n\tclassid=\"clsid:91B34397-1200-4BCA-BC91-8B3D12BE75C2\"\n\tcodebase=\"http://www.eznetdns.com/HCMSActiveX/v0.2.0.10602/HCMSActiveX.cab#version=0,2,0,10602\">\n</object>\n</body>\n</html>\n",
   "datamd5" : "094bc93e2f61d16b562e139aaec0d29c",
   "datammh3" : -454962935,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "220.86.0.0/16"
   },
   "ip" : "220.86.99.84",
   "ipv6" : "false",
   "latitude" : "37.5794",
   "location" : "37.5794,126.9754",
   "longitude" : "126.9754",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8000,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "OK",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "220.86.0.0/16",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 121.189.64.25:8000 (tcp/unknown) - last seen on 2024-11-21 at 08:29:35 UTC

    • IP
      121.189.64.25
      Network
      121.189.0.0/17
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      0be7cf1cb0272a004715f2ce7f9c9383 
    • !I\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000000\x00\x00\x00\x00!D\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x000000\x00\x00\x00\x00
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:29:35.000Z",
   "app" : {
      "length" : 64
   },
   "asn" : "AS4766",
   "city" : "Jung-gu",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "!I\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000000\\x00\\x00\\x00\\x00!D\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x000000\\x00\\x00\\x00\\x00",
   "datamd5" : "0be7cf1cb0272a004715f2ce7f9c9383",
   "datammh3" : 185673041,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "121.189.64.0/18"
   },
   "ip" : "121.189.64.25",
   "ipv6" : "false",
   "latitude" : "37.4676",
   "location" : "37.4676,126.6200",
   "longitude" : "126.6200",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8000,
   "protocol" : "unknown",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "121.189.0.0/17",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 194.55.83.34:8000 (tcp/http) - last seen on 2024-11-21 at 08:29:34 UTC

    • IP
      194.55.83.34
      Network
      194.55.80.0/22
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://194.55.83.34:8000/ 400

      HTTP Title
      ERROR: The requested URL could not be retrieved
      ASN
      AS48095
      Organization
      Xt Global Networks Ltd.
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      squid-cache Squid 3.1.23
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      749454d45eb985e3897ced7611484280
      HTTP Header MD5
      12869e4b45feff8e545f5524bc50b4d8
      HTTP Body MD5
      e835c5c7c29d31ce89d1c804c8a1b6a5 
    • HTTP/1.0 400 Bad Request
Server: squid/3.1.23
Mime-Version: 1.0
Date: Thu, 21 Nov 2024 07:44:16 GMT
Content-Type: text/html
Content-Length: 3129
X-Squid-Error: ERR_INVALID_URL 0
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css"><!--   /*
 Stylesheet for Squid Error pages
 Adapted from design by Free CSS Templates
 http://www.freecsstemplates.org
 Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
* {
	font-family: verdana, sans-serif;
}

html body {
	margin: 0;
	padding: 0;
	background: #efefef;
	font-size: 12px;
	color: #1e1e1e;
}

/* Page displayed title area */
#titles {
	margin-left: 15px;
	padding: 10px;
	padding-left: 100px;
	background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
	color: #000000;
}
#titles h2 {
	color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
	background-color:#00ff00;
	width:100%;
}

/* Page displayed body content area */
#content {
	padding: 10px;
	background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
    font-family:sans-serif;
}

/* special event: FTP / Gopher directory listing */
#dirmsg {
    font-family: courier;
    color: black;
    font-size: 10pt;
}
#dirlisting {
    margin-left: 2%;
    margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
    border-bottom: groove;
}
#dirlisting td.size {
    width: 50px;
    text-align: right;
    padding-right: 5px;
}

/* horizontal lines */
hr {
	margin: 0;
}

/* page displayed footer area */
#footer {
	font-size: 9px;
	padding-left: 10px;
}
  body :lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; } :lang(he) { direction: rtl; }  --></style> </head><body id=ERR_INVALID_URL> <div id="titles"> <h1>ERROR</h1> <h2>The requested URL could not be retrieved</h2> </div> <hr>  <div id="content"> <p>The following error was encountered while trying to retrieve the URL: <a href="/">/</a></p>  <blockquote id="error"> <p><b>Invalid URL</b></p> </blockquote>  <p>Some aspect of the requested URL is incorrect.</p>  <p>Some possible problems are:</p> <ul> <li><p>Missing or incorrect access protocol (should be <q>http://</q> or similar)</p></li> <li><p>Missing hostname</p></li> <li><p>Illegal double-escape in the URL-Path</p></li> <li><p>Illegal character in hostname; underscores are not allowed.</p></li> </ul>  <p>Your cache administrator is <a href="mailto:root?subject=CacheErrorInfo%20-%20ERR_INVALID_URL&amp;body=CacheHost%3A%20host%0D%0AErrPage%3A%20ERR_INVALID_URL%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Thu,%2021%20Nov%202024%2007%3A44%3A16%20GMT%0D%0A%0D%0AClientIP%3A%20<srcip>%0D%0A%0D%0AHTTP%20Request%3A%0D%0A%0D%0A%0D%0A">root</a>.</p> <br> </div>  <hr> <div id="footer"> <p>Generated Thu, 21 Nov 2024 07:44:16 GMT by host (squid/3.1.23)</p> <!-- ERR_INVALID_URL --> </div> </body></html> 
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:29:34.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org",
            "squid-cache.org",
            "freecsstemplates.org"
         ],
         "hostname" : [
            "www.freecsstemplates.org",
            "www.squid-cache.org",
            "www.w3.org"
         ],
         "url" : [
            "http://www.freecsstemplates.org",
            "http://www.squid-cache.org/Artwork/SN.png",
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "e835c5c7c29d31ce89d1c804c8a1b6a5",
         "bodymmh3" : 1588391140,
         "headermd5" : "12869e4b45feff8e545f5524bc50b4d8",
         "headermmh3" : -1219788060,
         "title" : "ERROR: The requested URL could not be retrieved"
      },
      "length" : 3330
   },
   "asn" : "AS48095",
   "country" : "RO",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.0 400 Bad Request\r\nServer: squid/3.1.23\r\nMime-Version: 1.0\r\nDate: Thu, 21 Nov 2024 07:44:16 GMT\r\nContent-Type: text/html\r\nContent-Length: 3129\r\nX-Squid-Error: ERR_INVALID_URL 0\r\nConnection: close\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\"> <html><head> <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"> <title>ERROR: The requested URL could not be retrieved</title> <style type=\"text/css\"><!--   /*\n Stylesheet for Squid Error pages\n Adapted from design by Free CSS Templates\n http://www.freecsstemplates.org\n Released for free under a Creative Commons Attribution 2.5 License\n*/\n\n/* Page basics */\n* {\n\tfont-family: verdana, sans-serif;\n}\n\nhtml body {\n\tmargin: 0;\n\tpadding: 0;\n\tbackground: #efefef;\n\tfont-size: 12px;\n\tcolor: #1e1e1e;\n}\n\n/* Page displayed title area */\n#titles {\n\tmargin-left: 15px;\n\tpadding: 10px;\n\tpadding-left: 100px;\n\tbackground: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;\n}\n\n/* initial title */\n#titles h1 {\n\tcolor: #000000;\n}\n#titles h2 {\n\tcolor: #000000;\n}\n\n/* special event: FTP success page titles */\n#titles ftpsuccess {\n\tbackground-color:#00ff00;\n\twidth:100%;\n}\n\n/* Page displayed body content area */\n#content {\n\tpadding: 10px;\n\tbackground: #ffffff;\n}\n\n/* General text */\np {\n}\n\n/* error brief description */\n#error p {\n}\n\n/* some data which may have caused the problem */\n#data {\n}\n\n/* the error message received from the system or other software */\n#sysmsg {\n}\n\npre {\n    font-family:sans-serif;\n}\n\n/* special event: FTP / Gopher directory listing */\n#dirmsg {\n    font-family: courier;\n    color: black;\n    font-size: 10pt;\n}\n#dirlisting {\n    margin-left: 2%;\n    margin-right: 2%;\n}\n#dirlisting tr.entry td.icon,td.filename,td.size,td.date {\n    border-bottom: groove;\n}\n#dirlisting td.size {\n    width: 50px;\n    text-align: right;\n    padding-right: 5px;\n}\n\n/* horizontal lines */\nhr {\n\tmargin: 0;\n}\n\n/* page displayed footer area */\n#footer {\n\tfont-size: 9px;\n\tpadding-left: 10px;\n}\n  body :lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; } :lang(he) { direction: rtl; }  --></style> </head><body id=ERR_INVALID_URL> <div id=\"titles\"> <h1>ERROR</h1> <h2>The requested URL could not be retrieved</h2> </div> <hr>  <div id=\"content\"> <p>The following error was encountered while trying to retrieve the URL: <a href=\"/\">/</a></p>  <blockquote id=\"error\"> <p><b>Invalid URL</b></p> </blockquote>  <p>Some aspect of the requested URL is incorrect.</p>  <p>Some possible problems are:</p> <ul> <li><p>Missing or incorrect access protocol (should be <q>http://</q> or similar)</p></li> <li><p>Missing hostname</p></li> <li><p>Illegal double-escape in the URL-Path</p></li> <li><p>Illegal character in hostname; underscores are not allowed.</p></li> </ul>  <p>Your cache administrator is <a href=\"mailto:root?subject=CacheErrorInfo%20-%20ERR_INVALID_URL&amp;body=CacheHost%3A%20host%0D%0AErrPage%3A%20ERR_INVALID_URL%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Thu,%2021%20Nov%202024%2007%3A44%3A16%20GMT%0D%0A%0D%0AClientIP%3A%20<srcip>%0D%0A%0D%0AHTTP%20Request%3A%0D%0A%0D%0A%0D%0A\">root</a>.</p> <br> </div>  <hr> <div id=\"footer\"> <p>Generated Thu, 21 Nov 2024 07:44:16 GMT by host (squid/3.1.23)</p> <!-- ERR_INVALID_URL --> </div> </body></html> ",
   "datamd5" : "749454d45eb985e3897ced7611484280",
   "datammh3" : 994761238,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS48095",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "elitework.com",
         "xtglobal.vg"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "ELITEWORK-LLC",
      "organization" : "EliteWork LLC",
      "subnet" : "194.55.80.0/22"
   },
   "ip" : "194.55.83.34",
   "ipv6" : "false",
   "latitude" : "45.9968",
   "location" : "45.9968,24.9970",
   "longitude" : "24.9970",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Xt Global Networks Ltd.",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8000,
   "product" : "Squid",
   "productvendor" : "squid-cache",
   "productversion" : "3.1.23",
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "194.55.80.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 84.9.114.255:8000 (tcp/http) - last seen on 2024-11-21 at 08:29:34 UTC

    • IP
      84.9.114.255
      Network
      84.9.0.0/16
      Domain(s)
      vodafonexdsl.co.uk
      Device

      <enterprise field>: device.class

      URL

      http://84.9.114.255:8000/ 400

      HTTP Title
      400 Bad Request !!!
      Reverse DNS
      static-84-9-114-255.vodafonexdsl.co.uk
      ASN
      AS25310
      Organization
      Vodafone Limited
      Protocol
      http
      Source
      datascan

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      a0145c3f0ea65118caaecbb3a5695e31
      HTTP Header MD5
      0bf268499d721bbdb4337d678dbe8498
      HTTP Body MD5
      87f8e74e1699a0b6a3b4a25004a1aec7 
    • HTTP/1.0 400 Bad Request
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-type: text/html

<html>
  <head>
  <title>400 Bad Request !!!</title>
  </head>
<body>

<div align="center"><center>
<table border="1" cellspacing="0" width="100%">
  <tr>
    <td width="100%" bgcolor="#0000A0">
    <p align="center"><font color="#FFFFFF" face="Arial">
    <strong>400 Bad Request !!!</strong></font></td>
  </tr>
  <tr>
    <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080">
    <p align="center"><font face="Times New Romain" color="#000000">
    <strong>Your client sent a query that this server could not understand.</strong></font></td>
  </tr>
</table>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:29:34.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "87f8e74e1699a0b6a3b4a25004a1aec7",
         "bodymmh3" : 209370846,
         "headermd5" : "0bf268499d721bbdb4337d678dbe8498",
         "headermmh3" : -751588747,
         "title" : "400 Bad Request !!!"
      },
      "length" : 715
   },
   "asn" : "AS25310",
   "city" : "Camden",
   "country" : "GB",
   "data" : "HTTP/1.0 400 Bad Request\r\nCache-Control: no-cache, no-store, must-revalidate\r\nPragma: no-cache\r\nContent-type: text/html\r\n\r\n<html>\n  <head>\n  <title>400 Bad Request !!!</title>\n  </head>\n<body>\n\n<div align=\"center\"><center>\n<table border=\"1\" cellspacing=\"0\" width=\"100%\">\n  <tr>\n    <td width=\"100%\" bgcolor=\"#0000A0\">\n    <p align=\"center\"><font color=\"#FFFFFF\" face=\"Arial\">\n    <strong>400 Bad Request !!!</strong></font></td>\n  </tr>\n  <tr>\n    <td width=\"100%\" bgcolor=\"#F3F3F3\" bordercolor=\"#000080\" bordercolordark=\"#000080\">\n    <p align=\"center\"><font face=\"Times New Romain\" color=\"#000000\">\n    <strong>Your client sent a query that this server could not understand.</strong></font></td>\n  </tr>\n</table>\n",
   "datamd5" : "a0145c3f0ea65118caaecbb3a5695e31",
   "datammh3" : -1580115444,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "vodafonexdsl.co.uk"
   ],
   "host" : [
      "static-84-9-114-255"
   ],
   "hostname" : [
      "static-84-9-114-255.vodafonexdsl.co.uk"
   ],
   "ip" : "84.9.114.255",
   "ipv6" : "false",
   "latitude" : "51.5435",
   "location" : "51.5435,-0.1733",
   "longitude" : "-0.1733",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Vodafone Limited",
   "port" : 8000,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Bad Request",
   "reverse" : [
      "static-84-9-114-255.vodafonexdsl.co.uk"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "84.9.0.0/16",
   "tld" : [
      "co.uk"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 45.129.205.221:8000 (tcp/socks4a) - last seen on 2024-11-21 at 08:29:34 UTC

    • IP
      45.129.205.221
      Network
      45.129.204.0/22
      Operating System
      Linux Linux Kernel
      ASN
      AS49505
      Organization
      JSC Selectel
      Protocol
      socks4a
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      d0667d77071710c716b7978296e1b49e 
    • \x00[\x00\x00\x00\x00\x00\x00
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:29:34.000Z",
   "app" : {
      "length" : 8
   },
   "asn" : "AS49505",
   "country" : "RU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "\\x00[\\x00\\x00\\x00\\x00\\x00\\x00",
   "datamd5" : "d0667d77071710c716b7978296e1b49e",
   "datammh3" : -971970408,
   "geolocus" : {
      "asn" : "AS55933",
      "continent" : "OC",
      "continentname" : "Oceania",
      "country" : "AU",
      "countryname" : "Australia",
      "domain" : [
         "apnic.net"
      ],
      "isineu" : "false",
      "latitude" : "-25.274398",
      "location" : "-25.274398,133.775136",
      "longitude" : "133.775136",
      "netname" : "IANA-NETBLOCK-45",
      "organization" : "This network range is not fully allocated to APNIC.",
      "subnet" : "45.0.0.0/8"
   },
   "ip" : "45.129.205.221",
   "ipv6" : "false",
   "latitude" : "55.7386",
   "location" : "55.7386,37.6068",
   "longitude" : "37.6068",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "JSC Selectel",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8000,
   "protocol" : "socks4a",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "45.129.204.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp"
}