ONYPHE
datascan ctl threatlist sniffer vulnscan riskscan

Returning 10 result(s) out of 218,177 in 0.102 second(s)

  • 134.122.136.105:30000 (tcp/http) - last seen on 2024-11-21 at 08:35:04 UTC

    • IP
      134.122.136.105
      Network
      134.122.128.0/19
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://134.122.136.105:30000/ 400

      HTTP Title
      400 The plain HTTP request was sent to HTTPS port
      ASN
      AS152194
      Organization
      CTG Server Limited
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      F5 Nginx
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      0c1820e0d381850a77897bf32978a1f0
      HTTP Header MD5
      a629a0fe278971ad61801ba6975ba467
      HTTP Body MD5
      ea425366a98dfc499c0cbeedb9a4f02a 
    • HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 21 Nov 2024 08:35:04 GMT
Content-Type: text/html
Content-Length: 248
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:35:04.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "ea425366a98dfc499c0cbeedb9a4f02a",
         "bodymmh3" : 1153229498,
         "headermd5" : "a629a0fe278971ad61801ba6975ba467",
         "headermmh3" : 771216644,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 393
   },
   "asn" : "AS152194",
   "city" : "Tokyo",
   "country" : "JP",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Thu, 21 Nov 2024 08:35:04 GMT\r\nContent-Type: text/html\r\nContent-Length: 248\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "0c1820e0d381850a77897bf32978a1f0",
   "datammh3" : 190190724,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS152194",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "JP",
      "countryname" : "Japan",
      "domain" : [
         "ctgserver.com",
         "rackip.com"
      ],
      "isineu" : "false",
      "latitude" : "36.204824",
      "location" : "36.204824,138.252924",
      "longitude" : "138.252924",
      "netname" : "CTG122-128-JP",
      "organization" : "RACKIP CONSULTANCY PTE. LTD.",
      "subnet" : "134.122.136.0/21"
   },
   "ip" : "134.122.136.105",
   "ipv6" : "false",
   "latitude" : "35.6974",
   "location" : "35.6974,139.7705",
   "longitude" : "139.7705",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CTG Server Limited",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 30000,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "134.122.128.0/19",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 61.147.225.207:30000 (tcp/http) - last seen on 2024-11-21 at 08:35:04 UTC

    • IP
      61.147.225.207
      Network
      61.147.224.0/22
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://61.147.225.207:30000/ 400

      HTTP Title
      400 Bad Request
      ASN
      AS131325
      Organization
      CHINATELECOM JIANGSU province NANTONG MAN network
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      F5 Nginx
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      52d196ae3ee97d58422c77ad996a2b09
      HTTP Header MD5
      e32264276d46b6440b79cd5699e77142
      HTTP Body MD5
      3ae43f86258700c0770b9bcf05da98bf 
    • HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 21 Nov 2024 08:35:04 GMT
Content-Type: text/html
Content-Length: 2426
Connection: close
x-ws-request-id: 673ef0b8_PS-NTG-018LV207_37534-51

<!DOCTYPE html>
<html>
	<head>
		<meta charset="utf-8">
		<meta http-equiv="X-UA-Compatible" content="IE=edge">
		<meta name="viewport" content="width=device-width, initial-scale=1">
		<title>400 Bad Request</title>
		<style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style>
	</head>
	<body>
		<div id="p" class="P">
			<div class="K">400</div>
			<div class="O I">Bad Request</div>
			<p class="J A L">Error Times: Thu, 21 Nov 2024 08:35:04 GMT
				<br>
				<span class="F">IP: <srcip></span>Node information: PS-NTG-018LV207
				<br>URL: http://<ip>:30000/
				<br>Request-Id: 673ef0b8_PS-NTG-018LV207_37534-51
				<br>
				<br>Check:
				<span class="C G" onclick="s(0)">Details</span></p>
		</div>
		<div id="d" class="hide_me P H">
			<div class="K">ERROR</div>
			<p class="O I">"The Requested URL could not be retrieved</p>
			<div class="O">
				<div>While trying to retrieve the URL:</div>
				<pre class="B G">http://<ip>:30000/</pre></div>
			<div class="M">
				<span>The following error was encountered:</span>
				<ul class="E">
					<li class="D G">Invalid Request</li></ul>
			</div>
			<div class="M">
				<span>This request could not be forwarded to the origin server or to any higher level cache servers. The most likely cause for this error is that:</span>
				<ul class="E G">
					<li class="D">Missing or unknown request method</li>
					<li class="D">Missing URL</li>
					<li class="D">Missing HTTP Identifier (HTTP/1.0)</li>
					<li class="D">Request is too large</li>
					<li class="D">Content-Length missing for POST or PUT requests</li>
					<li class="D">Illegal character in hostname;underscores are not allowed</li>
					<li class="D">Range Invalid</li></ul>
			</div>
			<a class="N C" href="#" onclick="s(1)">return</a></div>
		<script type="text/javascript">function e(i) {
				return document.getElementById(i);
			}
			function d(i, t) {
				e(i).style.display = (t ? 'block': 'none');
			}
			function s(e) {
				d('p', e);
				d('d', !e);
			}</script>
	</body>
</html>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:35:04.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "3ae43f86258700c0770b9bcf05da98bf",
         "bodymmh3" : -980672069,
         "headermd5" : "e32264276d46b6440b79cd5699e77142",
         "headermmh3" : 2102037011,
         "title" : "400 Bad Request"
      },
      "length" : 2598
   },
   "asn" : "AS131325",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Thu, 21 Nov 2024 08:35:04 GMT\r\nContent-Type: text/html\r\nContent-Length: 2426\r\nConnection: close\r\nx-ws-request-id: 673ef0b8_PS-NTG-018LV207_37534-51\r\n\r\n<!DOCTYPE html>\n<html>\n\t<head>\n\t\t<meta charset=\"utf-8\">\n\t\t<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n\t\t<title>400 Bad Request</title>\n\t\t<style type=\"text/css\">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style>\n\t</head>\n\t<body>\n\t\t<div id=\"p\" class=\"P\">\n\t\t\t<div class=\"K\">400</div>\n\t\t\t<div class=\"O I\">Bad Request</div>\n\t\t\t<p class=\"J A L\">Error Times: Thu, 21 Nov 2024 08:35:04 GMT\n\t\t\t\t<br>\n\t\t\t\t<span class=\"F\">IP: <srcip></span>Node information: PS-NTG-018LV207\n\t\t\t\t<br>URL: http://<ip>:30000/\n\t\t\t\t<br>Request-Id: 673ef0b8_PS-NTG-018LV207_37534-51\n\t\t\t\t<br>\n\t\t\t\t<br>Check:\n\t\t\t\t<span class=\"C G\" onclick=\"s(0)\">Details</span></p>\n\t\t</div>\n\t\t<div id=\"d\" class=\"hide_me P H\">\n\t\t\t<div class=\"K\">ERROR</div>\n\t\t\t<p class=\"O I\">\"The Requested URL could not be retrieved</p>\n\t\t\t<div class=\"O\">\n\t\t\t\t<div>While trying to retrieve the URL:</div>\n\t\t\t\t<pre class=\"B G\">http://<ip>:30000/</pre></div>\n\t\t\t<div class=\"M\">\n\t\t\t\t<span>The following error was encountered:</span>\n\t\t\t\t<ul class=\"E\">\n\t\t\t\t\t<li class=\"D G\">Invalid Request</li></ul>\n\t\t\t</div>\n\t\t\t<div class=\"M\">\n\t\t\t\t<span>This request could not be forwarded to the origin server or to any higher level cache servers. The most likely cause for this error is that:</span>\n\t\t\t\t<ul class=\"E G\">\n\t\t\t\t\t<li class=\"D\">Missing or unknown request method</li>\n\t\t\t\t\t<li class=\"D\">Missing URL</li>\n\t\t\t\t\t<li class=\"D\">Missing HTTP Identifier (HTTP/1.0)</li>\n\t\t\t\t\t<li class=\"D\">Request is too large</li>\n\t\t\t\t\t<li class=\"D\">Content-Length missing for POST or PUT requests</li>\n\t\t\t\t\t<li class=\"D\">Illegal character in hostname;underscores are not allowed</li>\n\t\t\t\t\t<li class=\"D\">Range Invalid</li></ul>\n\t\t\t</div>\n\t\t\t<a class=\"N C\" href=\"#\" onclick=\"s(1)\">return</a></div>\n\t\t<script type=\"text/javascript\">function e(i) {\n\t\t\t\treturn document.getElementById(i);\n\t\t\t}\n\t\t\tfunction d(i, t) {\n\t\t\t\te(i).style.display = (t ? 'block': 'none');\n\t\t\t}\n\t\t\tfunction s(e) {\n\t\t\t\td('p', e);\n\t\t\t\td('d', !e);\n\t\t\t}</script>\n\t</body>\n</html>",
   "datamd5" : "52d196ae3ee97d58422c77ad996a2b09",
   "datammh3" : 113062861,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS131325",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "163.com",
         "chinatelecom.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "CHINANET-JS",
      "organization" : "CHINANET jiangsu province network",
      "subnet" : "61.147.224.0/22"
   },
   "ip" : "61.147.225.207",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CHINATELECOM JIANGSU province NANTONG MAN network",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 30000,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "61.147.224.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 154.3.57.252:30000 (tcp/unknown) - last seen on 2024-11-21 at 08:35:02 UTC

    • IP
      154.3.57.252
      Network
      154.3.56.0/22
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      ASN
      AS174
      Organization
      COGENT-174
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      6a3d7ef0801b6c4bb4573b2a79077342 
    • \x00\x00\x1e\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xff\xff\xff\x00\x04\x00@\x00\x00\x00\x05\x00@\x00\x00\x00\x06\x00\x00@\x00\xfe\x03\x00\x00\x00\x01\x00\x00\x04\x08\x00\x00\x00\x00\x00\x00?\x00\x01
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:35:02.000Z",
   "app" : {
      "length" : 52
   },
   "asn" : "AS174",
   "city" : "New York",
   "country" : "US",
   "data" : "\\x00\\x00\\x1e\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x7f\\xff\\xff\\xff\\x00\\x04\\x00@\\x00\\x00\\x00\\x05\\x00@\\x00\\x00\\x00\\x06\\x00\\x00@\\x00\\xfe\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x04\\x08\\x00\\x00\\x00\\x00\\x00\\x00?\\x00\\x01",
   "datamd5" : "6a3d7ef0801b6c4bb4573b2a79077342",
   "datammh3" : -698349143,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS174",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "cogentco.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "COGENT-154-3-16",
      "organization" : "PSINet, Inc.",
      "subnet" : "154.3.57.0/24"
   },
   "ip" : "154.3.57.252",
   "ipv6" : "false",
   "latitude" : "40.7123",
   "location" : "40.7123,-74.0068",
   "longitude" : "-74.0068",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "COGENT-174",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 30000,
   "protocol" : "unknown",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "154.3.56.0/22",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 14.225.192.144:30000 (tcp/http) - last seen on 2024-11-21 at 08:34:37 UTC

    • IP
      14.225.192.144
      Network
      14.225.0.0/16
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      URL

      http://14.225.192.144:30000/ 401

      ASN
      AS135905
      Organization
      VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
      Protocol
      http
      Source
      datascan
    • Operating System
      Microsoft Windows

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      daeb6b0db4b5c5778903b1ee62f28ea5
      HTTP Header MD5
      f02e5965397b22965d973716612f765a
      HTTP Body MD5
      9e3fe6942804543f50b8106846305577 
    • HTTP/1.1 401 Unauthorized
Content-Type: text/plain; charset=utf-8
WWW-Authenticate: Basic realm="newProxy"

errorMsg: The IP specified by the port is not available
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:34:37.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "9e3fe6942804543f50b8106846305577",
         "bodymmh3" : -1843545834,
         "headermd5" : "f02e5965397b22965d973716612f765a",
         "headermmh3" : -834291048,
         "realm" : "newProxy"
      },
      "length" : 163
   },
   "asn" : "AS135905",
   "city" : "Can Tho",
   "country" : "VN",
   "data" : "HTTP/1.1 401 Unauthorized\nContent-Type: text/plain; charset=utf-8\nWWW-Authenticate: Basic realm=\"newProxy\"\n\nerrorMsg: The IP specified by the port is not available",
   "datamd5" : "daeb6b0db4b5c5778903b1ee62f28ea5",
   "datammh3" : 452328197,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS135905",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "VN",
      "countryname" : "Vietnam",
      "domain" : [
         "vnnic.vn",
         "vnpt.vn"
      ],
      "isineu" : "false",
      "latitude" : "14.058324",
      "location" : "14.058324,108.277199",
      "longitude" : "108.277199",
      "netname" : "VNPT-VN",
      "organization" : "VNPT",
      "subnet" : "14.225.0.0/16"
   },
   "ip" : "14.225.192.144",
   "ipv6" : "false",
   "latitude" : "10.0359",
   "location" : "10.0359,105.7808",
   "longitude" : "105.7808",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "VIETNAM POSTS AND TELECOMMUNICATIONS GROUP",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 30000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 401,
   "subnet" : "14.225.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 35.161.201.237:30000 (tcp/http) - last seen on 2024-11-21 at 08:34:33 UTC

    • IP
      35.161.201.237
      Network
      35.160.0.0/13
      Domain(s)
      amazonaws.com
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://35.161.201.237:30000/ 403

      Reverse DNS
      ec2-35-161-201-237.us-west-2.compute.amazonaws.com
      ASN
      AS16509
      Organization
      AMAZON-02
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      ff7b083ae8a1048d6c09c812cd9f76c1
      HTTP Header MD5
      85ce773845cc3a8f926d2de3889e04b1
      HTTP Body MD5
      e81e4c4421e261a8ee890c7a2dbbc516 
    • HTTP/1.1 403 Forbidden
Date: Thu, 21 Nov 2024 08:34:33 GMT
Content-Length: 206
Content-Type: text/html; charset=utf-8
Connection: close

<html> <body> <ip>:30000 cannot be accessed via this proxy server. This is most likely the result of a network misconfiguration. Please contact your network administrator for help. </body> </html>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:34:33.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "e81e4c4421e261a8ee890c7a2dbbc516",
         "bodymmh3" : -366561869,
         "headermd5" : "85ce773845cc3a8f926d2de3889e04b1",
         "headermmh3" : 1159429655
      },
      "length" : 339
   },
   "asn" : "AS16509",
   "city" : "Boardman",
   "country" : "US",
   "data" : "HTTP/1.1 403 Forbidden\r\nDate: Thu, 21 Nov 2024 08:34:33 GMT\r\nContent-Length: 206\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\n\r\n<html> <body> <ip>:30000 cannot be accessed via this proxy server. This is most likely the result of a network misconfiguration. Please contact your network administrator for help. </body> </html>",
   "datamd5" : "ff7b083ae8a1048d6c09c812cd9f76c1",
   "datammh3" : 168794765,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com",
         "aws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AMAZO-ZPDX9",
      "organization" : "Amazon.com, Inc.",
      "subnet" : "35.160.0.0/13"
   },
   "host" : [
      "ec2-35-161-201-237"
   ],
   "hostname" : [
      "ec2-35-161-201-237.us-west-2.compute.amazonaws.com"
   ],
   "ip" : "35.161.201.237",
   "ipv6" : "false",
   "latitude" : "45.8491",
   "location" : "45.8491,-119.7143",
   "longitude" : "-119.7143",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 30000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Forbidden",
   "reverse" : [
      "ec2-35-161-201-237.us-west-2.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 403,
   "subdomains" : [
      "compute.amazonaws.com",
      "us-west-2.compute.amazonaws.com"
   ],
   "subnet" : "35.160.0.0/13",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 52.187.162.198:30000 (tcp/socks4a) - last seen on 2024-11-21 at 08:34:13 UTC

    • IP
      52.187.162.198
      Network
      52.160.0.0/11
      ASN
      AS8075
      Organization
      MICROSOFT-CORP-MSN-AS-BLOCK
      Protocol
      socks4a
      Source
      datascan

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      d0667d77071710c716b7978296e1b49e 
    • \x00[\x00\x00\x00\x00\x00\x00
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:34:13.000Z",
   "app" : {
      "length" : 8
   },
   "asn" : "AS8075",
   "city" : "Singapore",
   "country" : "SG",
   "data" : "\\x00[\\x00\\x00\\x00\\x00\\x00\\x00",
   "datamd5" : "d0667d77071710c716b7978296e1b49e",
   "datammh3" : -971970408,
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "MSFT",
      "organization" : "Microsoft Corporation",
      "subnet" : "52.187.128.0/18"
   },
   "ip" : "52.187.162.198",
   "ipv6" : "false",
   "latitude" : "1.2868",
   "location" : "1.2868,103.8503",
   "longitude" : "103.8503",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "port" : 30000,
   "protocol" : "socks4a",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "52.160.0.0/11",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp"
}

  • 221.204.171.243:30000 (tcp/unknown) - last seen on 2024-11-21 at 08:33:48 UTC

    • IP
      221.204.171.243
      Alternative IP(s)
      104.21.73.215 172.67.149.232 2606:4700:3031:0:0:0:6815:49d7 2606:4700:3034:0:0:0:ac43:95e8
      Network
      221.200.0.0/13
      Domain(s)
      adsl-pool.sx.cn
      Device

      <enterprise field>: device.class

      Operating System
      Microsoft Windows
      Reverse DNS
      243.171.204.221.adsl-pool.sx.cn
      ASN
      AS4837
      Organization
      CHINA UNICOM China169 Backbone
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Microsoft Windows

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      6859a5c91c6620082563d493060e800f 
    • Xred\x03\x00\x00\x00\x06	\x01\x00\x00\x00\x00\x00\x00\x00
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:33:48.000Z",
   "alternativeip" : [
      "104.21.73.215",
      "172.67.149.232",
      "2606:4700:3031:0:0:0:6815:49d7",
      "2606:4700:3034:0:0:0:ac43:95e8"
   ],
   "app" : {
      "length" : 18
   },
   "asn" : "AS4837",
   "country" : "CN",
   "data" : "Xred\\x03\\x00\\x00\\x00\\x06\t\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00",
   "datamd5" : "6859a5c91c6620082563d493060e800f",
   "datammh3" : -333880399,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "adsl-pool.sx.cn"
   ],
   "geolocus" : {
      "asn" : "AS4837",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "adsl-pool.sx.cn",
         "apnic.net",
         "chinaunicom.cn",
         "ty.sx.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "UNICOM-SX",
      "organization" : "CNC Group CHINA169 Shanxi Province Network",
      "subnet" : "221.204.0.0/15"
   },
   "host" : [
      243
   ],
   "hostname" : [
      "243.171.204.221.adsl-pool.sx.cn"
   ],
   "ip" : "221.204.171.243",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "CHINA UNICOM China169 Backbone",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 30000,
   "protocol" : "unknown",
   "reverse" : [
      "243.171.204.221.adsl-pool.sx.cn"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subdomains" : [
      "171.204.221.adsl-pool.sx.cn",
      "204.221.adsl-pool.sx.cn",
      "221.adsl-pool.sx.cn"
   ],
   "subnet" : "221.200.0.0/13",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "sx.cn"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 35.165.159.29:30000 (tcp/http) - last seen on 2024-11-21 at 08:33:47 UTC

    • IP
      35.165.159.29
      Network
      35.160.0.0/13
      Domain(s)
      amazonaws.com
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://35.165.159.29:30000/ 302

      Reverse DNS
      ec2-35-165-159-29.us-west-2.compute.amazonaws.com
      ASN
      AS16509
      Organization
      AMAZON-02
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      3b511529de99d846ae3cca7635383f0c
      HTTP Header MD5
      e02f09053cf061a34b64bebf53ad4af9
      HTTP Body MD5
      cb0b177a86bb404bfe3fb7697196e9b7 
    • HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /login
Pragma: no-cache
Set-Cookie: redirect_to=%2F; Path=/; HttpOnly; SameSite=Lax
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
Date: Thu, 21 Nov 2024 08:33:47 GMT
Content-Length: 29
Connection: close

<a href="/login">Found</a>.


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:33:47.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "cb0b177a86bb404bfe3fb7697196e9b7",
         "bodymmh3" : 86366363,
         "headermd5" : "e02f09053cf061a34b64bebf53ad4af9",
         "headermmh3" : 1762961235
      },
      "length" : 391
   },
   "asn" : "AS16509",
   "city" : "Boardman",
   "country" : "US",
   "data" : "HTTP/1.1 302 Found\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nExpires: -1\r\nLocation: /login\r\nPragma: no-cache\r\nSet-Cookie: redirect_to=%2F; Path=/; HttpOnly; SameSite=Lax\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: deny\r\nX-Xss-Protection: 1; mode=block\r\nDate: Thu, 21 Nov 2024 08:33:47 GMT\r\nContent-Length: 29\r\nConnection: close\r\n\r\n<a href=\"/login\">Found</a>.\n\n",
   "datamd5" : "3b511529de99d846ae3cca7635383f0c",
   "datammh3" : 2048675274,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com",
         "aws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AMAZO-ZPDX9",
      "organization" : "Amazon.com, Inc.",
      "subnet" : "35.160.0.0/13"
   },
   "host" : [
      "ec2-35-165-159-29"
   ],
   "hostname" : [
      "ec2-35-165-159-29.us-west-2.compute.amazonaws.com"
   ],
   "ip" : "35.165.159.29",
   "ipv6" : "false",
   "latitude" : "45.8491",
   "location" : "45.8491,-119.7143",
   "longitude" : "-119.7143",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 30000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Found",
   "reverse" : [
      "ec2-35-165-159-29.us-west-2.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 302,
   "subdomains" : [
      "compute.amazonaws.com",
      "us-west-2.compute.amazonaws.com"
   ],
   "subnet" : "35.160.0.0/13",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 20.239.245.195:30000 (tcp/socks4a) - last seen on 2024-11-21 at 08:33:46 UTC

    • IP
      20.239.245.195
      Network
      20.192.0.0/10
      ASN
      AS8075
      Organization
      MICROSOFT-CORP-MSN-AS-BLOCK
      Protocol
      socks4a
      Source
      datascan

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      d0667d77071710c716b7978296e1b49e 
    • \x00[\x00\x00\x00\x00\x00\x00
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:33:46.000Z",
   "app" : {
      "length" : 8
   },
   "asn" : "AS8075",
   "city" : "Hong Kong",
   "country" : "HK",
   "data" : "\\x00[\\x00\\x00\\x00\\x00\\x00\\x00",
   "datamd5" : "d0667d77071710c716b7978296e1b49e",
   "datammh3" : -971970408,
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "MSFT",
      "organization" : "Microsoft Corporation",
      "subnet" : "20.239.0.0/16"
   },
   "ip" : "20.239.245.195",
   "ipv6" : "false",
   "latitude" : "22.2842",
   "location" : "22.2842,114.1759",
   "longitude" : "114.1759",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "port" : 30000,
   "protocol" : "socks4a",
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "subnet" : "20.192.0.0/10",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp"
}

  • 35.86.148.65:30000 (tcp/http) - last seen on 2024-11-21 at 08:33:45 UTC

    • IP
      35.86.148.65
      Network
      35.80.0.0/12
      Domain(s)
      amazonaws.com
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://35.86.148.65:30000/ 404

      Reverse DNS
      ec2-35-86-148-65.us-west-2.compute.amazonaws.com
      ASN
      AS16509
      Organization
      AMAZON-02
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      83d07b842b1ed2327b161b1279847633
      HTTP Header MD5
      f7430cdb1622717dcc6c0bf53b71e7b3
      HTTP Body MD5
      595e88012a6521aae3e12cbebe76eb9e 
    • HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Nov 2024 08:33:45 GMT
Content-Length: 19
Connection: close

404 page not found

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:33:45.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "595e88012a6521aae3e12cbebe76eb9e",
         "bodymmh3" : -138391155,
         "headermd5" : "f7430cdb1622717dcc6c0bf53b71e7b3",
         "headermmh3" : 866470966
      },
      "length" : 195
   },
   "asn" : "AS16509",
   "city" : "Boardman",
   "country" : "US",
   "data" : "HTTP/1.1 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\nDate: Thu, 21 Nov 2024 08:33:45 GMT\r\nContent-Length: 19\r\nConnection: close\r\n\r\n404 page not found\n",
   "datamd5" : "83d07b842b1ed2327b161b1279847633",
   "datammh3" : 1090285471,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com",
         "aws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AMAZON-ZPDX",
      "organization" : "Amazon.com, Inc.",
      "subnet" : "35.80.0.0/12"
   },
   "host" : [
      "ec2-35-86-148-65"
   ],
   "hostname" : [
      "ec2-35-86-148-65.us-west-2.compute.amazonaws.com"
   ],
   "ip" : "35.86.148.65",
   "ipv6" : "false",
   "latitude" : "45.8491",
   "location" : "45.8491,-119.7143",
   "longitude" : "-119.7143",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 30000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Not Found",
   "reverse" : [
      "ec2-35-86-148-65.us-west-2.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan",
   "status" : 404,
   "subdomains" : [
      "compute.amazonaws.com",
      "us-west-2.compute.amazonaws.com"
   ],
   "subnet" : "35.80.0.0/12",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}