Cyber Defense Search Engine

IP
36.103.237.205

Network
36.103.128.0/17

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://36.103.237.205:8001/ 400

HTTP Title
400 The plain HTTP request was sent to HTTPS port

ASN
AS134761

Organization
CHINANET NINGXIA province ZHONGWEI IDC network

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

Product
OpenResty OpenResty

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
147daef0dbc1c3621880e5b317d5ab7a

HTTP Header MD5
d3081c05b8dffa80a3518cad609641f3

HTTP Body MD5
b918f8b3770dc1158b467b0dd192e59e

HTTP/1.1 400 Bad Request
Server: openresty
Date: Thu, 21 Nov 2024 08:46:35 GMT
Content-Type: text/html
Content-Length: 252
Connection: close
Request-Id: edcd673ef36b24676386efdf0a98ec4e

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>openresty</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:46:35.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "b918f8b3770dc1158b467b0dd192e59e",
         "bodymmh3" : 1280153115,
         "headermd5" : "d3081c05b8dffa80a3518cad609641f3",
         "headermmh3" : -857391477,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 447
   },
   "asn" : "AS134761",
   "city" : "Shenzhen",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: openresty\r\nDate: Thu, 21 Nov 2024 08:46:35 GMT\r\nContent-Type: text/html\r\nContent-Length: 252\r\nConnection: close\r\nRequest-Id: edcd673ef36b24676386efdf0a98ec4e\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "147daef0dbc1c3621880e5b317d5ab7a",
   "datammh3" : 515578823,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS134761",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "chinatelecom.cn",
         "yc.nx.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "CHINANET-NX",
      "organization" : "CHINANET ningxia province network",
      "subnet" : "36.103.128.0/17"
   },
   "ip" : "36.103.237.205",
   "ipv6" : "false",
   "latitude" : "22.5559",
   "location" : "22.5559,114.0577",
   "longitude" : "114.0577",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CHINANET NINGXIA province ZHONGWEI IDC network",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8001,
   "product" : "OpenResty",
   "productvendor" : "OpenResty",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "36.103.128.0/17",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
125.66.90.158

Network
125.66.0.0/16

Domain(s)
163data.com.cn

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://125.66.90.158:8001/ 302

HTTP Title
302 Found

Reverse DNS
158.90.66.125.broad.zg.sc.dynamic.163data.com.cn

ASN
AS4134

Organization
Chinanet

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

Product
F5 Nginx

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
4b3c004cabe3a80fd6c1bebb82f06e27

HTTP Header MD5
0bd7db05e9d45334f3f4e2bfa926cad2

HTTP Body MD5
4fbd4661f0b77fefa9dcb08a33780d26

HTTP/1.1 302 Moved Temporarily
Date: Thu, 21 Nov 2024 08:46:34 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
Server: Nginx
Expires: 0
Pragma: no-cache
Cache-Control: no-cache
X-LANG: 1
X-Timezone: 0800
X-Timestamp: 1732178794
X-Arch: x86
X-Sysbit: x64
X-Enterprise: 0
X-Support-i18n: 0
X-Support-wifi: 0
X-Default-IP: 0
Location: /login

<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>Nginx</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:46:34.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "4fbd4661f0b77fefa9dcb08a33780d26",
         "bodymmh3" : -46274005,
         "headermd5" : "0bd7db05e9d45334f3f4e2bfa926cad2",
         "headermmh3" : -1570433545,
         "title" : "302 Found"
      },
      "length" : 516
   },
   "asn" : "AS4134",
   "city" : "Chengdu",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 302 Moved Temporarily\r\nDate: Thu, 21 Nov 2024 08:46:34 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: close\r\nServer: Nginx\r\nExpires: 0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nX-LANG: 1\r\nX-Timezone: 0800\r\nX-Timestamp: 1732178794\r\nX-Arch: x86\r\nX-Sysbit: x64\r\nX-Enterprise: 0\r\nX-Support-i18n: 0\r\nX-Support-wifi: 0\r\nX-Default-IP: 0\r\nLocation: /login\r\n\r\n<html>\r\n<head><title>302 Found</title></head>\r\n<body>\r\n<center><h1>302 Found</h1></center>\r\n<hr><center>Nginx</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "4b3c004cabe3a80fd6c1bebb82f06e27",
   "datammh3" : 960892958,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "163data.com.cn"
   ],
   "geolocus" : {
      "asn" : "AS4134",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "163data.com.cn",
         "189.cn",
         "chinatelecom.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "CHINANET-SC",
      "organization" : "CHINANET Sichuan province network",
      "subnet" : "125.66.0.0/16"
   },
   "host" : [
      158
   ],
   "hostname" : [
      "158.90.66.125.broad.zg.sc.dynamic.163data.com.cn"
   ],
   "ip" : "125.66.90.158",
   "ipv6" : "false",
   "latitude" : "30.6498",
   "location" : "30.6498,104.0555",
   "longitude" : "104.0555",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Chinanet",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8001,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved Temporarily",
   "reverse" : [
      "158.90.66.125.broad.zg.sc.dynamic.163data.com.cn"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 302,
   "subdomains" : [
      "90.66.125.broad.zg.sc.dynamic.163data.com.cn",
      "zg.sc.dynamic.163data.com.cn",
      "125.broad.zg.sc.dynamic.163data.com.cn",
      "sc.dynamic.163data.com.cn",
      "dynamic.163data.com.cn",
      "66.125.broad.zg.sc.dynamic.163data.com.cn",
      "broad.zg.sc.dynamic.163data.com.cn"
   ],
   "subnet" : "125.66.0.0/16",
   "tld" : [
      "com.cn"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
182.233.161.195

Alternative IP(s)
199.59.243.227

Network
182.233.0.0/16

Domain(s)
kbtelecom.net

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://182.233.161.195:8001/ 401

Reverse DNS
host-195.161-233-182.cable.dynamic.kbtelecom.net

ASN
AS9416

Organization
Hoshin Multimedia Center Inc.

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
808f66ab501e79b3789dc0d423eb1b06

HTTP Header MD5
272103ab69d40e8f5e5ce9eadf61cec7

HTTP Body MD5
3a1f4b7764a0f93bc15e4b6ad48ab365

HTTP/1.0 401 Unauthorized
content-type: application/json; charset=utf-8
content-length: 29

<html><body>401</body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:46:32.000Z",
   "alternativeip" : [
      "199.59.243.227"
   ],
   "app" : {
      "http" : {
         "bodymd5" : "3a1f4b7764a0f93bc15e4b6ad48ab365",
         "bodymmh3" : -628519605,
         "headermd5" : "272103ab69d40e8f5e5ce9eadf61cec7",
         "headermmh3" : 1164768797
      },
      "length" : 125
   },
   "asn" : "AS9416",
   "city" : "Keelung",
   "country" : "TW",
   "data" : "HTTP/1.0 401 Unauthorized\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 29\r\n\r\n<html><body>401</body></html>",
   "datamd5" : "808f66ab501e79b3789dc0d423eb1b06",
   "datammh3" : 640875992,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "kbtelecom.net"
   ],
   "geolocus" : {
      "asn" : "AS9416",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "TW",
      "countryname" : "Taiwan",
      "domain" : [
         "homeplus.net.tw",
         "kbtelecom.net"
      ],
      "isineu" : "false",
      "latitude" : "23.69781",
      "location" : "23.69781,120.960515",
      "longitude" : "120.960515",
      "netname" : "HOSHIN-MULTIMEDIA",
      "organization" : "Hoshin Multimedia Center Inc.",
      "subnet" : "182.233.0.0/16"
   },
   "host" : [
      "host-195"
   ],
   "hostname" : [
      "host-195.161-233-182.cable.dynamic.kbtelecom.net"
   ],
   "ip" : "182.233.161.195",
   "ipv6" : "false",
   "latitude" : "25.1322",
   "location" : "25.1322,121.7420",
   "longitude" : "121.7420",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Hoshin Multimedia Center Inc.",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8001,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Unauthorized",
   "reverse" : [
      "host-195.161-233-182.cable.dynamic.kbtelecom.net"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 401,
   "subdomains" : [
      "161-233-182.cable.dynamic.kbtelecom.net",
      "cable.dynamic.kbtelecom.net",
      "dynamic.kbtelecom.net"
   ],
   "subnet" : "182.233.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
204.242.248.98

Network
204.242.240.0/20

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://204.242.248.98:8001/ 407

ASN
AS6079

Organization
RCN-AS

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
beff904528226673ee6dbdb9e7fe6002

HTTP Header MD5
4bd5a82db187fbf06a2b7f25b880c717

HTTP Body MD5
917a0ae17b6e9db13c448d39f37c69ca

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm=""

Proxy Authentication Required

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:46:31.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "917a0ae17b6e9db13c448d39f37c69ca",
         "bodymmh3" : -1539650452,
         "headermd5" : "4bd5a82db187fbf06a2b7f25b880c717",
         "headermmh3" : 372433470
      },
      "length" : 111
   },
   "asn" : "AS6079",
   "city" : "Ashburn",
   "country" : "US",
   "data" : "HTTP/1.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"\"\r\n\r\nProxy Authentication Required",
   "datamd5" : "beff904528226673ee6dbdb9e7fe6002",
   "datammh3" : 501879459,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS6079",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "cogentco.com",
         "northerncablefiber.com",
         "rackdog.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "NORTHERN-CABLE",
      "organization" : "NORTHERN CABLE AND FIBER, LLC",
      "subnet" : "204.242.224.0/19"
   },
   "ip" : "204.242.248.98",
   "ipv6" : "false",
   "latitude" : "39.0469",
   "location" : "39.0469,-77.4903",
   "longitude" : "-77.4903",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "RCN-AS",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8001,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Proxy Authentication Required",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 407,
   "subnet" : "204.242.240.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
213.176.53.251

Network
213.176.32.0/19

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://213.176.53.251:8001/ 400

HTTP Title
400 The plain HTTP request was sent to HTTPS port

ASN
AS142578

Organization
E-Large HongKong

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
3b40fcd13ec4c48698cf15e0d2ba5977

HTTP Header MD5
7de09592d0cc3062011d73fa292680b0

HTTP Body MD5
77bd43987adf27926b335fbe22b67813

HTTP/1.1 400 Bad Request
Server: WAF
Date: Thu, 21 Nov 2024 08:46:27 GMT
Content-Type: text/html
Content-Length: 262
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>WAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:46:28.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "77bd43987adf27926b335fbe22b67813",
         "bodymmh3" : -2135056736,
         "headermd5" : "7de09592d0cc3062011d73fa292680b0",
         "headermmh3" : 780147341,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 405
   },
   "asn" : "AS142578",
   "country" : "US",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: WAF\r\nDate: Thu, 21 Nov 2024 08:46:27 GMT\r\nContent-Type: text/html\r\nContent-Length: 262\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>WAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "3b40fcd13ec4c48698cf15e0d2ba5977",
   "datammh3" : 401141661,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS35372",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "IR",
      "countryname" : "Iran",
      "domain" : [
         "irost.org"
      ],
      "isineu" : "false",
      "latitude" : "32.427908",
      "location" : "32.427908,53.688046",
      "longitude" : "53.688046",
      "netname" : "IR-IROST-19991208",
      "organization" : "Iranian Research Organization for Science & Technology",
      "subnet" : "213.176.0.0/17"
   },
   "ip" : "213.176.53.251",
   "ipv6" : "false",
   "latitude" : "34.0544",
   "location" : "34.0544,-118.2440",
   "longitude" : "-118.2440",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "E-Large HongKong",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8001,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "213.176.32.0/19",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
45.33.75.98

Network
45.33.64.0/20

Domain(s)
linodeusercontent.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://45.33.75.98:8001/ 403

Reverse DNS
45-33-75-98.ip.linodeusercontent.com

ASN
AS63949

Organization
Akamai Connected Cloud

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
294c66799bd7926b0fc53c46c5720db6

HTTP Header MD5
543e6b0e0bafe492b1c91ae42dc3f7d6

HTTP Body MD5
862ccdb877441b4a22a3b785150e6676

HTTP/1.1 403 Forbidden
Content-Type: text/plain; charset=utf-8
Content-Length: 14
Date: Thu, 21 Nov 2024 08:46:27 GMT
Server: Python/3.11 aiohttp/3.10.0
Connection: close

403: Forbidden

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:46:28.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "862ccdb877441b4a22a3b785150e6676",
         "bodymmh3" : -598614536,
         "headermd5" : "543e6b0e0bafe492b1c91ae42dc3f7d6",
         "headermmh3" : 577361787
      },
      "length" : 193
   },
   "asn" : "AS63949",
   "city" : "Cedar Knolls",
   "country" : "US",
   "data" : "HTTP/1.1 403 Forbidden\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 14\r\nDate: Thu, 21 Nov 2024 08:46:27 GMT\r\nServer: Python/3.11 aiohttp/3.10.0\r\nConnection: close\r\n\r\n403: Forbidden",
   "datamd5" : "294c66799bd7926b0fc53c46c5720db6",
   "datammh3" : 1537217735,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "linodeusercontent.com"
   ],
   "geolocus" : {
      "asn" : "AS63949",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "akamai.com",
         "linode.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "LINODE",
      "organization" : "Linode",
      "subnet" : "45.33.0.0/17"
   },
   "host" : [
      "45-33-75-98"
   ],
   "hostname" : [
      "45-33-75-98.ip.linodeusercontent.com"
   ],
   "ip" : "45.33.75.98",
   "ipv6" : "false",
   "latitude" : "40.8229",
   "location" : "40.8229,-74.4592",
   "longitude" : "-74.4592",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Akamai Connected Cloud",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8001,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Forbidden",
   "reverse" : [
      "45-33-75-98.ip.linodeusercontent.com"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 403,
   "subdomains" : [
      "ip.linodeusercontent.com"
   ],
   "subnet" : "45.33.64.0/20",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
84.238.79.199

Network
84.238.0.0/17

Domain(s)
bnaa.dk

Device

<enterprise field>: device.class

URL

http://84.238.79.199:8001/ 400

HTTP Title
400 Bad Request

Reverse DNS
84-238-79-199.ptr.bnaa.dk

ASN
AS33796

Organization
Bolignet-aarhus F.m.b.a.

Protocol
http

Source
datascan::redirect::1
Product
Apache HTTP Server

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
efcb4bc6605f6b40910299bf21434c38

HTTP Header MD5
883e663d60fbd52b334f0919056f60ed

HTTP Body MD5
6efda5878ab25f4f28a89bbb3f9fa41c

HTTP/1.1 400 Bad Request
Date: Thu, 21 Nov 2024 08:46:10 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:46:10.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "6efda5878ab25f4f28a89bbb3f9fa41c",
         "bodymmh3" : -645452522,
         "headermd5" : "883e663d60fbd52b334f0919056f60ed",
         "headermmh3" : 1606198443,
         "title" : "400 Bad Request"
      },
      "length" : 551
   },
   "asn" : "AS33796",
   "city" : "Aarhus",
   "country" : "DK",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nDate: Thu, 21 Nov 2024 08:46:10 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nContent-Length: 362\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\nReason: You're speaking plain HTTP to an SSL-enabled server port.<br />\n Instead use the HTTPS scheme to access this URL, please.<br />\n</p>\n</body></html>\n",
   "datamd5" : "efcb4bc6605f6b40910299bf21434c38",
   "datammh3" : -512158253,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "bnaa.dk"
   ],
   "forward" : "84.238.79.199",
   "geolocus" : {
      "asn" : "AS33796",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "DK",
      "countryname" : "Denmark",
      "domain" : [
         "bnaa.dk"
      ],
      "isineu" : "true",
      "latitude" : "56.26392",
      "location" : "56.26392,9.501785",
      "longitude" : "9.501785",
      "netname" : "BNAA-INTERNAL",
      "organization" : "Internal adresses for infrastructure components",
      "subnet" : "84.238.0.0/17"
   },
   "host" : [
      "84-238-79-199"
   ],
   "hostname" : [
      "84-238-79-199.ptr.bnaa.dk",
      "84.238.79.199"
   ],
   "ip" : "84.238.79.199",
   "ipv6" : "false",
   "latitude" : "56.1567",
   "location" : "56.1567,10.2153",
   "longitude" : "10.2153",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Bolignet-aarhus F.m.b.a.",
   "port" : 8001,
   "product" : "HTTP Server",
   "productvendor" : "Apache",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "reverse" : [
      "84-238-79-199.ptr.bnaa.dk"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan::redirect::1",
   "status" : 400,
   "subdomains" : [
      "ptr.bnaa.dk"
   ],
   "subnet" : "84.238.0.0/17",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "dk"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
189.124.134.157

Network
189.124.128.0/17

Domain(s)
llnw.net

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://189.124.134.157:8001/ 400

Reverse DNS
https-189-124-134-157.paab.llnw.net.134.124.189.delegations.llnw.net

ASN
AS28220

Organization
CABO SERVICOS DE TELECOMUNICACOES LTDA

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
b812eafa63af1db16e17227f16ed67be

HTTP Header MD5
732a4f122d94576069e385f668d5ea04

HTTP Body MD5
d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 400 Bad Request
Server: EdgePrism/5.2.6.0
Mime-Version: 1.0
Date: Thu, 21 Nov 2024 08:46:09 GMT
Content-Type: text/plain
Expires: Thu, 21 Nov 2024 08:46:09 GMT
X-LLID: cf33d4d0e5f6d434848872a2593ef8f4
Content-Length: 0
Connection: close

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:46:10.000Z",
   "app" : {
      "extract" : {
         "ip" : [
            "5.2.6.0"
         ]
      },
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1636538602,
         "headermd5" : "732a4f122d94576069e385f668d5ea04",
         "headermmh3" : -245618273
      },
      "length" : 257
   },
   "asn" : "AS28220",
   "city" : "Natal",
   "country" : "BR",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: EdgePrism/5.2.6.0\r\nMime-Version: 1.0\r\nDate: Thu, 21 Nov 2024 08:46:09 GMT\r\nContent-Type: text/plain\r\nExpires: Thu, 21 Nov 2024 08:46:09 GMT\r\nX-LLID: cf33d4d0e5f6d434848872a2593ef8f4\r\nContent-Length: 0\r\nConnection: close\r\n\r\n",
   "datamd5" : "b812eafa63af1db16e17227f16ed67be",
   "datammh3" : -801776286,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "llnw.net"
   ],
   "geolocus" : {
      "asn" : "AS28220",
      "continent" : "SA",
      "continentname" : "South America",
      "country" : "BR",
      "countryname" : "Brazil",
      "domain" : [
         "alaresinternet.com.br",
         "as28220.net",
         "cabotelecom.com.br",
         "cert.br"
      ],
      "isineu" : "false",
      "latitude" : "-14.235004",
      "location" : "-14.235004,-51.92528",
      "longitude" : "-51.92528",
      "netname" : "02.952.192/0001-61",
      "organization" : "CABO SERVICOS DE TELECOMUNICACOES LTDA",
      "subnet" : "189.124.128.0/17"
   },
   "host" : [
      "https-189-124-134-157"
   ],
   "hostname" : [
      "https-189-124-134-157.paab.llnw.net.134.124.189.delegations.llnw.net"
   ],
   "ip" : "189.124.134.157",
   "ipv6" : "false",
   "latitude" : "-5.8111",
   "location" : "-5.8111,-35.2235",
   "longitude" : "-35.2235",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CABO SERVICOS DE TELECOMUNICACOES LTDA",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8001,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "reverse" : [
      "https-189-124-134-157.paab.llnw.net.134.124.189.delegations.llnw.net"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "llnw.net.134.124.189.delegations.llnw.net",
      "124.189.delegations.llnw.net",
      "delegations.llnw.net",
      "189.delegations.llnw.net",
      "134.124.189.delegations.llnw.net",
      "net.134.124.189.delegations.llnw.net",
      "paab.llnw.net.134.124.189.delegations.llnw.net"
   ],
   "subnet" : "189.124.128.0/17",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
46.8.10.142

Network
46.8.10.0/23

Operating System
Linux Linux Kernel

ASN
AS35048

Organization
Biterika Group LLC

Protocol
socks4a

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
d0667d77071710c716b7978296e1b49e
```
\x00[\x00\x00\x00\x00\x00\x00
```

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:46:09.000Z",
   "app" : {
      "length" : 8
   },
   "asn" : "AS35048",
   "city" : "Moscow",
   "country" : "RU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "\\x00[\\x00\\x00\\x00\\x00\\x00\\x00",
   "datamd5" : "d0667d77071710c716b7978296e1b49e",
   "datammh3" : -971970408,
   "ip" : "46.8.10.142",
   "ipv6" : "false",
   "latitude" : "55.7483",
   "location" : "55.7483,37.6171",
   "longitude" : "37.6171",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Biterika Group LLC",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8001,
   "protocol" : "socks4a",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "46.8.10.0/23",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp"
}

IP
165.227.39.136

Network
165.227.0.0/16

Domain(s)
39.136-cleanmark-gitlab

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://165.227.39.136:8001/ 302

Reverse DNS
165.227.39.136-cleanmark-gitlab

ASN
AS14061

Organization
DIGITALOCEAN-ASN

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

Product
F5 Nginx

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
0e47e9d22aae93d8ef9758a42b7ce36e

HTTP Header MD5
6f0d493133802c1c3e5fed69a6b2e87c

HTTP Body MD5
50ff47cabb7913ce93720946049cd015

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 21 Nov 2024 08:31:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 106
Connection: close
Cache-Control: no-cache
Location: http://<ip>:8001/users/sign_in
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: f13b0ad6-347a-4634-867c-fd118c3d1a6c
X-Runtime: 0.087461
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000

<html><body>You are being <a href="http://<ip>:8001/users/sign_in">redirected</a>.</body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:46:08.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "50ff47cabb7913ce93720946049cd015",
         "bodymmh3" : -1342458272,
         "headermd5" : "6f0d493133802c1c3e5fed69a6b2e87c",
         "headermmh3" : 975827662
      },
      "length" : 550
   },
   "asn" : "AS14061",
   "city" : "Toronto",
   "country" : "CA",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 21 Nov 2024 08:31:44 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 106\r\nConnection: close\r\nCache-Control: no-cache\r\nLocation: http://<ip>:8001/users/sign_in\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nX-Request-Id: f13b0ad6-347a-4634-867c-fd118c3d1a6c\r\nX-Runtime: 0.087461\r\nX-Ua-Compatible: IE=edge\r\nX-Xss-Protection: 1; mode=block\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n<html><body>You are being <a href=\"http://<ip>:8001/users/sign_in\">redirected</a>.</body></html>",
   "datamd5" : "0e47e9d22aae93d8ef9758a42b7ce36e",
   "datammh3" : 90580178,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "39.136-cleanmark-gitlab"
   ],
   "geolocus" : {
      "asn" : "AS14061",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "digitalocean.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "DIGITALOCEAN-165-227-0-0",
      "organization" : "DigitalOcean, LLC",
      "subnet" : "165.227.32.0/20"
   },
   "host" : [
      165
   ],
   "hostname" : [
      "165.227.39.136-cleanmark-gitlab"
   ],
   "ip" : "165.227.39.136",
   "ipv6" : "false",
   "latitude" : "43.6547",
   "location" : "43.6547,-79.3623",
   "longitude" : "-79.3623",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "DIGITALOCEAN-ASN",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8001,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Found",
   "reverse" : [
      "165.227.39.136-cleanmark-gitlab"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 302,
   "subdomains" : [
      "227.39.136-cleanmark-gitlab"
   ],
   "subnet" : "165.227.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "136-cleanmark-gitlab"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

Returning 10 result(s) out of 1,540,886 in 0.101 second(s)

36.103.237.205:8001 (tcp/http) - last seen on 2024-11-21 at 08:46:35 UTC

125.66.90.158:8001 (tcp/http) - last seen on 2024-11-21 at 08:46:34 UTC

182.233.161.195:8001 (tcp/http) - last seen on 2024-11-21 at 08:46:32 UTC

204.242.248.98:8001 (tcp/http) - last seen on 2024-11-21 at 08:46:31 UTC

213.176.53.251:8001 (tcp/http) - last seen on 2024-11-21 at 08:46:28 UTC

45.33.75.98:8001 (tcp/http) - last seen on 2024-11-21 at 08:46:28 UTC

84.238.79.199:8001 (tcp/http) - last seen on 2024-11-21 at 08:46:10 UTC

189.124.134.157:8001 (tcp/http) - last seen on 2024-11-21 at 08:46:10 UTC

46.8.10.142:8001 (tcp/socks4a) - last seen on 2024-11-21 at 08:46:09 UTC

165.227.39.136:8001 (tcp/http) - last seen on 2024-11-21 at 08:46:08 UTC