Cyber Defense Search Engine

IP
140.150.3.96

Network
140.150.2.0/23

Device

<enterprise field>: device.class

URL

http://140.150.3.96:20020/ 400

HTTP Title
400 Bad Request

ASN
AS54994

Organization
ML-1432-54994

Protocol
http

Source
datascan
Product
F5 Nginx

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
8d766195834c20e139fe5cc29a2f2afe

HTTP Header MD5
6eebdd0ccfd74b7958a1071b2fc74ae1

HTTP Body MD5
8d4643385fd986f0eaa01d93332aa0be

HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 21 Nov 2024 08:32:28 GMT
Content-Type: text/html
Content-Length: 2425
Connection: close
x-ws-request-id: 673ef01c_PS-KIX-01UU5174_40213-44552

<!DOCTYPE html>
<html>
	<head>
		<meta charset="utf-8">
		<meta http-equiv="X-UA-Compatible" content="IE=edge">
		<meta name="viewport" content="width=device-width, initial-scale=1">
		<title>400 Bad Request</title>
		<style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style>
	</head>
	<body>
		<div id="p" class="P">
			<div class="K">400</div>
			<div class="O I">Bad Request</div>
			<p class="J A L">Error Times: Thu, 21 Nov 2024 08:32:28 GMT
				<br>
				<span class="F">IP: <srcip></span>Node information: PS-KIX-01UU5174
				<br>URL: http://<ip>:20020/
				<br>Request-Id: 673ef01c_PS-KIX-01UU5174_40213-44552
				<br>
				<br>Check:
				<span class="C G" onclick="s(0)">Details</span></p>
		</div>
		<div id="d" class="hide_me P H">
			<div class="K">ERROR</div>
			<p class="O I">"The Requested URL could not be retrieved</p>
			<div class="O">
				<div>While trying to retrieve the URL:</div>
				<pre class="B G">http://<ip>:20020/</pre></div>
			<div class="M">
				<span>The following error was encountered:</span>
				<ul class="E">
					<li class="D G">Invalid Request</li></ul>
			</div>
			<div class="M">
				<span>This request could not be forwarded to the origin server or to any higher level cache servers. The most likely cause for this error is that:</span>
				<ul class="E G">
					<li class="D">Missing or unknown request method</li>
					<li class="D">Missing URL</li>
					<li class="D">Missing HTTP Identifier (HTTP/1.0)</li>
					<li class="D">Request is too large</li>
					<li class="D">Content-Length missing for POST or PUT requests</li>
					<li class="D">Illegal character in hostname;underscores are not allowed</li>
					<li class="D">Range Invalid</li></ul>
			</div>
			<a class="N C" href="#" onclick="s(1)">return</a></div>
		<script type="text/javascript">function e(i) {
				return document.getElementById(i);
			}
			function d(i, t) {
				e(i).style.display = (t ? 'block': 'none');
			}
			function s(e) {
				d('p', e);
				d('d', !e);
			}</script>
	</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:32:28.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "8d4643385fd986f0eaa01d93332aa0be",
         "bodymmh3" : 777283359,
         "headermd5" : "6eebdd0ccfd74b7958a1071b2fc74ae1",
         "headermmh3" : -272030432,
         "title" : "400 Bad Request"
      },
      "length" : 2604
   },
   "asn" : "AS54994",
   "country" : "CA",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Thu, 21 Nov 2024 08:32:28 GMT\r\nContent-Type: text/html\r\nContent-Length: 2425\r\nConnection: close\r\nx-ws-request-id: 673ef01c_PS-KIX-01UU5174_40213-44552\r\n\r\n<!DOCTYPE html>\n<html>\n\t<head>\n\t\t<meta charset=\"utf-8\">\n\t\t<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n\t\t<title>400 Bad Request</title>\n\t\t<style type=\"text/css\">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style>\n\t</head>\n\t<body>\n\t\t<div id=\"p\" class=\"P\">\n\t\t\t<div class=\"K\">400</div>\n\t\t\t<div class=\"O I\">Bad Request</div>\n\t\t\t<p class=\"J A L\">Error Times: Thu, 21 Nov 2024 08:32:28 GMT\n\t\t\t\t<br>\n\t\t\t\t<span class=\"F\">IP: <srcip></span>Node information: PS-KIX-01UU5174\n\t\t\t\t<br>URL: http://<ip>:20020/\n\t\t\t\t<br>Request-Id: 673ef01c_PS-KIX-01UU5174_40213-44552\n\t\t\t\t<br>\n\t\t\t\t<br>Check:\n\t\t\t\t<span class=\"C G\" onclick=\"s(0)\">Details</span></p>\n\t\t</div>\n\t\t<div id=\"d\" class=\"hide_me P H\">\n\t\t\t<div class=\"K\">ERROR</div>\n\t\t\t<p class=\"O I\">\"The Requested URL could not be retrieved</p>\n\t\t\t<div class=\"O\">\n\t\t\t\t<div>While trying to retrieve the URL:</div>\n\t\t\t\t<pre class=\"B G\">http://<ip>:20020/</pre></div>\n\t\t\t<div class=\"M\">\n\t\t\t\t<span>The following error was encountered:</span>\n\t\t\t\t<ul class=\"E\">\n\t\t\t\t\t<li class=\"D G\">Invalid Request</li></ul>\n\t\t\t</div>\n\t\t\t<div class=\"M\">\n\t\t\t\t<span>This request could not be forwarded to the origin server or to any higher level cache servers. The most likely cause for this error is that:</span>\n\t\t\t\t<ul class=\"E G\">\n\t\t\t\t\t<li class=\"D\">Missing or unknown request method</li>\n\t\t\t\t\t<li class=\"D\">Missing URL</li>\n\t\t\t\t\t<li class=\"D\">Missing HTTP Identifier (HTTP/1.0)</li>\n\t\t\t\t\t<li class=\"D\">Request is too large</li>\n\t\t\t\t\t<li class=\"D\">Content-Length missing for POST or PUT requests</li>\n\t\t\t\t\t<li class=\"D\">Illegal character in hostname;underscores are not allowed</li>\n\t\t\t\t\t<li class=\"D\">Range Invalid</li></ul>\n\t\t\t</div>\n\t\t\t<a class=\"N C\" href=\"#\" onclick=\"s(1)\">return</a></div>\n\t\t<script type=\"text/javascript\">function e(i) {\n\t\t\t\treturn document.getElementById(i);\n\t\t\t}\n\t\t\tfunction d(i, t) {\n\t\t\t\te(i).style.display = (t ? 'block': 'none');\n\t\t\t}\n\t\t\tfunction s(e) {\n\t\t\t\td('p', e);\n\t\t\t\td('d', !e);\n\t\t\t}</script>\n\t</body>\n</html>",
   "datamd5" : "8d766195834c20e139fe5cc29a2f2afe",
   "datammh3" : -1675193025,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS54994",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "SE",
      "countryname" : "Sweden",
      "isineu" : "true",
      "latitude" : "60.128161",
      "location" : "60.128161,18.643501",
      "longitude" : "18.643501",
      "netname" : "FUJITSU-SE",
      "organization" : "Fujitsu Sweden AB",
      "subnet" : "140.150.0.0/19"
   },
   "ip" : "140.150.3.96",
   "ipv6" : "false",
   "latitude" : "43.6319",
   "location" : "43.6319,-79.3716",
   "longitude" : "-79.3716",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "ML-1432-54994",
   "port" : 20020,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "140.150.2.0/23",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
61.110.222.69

Network
61.110.220.0/22

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://61.110.222.69:20020/ 400

HTTP Title
400 Bad Request

ASN
AS54994

Organization
ML-1432-54994

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

Product
F5 Nginx

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
742f51bd67b82e71b2da7698d7e35760

HTTP Header MD5
77b327782567e66e23b10d0e217725bc

HTTP Body MD5
a344c7067eabbee5ccfc9532ac9969a5

HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 21 Nov 2024 08:32:17 GMT
Content-Type: text/html
Content-Length: 2425
Connection: close
x-ws-request-id: 673ef011_VM-MXP-01JTu31_22883-36852

<!DOCTYPE html>
<html>
	<head>
		<meta charset="utf-8">
		<meta http-equiv="X-UA-Compatible" content="IE=edge">
		<meta name="viewport" content="width=device-width, initial-scale=1">
		<title>400 Bad Request</title>
		<style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style>
	</head>
	<body>
		<div id="p" class="P">
			<div class="K">400</div>
			<div class="O I">Bad Request</div>
			<p class="J A L">Error Times: Thu, 21 Nov 2024 08:32:17 GMT
				<br>
				<span class="F">IP: <srcip></span>Node information: VM-MXP-01JTu31
				<br>URL: http://<ip>:20020/
				<br>Request-Id: 673ef011_VM-MXP-01JTu31_22883-36852
				<br>
				<br>Check:
				<span class="C G" onclick="s(0)">Details</span></p>
		</div>
		<div id="d" class="hide_me P H">
			<div class="K">ERROR</div>
			<p class="O I">"The Requested URL could not be retrieved</p>
			<div class="O">
				<div>While trying to retrieve the URL:</div>
				<pre class="B G">http://<ip>:20020/</pre></div>
			<div class="M">
				<span>The following error was encountered:</span>
				<ul class="E">
					<li class="D G">Invalid Request</li></ul>
			</div>
			<div class="M">
				<span>This request could not be forwarded to the origin server or to any higher level cache servers. The most likely cause for this error is that:</span>
				<ul class="E G">
					<li class="D">Missing or unknown request method</li>
					<li class="D">Missing URL</li>
					<li class="D">Missing HTTP Identifier (HTTP/1.0)</li>
					<li class="D">Request is too large</li>
					<li class="D">Content-Length missing for POST or PUT requests</li>
					<li class="D">Illegal character in hostname;underscores are not allowed</li>
					<li class="D">Range Invalid</li></ul>
			</div>
			<a class="N C" href="#" onclick="s(1)">return</a></div>
		<script type="text/javascript">function e(i) {
				return document.getElementById(i);
			}
			function d(i, t) {
				e(i).style.display = (t ? 'block': 'none');
			}
			function s(e) {
				d('p', e);
				d('d', !e);
			}</script>
	</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:32:17.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "a344c7067eabbee5ccfc9532ac9969a5",
         "bodymmh3" : -1402138511,
         "headermd5" : "77b327782567e66e23b10d0e217725bc",
         "headermmh3" : -893147013,
         "title" : "400 Bad Request"
      },
      "length" : 2601
   },
   "asn" : "AS54994",
   "city" : "Osaka",
   "country" : "JP",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Thu, 21 Nov 2024 08:32:17 GMT\r\nContent-Type: text/html\r\nContent-Length: 2425\r\nConnection: close\r\nx-ws-request-id: 673ef011_VM-MXP-01JTu31_22883-36852\r\n\r\n<!DOCTYPE html>\n<html>\n\t<head>\n\t\t<meta charset=\"utf-8\">\n\t\t<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n\t\t<title>400 Bad Request</title>\n\t\t<style type=\"text/css\">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style>\n\t</head>\n\t<body>\n\t\t<div id=\"p\" class=\"P\">\n\t\t\t<div class=\"K\">400</div>\n\t\t\t<div class=\"O I\">Bad Request</div>\n\t\t\t<p class=\"J A L\">Error Times: Thu, 21 Nov 2024 08:32:17 GMT\n\t\t\t\t<br>\n\t\t\t\t<span class=\"F\">IP: <srcip></span>Node information: VM-MXP-01JTu31\n\t\t\t\t<br>URL: http://<ip>:20020/\n\t\t\t\t<br>Request-Id: 673ef011_VM-MXP-01JTu31_22883-36852\n\t\t\t\t<br>\n\t\t\t\t<br>Check:\n\t\t\t\t<span class=\"C G\" onclick=\"s(0)\">Details</span></p>\n\t\t</div>\n\t\t<div id=\"d\" class=\"hide_me P H\">\n\t\t\t<div class=\"K\">ERROR</div>\n\t\t\t<p class=\"O I\">\"The Requested URL could not be retrieved</p>\n\t\t\t<div class=\"O\">\n\t\t\t\t<div>While trying to retrieve the URL:</div>\n\t\t\t\t<pre class=\"B G\">http://<ip>:20020/</pre></div>\n\t\t\t<div class=\"M\">\n\t\t\t\t<span>The following error was encountered:</span>\n\t\t\t\t<ul class=\"E\">\n\t\t\t\t\t<li class=\"D G\">Invalid Request</li></ul>\n\t\t\t</div>\n\t\t\t<div class=\"M\">\n\t\t\t\t<span>This request could not be forwarded to the origin server or to any higher level cache servers. The most likely cause for this error is that:</span>\n\t\t\t\t<ul class=\"E G\">\n\t\t\t\t\t<li class=\"D\">Missing or unknown request method</li>\n\t\t\t\t\t<li class=\"D\">Missing URL</li>\n\t\t\t\t\t<li class=\"D\">Missing HTTP Identifier (HTTP/1.0)</li>\n\t\t\t\t\t<li class=\"D\">Request is too large</li>\n\t\t\t\t\t<li class=\"D\">Content-Length missing for POST or PUT requests</li>\n\t\t\t\t\t<li class=\"D\">Illegal character in hostname;underscores are not allowed</li>\n\t\t\t\t\t<li class=\"D\">Range Invalid</li></ul>\n\t\t\t</div>\n\t\t\t<a class=\"N C\" href=\"#\" onclick=\"s(1)\">return</a></div>\n\t\t<script type=\"text/javascript\">function e(i) {\n\t\t\t\treturn document.getElementById(i);\n\t\t\t}\n\t\t\tfunction d(i, t) {\n\t\t\t\te(i).style.display = (t ? 'block': 'none');\n\t\t\t}\n\t\t\tfunction s(e) {\n\t\t\t\td('p', e);\n\t\t\t\td('d', !e);\n\t\t\t}</script>\n\t</body>\n</html>",
   "datamd5" : "742f51bd67b82e71b2da7698d7e35760",
   "datammh3" : -518508439,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS54994",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "cdnetworks.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "CDNETWORKS",
      "organization" : "CDNetworks",
      "subnet" : "61.110.220.0/22"
   },
   "ip" : "61.110.222.69",
   "ipv6" : "false",
   "latitude" : "34.6946",
   "location" : "34.6946,135.5021",
   "longitude" : "135.5021",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "ML-1432-54994",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20020,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "61.110.220.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
116.98.196.13

Alternative IP(s)
125.235.4.59

Network
116.98.192.0/21

Domain(s)
viettel.vn

Operating System
Linux Linux Kernel

Reverse DNS
dynamic-ip-adsl.viettel.vn

ASN
AS7552

Organization
Viettel Group

Protocol
socks4a

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
224eb7eb984ed713a486700a02bc6b9e
```
\x00[\x048
\xa8Z\x14
```

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:31:58.000Z",
   "alternativeip" : [
      "125.235.4.59"
   ],
   "app" : {
      "length" : 8
   },
   "asn" : "AS7552",
   "city" : "Hanoi",
   "country" : "VN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "\\x00[\\x048\n\\xa8Z\\x14",
   "datamd5" : "224eb7eb984ed713a486700a02bc6b9e",
   "datammh3" : -1930335331,
   "domain" : [
      "viettel.vn"
   ],
   "geolocus" : {
      "asn" : "AS7552",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "VN",
      "countryname" : "Vietnam",
      "domain" : [
         "viettel.com.vn",
         "viettel.vn",
         "vnnic.vn"
      ],
      "isineu" : "false",
      "latitude" : "14.058324",
      "location" : "14.058324,108.277199",
      "longitude" : "108.277199",
      "netname" : "VIETTEL-VN",
      "organization" : "VIETTEL-VN",
      "subnet" : "116.98.192.0/21"
   },
   "host" : [
      "dynamic-ip-adsl"
   ],
   "hostname" : [
      "dynamic-ip-adsl.viettel.vn"
   ],
   "ip" : "116.98.196.13",
   "ipv6" : "false",
   "latitude" : "21.0292",
   "location" : "21.0292,105.8526",
   "longitude" : "105.8526",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Viettel Group",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20020,
   "protocol" : "socks4a",
   "reverse" : [
      "dynamic-ip-adsl.viettel.vn"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "116.98.192.0/21",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "vn"
   ],
   "tls" : "false",
   "transport" : "tcp"
}

IP
213.176.11.238

Network
213.176.8.0/21

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://213.176.11.238:20020/ 400

HTTP Title
400 The plain HTTP request was sent to HTTPS port

ASN
AS142578

Organization
E-Large HongKong

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
3b40fcd13ec4c48698cf15e0d2ba5977

HTTP Header MD5
7de09592d0cc3062011d73fa292680b0

HTTP Body MD5
77bd43987adf27926b335fbe22b67813

HTTP/1.1 400 Bad Request
Server: WAF
Date: Thu, 21 Nov 2024 08:31:57 GMT
Content-Type: text/html
Content-Length: 262
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>WAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:31:57.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "77bd43987adf27926b335fbe22b67813",
         "bodymmh3" : -2135056736,
         "headermd5" : "7de09592d0cc3062011d73fa292680b0",
         "headermmh3" : -620979726,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 405
   },
   "asn" : "AS142578",
   "country" : "IR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: WAF\r\nDate: Thu, 21 Nov 2024 08:31:57 GMT\r\nContent-Type: text/html\r\nContent-Length: 262\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>WAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "3b40fcd13ec4c48698cf15e0d2ba5977",
   "datammh3" : 401141661,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS142578",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "IR",
      "countryname" : "Iran",
      "domain" : [
         "gmail.com"
      ],
      "isineu" : "false",
      "latitude" : "32.427908",
      "location" : "32.427908,53.688046",
      "longitude" : "53.688046",
      "netname" : "us-sammu-1",
      "organization" : "us-sammu-1",
      "subnet" : "213.176.8.0/21"
   },
   "ip" : "213.176.11.238",
   "ipv6" : "false",
   "latitude" : "35.6980",
   "location" : "35.6980,51.4115",
   "longitude" : "51.4115",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "E-Large HongKong",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20020,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "213.176.8.0/21",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
125.94.109.61

Network
125.92.0.0/14

Domain(s)
163data.com.cn

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

Reverse DNS
61.109.94.125.broad.sz.gd.dynamic.163data.com.cn

ASN
AS4134

Organization
Chinanet

Protocol
unknown

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
2e49bb6f77221de67f7d9fd9fbdb931c
```
auth data format error
```

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:31:57.000Z",
   "app" : {
      "length" : 22
   },
   "asn" : "AS4134",
   "city" : "Guangzhou",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "auth data format error",
   "datamd5" : "2e49bb6f77221de67f7d9fd9fbdb931c",
   "datammh3" : -1274563769,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "163data.com.cn"
   ],
   "geolocus" : {
      "asn" : "AS4134",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "163.com",
         "163data.com.cn",
         "chinatelecom.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "CHINANET-GD",
      "organization" : "CHINANET Guangdong province network",
      "subnet" : "125.92.0.0/14"
   },
   "host" : [
      61
   ],
   "hostname" : [
      "61.109.94.125.broad.sz.gd.dynamic.163data.com.cn"
   ],
   "ip" : "125.94.109.61",
   "ipv6" : "false",
   "latitude" : "23.1181",
   "location" : "23.1181,113.2539",
   "longitude" : "113.2539",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Chinanet",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20020,
   "protocol" : "unknown",
   "reverse" : [
      "61.109.94.125.broad.sz.gd.dynamic.163data.com.cn"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subdomains" : [
      "broad.sz.gd.dynamic.163data.com.cn",
      "94.125.broad.sz.gd.dynamic.163data.com.cn",
      "109.94.125.broad.sz.gd.dynamic.163data.com.cn",
      "dynamic.163data.com.cn",
      "125.broad.sz.gd.dynamic.163data.com.cn",
      "sz.gd.dynamic.163data.com.cn",
      "gd.dynamic.163data.com.cn"
   ],
   "subnet" : "125.92.0.0/14",
   "tld" : [
      "com.cn"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
211.95.52.102

Network
211.95.52.0/23

Device

<enterprise field>: device.class

URL

http://211.95.52.102:20020/ 400

HTTP Title
400 Bad Request

ASN
AS17621

Organization
China Unicom Shanghai network

Protocol
http

Source
datascan
Product
F5 Nginx

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
18258c3d3e6518185d7a5187eb553c15

HTTP Header MD5
c4978208a4edb1b9fe17b7e68abede78

HTTP Body MD5
52facc666d1800d5bcd858b22e765c21

HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 21 Nov 2024 08:31:57 GMT
Content-Type: text/html
Content-Length: 2417
Connection: close
x-ws-request-id: 673eeffd_PSshwt5lb22_5884-44421

<!DOCTYPE html>
<html>
	<head>
		<meta charset="utf-8">
		<meta http-equiv="X-UA-Compatible" content="IE=edge">
		<meta name="viewport" content="width=device-width, initial-scale=1">
		<title>400 Bad Request</title>
		<style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style>
	</head>
	<body>
		<div id="p" class="P">
			<div class="K">400</div>
			<div class="O I">Bad Request</div>
			<p class="J A L">Error Times: Thu, 21 Nov 2024 08:31:57 GMT
				<br>
				<span class="F">IP: <srcip></span>Node information: PSshwt5lb22
				<br>URL: http://<ip>:20020/
				<br>Request-Id: 673eeffd_PSshwt5lb22_5884-44421
				<br>
				<br>Check:
				<span class="C G" onclick="s(0)">Details</span></p>
		</div>
		<div id="d" class="hide_me P H">
			<div class="K">ERROR</div>
			<p class="O I">"The Requested URL could not be retrieved</p>
			<div class="O">
				<div>While trying to retrieve the URL:</div>
				<pre class="B G">http://<ip>:20020/</pre></div>
			<div class="M">
				<span>The following error was encountered:</span>
				<ul class="E">
					<li class="D G">Invalid Request</li></ul>
			</div>
			<div class="M">
				<span>This request could not be forwarded to the origin server or to any higher level cache servers. The most likely cause for this error is that:</span>
				<ul class="E G">
					<li class="D">Missing or unknown request method</li>
					<li class="D">Missing URL</li>
					<li class="D">Missing HTTP Identifier (HTTP/1.0)</li>
					<li class="D">Request is too large</li>
					<li class="D">Content-Length missing for POST or PUT requests</li>
					<li class="D">Illegal character in hostname;underscores are not allowed</li>
					<li class="D">Range Invalid</li></ul>
			</div>
			<a class="N C" href="#" onclick="s(1)">return</a></div>
		<script type="text/javascript">function e(i) {
				return document.getElementById(i);
			}
			function d(i, t) {
				e(i).style.display = (t ? 'block': 'none');
			}
			function s(e) {
				d('p', e);
				d('d', !e);
			}</script>
	</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:31:57.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "52facc666d1800d5bcd858b22e765c21",
         "bodymmh3" : -2028297586,
         "headermd5" : "c4978208a4edb1b9fe17b7e68abede78",
         "headermmh3" : -1071661599,
         "title" : "400 Bad Request"
      },
      "length" : 2590
   },
   "asn" : "AS17621",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Thu, 21 Nov 2024 08:31:57 GMT\r\nContent-Type: text/html\r\nContent-Length: 2417\r\nConnection: close\r\nx-ws-request-id: 673eeffd_PSshwt5lb22_5884-44421\r\n\r\n<!DOCTYPE html>\n<html>\n\t<head>\n\t\t<meta charset=\"utf-8\">\n\t\t<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n\t\t<title>400 Bad Request</title>\n\t\t<style type=\"text/css\">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style>\n\t</head>\n\t<body>\n\t\t<div id=\"p\" class=\"P\">\n\t\t\t<div class=\"K\">400</div>\n\t\t\t<div class=\"O I\">Bad Request</div>\n\t\t\t<p class=\"J A L\">Error Times: Thu, 21 Nov 2024 08:31:57 GMT\n\t\t\t\t<br>\n\t\t\t\t<span class=\"F\">IP: <srcip></span>Node information: PSshwt5lb22\n\t\t\t\t<br>URL: http://<ip>:20020/\n\t\t\t\t<br>Request-Id: 673eeffd_PSshwt5lb22_5884-44421\n\t\t\t\t<br>\n\t\t\t\t<br>Check:\n\t\t\t\t<span class=\"C G\" onclick=\"s(0)\">Details</span></p>\n\t\t</div>\n\t\t<div id=\"d\" class=\"hide_me P H\">\n\t\t\t<div class=\"K\">ERROR</div>\n\t\t\t<p class=\"O I\">\"The Requested URL could not be retrieved</p>\n\t\t\t<div class=\"O\">\n\t\t\t\t<div>While trying to retrieve the URL:</div>\n\t\t\t\t<pre class=\"B G\">http://<ip>:20020/</pre></div>\n\t\t\t<div class=\"M\">\n\t\t\t\t<span>The following error was encountered:</span>\n\t\t\t\t<ul class=\"E\">\n\t\t\t\t\t<li class=\"D G\">Invalid Request</li></ul>\n\t\t\t</div>\n\t\t\t<div class=\"M\">\n\t\t\t\t<span>This request could not be forwarded to the origin server or to any higher level cache servers. The most likely cause for this error is that:</span>\n\t\t\t\t<ul class=\"E G\">\n\t\t\t\t\t<li class=\"D\">Missing or unknown request method</li>\n\t\t\t\t\t<li class=\"D\">Missing URL</li>\n\t\t\t\t\t<li class=\"D\">Missing HTTP Identifier (HTTP/1.0)</li>\n\t\t\t\t\t<li class=\"D\">Request is too large</li>\n\t\t\t\t\t<li class=\"D\">Content-Length missing for POST or PUT requests</li>\n\t\t\t\t\t<li class=\"D\">Illegal character in hostname;underscores are not allowed</li>\n\t\t\t\t\t<li class=\"D\">Range Invalid</li></ul>\n\t\t\t</div>\n\t\t\t<a class=\"N C\" href=\"#\" onclick=\"s(1)\">return</a></div>\n\t\t<script type=\"text/javascript\">function e(i) {\n\t\t\t\treturn document.getElementById(i);\n\t\t\t}\n\t\t\tfunction d(i, t) {\n\t\t\t\te(i).style.display = (t ? 'block': 'none');\n\t\t\t}\n\t\t\tfunction s(e) {\n\t\t\t\td('p', e);\n\t\t\t\td('d', !e);\n\t\t\t}</script>\n\t</body>\n</html>",
   "datamd5" : "18258c3d3e6518185d7a5187eb553c15",
   "datammh3" : 1875792966,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS17621",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "chinaunicom.cn",
         "cnnic.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "UNICOM",
      "organization" : "China Unicom",
      "subnet" : "211.95.0.0/17"
   },
   "ip" : "211.95.52.102",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "China Unicom Shanghai network",
   "port" : 20020,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "211.95.52.0/23",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
213.176.53.229

Network
213.176.32.0/19

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://213.176.53.229:20020/ 400

HTTP Title
400 The plain HTTP request was sent to HTTPS port

ASN
AS142578

Organization
E-Large HongKong

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
3b40fcd13ec4c48698cf15e0d2ba5977

HTTP Header MD5
7de09592d0cc3062011d73fa292680b0

HTTP Body MD5
77bd43987adf27926b335fbe22b67813

HTTP/1.1 400 Bad Request
Server: WAF
Date: Thu, 21 Nov 2024 08:31:57 GMT
Content-Type: text/html
Content-Length: 262
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>WAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:31:57.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "77bd43987adf27926b335fbe22b67813",
         "bodymmh3" : -2135056736,
         "headermd5" : "7de09592d0cc3062011d73fa292680b0",
         "headermmh3" : -620979726,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 405
   },
   "asn" : "AS142578",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: WAF\r\nDate: Thu, 21 Nov 2024 08:31:57 GMT\r\nContent-Type: text/html\r\nContent-Length: 262\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>WAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "3b40fcd13ec4c48698cf15e0d2ba5977",
   "datammh3" : 401141661,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS35372",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "IR",
      "countryname" : "Iran",
      "domain" : [
         "irost.org"
      ],
      "isineu" : "false",
      "latitude" : "32.427908",
      "location" : "32.427908,53.688046",
      "longitude" : "53.688046",
      "netname" : "IR-IROST-19991208",
      "organization" : "Iranian Research Organization for Science & Technology",
      "subnet" : "213.176.0.0/17"
   },
   "ip" : "213.176.53.229",
   "ipv6" : "false",
   "latitude" : "34.0544",
   "location" : "34.0544,-118.2440",
   "longitude" : "-118.2440",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "E-Large HongKong",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20020,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "213.176.32.0/19",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
104.99.187.69

Network
104.99.184.0/22

Domain(s)
akamaitechnologies.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://104.99.187.69:20020/ 405

HTTP Title
405: Method Not Allowed

Reverse DNS
a104-99-187-69.deploy.static.akamaitechnologies.com

ASN
AS7713

Organization
PT Telekomunikasi Indonesia

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

Product
tornadoweb Tornado 4.0

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
a9bc1aac2a4a48c4592f71528c898c0c

HTTP Header MD5
ace749da14dd65e88b829cba70c599f0

HTTP Body MD5
f3eb6dc08ee0ff8100816c17b2722803

HTTP/1.1 405 Method Not Allowed
Date: Thu, 21 Nov 2024 08:31:55 GMT
Server: TornadoServer/4.0
Content-Length: 87
Content-Type: text/html; charset=UTF-8

<html><title>405: Method Not Allowed</title><body>405: Method Not Allowed</body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:31:55.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "f3eb6dc08ee0ff8100816c17b2722803",
         "bodymmh3" : 2113687018,
         "headermd5" : "ace749da14dd65e88b829cba70c599f0",
         "headermmh3" : -150438383,
         "title" : "405: Method Not Allowed"
      },
      "length" : 246
   },
   "asn" : "AS7713",
   "city" : "Jakarta",
   "country" : "ID",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 405 Method Not Allowed\r\nDate: Thu, 21 Nov 2024 08:31:55 GMT\r\nServer: TornadoServer/4.0\r\nContent-Length: 87\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<html><title>405: Method Not Allowed</title><body>405: Method Not Allowed</body></html>",
   "datamd5" : "a9bc1aac2a4a48c4592f71528c898c0c",
   "datammh3" : -1250753197,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "akamaitechnologies.com"
   ],
   "geolocus" : {
      "asn" : "AS7713",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "akamai.com",
         "akamaitechnologies.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AKAMAI",
      "organization" : "Akamai Technologies, Inc.",
      "subnet" : "104.99.184.0/22"
   },
   "host" : [
      "a104-99-187-69"
   ],
   "hostname" : [
      "a104-99-187-69.deploy.static.akamaitechnologies.com"
   ],
   "ip" : "104.99.187.69",
   "ipv6" : "false",
   "latitude" : "-6.2114",
   "location" : "-6.2114,106.8446",
   "longitude" : "106.8446",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "PT Telekomunikasi Indonesia",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20020,
   "product" : "Tornado",
   "productvendor" : "tornadoweb",
   "productversion" : "4.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Method Not Allowed",
   "reverse" : [
      "a104-99-187-69.deploy.static.akamaitechnologies.com"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 405,
   "subdomains" : [
      "static.akamaitechnologies.com",
      "deploy.static.akamaitechnologies.com"
   ],
   "subnet" : "104.99.184.0/22",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
65.181.140.248

Network
65.181.128.0/19

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://65.181.140.248:20020/ 400

HTTP Title
400 The plain HTTP request was sent to HTTPS port

ASN
AS134729

Organization
JOINT POWER TECHNOLOGY LIMITED

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
3b40fcd13ec4c48698cf15e0d2ba5977

HTTP Header MD5
7de09592d0cc3062011d73fa292680b0

HTTP Body MD5
77bd43987adf27926b335fbe22b67813

HTTP/1.1 400 Bad Request
Server: WAF
Date: Thu, 21 Nov 2024 08:31:54 GMT
Content-Type: text/html
Content-Length: 262
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>WAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:31:54.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "77bd43987adf27926b335fbe22b67813",
         "bodymmh3" : -2135056736,
         "headermd5" : "7de09592d0cc3062011d73fa292680b0",
         "headermmh3" : -1418947491,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 405
   },
   "asn" : "AS134729",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: WAF\r\nDate: Thu, 21 Nov 2024 08:31:54 GMT\r\nContent-Type: text/html\r\nContent-Length: 262\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>WAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "3b40fcd13ec4c48698cf15e0d2ba5977",
   "datammh3" : 401141661,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS134729",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "ipxo.com",
         "pair.com",
         "pair.net",
         "pairnetworks.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "IXPO-65-181-128-0-19-REALLOCATION",
      "organization" : "IPXO LLC",
      "subnet" : "65.181.128.0/20"
   },
   "ip" : "65.181.140.248",
   "ipv6" : "false",
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "JOINT POWER TECHNOLOGY LIMITED",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20020,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "65.181.128.0/19",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
213.176.104.167

Network
213.176.96.0/20

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://213.176.104.167:20020/ 400

HTTP Title
400 The plain HTTP request was sent to HTTPS port

ASN
AS142578

Organization
E-Large HongKong

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
3b40fcd13ec4c48698cf15e0d2ba5977

HTTP Header MD5
7de09592d0cc3062011d73fa292680b0

HTTP Body MD5
77bd43987adf27926b335fbe22b67813

HTTP/1.1 400 Bad Request
Server: WAF
Date: Thu, 21 Nov 2024 08:31:34 GMT
Content-Type: text/html
Content-Length: 262
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>WAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:31:34.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "77bd43987adf27926b335fbe22b67813",
         "bodymmh3" : -2135056736,
         "headermd5" : "7de09592d0cc3062011d73fa292680b0",
         "headermmh3" : -1855914979,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 405
   },
   "asn" : "AS142578",
   "country" : "HK",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: WAF\r\nDate: Thu, 21 Nov 2024 08:31:34 GMT\r\nContent-Type: text/html\r\nContent-Length: 262\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>WAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "3b40fcd13ec4c48698cf15e0d2ba5977",
   "datammh3" : 401141661,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS142578",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "IR",
      "countryname" : "Iran",
      "domain" : [
         "gmail.com"
      ],
      "isineu" : "false",
      "latitude" : "32.427908",
      "location" : "32.427908,53.688046",
      "longitude" : "53.688046",
      "netname" : "us-sammu-1",
      "organization" : "us-sammu-1",
      "subnet" : "213.176.96.0/20"
   },
   "ip" : "213.176.104.167",
   "ipv6" : "false",
   "latitude" : "22.2578",
   "location" : "22.2578,114.1657",
   "longitude" : "114.1657",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "E-Large HongKong",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 20020,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "213.176.96.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

Returning 10 result(s) out of 151,474 in 0.156 second(s)

140.150.3.96:20020 (tcp/http) - last seen on 2024-11-21 at 08:32:28 UTC

61.110.222.69:20020 (tcp/http) - last seen on 2024-11-21 at 08:32:17 UTC

116.98.196.13:20020 (tcp/socks4a) - last seen on 2024-11-21 at 08:31:58 UTC

213.176.11.238:20020 (tcp/http) - last seen on 2024-11-21 at 08:31:57 UTC

125.94.109.61:20020 (tcp/unknown) - last seen on 2024-11-21 at 08:31:57 UTC

211.95.52.102:20020 (tcp/http) - last seen on 2024-11-21 at 08:31:57 UTC

213.176.53.229:20020 (tcp/http) - last seen on 2024-11-21 at 08:31:57 UTC

104.99.187.69:20020 (tcp/http) - last seen on 2024-11-21 at 08:31:55 UTC

65.181.140.248:20020 (tcp/http) - last seen on 2024-11-21 at 08:31:54 UTC

213.176.104.167:20020 (tcp/http) - last seen on 2024-11-21 at 08:31:34 UTC