From 12e8ff3194dc32cd987561f5fa2c21809fd3ae87 Mon Sep 17 00:00:00 2001 From: david Date: Thu, 2 Feb 2012 05:59:25 +0000 Subject: [PATCH] More service submissions. --- nmap-service-probes | 282 +++++++++++++++++++++++++++++--------------- 1 file changed, 186 insertions(+), 96 deletions(-) diff --git a/nmap-service-probes b/nmap-service-probes index 3f72ddeda..68d8116c6 100644 --- a/nmap-service-probes +++ b/nmap-service-probes @@ -45,6 +45,8 @@ Probe TCP NULL q|| # FEATURE('greet_pause') in Sendmail, for example) totalwaitms 6000 +match 1c-server m|^S\xf5\xc6\x1a{| p/1C:Enterprise business management server/ + match 4d-server m|^\0\0\0H\0\0\0\x02.[^\0]*\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$|s p/4th Dimension database server/ match acap m|^\* ACAP \(IMPLEMENTATION \"CommuniGate Pro ACAP (\d[-.\w]+)\"\) | p/CommuniGate Pro ACAP server/ v/$1/ i/for mail client preference sharing/ @@ -126,6 +128,9 @@ match bandwidth-test m|^\x01\0\0\0$| p/Mikrotik bandwidth-test server/ match barracuda-dcagent m|^Invalid Client IP\0\0$| p/Barracuda Domain Controller Agent/ +# Port 2500: http://wiki.yobi.be/wiki/Belgian_eID +match beidpcscd m|^\0\0\0\x1e\xffV\x92l\xfbUL\x87\xabw\x1f\xb2\n\xd8\xef/\0\0\0\x05Alive\0\0\0\x011| p/beidpcscd Belgian eID daemon/ + match bf2rcon m|^### Battlefield 2 ModManager Rcon v([\d.]+)\.\n### Digest seed: \w+\n\n| p/Battlefield 2 ModManager Remote Console/ v/$1/ # Version 0.3.19 protocol @@ -157,6 +162,8 @@ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x57\0\0\0\x36\x01\0\0\x01\0\0 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x9c\x7c\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.19/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x9c\x7c\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.19$1/ +match bitcoin-jsonrpc m|^HTTP/1\.0 401 Authorization Required\r\n.*Server: bitcoin-json-rpc/([\w._-]+)\r\n|s p/Bitcoin JSON-RPC/ v/$1/ + # Bittorrent Client 3.2.1b on Linux 2.4.X match bittorrent m|^\x13BitTorrent protocol\0\0\0\0\0\0\0\0| p/Bittorrent P2P client/ # BMC Software Patrol Agent 3.45 and HP Patrol Agent @@ -235,7 +242,7 @@ match crestron-control m|^\r\nCrestron Terminal Protocol Console Opened\r\n\r\n| # XSig allows communcation with a Crestron control system. match crestron-xsig m|^\x0f\0\x01\x02$| p/Crestron PRO2 XSig communication/ -match csync m|\* OK ([-.\w]+) Cyrus sync server v([-.\w]+)| p/Cyrus sync server/ v/$2/ h/$1/ +match cyrus-sync m|\* OK ([-.\w]+) Cyrus sync server v([-.\w]+)| p/Cyrus sync server/ v/$2/ h/$1/ match cvspserver m|^no repository configured in /| p/CVS pserver/ i/broken/ match cvspserver m|^/usr/sbin/cvs-pserver: line \d+: .*cvs: No such file or directory\n| p/CVS pserver/ i/broken/ @@ -313,6 +320,9 @@ match durian m|^Durian Web Application Server III ([^<]+) for Win32\ match dnsix m|^DNSIX$| match dragon m|^UNAUTHORIZED\n\r\n\r$| p/Dragon realtime shell/ + +match drobo-fs m|^DRINASD\0\x01\x01\0\0\0\0..<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>\n\n\n ESAINFO\n \d+\n \d+\n 0db\d+\n 0db\d+\n Drobo(?:-FS)?\n ([][\w._ ]+)\n ([^<]+)\n| p/Drobo-FS ESATMUpdate/ v/$1 ($2)/ + match drweb m|^0 PROTOCOL 2 [23] AGENT,CONSOLE,INSTALL| p/DrWeb/ match dynast-solver m|^DYNAST server v(.*) \(Win32\) - Copyright\(c\) DYN| p/DYNAST solver/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a @@ -438,6 +448,8 @@ match ftp m|^220-Cerberus FTP Server - Personal Edition\r\n220-This is the UNLIC match ftp m|^220-Cerberus FTP Server - Personal Edition\r\n220-This is the UNLICENSED personal edition and may be used for home, personal use only\r\n220 Connected to Aurora FTP server\.\.\.\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-Welcome to Cerberus FTP Server\r\n220 Created by Grant Averett\r\n| p/Cerberus ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^421-Not currently accepting logins at this address\. Try back \r\n421 later\.\r\n| p/Cerberus ftpd/ i/banned/ o/Windows/ cpe:/o:microsoft:windows/a +match ftp m|^220 Welkom@([\w._-]+)\r\n521 Not logged in - Secure authentication required\r\n| p/Cerberus ftpd/ o/Windows/ cpe:/o:microsoft:windows/a h/$1/ + match ftp m|^220 FTP print service:V-(\d[-.\w]+)/Use the network password for the ID if updating\.\r\n| p|Brother/HP printer ftpd| v/$1/ d/printer/ match ftp m|^220- APC FTP server ready\.\r\n220 \r\n$| p/APC ftp server/ d/power-device/ # HP-UX 10.x or AIX @@ -1076,12 +1088,14 @@ match http m|^HTTP/1\.1 408 Request Timeout\r\nServer: WebSphere Application Ser match http m|^HTTP/1\.0 200 Ok Welcome to VOC\r\nServer: Voodoo chat daemon ver ([\w._ -]+)\r\nContent-type: text/html\r\nExpires: Mon, 08 Apr 1976 19:30:00 GMT\+3\r\nConnection: close\r\nKeep-Alive: max=0\r\nCache-Control: no-store, no-cache, must-revalidate\r\nCache-Control: post-check=0, pre-check=0\r\nPragma: no-cache\r\n\r\n$| p/Voodoo http chat daemon/ v/$1/ match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Cassini/([\w._-]+)\r\n.*\n\n\n
408 - Request Timeout
\n\n\n$| p/Hiawatha/ v/$1/ i/Echostar ViP 722k satellite receiver/ # This is here for NULL probe cheat since several probes unpredictably trigger it -Doug match http m|^HTTP/1\.0 400 Bad Request\r\nServer: OfficeScan Client\r\nContent-Type: text/plain\r\nAccept-Ranges: bytes\r\nContent-Length: 4\r\n\r\nFail| p/Trend Micro OfficeScan Antivirus http config/ o/Windows/ cpe:/o:microsoft:windows/a match http-proxy m=^HTTP/1\.[01] \d\d\d .*\r\n(?:Server|Proxy-agent): iPlanet-Web-Proxy-Server/([\d.]+)\r\n=s p/iPlanet web proxy/ v/$1/ match http-proxy m|^

\xd5\xca\xba\xc5\xc8\xcf\xd6\xa4\xca\xa7\xb0\xdc \.\.\.

\r\n

IP \xb5\xd8\xd6\xb7: [][\w:.]+
\r\nMAC \xb5\xd8\xd6\xb7:
\r\n\xb7\xfe\xce\xf1\xb6\xcb\xca\xb1\xbc\xe4: \d+-\d+-\d+ \d+:\d+:\d+
\r\n\xd1\xe9\xd6\xa4\xbd\xe1\xb9\xfb: Invalid user\.

$| p/CC Proxy/ +match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: text/html\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type: text/html; charset=us-ascii\r\n\r\nInvalid request

This message was created by Kerio Control Proxy {665}$| p/Kerio Control http proxy/ match hp-gsg m|^220 JetDirect GGW server \(version (\d[\d.]+)\) ready\r\n| p/HP JetDirect Generic Scan Gateway/ v/$1/ d/printer/ match hp-gsg m|^220 HP GGW server \(version ([\w._-]+)\) ready\r\n\0| p/HP Generic Scan Gateway/ v/$1/ d/printer/ @@ -1265,7 +1279,8 @@ match ipmi-advertiserd m|^\x0e\0\0\0\0\0\0$| p/SuperMicro IPMI advertiserd/ d/re match ipsi m|^\0\x0f\0/([\w._-]+)\0| p/Avaya $1 IPSI version/ d/PBX/ -match ir-alerts m|^.\0\0\0\0Lexmark (\w+)\0| p/Lexmark $1 IR alerts/ d/printer/ +# Port 9200: http://support.lexmark.com/index?page=content&id=FA642 +match ir-alerts m|^.\0\0\0\0Lexmark (\w+)\0| p/Lexmark $1 print server identification/ d/printer/ # ircd-hybrid 7 on Linux match irc m=^NOTICE AUTH :\*\*\* Looking up your hostname\.\.\.\r\nNOTICE AUTH :\*\*\* Checking Ident\r\nNOTICE AUTH :\*\*\* (?:No|Got) Ident response\r\nNOTICE AUTH :\*\*\* (?:Couldn't look up|Found) your hostname\r\n$= p/Hybrid-based ircd/ @@ -1400,6 +1415,8 @@ match kismet-drone m|^\xde\xca\xfb\xad\x01\0\0\0\x04\0\t\0[\x07\x10]| p/Kismet d match ksystemguard m|^ksysguardd ([\d.]+)\n\(c\)| p/ksystemguardd/ v/$1/ match landesk m|^TDMM\x1c\0\0\0\x14\0\0\0| p/LANDesk Management Suite/ i/Targeted Multicast Service/ +# Port 9535: http://community.landesk.com/support/docs/DOC-1591 +match landesk-rc m|^\x1b\r~<\^l\]\xb99\xae\xc3\x9d\x0b\xca\xd8\x9d\xdf\xd1\x14\x84\x02\x83u>\xa8\[\x0b\xaf\xcc\xd8\xf01\$\xbb\xcf \x8b4\x05s\xb4\xebg\x9a\x96<\xf5{\x9c-\xa7p\n\x9d3\x84\x87\xa6\xb7\x08Il\x8fo\xb0\xcc\xcd\xdf;\xa3\xf7\x1de\xec\xe1\xe4V~\xb1_\x18v\xaa5\x18\xba\x8c\xf3\xcf\xf5\x8f\xcd\xee\x19\xd3\x02\xcb\x04 \x83\xc3;\x8f\x98\x8eZQ\x83\xa5\x1a\x0c\xbe\x91\x16\xca\xed\xa1\xc1\xfa\x8f\xde6\x1f\xc4p\xe7\\\xd7\xec\xefl{\x88\x82=J\xa8\xf0\x08S<_-\x90Q\x15\xcd4Z\xbc\x9b#pS\nDi\xd9\xe8\xcaz\x1e\x10\xe7\x9b\x05\xd6\^&\xd3\x13H_\xed\xe2\.\xb6\xf93\x7fCS1\x0c\xe7\xe5\x10,{O\xd3\?M,c\xec@\x94\x9cz\xc9\xa1\xe0\xf6\x0c\x95\xb2\]>\xa4\x84\n\(\x07\xf1\*\[\xd2A\xaa\x8e!A\xde\0\[:\xeb\xc3\x82\xe5v\x1b\xd9\xd4\xbe\x01\x87P\xf8\xf1\n\)\x96\x92\x1c{\x99\x14\xb4-\xd8#\xc1\xf6\xfaI\xc7\x9d\x082\xee3y$| p/LANDesk remote management/ match ldap m|^unable to set certificate file\n6292:error:02001002:system library:fopen:No such file or directory:bss_file\.c:| p/OpenLDAP over SSL/ i/broken/ @@ -1987,6 +2004,7 @@ match pop3pw m|^550 Login failed - already \d+/\d+ users connected sorry \(use G match pop3pw m|^200 hello and welcome to SchoolsNET SINA poppassd \[([-\d.]+)\]\r\n| p/SINA pop3pw/ v/$1/ match pop3pw m|^200 Post\.Office v([\d.]+) password server ready\r\n| p/Post.Office pop3pw/ v/$1/ match pop3pw m|^200 MERCUR Password service for Windows NT ready\r\n| p/Atrium Software's Mercur pop3pw/ o/Windows/ cpe:/o:microsoft:windows/a +match pop3pw m|^200 hello\r\n| p/SLMail pop3pw/ o/Windows/ cpe:/o:microsoft:windows/a softmatch pop3 m|^\+OK [-\[\]\(\)!,/+:<>@.\w ]+\r\n$| @@ -2015,6 +2033,8 @@ match printer m|^\d+-202 your host does not have line printer access\.| p/AIX lp match printer m|^\d+-201 ill-formed FROM address\.$| p/AIX lpd/ o/AIX/ cpe:/o:ibm:aix/a match printer-admin m|^LXK: $| p/Lexmark printer admin/ d/printer/ +match prisontale m|^ \0\0\0\*\x03\x01\x80\x10\0.\xc9....................|s p/PrisonTale game server/ + match pwdgen m|^\w+ \([\w-]+\)\r\n$| p/pwdgen/ match pycharm m|^\0\.[\w._/-]+/Library/Preferences/PyCharm([\w._-]+)\0\)[\w._/-]+/Library/Caches/PyCharm[\w._-]+$| p/PyCharm/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a @@ -2526,7 +2546,7 @@ match sophos m|^IOR:[a-zA-Z0-9]{32}| p/Sophos Message Router/ i/Interroperable O match sourceviewerserver m|^OK SourceViewerService v1\.0\r\n| p/NetBeans Source Viewer Service/ # http://udk.openoffice.org/common/man/spec/urp.html -match urp m|^\0\0\0\x60\0\0\0\x01\xf8\x04\x96\0\0'com\.sun\.star\.bridge\.XProtocolProperties\x15UrpProtocolProperties\0\0\x14\r\0\0\0\x85\xfbc\x80\x9e\xca@\$\xbc\xc7\x9e\xbb#\x0f\xfc\xd6\0\0\x92\]\xe4\xb8$| p/UNO Remote Protocol (URP)/ +match urp m|^\0\0\0\x60\0\0\0\x01\xf8\x04\x96\0\0'com\.sun\.star\.bridge\.XProtocolProperties\x15UrpProtocolProperties\0\0\x14..\0\0................\0\0....$|s p/UNO Remote Protocol (URP)/ match sourceoffice m|^200\r\nProtocol-Version:(\d[\d.]+)\r\nMessage-ID:\d+\r\nDatabase .*\r\nContent-Length:\d+\r\n\r\n(\w:\\.*ini)\r\n\r\n| p/Sourcegear SourceOffSite/ i/Protocol $1; INI file: $2/ match sourceoffice m|^250\r\nProtocol-Version:(\d[\d.]+)\r\nMessage-ID:\d+\r\nDatabase .*\r\nContent-Length:\d+\r\nKey Length:(\d+)\r\n\r\n.*(\w:\\.*ini)\r\n\r\n|s p/Sourcegear SourceOffSite/ i/Protocol $1; Key len: $2; INI file: $3/ @@ -2693,7 +2713,9 @@ match ssh m|^SSH-([\d.]+)-xlightftpd_release_([\w._-]+)\r\n| p/Xlight FTP Server softmatch ssh m|^SSH-([\d.]+)-| i/protocol $1/ -match soldat m|^Soldat Admin Connection Established\.\.\.\r\nAdmin connected\.\r\n| p/Soldat multiplayer-game server/ +match soldat m|^Soldat Admin Connection Established\.\.\.\r\nAdmin connected\.\r\n| p/Soldat game admin server/ +match soldat m|^Soldat Admin Connection Established\.\r\nPassword request timed out\.\r\n| p/Soldat game admin server/ + match solproxy m|^The solproxy is used by [\d.]+\n\rThe client is closed!\n\r| p/Dell Serial Over LAN proxy/ match synchroedit m|^SynchroEdit ([\d.]+) running on ([\w._-]+)\n$| p/SynchroEdit request server/ v/$1/ h/$2/ @@ -3482,7 +3504,7 @@ match telnet m|^\xff\xfd\x03\xff\xfb\x03\xff\xfa\x18\x01\xff\xf0\xff\xfa\x18\x01 match telnet m|^\xff\xfb\x01login : | p/Alcatel OmniSwitch 8600 switch telnetd/ d/switch/ match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfb\x18-------------------------------\r\n-----Welcome to ATP Cli------\r\n-------------------------------\r\n\r\nLogin: | p/Huawei HG655b DSL router telnetd/ d/broadband router/ cpe:/h:huawei:hg655b/ match telnet m|^Welcome to ([\w._-]+)\.\r\r\nUnauthorized access is punishable by law\.\r\r\n\xff\xfb\x01\xff\xfb\x03\r\n\((GSM[\w._-]+)\) \r\nUser:| p/Netgear $2 switch telnetd/ h/$1/ cpe:/h:netgear:$2/ d/switch/ -match telnet m|^ \x1b\[2JAccess Point Console\r\n--------------------\r\nVersion ([\w._-]+)\r\n\r\n\r\x07Password: \xff\xfb\x01| p/Blitzz BWA601 WAP telnetd/ v/$1/ cpe:/h:blitzz:bwa601/ d/WAP/ +match telnet m|^ \x1b\[2JAccess Point Console\r\n--------------------\r\nVersion ([\w._-]+)\r\n\r\n\r\x07Password: \xff\xfb\x01| p/Blitzz BWA601 WAP telnetd/ v/$1/ cpe:/h:blitzz:bwa601:$1/ d/WAP/ match telnet m|^\xff\xfb\x03\xff\xfb\x01SB5100MoD by ToM - Embedded Telnet Server\r\n\r\n| p/SB5100MoD telnetd/ i/Motorola SB5100 WAP/ d/WAP/ cpe:/h:motorola:sb5100/ match telnet m%^\r\nTelnet connection from [\d.]+:\d+ refused\.\r\n\r\n(?:Knock it off; I'm not lettin' you in\.\.\.|You again\? Don't make me call the cops\.\.\.|Your IP address has been logged and reported to your ISP\.)\r\n\r\n\nBye bye\.\.\.\r\n% p/SB5100MoD telnetd/ i/Motorola SB5100 WAP/ d/WAP/ cpe:/h:motorola:sb5100/ match telnet m|^\xff\xfb\x01\r\n\r\nWelcome to Trango Broadband Wireless (\w+)-AP \w+\r\nPassword: | p/Trango $1 WAP telnetd/ d/WAP/ cpe:/h:trango:$1/ @@ -3498,6 +3520,9 @@ match telnet m|^\xff\xfd\x18\xff\xfb\x01\xff\xfb\x03| p/Pirelli NetGate VOIP v2 match telnet m|^\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\nusername: | p/IBM BladeCenter Advanced Management Module telnetd/ d/remote management/ match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\n\r\n\rEXFO (BV[\w._-]+)\r\n\r\r\n\rWARNING: This system is for use by authorized users only!\r\n\r\r\n\rPassword: | p/Exfo $1 Ethernet test device telnetd/ d/specialized/ cpe:/h:exfo:$1/ match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfb\x18\n\rWelcome Visiting Huawei Home Gateway\n\rCopyright by Huawei Technologies Co\., Ltd\.\n\rLogin:| p/Huawei STC router telnetd/ d/broadband router/ +match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\n \r\nModel name : easyRAID ([\w._+-]+)\r\nFirmware version : ([\w._-]+)\r\nBootcode version : ([\w._-]+)\r\nSerial number : (\w+)\r\nCPU type: [^\r]*\r\nInstalled memory : ([^\r]+)\r\nController type: [^\r]*\r\nDisk slot number: [^\r]*\r\nDisk state : [^\r]*\r\n \r\n=== Welcome to CLI ([\w._-]+) ===\r\nPlease input password: | p/easyRAID $1 telnetd/ d/storage-misc/ i/firmware $2; bootcode $3; serial $4; memory $5/ v/$6/ +match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\nWelcome to Linux \(([\w._-]+)\) for MIPS\r\n\rKernel ([\w._-]+) Treckle on an MIPS\r\n\r[\w._-]+ login: | p/ZKSoftware $1 access control device/ o/Linux/ i/Linux $2; MIPS/ d/security-misc/ cpe:/o:linux:kernel:$2/ cpe:/h:zksoftware:$1/ +match telnet m|^\xff\xfb\x01\xff\xfd\"\[Fallen Heroes Console\] remote control session\.\r\nPassword:\0| p/Rappelz game server admin telnetd/ #(insert telnet) @@ -3570,6 +3595,7 @@ match vnc m|^RFB 003\.88[89]\n$| p/Apple remote desktop vnc/ o/Mac OS X/ cpe:/o: match vnc m|^RFB 000\.000\n$| p/Ultr@VNC Repeater/ match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0jServer license key is missing, invalid or has expired\.\nVisit http://www\.realvnc\.com to purchase a licence\.| p/RealVNC/ i/Unlicensed, protocol 3.$1/ match vnc m|^RFB 004\.000\n| p/RealVNC Personal/ i/protocol 4.0/ +match vnc m|^RFB 004\.001\n| p/RealVNC Enterprise/ i/protocol 4.1/ match vnc m|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0:Unable to open license file: No such file or directory \(2\)| p/RealVNC Enterprise Edition/ i/protcol 3.$1/ match vnc m|^RFB 103\.006\n| p/Microsoft Virtual Server remote control/ o/Windows/ cpe:/o:microsoft:windows/a match vnc m|^ISD 001\.000\n$| p/iTALC/ @@ -3782,6 +3808,8 @@ match crestron-control m|^INVALID_COMMAND\r| p/TiVo DVR Crestron control server/ match cso m|^598:\(null\):Command not recognized\.\n| p/Columbia University QIL Gateway/ i/Qi to LDAP/ +match csync m|^Expecting SSL \(optional\) and CONFIG as first commands\.\n| p/csync2/ + match datamaxdb m|^X01\r\nX01\r\n$| p/MailMax DataMaxDB/ o/Windows/ cpe:/o:microsoft:windows/a match desktop-central m|^Invalid FT GWADDR / START protocol\n$| p/ManageEngine Desktop Central DesktopCentralServer/ d/remote management/ @@ -3942,6 +3970,7 @@ match http m|^UNKNOWN 400 Bad Request\r\nServer: thttpd/([\w.]+) \w+\r\n| p/thtt match http m|^UNKNOWN 400 Bad Request\r\nServer: \r\nContent-Type: text/html\r\n.*

400 Bad Request

\nYour request has bad syntax or is inherently impossible to satisfy\.\n|s p/thttpd/ cpe:/a:acme:thttpd/ match http m|^HTTP/1\.0 400 Bad Request\r\n.*

400 Bad Request

\n

\n Your request has bad syntax or is inherently impossible to satisfy\.\n|s p/thttpd/ cpe:/a:acme:thttpd/ match http m|^HTTP/1\.0 400 Bad Request\r\nContent-type: text/html; charset=iso-8859-1\r\nAccept-Ranges: bytes\r\nConnection: close\r\n\r\n400 Bad Request\n

400 Bad Request

\n
\nYour request has bad syntax or is inherently impossible to satisfy\.\n\n$| p/thttpd/ cpe:/a:acme:thttpd/ +match http m|^UNKNOWN 400 Bad Request\r\nServer: unknown HTTP server\r\nContent-Type: text/html; charset=iso-8859-1\r\n.*\n

400 Bad Request

\nYour request has bad syntax or is inherently impossible to satisfy\.\n|s p/thttpd/ cpe:/a:acme:thttpd/ i/IDIS surveillance DVR/ d/media device/ match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: UnrealEngine UWeb Web Server Build (\d+)\r\n|s p/Unreal Tournament http admin/ v/Build $1/ match http m|^HTTP/1\.0 405 Method Not Allowed\r\nAllow: GET, HEAD\r\n\r\n405 Method Not Allowed\r\n\r\n| p|D-Link printer/webcam http config| match http m|^HTTP/1\.0 400 Bad Request\r\nServer: WDaemon/([\d.]+)\r\n| p/World Client WDaemon httpd/ v/$1/ i/Alt-N MDaemon webmail/ o/Windows/ cpe:/o:microsoft:windows/a @@ -4022,6 +4051,7 @@ match http m|^HTTP/1\.1 405 Method Not Allowed\r\nAllow: GET,HEAD\r\nDate: .*\r\ match http m|^\(null\) 400 Bad Request\r\nServer: nexg_httpd\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: keep-alive\r\nKeep-Alive: timeout=10, max=30\r\n\r\n| p/nexg_httpd/ match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Length: 0\r\ntv2-auth-digest: [\w=]+\r\n\r\n$| p/T-Home Entertain set-top box httpd/ d/media device/ match http m|^HTTP/1\.0 400 Bad Request\r\n.*Server: doubleTwist Sync \(Android\)\r\n|s p/doubleTwist httpd/ o/Linux/ d/phone/ cpe:/o:google:android/ i/Android phone/ +match http m|^HTTP/1\.0 501 Unimplemented\r\nContent-Type: text/plain\r\nContent-Length: 17\r\n\r\n501 Unimplemented$| p/NetApp DFM httpd/ match http-proxy m%^HTTP/1\.0 400 Bad Request\r\nContent-Type: text/html\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type: text/html; charset=(?:utf-8|us-ascii)\r\n\r\nInvalid request

This message was created by WinRoute Proxy% p/WinRoute http proxy/ o/Windows/ cpe:/o:microsoft:windows/a match http-proxy m|^HTTP/1\.0 400 Bad Request\r\n.*\t\t

Invalid request:

Bad request format\.\n
\t\t

Please, check URL\.

\t\t

\t\tGenerated by Oops\.\t\t\t\t$|s p/Oops! http proxy/ d/proxy server/ @@ -4169,6 +4199,8 @@ match redcarpet m|^Status: 400 Bad Request\r\nContent-Length: 0\r\n\r\n| p/Ximia match rsa-authmgr m|^-ERR Invalid command: \r\n-ERR Invalid command: \r\n| p/RSA Authentication Manager node manager/ +match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: AirTunes/([\w._-]+)\r\nAudio-Jack-Status: connected; type=analog\r\n\r\n| p/RogueAmoeba Airfoil rtspd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a v/$1/ + match s2-emerge m|^resolutions=\"4CIF\",\"2CIF\",\"CIF\",\"QCIF\"&mpeg_enabled=\"TRUE\"&jpeg_enabled=\"TRUE\"&alarms=\d+&relays=\d+&audio_in\[\]=0x3,0x0&audio_out=\[\]0x3,0x0\0{375,}| p/S2 eMerge Door Access Controller/ match sdcomm m|^ERR 27$| p/RSA SecureID Ace Server/ @@ -4397,6 +4429,8 @@ match ajp13 m|^AB\0\x13\x04\x01\x90\0\x0bBad Request\0\0\0AB\0\x02\x05\x01$| p/A match athinfod m|^athinfod: invalid query\.\n$| p/Athena athinfod/ +match amqp m|^AMQP\0\0\t\x01$| p/Advanced Message Queue Protocol/ + # Kerio PF 4.0.11 unregistered - Service process (Port 44xxx?) on MS W2K SP4+ match keriopfservice m|^(HTTP/1\.0) 200 OK\r\nServer: Kerio Personal Firewall\r\n| p/Kerio PF 4 Service/ i/$1/ @@ -4628,32 +4662,32 @@ match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Zeus/(\d[-.\w]+)\r\n|s p/Zeus ht match http m|^HTTP/1\.0 404 File not Found\r\nServer: SPiN ChatSystem/(\d[-.\w]+)\r\n| p/SPiN web chat system/ v/$1/ # IP_SHARER WEB -match http m|^HTTP/1\.0 200 Document follows\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\n\n\nSetup| p/IP_SHARER WEB/ v/$1/ i/Siemens SpeedStream SS2601/ d/router/ cpe:/a:siemens:ip_sharer_web/a -match http m|^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\nConnection: close\r\n\r\nunknown \(([\d.]+)\) is managing this device| p/IP_SHARER WEB/ v/$1/ i/TRENDnet router http config; being managed by $2/ d/router/ cpe:/a:trendnet:ip_sharer_web/a -match http m|^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\n.*|s p/IP_SHARER WEB/ v/$1/ i/Belkin $2 wifi router http config/ d/WAP/ cpe:/a:belkin:ip_sharer_web/a -match http m|^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\n.*Setup.*type=\"text/javascript\">\nfunction loadnext\(\)|s p/IP_SHARER WEB/ v/$1/ i/TRENDnet TW100-BRV204 router http config; no admin pass/ d/router/ cpe:/a:trendnet:ip_sharer_web/a -match http m=^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\n.*TRENDnet \| TW100-BRF114 \| Setup=s p/IP_SHARER WEB/ v/$1/ i/TRENDnet TW100-BRF114 router http config/ d/router/ cpe:/a:trendnet:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"NETGEAR WP([-\w+]+)\"\r\n\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/a:netgear:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(AT-\w+)\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/IP_SHARER WEB/ v/$1/ i/Allied Telesyn $2 WAP http config/ d/broadband router/ cpe:/a:alliedtelesis:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"BEFSR41W\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/IP_SHARER WEB/ v/$1/ i/Linksys BEFSR41W router http config/ d/router/ cpe:/a:linksys:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(DG[\w]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/a:netgear:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(FM\w+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 http config/ d/broadband router/ cpe:/a:netgear:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(FR[-.\w+]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 firewall router http config/ d/router/ cpe:/a:netgear:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"NeedPassword\"\r\nContent-type: text/html\r\nConnection: close\r\n\r\n401 Unauthorized$| p/IP_SHARER WEB/ v/$1/ i/TRENDnet TW100-BRV204 router http config; admin pass set/ d/router/ cpe:/a:trendnet:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"NeedPassword\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/IP_SHARER WEB/ v/$1/ i|Airlink/Sitecom wireless router| d/router/ cpe:/a:airlink:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(NR[\w+]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 router http config/ d/router/ cpe:/a:netgear:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(WGPS[\w+]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 print server http config/ d/print server/ cpe:/a:netgear:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"WRT54GC\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Linksys WRT54GC http config/ d/WAP/ cpe:/a:linksys:ip_sharer_web/a -match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"WYR-G54\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Buffalo Airstation WYR-G54 WAP http config/ d/WAP/ cpe:/a:buffalo:ip_sharer_web/a -match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\n\n\n\n\nSetup\n| p/IP_SHARER WEB/ v/$1/ i/SpeedStream router http config; SOHO Version $2/ d/router/ cpe:/a:speedstream:ip_sharer_web/a -match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\nunknown \(.*\) is managing this device| p/IP_SHARER WEB/ v/$1/ i/SpeedStream router http config/ d/router/ cpe:/a:speedstream:ip_sharer_web/a -match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"FVS114\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear ProSafe FVS114 firewall http config/ d/firewall/ cpe:/a:netgear:ip_sharer_web/a -match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"FWG114P\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear FWG114P wireless firewall http config/ d/firewall/ cpe:/a:netgear:ip_sharer_web/a -match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"MR814v2\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear MR814v2 wireless router http config/ d/router/ cpe:/a:netgear:ip_sharer_web/a -match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(WGR614[^"]*)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 router http config/ d/router/ cpe:/a:netgear:ip_sharer_web/a +match http m|^HTTP/1\.0 200 Document follows\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\n\n\nSetup| p/IP_SHARER WEB/ v/$1/ i/Siemens SpeedStream SS2601/ d/router/ cpe:/a:siemens:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\nConnection: close\r\n\r\nunknown \(([\d.]+)\) is managing this device| p/IP_SHARER WEB/ v/$1/ i/TRENDnet router http config; being managed by $2/ d/router/ cpe:/a:trendnet:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\n.*|s p/IP_SHARER WEB/ v/$1/ i/Belkin $2 wifi router http config/ d/WAP/ cpe:/a:belkin:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\n.*Setup.*type=\"text/javascript\">\nfunction loadnext\(\)|s p/IP_SHARER WEB/ v/$1/ i/TRENDnet TW100-BRV204 router http config; no admin pass/ d/router/ cpe:/a:trendnet:ip_sharer_web:$1/ +match http m=^HTTP/1\.0 200 OK\r\nServer: IP_SHARER WEB ([\w._-]+)\r\n.*TRENDnet \| TW100-BRF114 \| Setup=s p/IP_SHARER WEB/ v/$1/ i/TRENDnet TW100-BRF114 router http config/ d/router/ cpe:/a:trendnet:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"NETGEAR WP([-\w+]+)\"\r\n\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/a:netgear:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(AT-\w+)\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/IP_SHARER WEB/ v/$1/ i/Allied Telesyn $2 WAP http config/ d/broadband router/ cpe:/a:alliedtelesis:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"BEFSR41W\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/IP_SHARER WEB/ v/$1/ i/Linksys BEFSR41W router http config/ d/router/ cpe:/a:linksys:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(DG[\w]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/a:netgear:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(FM\w+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 http config/ d/broadband router/ cpe:/a:netgear:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(FR[-.\w+]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 firewall router http config/ d/router/ cpe:/a:netgear:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"NeedPassword\"\r\nContent-type: text/html\r\nConnection: close\r\n\r\n401 Unauthorized$| p/IP_SHARER WEB/ v/$1/ i/TRENDnet TW100-BRV204 router http config; admin pass set/ d/router/ cpe:/a:trendnet:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"NeedPassword\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/IP_SHARER WEB/ v/$1/ i|Airlink/Sitecom wireless router| d/router/ cpe:/a:airlink:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(NR[\w+]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 router http config/ d/router/ cpe:/a:netgear:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(WGPS[\w+]+)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 print server http config/ d/print server/ cpe:/a:netgear:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"WRT54GC\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Linksys WRT54GC http config/ d/WAP/ cpe:/a:linksys:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"WYR-G54\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Buffalo Airstation WYR-G54 WAP http config/ d/WAP/ cpe:/a:buffalo:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\n\n\n\n\nSetup\n| p/IP_SHARER WEB/ v/$1/ i/SpeedStream router http config; SOHO Version $2/ d/router/ cpe:/a:speedstream:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nContent-type: text/html\r\n\r\nunknown \(.*\) is managing this device| p/IP_SHARER WEB/ v/$1/ i/SpeedStream router http config/ d/router/ cpe:/a:speedstream:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"FVS114\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear ProSafe FVS114 firewall http config/ d/firewall/ cpe:/a:netgear:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"FWG114P\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear FWG114P wireless firewall http config/ d/firewall/ cpe:/a:netgear:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"MR814v2\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear MR814v2 wireless router http config/ d/router/ cpe:/a:netgear:ip_sharer_web:$1/ +match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: IP_SHARER WEB ([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"(WGR614[^"]*)\"\r\n| p/IP_SHARER WEB/ v/$1/ i/Netgear $2 router http config/ d/router/ cpe:/a:netgear:ip_sharer_web:$1/ # PRINT_SERVER WEB -match http m|^HTTP/1\.0 200 Document follows\r\nServer: PRINT_SERVER WEB ([\w._-]+)\r\n.*\n\nNetGear Print Server Setup|s p/PRINT_SERVER WEB/ v/$1/ i/Netgear $2 print server http config/ d/print server/ cpe:/a:netgear:print_server_web/a +match http m|^HTTP/1\.0 200 Document follows\r\nServer: PRINT_SERVER WEB ([\w._-]+)\r\n.*\n\nNetGear Print Server Setup|s p/PRINT_SERVER WEB/ v/$1/ i/Netgear $2 print server http config/ d/print server/ cpe:/a:netgear:print_server_web:$1/ # Netgear FR314 Firewall Router match http m|^HTTP/1\.0 200 OK\r\nServer: NETGEAR Firewall\r\n| p/Netgear FR-series firewall router http config/ d/router/ @@ -4683,7 +4717,7 @@ match http m|^HTTP/1\.0 401 \r\nWWW-Authenticate: Basic realm=\"HomeSeer\d+\"\r\ # Multitech MultiVoip 410 VoIP gateway match http m|^HTTP/1\.1 200 OK\r\nServer: RTXCweb Software (\d[-.\w]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n|s p/SimpleHelp remote desktop httpd/ match http m|^HTTP/1\.0 302 Object Moved\r\n.*Location: /\+CSCOE\+/logon\.html\r\nSet-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure\r\n|s p/Cisco ASA firewall http config/ d/firewall/ match http m|^HTTP/1\.0 302 Moved Temporarily\r\n.*Server: Mbedthis-Appweb/([\d.]+)\r\n.*Set-Cookie: _appwebSessionId_=|s p/Mbedthis-Appweb/ v/$1/ i/Iomega StorCenter ix2 NAS device/ d/storage-misc/ cpe:/a:mbedthis:appweb:$1/ @@ -6576,7 +6621,7 @@ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=(DCS-\w+)\r\n\r\nPassword Error\. $| p/D-Link $1 webcam http config/ d/webcam/ match http m|^HTTP/1\.0 400 bad url /\r\nServer: TinyHTTPProxy/([\d.]+) ([^\r\n]+)\r\n| p/TinyHTTPProxy/ v/$1/ i/$2/ match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store\r\nExpires: -1\r\n.*|s p/Juniper SA2000 or SA4000 VPN gateway http config/ d/proxy server/ -match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html\r\nDate: Tue, 28 Jul 2009 12:43:48 GMT\r\n\r\n\r\n\r\n\r\nFMS : Freenet Message System| p/Freenet Message System web client/ +match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n\r\n\r\n\r\nFMS : Freenet Message System| p/Freenet Message System web client/ match http m|^HTTP/1\.1 400 Bad Request\r\n.*Server: Profense\r\n|s p/Profense web application firewall/ d/firewall/ match http m|^HTTP/1\.0 200 Ok\r\nServer: NET-DK/([\d.]+)\r\n.*Touchstone Status|s p/NET-DK/ v/$1/ i/Arris Touchstone TM702B VoIP modem/ d/VoIP adapter/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: MediaBox HTTPd Server/([\d.]+) \(Unix\)\r\n|s p/MediaBox HTTPd Server/ v/$1/ o/Unix/ @@ -6680,7 +6725,8 @@ match http m|^HTTP/1\.1 200 OK\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet- match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Norman Security/([\d.]+)\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: 90\r\n\r\nNorman Security Error

403 - Forbidden

$| p/Norman Security Endpoint Protection httpd/ v/$1/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Norman Security/([\d.]+)\r\n.*Norman Security Error

401 - Unauthorized

$|s p/Norman Security Endpoint Protection httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\n.*.*Oracle Applications Rapid Install|s p/Oracle Rapid Install httpd/ -match http m|^HTTP/1\.1 200 OK\r\n.*