ONYPHE
datascan ctl threatlist sniffer vulnscan riskscan

Returning 10 result(s) out of 1,399 in 0.071 second(s)

  • 202.186.210.176:11112 (tcp/mysql) - last seen on 2024-11-21 at 09:38:00 UTC

    • IP
      202.186.210.176
      Network
      202.184.0.0/14
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      ASN
      AS9930
      Organization
      TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al
      Protocol
      mysql
      Source
      datascan
    • Operating System
      Microsoft Windows
      Product
      Oracle MySQL 4.1.21
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      5af4ce9cc783b50ebafd31984d1d8a88 
    • A\x00\x00\x00
4.1.21-community-nt\x00\xac\x90\x1c\x001b{fmod)\x00,\xa2\x08\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00>:JF_+WU$PHZ\x00\x10\x00\x00\x01\xff\x13\x04Bad handshake
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:38:00.000Z",
   "app" : {
      "length" : 89
   },
   "asn" : "AS9930",
   "city" : "Kuala Lumpur",
   "country" : "MY",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "A\\x00\\x00\\x00\n4.1.21-community-nt\\x00\\xac\\x90\\x1c\\x001b{fmod)\\x00,\\xa2\\x08\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00>:JF_+WU$PHZ\\x00\\x10\\x00\\x00\\x01\\xff\\x13\\x04Bad handshake",
   "datamd5" : "5af4ce9cc783b50ebafd31984d1d8a88",
   "datammh3" : -981786343,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS9930",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "MY",
      "countryname" : "Malaysia",
      "domain" : [
         "time.com.my"
      ],
      "isineu" : "false",
      "latitude" : "4.210484",
      "location" : "4.210484,101.975766",
      "longitude" : "101.975766",
      "netname" : "TTDOTCOM-MY",
      "organization" : "TT DOTCOM SDN BHD",
      "subnet" : "202.186.0.0/15"
   },
   "ip" : "202.186.210.176",
   "ipv6" : "false",
   "latitude" : "3.1390",
   "location" : "3.1390,101.7200",
   "longitude" : "101.7200",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Al",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 11112,
   "product" : "MySQL",
   "productvendor" : "Oracle",
   "productversion" : "4.1.21",
   "protocol" : "mysql",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "202.184.0.0/14",
   "tls" : "false",
   "transport" : "tcp"
}

  • 203.104.31.125:11112 (tcp/http) - last seen on 2024-11-21 at 09:34:49 UTC

    • IP
      203.104.31.125
      Network
      203.104.24.0/21
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      HTTP Title
      Bad Request
      ASN
      AS7642
      Organization
      DHIVEHI RAAJJEYGE GULHUN PLC
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows
      Product
      Microsoft HTTPAPI 2.0
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      ab7ec59c257a6ef4d994483c583b818c
      HTTP Header MD5
      5f8987fc4ee9770a3292cd04557b2dbf
      HTTP Body MD5
      779df2c90c98bc5e3cb4127ecf04909e 
    • HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 09:32:42 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:34:49.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : -2027241258,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS7642",
   "country" : "MV",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 09:32:42 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS7642",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "MV",
      "countryname" : "Maldives",
      "domain" : [
         "dhiraagu.com.mv",
         "dhivehinet.net.mv"
      ],
      "isineu" : "false",
      "latitude" : "3.202778",
      "location" : "3.202778,73.22068",
      "longitude" : "73.22068",
      "netname" : "BROADBAND-ADSL",
      "organization" : "Dhiraagu Pvt.Ltd.",
      "subnet" : "203.104.24.0/21"
   },
   "ip" : "203.104.31.125",
   "ipv6" : "false",
   "latitude" : "3.2000",
   "location" : "3.2000,73.0000",
   "longitude" : "73.0000",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "DHIVEHI RAAJJEYGE GULHUN PLC",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 11112,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "203.104.24.0/21",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp"
}

  • 118.163.235.229:11112 (tcp/unknown) - last seen on 2024-11-21 at 08:08:08 UTC

    • IP
      118.163.235.229
      Network
      118.160.0.0/13
      Domain(s)
      hinet.net
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      Reverse DNS
      118-163-235-229.hinet-ip.hinet.net
      ASN
      AS3462
      Organization
      Data Communication Business Group
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Microsoft Windows

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      777f52e2eefbf3b7f6214ab058ba770c 
    • \x00\x02HK\xd3\x19$x\xbe\xc3\x0d\xb5\xac;\x00\x03
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:08:08.000Z",
   "app" : {
      "length" : 16
   },
   "asn" : "AS3462",
   "city" : "Kaohsiung",
   "country" : "TW",
   "data" : "\\x00\\x02HK\\xd3\\x19$x\\xbe\\xc3\\x0d\\xb5\\xac;\\x00\\x03",
   "datamd5" : "777f52e2eefbf3b7f6214ab058ba770c",
   "datammh3" : 286935579,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "hinet.net"
   ],
   "geolocus" : {
      "asn" : "AS3462",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "TW",
      "countryname" : "Taiwan",
      "domain" : [
         "hinet.net",
         "twnic.net",
         "twnic.net.tw"
      ],
      "isineu" : "false",
      "latitude" : "23.69781",
      "location" : "23.69781,120.960515",
      "longitude" : "120.960515",
      "netname" : "HINET-NET",
      "organization" : "Data Communication Business Group",
      "subnet" : "118.163.224.0/20"
   },
   "host" : [
      "118-163-235-229"
   ],
   "hostname" : [
      "118-163-235-229.hinet-ip.hinet.net"
   ],
   "ip" : "118.163.235.229",
   "ipv6" : "false",
   "latitude" : "22.6148",
   "location" : "22.6148,120.3139",
   "longitude" : "120.3139",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Data Communication Business Group",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 11112,
   "protocol" : "unknown",
   "reverse" : [
      "118-163-235-229.hinet-ip.hinet.net"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subdomains" : [
      "hinet-ip.hinet.net"
   ],
   "subnet" : "118.160.0.0/13",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "false",
   "transport" : "tcp"
}

  • 1.179.151.13:11112 (tcp/dicom) - last seen on 2024-11-21 at 08:07:23 UTC

    • IP
      1.179.151.13
      Network
      1.179.128.0/19
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      ASN
      AS131293
      Organization
      TOT Public Company Limited
      Protocol
      dicom
      Source
      datascan
    • Operating System
      Microsoft Windows

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      f87a87545287c011e3b026e07080a80a 
    • \x02\x00\x00\x00\x00\xb8\x00\x01\x00\x00ANY-SCP         ECHOSCU         \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x151.2.840.10008.3.1.1.1!\x00\x00\x19\x01\x00\x00\x00@\x00\x00\x111.2.840.10008.1.2P\x00\x00:Q\x00\x00\x04\x00\x00@\x00R\x00\x00\x1b1.2.276.0.7230010.3.0.3.6.7U\x00\x00\x0fOFFIS_DCMTK_367\x04\x00\x00\x00\x00T\x00\x00\x00P\x01\x03\x00\x00\x00\x00\x04\x00\x00\x00B\x00\x00\x00\x00\x00\x02\x00\x12\x00\x00\x001.2.840.10008.1.1\x00\x00\x00\x00\x01\x02\x00\x00\x000\x80\x00\x00 \x01\x02\x00\x00\x00\x01\x00\x00\x00\x00\x08\x02\x00\x00\x00\x01\x01\x00\x00\x00	\x02\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x04\x00\x00\x00\x00
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:07:23.000Z",
   "app" : {
      "extract" : {
         "ip" : [
            "3.0.3.6"
         ]
      },
      "length" : 290
   },
   "asn" : "AS131293",
   "city" : "Nakhon Pathom",
   "country" : "TH",
   "data" : "\\x02\\x00\\x00\\x00\\x00\\xb8\\x00\\x01\\x00\\x00ANY-SCP         ECHOSCU         \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x151.2.840.10008.3.1.1.1!\\x00\\x00\\x19\\x01\\x00\\x00\\x00@\\x00\\x00\\x111.2.840.10008.1.2P\\x00\\x00:Q\\x00\\x00\\x04\\x00\\x00@\\x00R\\x00\\x00\\x1b1.2.276.0.7230010.3.0.3.6.7U\\x00\\x00\\x0fOFFIS_DCMTK_367\\x04\\x00\\x00\\x00\\x00T\\x00\\x00\\x00P\\x01\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x12\\x00\\x00\\x001.2.840.10008.1.1\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x000\\x80\\x00\\x00 \\x01\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x08\\x02\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\t\\x02\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00",
   "datamd5" : "f87a87545287c011e3b026e07080a80a",
   "datammh3" : -64688376,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS131293",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "TH",
      "countryname" : "Thailand",
      "domain" : [
         "ntplc.co.th",
         "totbb.net",
         "totidc.net",
         "totisp.net"
      ],
      "isineu" : "false",
      "latitude" : "15.870032",
      "location" : "15.870032,100.992541",
      "longitude" : "100.992541",
      "netname" : "TOTnet",
      "organization" : "TOT Public Company Limited",
      "subnet" : "1.179.128.0/19"
   },
   "ip" : "1.179.151.13",
   "ipv6" : "false",
   "latitude" : "13.8667",
   "location" : "13.8667,100.1917",
   "longitude" : "100.1917",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "TOT Public Company Limited",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 11112,
   "protocol" : "dicom",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "1.179.128.0/19",
   "tls" : "false",
   "transport" : "tcp"
}

  • 105.97.83.131:11112 (tcp/vnc) - last seen on 2024-11-21 at 06:32:24 UTC

    • IP
      105.97.83.131
      Network
      105.96.0.0/12
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      ASN
      AS36947
      Organization
      Telecom Algeria
      Protocol
      vnc
      Source
      datascan
    • Operating System
      Microsoft Windows

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      8b03f7104e89ee4a73adec68629f866d 
    • RFB 003.008

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T06:32:24.000Z",
   "app" : {
      "length" : 12
   },
   "asn" : "AS36947",
   "city" : "Algiers",
   "country" : "DZ",
   "data" : "RFB 003.008\n",
   "datamd5" : "8b03f7104e89ee4a73adec68629f866d",
   "datammh3" : -1800413357,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS36947",
      "continent" : "AF",
      "continentname" : "Africa",
      "country" : "DZ",
      "countryname" : "Algeria",
      "isineu" : "false",
      "latitude" : "28.033886",
      "location" : "28.033886,1.659626",
      "longitude" : "1.659626",
      "netname" : "ALGER",
      "organization" : "Algerie Telecom",
      "subnet" : "105.97.64.0/18"
   },
   "ip" : "105.97.83.131",
   "ipv6" : "false",
   "latitude" : "36.7377",
   "location" : "36.7377,3.0839",
   "longitude" : "3.0839",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Telecom Algeria",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 11112,
   "protocol" : "vnc",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "105.96.0.0/12",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp"
}

  • 45.231.153.196:11112 (tcp/http) - last seen on 2024-11-21 at 06:31:52 UTC

    • IP
      45.231.153.196
      Network
      45.231.152.0/22
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      HTTP Title
      Bad Request
      ASN
      AS267261
      Organization
      PROXER TELECOMUNICACOES LTDA ME
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows
      Product
      Microsoft HTTPAPI 2.0
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      ab7ec59c257a6ef4d994483c583b818c
      HTTP Header MD5
      5f8987fc4ee9770a3292cd04557b2dbf
      HTTP Body MD5
      779df2c90c98bc5e3cb4127ecf04909e 
    • HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 06:31:51 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T06:31:52.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : 1113393854,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS267261",
   "city" : "Pirapora do Bom Jesus",
   "country" : "BR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 06:31:51 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS55933",
      "continent" : "OC",
      "continentname" : "Oceania",
      "country" : "AU",
      "countryname" : "Australia",
      "domain" : [
         "apnic.net"
      ],
      "isineu" : "false",
      "latitude" : "-25.274398",
      "location" : "-25.274398,133.775136",
      "longitude" : "133.775136",
      "netname" : "IANA-NETBLOCK-45",
      "organization" : "This network range is not fully allocated to APNIC.",
      "subnet" : "45.0.0.0/8"
   },
   "ip" : "45.231.153.196",
   "ipv6" : "false",
   "latitude" : "-23.3720",
   "location" : "-23.3720,-46.9780",
   "longitude" : "-46.9780",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "PROXER TELECOMUNICACOES LTDA ME",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 11112,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "45.231.152.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp"
}

  • 89.26.29.171:11112 (tcp/http) - last seen on 2024-11-21 at 06:31:24 UTC

    • IP
      89.26.29.171
      Network
      89.26.0.0/17
      Domain(s)
      cablelink.at
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      HTTP Title
      Bad Request
      Reverse DNS
      89-26-29-171.stat.cablelink.at
      ASN
      AS8445
      Organization
      SALZBURG AG fur Energie, Verkehr und Telekommunikation
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows
      Product
      Microsoft HTTPAPI 2.0
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      ab7ec59c257a6ef4d994483c583b818c
      HTTP Header MD5
      5f8987fc4ee9770a3292cd04557b2dbf
      HTTP Body MD5
      779df2c90c98bc5e3cb4127ecf04909e 
    • HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 06:31:23 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T06:31:24.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : -1002562436,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS8445",
   "city" : "Salzburg",
   "country" : "AT",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 06:31:23 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cablelink.at"
   ],
   "geolocus" : {
      "asn" : "AS8445",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "AT",
      "countryname" : "Austria",
      "domain" : [
         "cablelink.at",
         "salzburg-ag.at",
         "sol.at"
      ],
      "isineu" : "true",
      "latitude" : "47.516231",
      "location" : "47.516231,14.550072",
      "longitude" : "14.550072",
      "netname" : "AT-SALZBURG-AG-20060612",
      "organization" : "SALZBURG AG fur Energie, Verkehr und Telekommunikation",
      "subnet" : "89.26.0.0/17"
   },
   "host" : [
      "89-26-29-171"
   ],
   "hostname" : [
      "89-26-29-171.stat.cablelink.at"
   ],
   "ip" : "89.26.29.171",
   "ipv6" : "false",
   "latitude" : "47.8008",
   "location" : "47.8008,13.0443",
   "longitude" : "13.0443",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "SALZBURG AG fur Energie, Verkehr und Telekommunikation",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 11112,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "reverse" : [
      "89-26-29-171.stat.cablelink.at"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "stat.cablelink.at"
   ],
   "subnet" : "89.26.0.0/17",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "at"
   ],
   "tls" : "false",
   "transport" : "tcp"
}

  • 103.43.18.213:11112 (tcp/http) - last seen on 2024-11-21 at 05:01:50 UTC

    • IP
      103.43.18.213
      Network
      103.43.16.0/22
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      HTTP Title
      400 Bad Request
      ASN
      AS132883
      Organization
      TOPWAY GLOBAL LIMITED
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows
      Product
      F5 Nginx 1.17.6
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      55cf5de3b3a32a0ee5313aa230307980
      HTTP Header MD5
      f4eaba8998b0e515f84d95c1ad5ea5c7
      HTTP Body MD5
      2565895531633a7521636ee7375b43ca 
    • HTTP/1.1 400 Bad Request
Server: nginx/1.17.6
Date: Thu, 21 Nov 2024 04:57:07 GMT
Content-Type: text/html
Content-Length: 157
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.17.6</center>
</body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T05:01:50.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "2565895531633a7521636ee7375b43ca",
         "bodymmh3" : -1057385949,
         "headermd5" : "f4eaba8998b0e515f84d95c1ad5ea5c7",
         "headermmh3" : -283305103,
         "title" : "400 Bad Request"
      },
      "length" : 309
   },
   "asn" : "AS132883",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx/1.17.6\r\nDate: Thu, 21 Nov 2024 04:57:07 GMT\r\nContent-Type: text/html\r\nContent-Length: 157\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>nginx/1.17.6</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "55cf5de3b3a32a0ee5313aa230307980",
   "datammh3" : -1227591593,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS132883",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "cnaaa.com",
         "cnnic.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "cnaaa",
      "organization" : "Jiangsu Sanai network science and technology co ,LTD",
      "subnet" : "103.43.16.0/22"
   },
   "ip" : "103.43.18.213",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "TOPWAY GLOBAL LIMITED",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 11112,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.17.6",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "103.43.16.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp"
}

  • 103.216.153.121:11112 (tcp/http) - last seen on 2024-11-21 at 03:30:00 UTC

    • IP
      103.216.153.121
      Network
      103.216.152.0/22
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      HTTP Title
      Bad Request
      ASN
      AS137697
      Organization
      CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China.
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows
      Product
      Microsoft HTTPAPI 2.0
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      ab7ec59c257a6ef4d994483c583b818c
      HTTP Header MD5
      5f8987fc4ee9770a3292cd04557b2dbf
      HTTP Body MD5
      779df2c90c98bc5e3cb4127ecf04909e 
    • HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 03:29:55 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T03:30:00.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : -446835900,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS137697",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 03:29:55 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS137697",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "cnnic.cn",
         "qq.com"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "Bangrunkeji",
      "organization" : "Jangsu Bangrun Network Technology Co.,Ltd.",
      "subnet" : "103.216.152.0/22"
   },
   "ip" : "103.216.153.121",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China.",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 11112,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "103.216.152.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp"
}

  • 2.88.28.220:11112 (tcp/http) - last seen on 2024-11-21 at 03:29:33 UTC

    • IP
      2.88.28.220
      Network
      2.88.0.0/15
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      HTTP Title
      400 Bad Request
      ASN
      AS25019
      Organization
      Saudi Telecom Company JSC
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      fc50269b686770a240abfeb47634796e
      HTTP Header MD5
      b3217b172b9dc651b8a5783c5ffbb851
      HTTP Body MD5
      350229be63ba5355f549e4c281f8f6b3 
    • HTTP/1.1 400 Bad Request
Date: Thu, 21 Nov 2024 03:29:29 GMT
Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)
Content-Length: 93
Connection: Close
Content-Type: text/html

<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1></BODY></HTML>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T03:29:33.000Z",
   "app" : {
      "extract" : {
         "ip" : [
            "10.1.2.0"
         ]
      },
      "http" : {
         "bodymd5" : "350229be63ba5355f549e4c281f8f6b3",
         "bodymmh3" : -1425684228,
         "headermd5" : "b3217b172b9dc651b8a5783c5ffbb851",
         "headermmh3" : 968336268,
         "title" : "400 Bad Request"
      },
      "length" : 294
   },
   "asn" : "AS25019",
   "city" : "Riyadh",
   "country" : "SA",
   "data" : "HTTP/1.1 400 Bad Request\r\nDate: Thu, 21 Nov 2024 03:29:29 GMT\r\nServer: Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)\r\nContent-Length: 93\r\nConnection: Close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1></BODY></HTML>",
   "datamd5" : "fc50269b686770a240abfeb47634796e",
   "datammh3" : 1872784749,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS25019",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "SA",
      "countryname" : "Saudi Arabia",
      "domain" : [
         "stc.com.sa"
      ],
      "isineu" : "false",
      "latitude" : "23.885942",
      "location" : "23.885942,45.079162",
      "longitude" : "45.079162",
      "netname" : "SAUDINET_DSL_POOL",
      "organization" : "SaudiNet DSL pool_Dynamic IPs",
      "subnet" : "2.88.0.0/16"
   },
   "ip" : "2.88.28.220",
   "ipv6" : "false",
   "latitude" : "24.6869",
   "location" : "24.6869,46.7224",
   "longitude" : "46.7224",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Saudi Telecom Company JSC",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 11112,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "2.88.0.0/15",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp"
}