ONYPHE
datascan ctl threatlist sniffer vulnscan riskscan

Returning 10 result(s) out of 98,141 in 0.058 second(s)

  • 103.43.16.80:8331 (tcp/http) - last seen on 2024-11-07 at 03:30:19 UTC

    • IP
      103.43.16.80
      Network
      103.43.16.0/22
      Device

      <enterprise field>: device.class

      URL

      http://103.43.16.80:8331/$%7BrandomUrl%7D 200

      ASN
      AS132883
      Organization
      TOPWAY GLOBAL LIMITED
      Protocol
      http
      Source
      urlscan::redirect
    • Product
      F5 Nginx 1.17.6
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      a921ec0c33b287a5b32845ce36a9f9b4
      HTTP Header MD5
      7cb8a64a5c41d5db44d85d677dbec3ce
      HTTP Body MD5
      db475c674e230d3b59b9d4c51e192872 
    • HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 07 Nov 2024 03:29:39 GMT
Content-Type: text/html
Content-Length: 1728
Last-Modified: Mon, 04 Nov 2024 11:57:54 GMT
Connection: close
ETag: "6728b6c2-6c0"
Accept-Ranges: bytes

<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX"></script>
    <script>
        <script>
            window.dataLayer = window.dataLayer || [];
            function gtag(){dataLayer.push(arguments);}
            gtag('js', new Date());

            gtag('config', 'G-0GJHN159XX');
    </script>

<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
<script>LA.init({id:"3IsbgF2faH56SAiO",ck:"3IsbgF2faH56SAiO"})</script>

<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
<script>LA.init({id:"3GuWRdQLAUfAEIDe",ck:"3GuWRdQLAUfAEIDe"})</script>



    <meta charset="UTF-8">
    <meta name="format-detection" content="telephone=yes">
    <meta name="viewport"
          content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
    <script>
        const urls = [
            "https://139.155.134.148/tt/test.html?333?666aaa",
            "https://162.14.69.113/"
        ];
        const randomUrl = urls[Math.floor(Math.random() * urls.length)];

        document.write(`<meta http-equiv="refresh" content="9;url=${randomUrl}">`);
        window.onload = function () {
            document.getElementById('myiframe').src = randomUrl;
        };
    </script>
    <style>
        body, html {
            margin: 0;
            padding: 0;
            height: 100%;
            overflow: hidden;
        }

        iframe {
            width: 100%;
            height: 100vh;
            border: none;
        }
    </style>
</head>
<body>
<iframe id="myiframe" scrolling="no"></iframe>
</body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:30:19.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "googletagmanager.com"
         ],
         "hostname" : [
            "www.googletagmanager.com"
         ],
         "ip" : [
            "162.14.69.113",
            "139.155.134.148"
         ],
         "url" : [
            "https://139.155.134.148/tt/test.html?333?666aaa",
            "https://162.14.69.113/",
            "https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX"
         ]
      },
      "http" : {
         "bodymd5" : "db475c674e230d3b59b9d4c51e192872",
         "bodymmh3" : 488145746,
         "header" : [
            {
               "value" : "Mon, 04 Nov 2024 11:57:54 GMT",
               "name" : "Last-Modified"
            },
            {
               "name" : "ETag",
               "value" : "6728b6c2-6c0"
            }
         ],
         "headermd5" : "7cb8a64a5c41d5db44d85d677dbec3ce",
         "headermmh3" : 958112280,
         "tracker" : {
            "ga" : [
               "G-0GJHN159XX"
            ]
         }
      },
      "length" : 1962
   },
   "asn" : "AS132883",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nServer: nginx/1.17.6\r\nDate: Thu, 07 Nov 2024 03:29:39 GMT\r\nContent-Type: text/html\r\nContent-Length: 1728\r\nLast-Modified: Mon, 04 Nov 2024 11:57:54 GMT\r\nConnection: close\r\nETag: \"6728b6c2-6c0\"\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>\n<html lang=\"zh-CN\">\n<head>\n    <!-- Google tag (gtag.js) -->\n    <script async src=\"https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX\"></script>\n    <script>\n        <script>\n            window.dataLayer = window.dataLayer || [];\n            function gtag(){dataLayer.push(arguments);}\n            gtag('js', new Date());\n\n            gtag('config', 'G-0GJHN159XX');\n    </script>\n\n<script charset=\"UTF-8\" id=\"LA_COLLECT\" src=\"//sdk.51.la/js-sdk-pro.min.js\"></script>\n<script>LA.init({id:\"3IsbgF2faH56SAiO\",ck:\"3IsbgF2faH56SAiO\"})</script>\n\n<script charset=\"UTF-8\" id=\"LA_COLLECT\" src=\"//sdk.51.la/js-sdk-pro.min.js\"></script>\n<script>LA.init({id:\"3GuWRdQLAUfAEIDe\",ck:\"3GuWRdQLAUfAEIDe\"})</script>\n\n\n\n    <meta charset=\"UTF-8\">\n    <meta name=\"format-detection\" content=\"telephone=yes\">\n    <meta name=\"viewport\"\n          content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no\">\n    <script>\n        const urls = [\n            \"https://139.155.134.148/tt/test.html?333?666aaa\",\n            \"https://162.14.69.113/\"\n        ];\n        const randomUrl = urls[Math.floor(Math.random() * urls.length)];\n\n        document.write(`<meta http-equiv=\"refresh\" content=\"9;url=${randomUrl}\">`);\n        window.onload = function () {\n            document.getElementById('myiframe').src = randomUrl;\n        };\n    </script>\n    <style>\n        body, html {\n            margin: 0;\n            padding: 0;\n            height: 100%;\n            overflow: hidden;\n        }\n\n        iframe {\n            width: 100%;\n            height: 100vh;\n            border: none;\n        }\n    </style>\n</head>\n<body>\n<iframe id=\"myiframe\" scrolling=\"no\"></iframe>\n</body>\n</html>\n",
   "datamd5" : "a921ec0c33b287a5b32845ce36a9f9b4",
   "datammh3" : -1249100627,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "forward" : "103.43.16.80",
   "geolocus" : {
      "asn" : "AS132883",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "cnaaa.com",
         "cnnic.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "cnaaa",
      "organization" : "Jiangsu Sanai network science and technology co ,LTD",
      "subnet" : "103.43.16.0/22"
   },
   "hostname" : [
      "103.43.16.80"
   ],
   "ip" : "103.43.16.80",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "TOPWAY GLOBAL LIMITED",
   "port" : 8331,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.17.6",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 200,
   "subnet" : "103.43.16.0/22",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/$%7BrandomUrl%7D"
}

  • 166.167.103.11:8331 (tcp/http) - last seen on 2024-11-07 at 03:30:16 UTC

    • IP
      166.167.103.11
      Network
      166.164.0.0/14
      Domain(s)
      myvzw.com
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      URL

      http://166.167.103.11:8331/ 200

      Reverse DNS
      11.sub-166-167-103.myvzw.com
      ASN
      AS6167
      Organization
      CELLCO-PART
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows
      Product
      Microsoft HTTPAPI 2.0
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      a1b39aca67fd63e627e78f2e2daefa80
      HTTP Header MD5
      ad929e3898dcd605d38fc3fa85f2611f
      HTTP Body MD5
      0f8732ff7412fb59c73a139d9230aa72 
    • HTTP/1.1 200 OK
Content-Length: 39
Server: Microsoft-HTTPAPI/2.0
Protocol-version: 1
Timestamp: 2024-11-07T03:30:13.3213392Z
MachineCode: 987F-7522-000E-8CA3-197A-1C76
Auth: False
Date: Thu, 07 Nov 2024 03:30:13 GMT
Connection: close

<HTML><BODY>SERVICE READY</BODY></HTML>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:30:16.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "0f8732ff7412fb59c73a139d9230aa72",
         "bodymmh3" : 1305652821,
         "headermd5" : "ad929e3898dcd605d38fc3fa85f2611f",
         "headermmh3" : -516672144
      },
      "length" : 284
   },
   "asn" : "AS6167",
   "city" : "Highland",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Length: 39\r\nServer: Microsoft-HTTPAPI/2.0\r\nProtocol-version: 1\r\nTimestamp: 2024-11-07T03:30:13.3213392Z\r\nMachineCode: 987F-7522-000E-8CA3-197A-1C76\r\nAuth: False\r\nDate: Thu, 07 Nov 2024 03:30:13 GMT\r\nConnection: close\r\n\r\n<HTML><BODY>SERVICE READY</BODY></HTML>",
   "datamd5" : "a1b39aca67fd63e627e78f2e2daefa80",
   "datammh3" : -253259678,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "myvzw.com"
   ],
   "geolocus" : {
      "asn" : "AS6167",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "myvzw.com",
         "wirelessdataspco.org"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "NETBLK-CDPD-B",
      "organization" : "Wireless Data Service Provider Corporation",
      "subnet" : "166.164.0.0/14"
   },
   "host" : [
      11
   ],
   "hostname" : [
      "11.sub-166-167-103.myvzw.com"
   ],
   "ip" : "166.167.103.11",
   "ipv6" : "false",
   "latitude" : "34.1301",
   "location" : "34.1301,-117.2044",
   "longitude" : "-117.2044",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CELLCO-PART",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 8331,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "11.sub-166-167-103.myvzw.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "sub-166-167-103.myvzw.com"
   ],
   "subnet" : "166.164.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 166.147.224.225:8331 (tcp/http) - last seen on 2024-11-07 at 03:29:45 UTC

    • IP
      166.147.224.225
      Network
      166.147.128.0/17
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      URL

      http://166.147.224.225:8331/ 200

      ASN
      AS6167
      Organization
      CELLCO-PART
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows
      Product
      Microsoft HTTPAPI 2.0
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      b7279a2b2c59c2ca73dc461f44b1dab0
      HTTP Header MD5
      1ba534ac2f5ac3c2e61c65894449bd0c
      HTTP Body MD5
      0f8732ff7412fb59c73a139d9230aa72 
    • HTTP/1.1 200 OK
Content-Length: 39
Server: Microsoft-HTTPAPI/2.0
Protocol-version: 1
Timestamp: 2024-11-07T03:29:49.4061349Z
MachineCode: C1B6-B693-7A95-87BB-5699-7369
Auth: False
Date: Thu, 07 Nov 2024 03:29:49 GMT
Connection: close

<HTML><BODY>SERVICE READY</BODY></HTML>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:45.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "0f8732ff7412fb59c73a139d9230aa72",
         "bodymmh3" : 1305652821,
         "headermd5" : "1ba534ac2f5ac3c2e61c65894449bd0c",
         "headermmh3" : 287694479
      },
      "length" : 284
   },
   "asn" : "AS6167",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Length: 39\r\nServer: Microsoft-HTTPAPI/2.0\r\nProtocol-version: 1\r\nTimestamp: 2024-11-07T03:29:49.4061349Z\r\nMachineCode: C1B6-B693-7A95-87BB-5699-7369\r\nAuth: False\r\nDate: Thu, 07 Nov 2024 03:29:49 GMT\r\nConnection: close\r\n\r\n<HTML><BODY>SERVICE READY</BODY></HTML>",
   "datamd5" : "b7279a2b2c59c2ca73dc461f44b1dab0",
   "datammh3" : 1190294252,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS6167",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "myvzw.com",
         "wirelessdataspco.org"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "NETBLK-CDPD-B",
      "organization" : "Wireless Data Service Provider Corporation",
      "subnet" : "166.147.128.0/17"
   },
   "ip" : "166.147.224.225",
   "ipv6" : "false",
   "latitude" : "34.0544",
   "location" : "34.0544,-118.2440",
   "longitude" : "-118.2440",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CELLCO-PART",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 8331,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "166.147.128.0/17",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 166.164.72.118:8331 (tcp/http) - last seen on 2024-11-07 at 03:29:45 UTC

    • IP
      166.164.72.118
      Network
      166.164.0.0/14
      Domain(s)
      myvzw.com
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      URL

      http://166.164.72.118:8331/ 200

      Reverse DNS
      118.sub-166-164-72.myvzw.com
      ASN
      AS6167
      Organization
      CELLCO-PART
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows
      Product
      Microsoft HTTPAPI 2.0
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      58a8300265c61053fd33ced0d014ed27
      HTTP Header MD5
      9807f2ee4ebf51d16dda30b26f04977c
      HTTP Body MD5
      0f8732ff7412fb59c73a139d9230aa72 
    • HTTP/1.1 200 OK
Content-Length: 39
Server: Microsoft-HTTPAPI/2.0
Protocol-version: 1
Timestamp: 2024-11-07T03:29:45.8310422Z
MachineCode: C1B6-B693-7A95-87BB-5699-7369
Auth: False
Date: Thu, 07 Nov 2024 03:29:45 GMT
Connection: close

<HTML><BODY>SERVICE READY</BODY></HTML>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:45.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "0f8732ff7412fb59c73a139d9230aa72",
         "bodymmh3" : 1305652821,
         "headermd5" : "9807f2ee4ebf51d16dda30b26f04977c",
         "headermmh3" : -73698404
      },
      "length" : 284
   },
   "asn" : "AS6167",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Length: 39\r\nServer: Microsoft-HTTPAPI/2.0\r\nProtocol-version: 1\r\nTimestamp: 2024-11-07T03:29:45.8310422Z\r\nMachineCode: C1B6-B693-7A95-87BB-5699-7369\r\nAuth: False\r\nDate: Thu, 07 Nov 2024 03:29:45 GMT\r\nConnection: close\r\n\r\n<HTML><BODY>SERVICE READY</BODY></HTML>",
   "datamd5" : "58a8300265c61053fd33ced0d014ed27",
   "datammh3" : -610069334,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "myvzw.com"
   ],
   "geolocus" : {
      "asn" : "AS6167",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "myvzw.com",
         "wirelessdataspco.org"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "NETBLK-CDPD-B",
      "organization" : "Wireless Data Service Provider Corporation",
      "subnet" : "166.164.0.0/14"
   },
   "host" : [
      118
   ],
   "hostname" : [
      "118.sub-166-164-72.myvzw.com"
   ],
   "ip" : "166.164.72.118",
   "ipv6" : "false",
   "latitude" : "34.0544",
   "location" : "34.0544,-118.2440",
   "longitude" : "-118.2440",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CELLCO-PART",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 8331,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "118.sub-166-164-72.myvzw.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "sub-166-164-72.myvzw.com"
   ],
   "subnet" : "166.164.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 132.251.132.166:8331 (tcp/http) - last seen on 2024-11-07 at 03:29:15 UTC

    • IP
      132.251.132.166
      Network
      132.251.128.0/18
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      URL

      http://132.251.132.166:8331/ 200

      HTTP Title
      IIS Windows
      ASN
      AS21575
      Organization
      ENTEL PERU S.A.
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows
      Product
      Microsoft IIS 10.0
      HTTP Component(s)
      Microsoft ASP.NET
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      141865f76fe4f0942bb0273794932c8a
      HTTP Header MD5
      c45e463ffd89b34a781c977b38f3ecbc
      HTTP Body MD5
      1dd82f6fc356bc3cddf7e82615de177c 
    • HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sat, 03 Feb 2024 05:51:36 GMT
Accept-Ranges: bytes
ETag: "1b76ec6556da1:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 07 Nov 2024 03:29:14 GMT
Connection: close
Content-Length: 696

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS Windows</title>
<style type="text/css">
<!--
body {
	color:#000000;
	background-color:#0072C6;
	margin:0;
}

#container {
	margin-left:auto;
	margin-right:auto;
	text-align:center;
	}

a img {
	border:none;
}

-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>
</div>
</body>
</html>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:15.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "microsoft.com",
            "w3.org"
         ],
         "hostname" : [
            "go.microsoft.com",
            "www.w3.org"
         ],
         "url" : [
            "http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409",
            "http://www.w3.org/1999/xhtml",
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "1dd82f6fc356bc3cddf7e82615de177c",
         "bodymmh3" : 1971329886,
         "component" : [
            {
               "productvendor" : "Microsoft",
               "product" : "ASP.NET"
            }
         ],
         "header" : [
            {
               "name" : "Last-Modified",
               "value" : "Sat, 03 Feb 2024 05:51:36 GMT"
            },
            {
               "value" : "1b76ec6556da1:0",
               "name" : "ETag"
            }
         ],
         "headermd5" : "c45e463ffd89b34a781c977b38f3ecbc",
         "headermmh3" : 835890212,
         "title" : "IIS Windows"
      },
      "length" : 961
   },
   "asn" : "AS21575",
   "city" : "Lima",
   "country" : "PE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nLast-Modified: Sat, 03 Feb 2024 05:51:36 GMT\r\nAccept-Ranges: bytes\r\nETag: \"1b76ec6556da1:0\"\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 07 Nov 2024 03:29:14 GMT\r\nConnection: close\r\nContent-Length: 696\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />\r\n<title>IIS Windows</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody {\r\n\tcolor:#000000;\r\n\tbackground-color:#0072C6;\r\n\tmargin:0;\r\n}\r\n\r\n#container {\r\n\tmargin-left:auto;\r\n\tmargin-right:auto;\r\n\ttext-align:center;\r\n\t}\r\n\r\na img {\r\n\tborder:none;\r\n}\r\n\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"container\">\r\n<a href=\"http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409\"><img src=\"iisstart.png\" alt=\"IIS\" width=\"960\" height=\"600\" /></a>\r\n</div>\r\n</body>\r\n</html>",
   "datamd5" : "141865f76fe4f0942bb0273794932c8a",
   "datammh3" : 1521955469,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS21575",
      "continent" : "SA",
      "continentname" : "South America",
      "country" : "PE",
      "countryname" : "Peru",
      "domain" : [
         "entel.pe"
      ],
      "isineu" : "false",
      "latitude" : "-9.189967",
      "location" : "-9.189967,-75.015152",
      "longitude" : "-75.015152",
      "netname" : "PE-MPSA3-LACNIC",
      "organization" : "ENTEL PERU S.A.",
      "subnet" : "132.251.128.0/18"
   },
   "ip" : "132.251.132.166",
   "ipv6" : "false",
   "latitude" : "-12.0432",
   "location" : "-12.0432,-77.0282",
   "longitude" : "-77.0282",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "ENTEL PERU S.A.",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "osversion" : [
      "Server 2016",
      10
   ],
   "port" : 8331,
   "product" : "IIS",
   "productvendor" : "Microsoft",
   "productversion" : "10.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "132.251.128.0/18",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 172.232.237.103:8331 (tcp/http) - last seen on 2024-11-07 at 03:29:14 UTC

    • IP
      172.232.237.103
      Network
      172.232.128.0/17
      Domain(s)
      linodeusercontent.com
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://172.232.237.103:8331/ 400

      HTTP Title
      400 The plain HTTP request was sent to HTTPS port
      Reverse DNS
      172-232-237-103.ip.linodeusercontent.com
      ASN
      AS63949
      Organization
      Akamai Connected Cloud
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      F5 Nginx
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      0c1820e0d381850a77897bf32978a1f0
      HTTP Header MD5
      a629a0fe278971ad61801ba6975ba467
      HTTP Body MD5
      ea425366a98dfc499c0cbeedb9a4f02a 
    • HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 07 Nov 2024 03:29:13 GMT
Content-Type: text/html
Content-Length: 248
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:14.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "ea425366a98dfc499c0cbeedb9a4f02a",
         "bodymmh3" : 1153229498,
         "headermd5" : "a629a0fe278971ad61801ba6975ba467",
         "headermmh3" : -1670081405,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 393
   },
   "asn" : "AS63949",
   "city" : "Jakarta",
   "country" : "ID",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Thu, 07 Nov 2024 03:29:13 GMT\r\nContent-Type: text/html\r\nContent-Length: 248\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "0c1820e0d381850a77897bf32978a1f0",
   "datammh3" : 190190724,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "linodeusercontent.com"
   ],
   "geolocus" : {
      "asn" : "AS63949",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "akamai.com",
         "linode.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "LINODE",
      "organization" : "Linode",
      "subnet" : "172.232.224.0/19"
   },
   "host" : [
      "172-232-237-103"
   ],
   "hostname" : [
      "172-232-237-103.ip.linodeusercontent.com"
   ],
   "ip" : "172.232.237.103",
   "ipv6" : "false",
   "latitude" : "-6.2114",
   "location" : "-6.2114,106.8446",
   "longitude" : "106.8446",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Akamai Connected Cloud",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8331,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "reverse" : [
      "172-232-237-103.ip.linodeusercontent.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "ip.linodeusercontent.com"
   ],
   "subnet" : "172.232.128.0/17",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 211.83.10.63:8331 (tcp/http) - last seen on 2024-11-07 at 03:29:14 UTC

    • IP
      211.83.10.63
      Network
      211.80.0.0/13
      Device

      <enterprise field>: device.class

      URL

      http://211.83.10.63:8331/ 200

      ASN
      AS4538
      Organization
      China Education and Research Network Center
      Protocol
      http
      Source
      datascan
    • Product
      Apache HTTP Server
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      36e7812a96fcdd08fbddf3bf6e485449
      HTTP Header MD5
      97eb73c41d2d1f332d0a4ddd4c85c3de
      HTTP Body MD5
      b3703e00672e3515128837b027549920 
    • HTTP/1.1 200 ok
Server: Apache
Content-Length:  222
Cache-Control: no-cache
Connection: close

<script>top.self.location.href='http://211.83.41.225/eportal/index.jsp?wlanuserip=<srcip>&wlanacname=NAS&ssid=Ruijie&nasip=10.100.100.114&mac=000000000000&t=wireless-v2-plain&url=http://<ip>:8331/'</script>


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:14.000Z",
   "app" : {
      "extract" : {
         "ip" : [
            "211.83.41.225",
            "10.100.100.114"
         ],
         "url" : [
            "http://211.83.41.225/eportal/index.jsp?wlanuserip="
         ]
      },
      "http" : {
         "bodymd5" : "b3703e00672e3515128837b027549920",
         "bodymmh3" : 1584743274,
         "headermd5" : "97eb73c41d2d1f332d0a4ddd4c85c3de",
         "headermmh3" : -1169498968
      },
      "length" : 311
   },
   "asn" : "AS4538",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 ok\r\nServer: Apache\r\nContent-Length:  222\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\n<script>top.self.location.href='http://211.83.41.225/eportal/index.jsp?wlanuserip=<srcip>&wlanacname=NAS&ssid=Ruijie&nasip=10.100.100.114&mac=000000000000&t=wireless-v2-plain&url=http://<ip>:8331/'</script>\r\n\r\n",
   "datamd5" : "36e7812a96fcdd08fbddf3bf6e485449",
   "datammh3" : 126683862,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4538",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "211.in-addr.arpa",
         "apnic.net",
         "cernet.edu.cn",
         "scut.edu.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "CERNET",
      "organization" : "China Education and Research Network",
      "subnet" : "211.80.0.0/13"
   },
   "ip" : "211.83.10.63",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "China Education and Research Network Center",
   "port" : 8331,
   "product" : "HTTP Server",
   "productvendor" : "Apache",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "ok",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "211.80.0.0/13",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 184.97.140.32:8331 (tcp/http) - last seen on 2024-11-07 at 03:27:41 UTC

    • IP
      184.97.140.32
      Network
      184.97.128.0/18
      Domain(s)
      qwest.net
      Device

      <enterprise field>: device.class

      Operating System
      FreeBSD FreeBSD
      URL

      http://184.97.140.32:8331/ 401

      HTTP Title
      Unauthorized
      Reverse DNS
      184-97-140-32.stpl.qwest.net
      ASN
      AS209
      Organization
      CENTURYLINK-US-LEGACY-QWEST
      Protocol
      http
      Source
      datascan
    • Operating System
      FreeBSD FreeBSD
      HTTP Component(s)
      Plex Media Server
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      2de861031040181ee2188040cc83180e
      HTTP Header MD5
      9ca01530123920eac6307b32e7d89d3b
      HTTP Body MD5
      58839c8a9d6616ca62adc7b6e3610676 
    • HTTP/1.1 401 Unauthorized
X-Plex-Protocol: 1.0
Content-Length: 193
Content-Type: text/html
Connection: close
Cache-Control: no-cache
Date: Thu, 07 Nov 2024 03:27:39 GMT

<html><head><script>window.location = window.location.href.match(/(^.+\/)[^\/]*$/)[1] + 'web/index.html';</script><title>Unauthorized</title></head><body><h1>401 Unauthorized</h1></body></html>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:27:41.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "58839c8a9d6616ca62adc7b6e3610676",
         "bodymmh3" : 1524593440,
         "component" : [
            {
               "product" : "Media Server",
               "productvendor" : "Plex"
            }
         ],
         "headermd5" : "9ca01530123920eac6307b32e7d89d3b",
         "headermmh3" : 2027483724,
         "title" : "Unauthorized"
      },
      "length" : 371
   },
   "asn" : "AS209",
   "city" : "Omaha",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 Unauthorized\r\nX-Plex-Protocol: 1.0\r\nContent-Length: 193\r\nContent-Type: text/html\r\nConnection: close\r\nCache-Control: no-cache\r\nDate: Thu, 07 Nov 2024 03:27:39 GMT\r\n\r\n<html><head><script>window.location = window.location.href.match(/(^.+\\/)[^\\/]*$/)[1] + 'web/index.html';</script><title>Unauthorized</title></head><body><h1>401 Unauthorized</h1></body></html>",
   "datamd5" : "2de861031040181ee2188040cc83180e",
   "datammh3" : -1584694499,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "qwest.net"
   ],
   "geolocus" : {
      "asn" : "AS209",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "centurylink.com",
         "lumen.com",
         "qwest.net"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "CENTURYLINK-LEGACY-QWEST-INET-128",
      "organization" : "CenturyLink Communications, LLC",
      "subnet" : "184.96.0.0/13"
   },
   "host" : [
      "184-97-140-32"
   ],
   "hostname" : [
      "184-97-140-32.stpl.qwest.net"
   ],
   "ip" : "184.97.140.32",
   "ipv6" : "false",
   "latitude" : "41.2327",
   "location" : "41.2327,-96.1138",
   "longitude" : "-96.1138",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CENTURYLINK-US-LEGACY-QWEST",
   "os" : "FreeBSD",
   "osvendor" : "FreeBSD",
   "port" : 8331,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "reverse" : [
      "184-97-140-32.stpl.qwest.net"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subdomains" : [
      "stpl.qwest.net"
   ],
   "subnet" : "184.97.128.0/18",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 149.51.35.1:8331 (tcp/http) - last seen on 2024-11-07 at 03:27:12 UTC

    • IP
      149.51.35.1
      Network
      149.51.35.0/24
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://149.51.35.1:8331/ 407

      ASN
      AS7029
      Organization
      WINDSTREAM
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      beff904528226673ee6dbdb9e7fe6002
      HTTP Header MD5
      4bd5a82db187fbf06a2b7f25b880c717
      HTTP Body MD5
      917a0ae17b6e9db13c448d39f37c69ca 
    • HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm=""

Proxy Authentication Required
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:27:12.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "917a0ae17b6e9db13c448d39f37c69ca",
         "bodymmh3" : -1539650452,
         "headermd5" : "4bd5a82db187fbf06a2b7f25b880c717",
         "headermmh3" : 372433470
      },
      "length" : 111
   },
   "asn" : "AS7029",
   "city" : "Ashburn",
   "country" : "US",
   "data" : "HTTP/1.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"\"\r\n\r\nProxy Authentication Required",
   "datamd5" : "beff904528226673ee6dbdb9e7fe6002",
   "datammh3" : 501879459,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS7029",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "cogentco.com",
         "hostname.localhost",
         "northerncablefiber.com",
         "rackdog.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "NORTHERN-CABLE",
      "organization" : "NORTHERN CABLE AND FIBER, LLC",
      "subnet" : "149.51.35.0/24"
   },
   "ip" : "149.51.35.1",
   "ipv6" : "false",
   "latitude" : "39.0469",
   "location" : "39.0469,-77.4903",
   "longitude" : "-77.4903",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "WINDSTREAM",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8331,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Proxy Authentication Required",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 407,
   "subnet" : "149.51.35.0/24",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 154.21.237.195:8331 (tcp/http) - last seen on 2024-11-07 at 03:26:36 UTC

    • IP
      154.21.237.195
      Network
      154.21.236.0/23
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://154.21.237.195:8331/ 407

      ASN
      AS174
      Organization
      COGENT-174
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      beff904528226673ee6dbdb9e7fe6002
      HTTP Header MD5
      4bd5a82db187fbf06a2b7f25b880c717
      HTTP Body MD5
      917a0ae17b6e9db13c448d39f37c69ca 
    • HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm=""

Proxy Authentication Required
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:26:36.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "917a0ae17b6e9db13c448d39f37c69ca",
         "bodymmh3" : -1539650452,
         "headermd5" : "4bd5a82db187fbf06a2b7f25b880c717",
         "headermmh3" : 372433470
      },
      "length" : 111
   },
   "asn" : "AS174",
   "city" : "New York",
   "country" : "US",
   "data" : "HTTP/1.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm=\"\"\r\n\r\nProxy Authentication Required",
   "datamd5" : "beff904528226673ee6dbdb9e7fe6002",
   "datammh3" : 501879459,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS174",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "cogentco.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "COGENT-154-21-16",
      "organization" : "PSINet, Inc.",
      "subnet" : "154.21.236.0/23"
   },
   "ip" : "154.21.237.195",
   "ipv6" : "false",
   "latitude" : "40.7123",
   "location" : "40.7123,-74.0068",
   "longitude" : "-74.0068",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "COGENT-174",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 8331,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Proxy Authentication Required",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 407,
   "subnet" : "154.21.236.0/23",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}