Cyber Defense Search Engine

IP
52.168.16.227

Network
52.160.0.0/11

Domain(s)
cloudapp.net

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

HTTP Title
Bad Request

ASN
AS8075

Organization
MICROSOFT-CORP-MSN-AS-BLOCK

Protocol
http Cert not expired http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
AME Infra CA 05

Subject Common Name
1d7f0077-4f00-4fc7-966f-29b28f6b1e7b.gwt.cloudapp.net

Subject Alt Name
azuregateway-1d7f0077-4f00-4fc7-966f-29b28f6b1e7b-e64f6d72bf3b.gwt.cloudapp.net

SHA256 Fingerprint
2b532895f6eac37b94767451ba091908be32d203bd19d355adcb750dc9d4b7fd

Validity Not Before
2024-10-17T02:04:50Z

Validity Not After
2025-10-12T02:04:50Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
ab7ec59c257a6ef4d994483c583b818c

HTTP Header MD5
5f8987fc4ee9770a3292cd04557b2dbf

HTTP Body MD5
779df2c90c98bc5e3cb4127ecf04909e

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 08:35:21 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:35:22.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : -941712642,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS8075",
   "ca" : "false",
   "city" : "Washington",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 08:35:21 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cloudapp.net"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "b7fe4eba2a9cfc4d4ccfe3db7d2e317a",
      "sha1" : "1fc5d846319598828fca7d6fe3f952538bbd28de",
      "sha256" : "2b532895f6eac37b94767451ba091908be32d203bd19d355adcb750dc9d4b7fd"
   },
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "MSFT",
      "organization" : "Microsoft Corporation",
      "subnet" : "52.168.0.0/16"
   },
   "host" : [
      "1d7f0077-4f00-4fc7-966f-29b28f6b1e7b",
      "azuregateway-1d7f0077-4f00-4fc7-966f-29b28f6b1e7b-e64f6d72bf3b"
   ],
   "hostname" : [
      "1d7f0077-4f00-4fc7-966f-29b28f6b1e7b.gwt.cloudapp.net",
      "azuregateway-1d7f0077-4f00-4fc7-966f-29b28f6b1e7b-e64f6d72bf3b.gwt.cloudapp.net"
   ],
   "ip" : "52.168.16.227",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "AME Infra CA 05"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "38.7095",
   "location" : "38.7095,-78.1539",
   "longitude" : "-78.1539",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 20000,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "serial" : "7c:05:ba:16:41:99:2b:7a:04:4c:ad:7a:fc:00:00:05:ba:16:41",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "gwt.cloudapp.net"
   ],
   "subject" : {
      "altname" : [
         "azuregateway-1d7f0077-4f00-4fc7-966f-29b28f6b1e7b-e64f6d72bf3b.gwt.cloudapp.net"
      ],
      "commonname" : "1d7f0077-4f00-4fc7-966f-29b28f6b1e7b.gwt.cloudapp.net"
   },
   "subnet" : "52.160.0.0/11",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-10-12T02:04:50Z",
      "notbefore" : "2024-10-17T02:04:50Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
23.97.194.139

Network
23.96.0.0/14

Domain(s)
cloudapp.net

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

HTTP Title
Bad Request

ASN
AS8075

Organization
MICROSOFT-CORP-MSN-AS-BLOCK

Protocol
http Cert not expired http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
AME Infra CA 02

Subject Common Name
8e79d367-146c-4500-bb9c-e2ec0bcc8f76.gwt.cloudapp.net

Subject Alt Name
azuregateway-8e79d367-146c-4500-bb9c-e2ec0bcc8f76-a5d8ab1f6597.gwt.cloudapp.net

SHA256 Fingerprint
7dcaa7d749212fa08c51be4241959191d5207e8acfcc3d83ff842dcad1949612

Validity Not Before
2024-09-06T01:28:48Z

Validity Not After
2025-09-01T01:28:48Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
ab7ec59c257a6ef4d994483c583b818c

HTTP Header MD5
5f8987fc4ee9770a3292cd04557b2dbf

HTTP Body MD5
779df2c90c98bc5e3cb4127ecf04909e

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 08:35:21 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:35:21.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : -941712642,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS8075",
   "ca" : "false",
   "city" : "Amsterdam",
   "country" : "NL",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 08:35:21 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cloudapp.net"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "9979c1983b2e9e73fb17f4c4e223a6c1",
      "sha1" : "7e6d3a96d552594b40e0f5c2dd7146c67018ec7e",
      "sha256" : "7dcaa7d749212fa08c51be4241959191d5207e8acfcc3d83ff842dcad1949612"
   },
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "MSFT",
      "organization" : "Microsoft Corporation",
      "subnet" : "23.97.128.0/17"
   },
   "host" : [
      "8e79d367-146c-4500-bb9c-e2ec0bcc8f76",
      "azuregateway-8e79d367-146c-4500-bb9c-e2ec0bcc8f76-a5d8ab1f6597"
   ],
   "hostname" : [
      "8e79d367-146c-4500-bb9c-e2ec0bcc8f76.gwt.cloudapp.net",
      "azuregateway-8e79d367-146c-4500-bb9c-e2ec0bcc8f76-a5d8ab1f6597.gwt.cloudapp.net"
   ],
   "ip" : "23.97.194.139",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "AME Infra CA 02"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "52.3759",
   "location" : "52.3759,4.8975",
   "longitude" : "4.8975",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 20000,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "serial" : "7f:03:fd:6a:91:f9:ea:f8:7c:a1:3c:de:68:00:04:03:fd:6a:91",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "gwt.cloudapp.net"
   ],
   "subject" : {
      "altname" : [
         "azuregateway-8e79d367-146c-4500-bb9c-e2ec0bcc8f76-a5d8ab1f6597.gwt.cloudapp.net"
      ],
      "commonname" : "8e79d367-146c-4500-bb9c-e2ec0bcc8f76.gwt.cloudapp.net"
   },
   "subnet" : "23.96.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-09-01T01:28:48Z",
      "notbefore" : "2024-09-06T01:28:48Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
65.181.131.201

Network
65.181.128.0/19

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

HTTP Title
400 Bad Request

ASN
AS134729

Organization
JOINT POWER TECHNOLOGY LIMITED

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe
Issuer Common Name
Waf defaut certificate(Attack Behavior reported to the police)

Issuer Organization
Waf

Subject Organization
Waf

Subject Common Name
Waf defaut certificate(Attack Behavior reported to the police)

SHA256 Fingerprint
185cefdaa1341ded7efcdf724d2e9581fe1d7b4ad3eb1ad6dd3a47c31013de27

Validity Not Before
2020-08-26T09:48:09Z

Validity Not After
2030-08-24T09:48:09Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
f6434d75c18561f6689ba0cc7f7de967

HTTP Header MD5
7de09592d0cc3062011d73fa292680b0

HTTP Body MD5
5ef00e5d557dc45a4cf3efc331e1bdc4

HTTP/1.1 400 Bad Request
Server: WAF
Date: Thu, 21 Nov 2024 08:35:19 GMT
Content-Type: text/html
Content-Length: 164
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>WAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:35:20.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "5ef00e5d557dc45a4cf3efc331e1bdc4",
         "bodymmh3" : -1126698889,
         "headermd5" : "7de09592d0cc3062011d73fa292680b0",
         "headermmh3" : 785971100,
         "title" : "400 Bad Request"
      },
      "length" : 307
   },
   "asn" : "AS134729",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: WAF\r\nDate: Thu, 21 Nov 2024 08:35:19 GMT\r\nContent-Type: text/html\r\nContent-Length: 164\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>WAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "f6434d75c18561f6689ba0cc7f7de967",
   "datammh3" : -1855578114,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "fingerprint" : {
      "md5" : "a01ba69ec230a73409884c2b344b5917",
      "sha1" : "c3820866b442e20cc8e4893132a4b0a9d20022f8",
      "sha256" : "185cefdaa1341ded7efcdf724d2e9581fe1d7b4ad3eb1ad6dd3a47c31013de27"
   },
   "geolocus" : {
      "asn" : "AS134729",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "ipxo.com",
         "pair.com",
         "pair.net",
         "pairnetworks.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "IXPO-65-181-128-0-19-REALLOCATION",
      "organization" : "IPXO LLC",
      "subnet" : "65.181.128.0/20"
   },
   "ip" : "65.181.131.201",
   "ipv6" : "false",
   "issuer" : {
      "city" : "Shanghai",
      "commonname" : "Waf defaut certificate(Attack Behavior reported to the police)",
      "country" : "CN",
      "organization" : "Waf",
      "organizationalunit" : "WAF"
   },
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "JOINT POWER TECHNOLOGY LIMITED",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "serial" : "d4:7c:19:ad:8a:0c:45:e7",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subject" : {
      "city" : "Shanghai",
      "commonname" : "Waf defaut certificate(Attack Behavior reported to the police)",
      "country" : "CN",
      "organization" : "Waf",
      "organizationalunit" : "WAF"
   },
   "subnet" : "65.181.128.0/19",
   "tag" : "<enterprise field>: tag",
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2030-08-24T09:48:09Z",
      "notbefore" : "2020-08-26T09:48:09Z"
   },
   "version" : "v1",
   "wildcard" : "false"
}

IP
95.82.48.227

Network
95.82.48.0/20

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

HTTP Title
400 Bad Request

ASN
AS134729

Organization
JOINT POWER TECHNOLOGY LIMITED

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe
Issuer Common Name
Waf defaut certificate(Attack Behavior reported to the police)

Issuer Organization
Waf

Subject Organization
Waf

Subject Common Name
Waf defaut certificate(Attack Behavior reported to the police)

SHA256 Fingerprint
185cefdaa1341ded7efcdf724d2e9581fe1d7b4ad3eb1ad6dd3a47c31013de27

Validity Not Before
2020-08-26T09:48:09Z

Validity Not After
2030-08-24T09:48:09Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
f6434d75c18561f6689ba0cc7f7de967

HTTP Header MD5
7de09592d0cc3062011d73fa292680b0

HTTP Body MD5
5ef00e5d557dc45a4cf3efc331e1bdc4

HTTP/1.1 400 Bad Request
Server: WAF
Date: Thu, 21 Nov 2024 08:35:20 GMT
Content-Type: text/html
Content-Length: 164
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>WAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:35:20.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "5ef00e5d557dc45a4cf3efc331e1bdc4",
         "bodymmh3" : -1126698889,
         "headermd5" : "7de09592d0cc3062011d73fa292680b0",
         "headermmh3" : 1816318738,
         "title" : "400 Bad Request"
      },
      "length" : 307
   },
   "asn" : "AS134729",
   "country" : "AU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: WAF\r\nDate: Thu, 21 Nov 2024 08:35:20 GMT\r\nContent-Type: text/html\r\nContent-Length: 164\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>WAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "f6434d75c18561f6689ba0cc7f7de967",
   "datammh3" : -1855578114,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "fingerprint" : {
      "md5" : "a01ba69ec230a73409884c2b344b5917",
      "sha1" : "c3820866b442e20cc8e4893132a4b0a9d20022f8",
      "sha256" : "185cefdaa1341ded7efcdf724d2e9581fe1d7b4ad3eb1ad6dd3a47c31013de27"
   },
   "ip" : "95.82.48.227",
   "ipv6" : "false",
   "issuer" : {
      "city" : "Shanghai",
      "commonname" : "Waf defaut certificate(Attack Behavior reported to the police)",
      "country" : "CN",
      "organization" : "Waf",
      "organizationalunit" : "WAF"
   },
   "latitude" : "-33.4940",
   "location" : "-33.4940,143.2104",
   "longitude" : "143.2104",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "JOINT POWER TECHNOLOGY LIMITED",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "serial" : "d4:7c:19:ad:8a:0c:45:e7",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subject" : {
      "city" : "Shanghai",
      "commonname" : "Waf defaut certificate(Attack Behavior reported to the police)",
      "country" : "CN",
      "organization" : "Waf",
      "organizationalunit" : "WAF"
   },
   "subnet" : "95.82.48.0/20",
   "tag" : "<enterprise field>: tag",
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2030-08-24T09:48:09Z",
      "notbefore" : "2020-08-26T09:48:09Z"
   },
   "version" : "v1",
   "wildcard" : "false"
}

IP
1.94.72.225

Network
1.94.0.0/15

Domain(s)
hwclouds-dns.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

HTTP Title
400 Bad Request

Reverse DNS
ecs-1-94-72-225.compute.hwclouds-dns.com

ASN
AS55990

Organization
Huawei Cloud Service data center

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe
Issuer Organization
Default Company Ltd

Subject Organization
Default Company Ltd

SHA256 Fingerprint
72233debaa9b5bebdad8ba027e3c345cfe28547e5d614b0d2e32f7f99d784b62

Validity Not Before
2017-08-17T01:41:51Z

Validity Not After
2027-08-15T01:41:51Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
c33ff34ac90f0c0935265233ff231a45

HTTP Header MD5
1bcf1dcb69e0b166facc4cad91962931

HTTP Body MD5
a537cafbaa86c09ca409a1d090f3bd45

HTTP/1.1 400 Bad Request
Server: CloudWAF
Date: Thu, 21 Nov 2024 08:35:20 GMT
Content-Type: text/html
Content-Length: 153
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>CloudWAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:35:20.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "a537cafbaa86c09ca409a1d090f3bd45",
         "bodymmh3" : -628054450,
         "headermd5" : "1bcf1dcb69e0b166facc4cad91962931",
         "headermmh3" : -277567806,
         "title" : "400 Bad Request"
      },
      "length" : 301
   },
   "asn" : "AS55990",
   "ca" : "true",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: CloudWAF\r\nDate: Thu, 21 Nov 2024 08:35:20 GMT\r\nContent-Type: text/html\r\nContent-Length: 153\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>CloudWAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "c33ff34ac90f0c0935265233ff231a45",
   "datammh3" : -111872105,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "hwclouds-dns.com"
   ],
   "fingerprint" : {
      "md5" : "ea37e19c758a66f7d20c17cf7c276c63",
      "sha1" : "91550bcbeace78ee0f818851a511cbab40f84fc2",
      "sha256" : "72233debaa9b5bebdad8ba027e3c345cfe28547e5d614b0d2e32f7f99d784b62"
   },
   "geolocus" : {
      "asn" : "AS55990",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "cnnic.cn",
         "drpeng.com.cn",
         "hwclouds-dns.com"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "DXTNET",
      "organization" : "Beijing Teletron Telecom Engineering Co., Ltd.",
      "subnet" : "1.94.0.0/16"
   },
   "host" : [
      "ecs-1-94-72-225"
   ],
   "hostname" : [
      "ecs-1-94-72-225.compute.hwclouds-dns.com"
   ],
   "ip" : "1.94.72.225",
   "ipv6" : "false",
   "issuer" : {
      "city" : "Default City",
      "country" : "XX",
      "organization" : "Default Company Ltd"
   },
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Huawei Cloud Service data center",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "reverse" : [
      "ecs-1-94-72-225.compute.hwclouds-dns.com"
   ],
   "seen_date" : "2024-11-21",
   "serial" : "92:86:c1:83:96:0e:0a:46",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "compute.hwclouds-dns.com"
   ],
   "subject" : {
      "city" : "Default City",
      "country" : "XX",
      "organization" : "Default Company Ltd"
   },
   "subnet" : "1.94.0.0/15",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2027-08-15T01:41:51Z",
      "notbefore" : "2017-08-17T01:41:51Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
119.8.159.44

Network
119.8.128.0/18

Domain(s)
hwclouds-dns.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

HTTP Title
400 Bad Request

Reverse DNS
ecs-119-8-159-44.compute.hwclouds-dns.com

ASN
AS136907

Organization
HUAWEI CLOUDS

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe
Issuer Organization
Default Company Ltd

Subject Organization
Default Company Ltd

SHA256 Fingerprint
72233debaa9b5bebdad8ba027e3c345cfe28547e5d614b0d2e32f7f99d784b62

Validity Not Before
2017-08-17T01:41:51Z

Validity Not After
2027-08-15T01:41:51Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
c33ff34ac90f0c0935265233ff231a45

HTTP Header MD5
1bcf1dcb69e0b166facc4cad91962931

HTTP Body MD5
a537cafbaa86c09ca409a1d090f3bd45

HTTP/1.1 400 Bad Request
Server: CloudWAF
Date: Thu, 21 Nov 2024 08:35:19 GMT
Content-Type: text/html
Content-Length: 153
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>CloudWAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:35:19.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "a537cafbaa86c09ca409a1d090f3bd45",
         "bodymmh3" : -628054450,
         "headermd5" : "1bcf1dcb69e0b166facc4cad91962931",
         "headermmh3" : 1636922312,
         "title" : "400 Bad Request"
      },
      "length" : 301
   },
   "asn" : "AS136907",
   "ca" : "true",
   "city" : "Santiago",
   "country" : "CL",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: CloudWAF\r\nDate: Thu, 21 Nov 2024 08:35:19 GMT\r\nContent-Type: text/html\r\nContent-Length: 153\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>CloudWAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "c33ff34ac90f0c0935265233ff231a45",
   "datammh3" : -111872105,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "hwclouds-dns.com"
   ],
   "fingerprint" : {
      "md5" : "ea37e19c758a66f7d20c17cf7c276c63",
      "sha1" : "91550bcbeace78ee0f818851a511cbab40f84fc2",
      "sha256" : "72233debaa9b5bebdad8ba027e3c345cfe28547e5d614b0d2e32f7f99d784b62"
   },
   "geolocus" : {
      "asn" : "AS136907",
      "continent" : "SA",
      "continentname" : "South America",
      "country" : "CL",
      "countryname" : "Chile",
      "domain" : [
         "huawei.com",
         "huaweicloud.com"
      ],
      "isineu" : "false",
      "latitude" : "-35.675147",
      "location" : "-35.675147,-71.542969",
      "longitude" : "-71.542969",
      "netname" : "Huawei-CL-Cloud",
      "organization" : "HUAWEI INTERNATIONAL PTE. LTD.",
      "subnet" : "119.8.144.0/20"
   },
   "host" : [
      "ecs-119-8-159-44"
   ],
   "hostname" : [
      "ecs-119-8-159-44.compute.hwclouds-dns.com"
   ],
   "ip" : "119.8.159.44",
   "ipv6" : "false",
   "issuer" : {
      "city" : "Default City",
      "country" : "XX",
      "organization" : "Default Company Ltd"
   },
   "latitude" : "-33.4521",
   "location" : "-33.4521,-70.6536",
   "longitude" : "-70.6536",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "HUAWEI CLOUDS",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "reverse" : [
      "ecs-119-8-159-44.compute.hwclouds-dns.com"
   ],
   "seen_date" : "2024-11-21",
   "serial" : "92:86:c1:83:96:0e:0a:46",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "compute.hwclouds-dns.com"
   ],
   "subject" : {
      "city" : "Default City",
      "country" : "XX",
      "organization" : "Default Company Ltd"
   },
   "subnet" : "119.8.128.0/18",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2027-08-15T01:41:51Z",
      "notbefore" : "2017-08-17T01:41:51Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
20.185.36.142

Network
20.184.0.0/13

Domain(s)
cloudapp.net

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

HTTP Title
Bad Request

ASN
AS8075

Organization
MICROSOFT-CORP-MSN-AS-BLOCK

Protocol
http Cert not expired http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
AME Infra CA 02

Subject Common Name
8cd20077-951e-4996-9487-4a7b41d406da.gwt.cloudapp.net

Subject Alt Name
azuregateway-8cd20077-951e-4996-9487-4a7b41d406da-e6824ec4ac8d.gwt.cloudapp.net

SHA256 Fingerprint
4ddda6e9578fd06fbe0a2e5b38577f6421d2b78d0cd0049e0cc151432d1bf34c

Validity Not Before
2024-08-07T21:26:10Z

Validity Not After
2025-08-02T21:26:10Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
ab7ec59c257a6ef4d994483c583b818c

HTTP Header MD5
5f8987fc4ee9770a3292cd04557b2dbf

HTTP Body MD5
779df2c90c98bc5e3cb4127ecf04909e

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 08:35:16 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:35:17.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : 589292149,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS8075",
   "ca" : "false",
   "city" : "Washington",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 08:35:16 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cloudapp.net"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "ddf8ad03051eac18f09eddc95475a68d",
      "sha1" : "25ebad4246c51646e961498b2d9a521e828f5163",
      "sha256" : "4ddda6e9578fd06fbe0a2e5b38577f6421d2b78d0cd0049e0cc151432d1bf34c"
   },
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "MSFT",
      "organization" : "Microsoft Corporation",
      "subnet" : "20.185.0.0/16"
   },
   "host" : [
      "8cd20077-951e-4996-9487-4a7b41d406da",
      "azuregateway-8cd20077-951e-4996-9487-4a7b41d406da-e6824ec4ac8d"
   ],
   "hostname" : [
      "8cd20077-951e-4996-9487-4a7b41d406da.gwt.cloudapp.net",
      "azuregateway-8cd20077-951e-4996-9487-4a7b41d406da-e6824ec4ac8d.gwt.cloudapp.net"
   ],
   "ip" : "20.185.36.142",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "AME Infra CA 02"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "38.7095",
   "location" : "38.7095,-78.1539",
   "longitude" : "-78.1539",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 20000,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "serial" : "7f:03:ca:fd:0d:16:08:67:72:fa:8d:7c:49:00:04:03:ca:fd:0d",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "gwt.cloudapp.net"
   ],
   "subject" : {
      "altname" : [
         "azuregateway-8cd20077-951e-4996-9487-4a7b41d406da-e6824ec4ac8d.gwt.cloudapp.net"
      ],
      "commonname" : "8cd20077-951e-4996-9487-4a7b41d406da.gwt.cloudapp.net"
   },
   "subnet" : "20.184.0.0/13",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-08-02T21:26:10Z",
      "notbefore" : "2024-08-07T21:26:10Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
51.141.114.35

Network
51.140.0.0/14

Domain(s)
cloudapp.net

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

HTTP Title
Bad Request

ASN
AS8075

Organization
MICROSOFT-CORP-MSN-AS-BLOCK

Protocol
http Cert not expired http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
AME Infra CA 02

Subject Common Name
86610074-02c8-4781-b2cc-0c5e6b8302c4.gwt.cloudapp.net

Subject Alt Name
azuregateway-86610074-02c8-4781-b2cc-0c5e6b8302c4-3f9c280ab8cf.gwt.cloudapp.net

SHA256 Fingerprint
64443af3188e2d034a79294e6c341412b09e8c112fd95ad55a8d92bdfd9b4e33

Validity Not Before
2024-07-08T13:53:02Z

Validity Not After
2025-07-03T13:53:02Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
ab7ec59c257a6ef4d994483c583b818c

HTTP Header MD5
5f8987fc4ee9770a3292cd04557b2dbf

HTTP Body MD5
779df2c90c98bc5e3cb4127ecf04909e

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 08:34:57 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:34:57.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : -1610165772,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS8075",
   "ca" : "false",
   "city" : "Cardiff",
   "country" : "GB",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 08:34:57 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cloudapp.net"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "3a40d0953edca8ce3c8c8da1451759d8",
      "sha1" : "8d248296e2d0613155e3760a90b13967dcb43e13",
      "sha256" : "64443af3188e2d034a79294e6c341412b09e8c112fd95ad55a8d92bdfd9b4e33"
   },
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "GB",
      "countryname" : "United Kingdom",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "55.378051",
      "location" : "55.378051,-3.435973",
      "longitude" : "-3.435973",
      "netname" : "MICROSOFT",
      "organization" : "Microsoft Limited",
      "subnet" : "51.140.0.0/14"
   },
   "host" : [
      "86610074-02c8-4781-b2cc-0c5e6b8302c4",
      "azuregateway-86610074-02c8-4781-b2cc-0c5e6b8302c4-3f9c280ab8cf"
   ],
   "hostname" : [
      "86610074-02c8-4781-b2cc-0c5e6b8302c4.gwt.cloudapp.net",
      "azuregateway-86610074-02c8-4781-b2cc-0c5e6b8302c4-3f9c280ab8cf.gwt.cloudapp.net"
   ],
   "ip" : "51.141.114.35",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "AME Infra CA 02"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "51.4866",
   "location" : "51.4866,-3.1549",
   "longitude" : "-3.1549",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 20000,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "serial" : "7f:03:90:ff:4d:86:2a:35:c6:67:66:e3:32:00:04:03:90:ff:4d",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "gwt.cloudapp.net"
   ],
   "subject" : {
      "altname" : [
         "azuregateway-86610074-02c8-4781-b2cc-0c5e6b8302c4-3f9c280ab8cf.gwt.cloudapp.net"
      ],
      "commonname" : "86610074-02c8-4781-b2cc-0c5e6b8302c4.gwt.cloudapp.net"
   },
   "subnet" : "51.140.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-07-03T13:53:02Z",
      "notbefore" : "2024-07-08T13:53:02Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
45.60.105.52

Alternative IP(s)
2a02:e980:dd:0:0:0:0:34 2a02:e980:df:0:0:0:0:34 2a02:e980:e3:0:0:0:0:34 45.60.109.225 45.60.44.52 45.60.46.52 45.60.52.52 45.60.73.225

Network
45.60.64.0/18

Domain(s)
electricalsinformed.com hvacinformed.com imperva.com maritimeinformed.com securityinformed.com sourcesecurity.com thebigredguide.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

ASN
AS19551

Organization
INCAPSULA

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe
Issuer Common Name
GlobalSign Atlas R3 DV TLS CA 2024 Q4

Issuer Organization
GlobalSign nv-sa

Subject Common Name
imperva.com

Subject Alt Name
www.thebigredguide.com hvacinformed.com www.maritimeinformed.com www.securityinformed.com thebigredguide.com electricalsinformed.com sourcesecurity.com www.hvacinformed.com maritimeinformed.com securityinformed.com www.electricalsinformed.com www.sourcesecurity.com imperva.com

SHA256 Fingerprint
9fdbce3ac59df9083e61287848f1658f161eaa72bed19be615129a95816cb345

Validity Not Before
2024-10-08T23:27:44Z

Validity Not After
2025-04-06T23:27:44Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
814a5800c8dc5b8ef307e81f23dc63b9

HTTP Header MD5
87a53fc5bce9ad4b00e0a136ce4eca4d

HTTP Body MD5
1f323b1040eb391f3fdf52e1aa7b2c88

HTTP/1.1 400 Bad Request
Content-Type: text/html
Cache-Control: no-cache, no-store
Connection: close
Content-Length: 705
X-Iinfo: 61-285357427-0 0NNN RT(1732178096038 203) q(-1 -1 -1 -1) r(0 -1) b1

<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=24&xinfo=61-285357427-0%200NNN%20RT%281732178096038%20203%29%20q%28-1%20-1%20-1%20-1%29%20r%280%20-1%29%20b1&incident_id=0-1388227485677191805&edet=3&cinfo=ffffffff&pe=544&rpinfo=0&mth=NA" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-1388227485677191805</iframe></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:34:57.000Z",
   "alternativeip" : [
      "2a02:e980:dd:0:0:0:0:34",
      "2a02:e980:df:0:0:0:0:34",
      "2a02:e980:e3:0:0:0:0:34",
      "45.60.109.225",
      "45.60.44.52",
      "45.60.46.52",
      "45.60.52.52",
      "45.60.73.225"
   ],
   "app" : {
      "http" : {
         "bodymd5" : "1f323b1040eb391f3fdf52e1aa7b2c88",
         "bodymmh3" : -14153202,
         "headermd5" : "87a53fc5bce9ad4b00e0a136ce4eca4d",
         "headermmh3" : 1114190732
      },
      "length" : 911
   },
   "asn" : "AS19551",
   "basicconstraints" : "critical",
   "ca" : "false",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store\r\nConnection: close\r\nContent-Length: 705\r\nX-Iinfo: 61-285357427-0 0NNN RT(1732178096038 203) q(-1 -1 -1 -1) r(0 -1) b1\r\n\r\n<html style=\"height:100%\"><head><META NAME=\"ROBOTS\" CONTENT=\"NOINDEX, NOFOLLOW\"><meta name=\"format-detection\" content=\"telephone=no\"><meta name=\"viewport\" content=\"initial-scale=1.0\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"></head><body style=\"margin:0px;height:100%\"><iframe id=\"main-iframe\" src=\"/_Incapsula_Resource?CWUDNSAI=24&xinfo=61-285357427-0%200NNN%20RT%281732178096038%20203%29%20q%28-1%20-1%20-1%20-1%29%20r%280%20-1%29%20b1&incident_id=0-1388227485677191805&edet=3&cinfo=ffffffff&pe=544&rpinfo=0&mth=NA\" frameborder=0 width=\"100%\" height=\"100%\" marginheight=\"0px\" marginwidth=\"0px\">Request unsuccessful. Incapsula incident ID: 0-1388227485677191805</iframe></body></html>",
   "datamd5" : "814a5800c8dc5b8ef307e81f23dc63b9",
   "datammh3" : -501531137,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "electricalsinformed.com",
      "hvacinformed.com",
      "imperva.com",
      "maritimeinformed.com",
      "securityinformed.com",
      "sourcesecurity.com",
      "thebigredguide.com"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "2f47605d31e91936da86288b1e69cb17",
      "sha1" : "5c16a995848fece5637f0a76b7590644a76a5c65",
      "sha256" : "9fdbce3ac59df9083e61287848f1658f161eaa72bed19be615129a95816cb345"
   },
   "geolocus" : {
      "asn" : "AS19551",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "imperva.com",
         "incapsula.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "INCAPSULA-NET",
      "organization" : "Incapsula Inc",
      "subnet" : "45.60.105.0/24"
   },
   "host" : [
      "www"
   ],
   "hostname" : [
      "electricalsinformed.com",
      "hvacinformed.com",
      "imperva.com",
      "maritimeinformed.com",
      "securityinformed.com",
      "sourcesecurity.com",
      "thebigredguide.com",
      "www.electricalsinformed.com",
      "www.hvacinformed.com",
      "www.maritimeinformed.com",
      "www.securityinformed.com",
      "www.sourcesecurity.com",
      "www.thebigredguide.com"
   ],
   "ip" : "45.60.105.52",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign Atlas R3 DV TLS CA 2024 Q4",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "INCAPSULA",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "serial" : "01:35:96:b7:92:41:7f:75:94:92:21:46:97:5c:55:d8",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subject" : {
      "altname" : [
         "www.thebigredguide.com",
         "hvacinformed.com",
         "www.maritimeinformed.com",
         "www.securityinformed.com",
         "thebigredguide.com",
         "electricalsinformed.com",
         "sourcesecurity.com",
         "www.hvacinformed.com",
         "maritimeinformed.com",
         "securityinformed.com",
         "www.electricalsinformed.com",
         "www.sourcesecurity.com",
         "imperva.com"
      ],
      "commonname" : "imperva.com"
   },
   "subnet" : "45.60.64.0/18",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-04-06T23:27:44Z",
      "notbefore" : "2024-10-08T23:27:44Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
163.228.233.52

Network
163.228.0.0/16

Domain(s)
chinacloudapp.cn

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

HTTP Title
Bad Request

ASN
AS58593

Organization
Shanghai Blue Cloud Technology Co.,Ltd

Protocol
http Cert not expired http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
AME INFRA CA 01

Subject Common Name
d2970049-7f16-4652-a431-17b169d66025.gwt.chinacloudapp.cn

Subject Alt Name
azuregateway-d2970049-7f16-4652-a431-17b169d66025-6349aca023c6.gwt.chinacloudapp.cn

SHA256 Fingerprint
eb870841d700cb5072a86498f99bd7b6751cc314eea00163c89b31fc846bc91b

Validity Not Before
2024-09-22T03:36:34Z

Validity Not After
2025-09-17T03:36:34Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
ab7ec59c257a6ef4d994483c583b818c

HTTP Header MD5
5f8987fc4ee9770a3292cd04557b2dbf

HTTP Body MD5
779df2c90c98bc5e3cb4127ecf04909e

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 08:34:56 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:34:56.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : 178274842,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS58593",
   "ca" : "false",
   "city" : "Zhangjiakou",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 08:34:56 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "chinacloudapp.cn"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "13495e5e75640e590e96d98ad237d5a8",
      "sha1" : "35c39f0e0c9ce85bf8c262ed264d04ee98f120d3",
      "sha256" : "eb870841d700cb5072a86498f99bd7b6751cc314eea00163c89b31fc846bc91b"
   },
   "geolocus" : {
      "asn" : "AS58593",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "21vianet.com",
         "cnnic.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "BLUECLOUD",
      "organization" : "Shanghai Blue Cloud Technology Co.,Ltd",
      "subnet" : "163.228.0.0/16"
   },
   "host" : [
      "azuregateway-d2970049-7f16-4652-a431-17b169d66025-6349aca023c6",
      "d2970049-7f16-4652-a431-17b169d66025"
   ],
   "hostname" : [
      "azuregateway-d2970049-7f16-4652-a431-17b169d66025-6349aca023c6.gwt.chinacloudapp.cn",
      "d2970049-7f16-4652-a431-17b169d66025.gwt.chinacloudapp.cn"
   ],
   "ip" : "163.228.233.52",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "AME INFRA CA 01"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "40.7846",
   "location" : "40.7846,114.8559",
   "longitude" : "114.8559",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Shanghai Blue Cloud Technology Co.,Ltd",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 20000,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "serial" : "3a:03:b2:30:74:d9:9b:a7:20:0e:0a:93:26:00:04:03:b2:30:74",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "gwt.chinacloudapp.cn"
   ],
   "subject" : {
      "altname" : [
         "azuregateway-d2970049-7f16-4652-a431-17b169d66025-6349aca023c6.gwt.chinacloudapp.cn"
      ],
      "commonname" : "d2970049-7f16-4652-a431-17b169d66025.gwt.chinacloudapp.cn"
   },
   "subnet" : "163.228.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "cn"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-09-17T03:36:34Z",
      "notbefore" : "2024-09-22T03:36:34Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

Returning 10 result(s) out of 1,215,983 in 0.082 second(s)

52.168.16.227:20000 (tcp/http/tls) - last seen on 2024-11-21 at 08:35:22 UTC

23.97.194.139:20000 (tcp/http/tls) - last seen on 2024-11-21 at 08:35:21 UTC

65.181.131.201:20000 (tcp/http/tls) - last seen on 2024-11-21 at 08:35:20 UTC

95.82.48.227:20000 (tcp/http/tls) - last seen on 2024-11-21 at 08:35:20 UTC

1.94.72.225:20000 (tcp/http/tls) - last seen on 2024-11-21 at 08:35:20 UTC

119.8.159.44:20000 (tcp/http/tls) - last seen on 2024-11-21 at 08:35:19 UTC

20.185.36.142:20000 (tcp/http/tls) - last seen on 2024-11-21 at 08:35:17 UTC

51.141.114.35:20000 (tcp/http/tls) - last seen on 2024-11-21 at 08:34:57 UTC

45.60.105.52:20000 (tcp/http/tls) - last seen on 2024-11-21 at 08:34:57 UTC

163.228.233.52:20000 (tcp/http/tls) - last seen on 2024-11-21 at 08:34:56 UTC