104.244.74.28

As of: Feb 27, 2024 2:42pm UTC | Latest
{
  "ip": "104.244.74.28",
  "services": [
    {
      "_decoded": "ftp",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\r\n220-You are user number 1 of 50 allowed.\r\n220-Local time is now 22:42. Server port: 21.\r\n220-This is a private system - No anonymous login\r\n220-IPv6 connections are also welcome on this server.\r\n220 You will be disconnected after 15 minutes of inactivity.\r\n",
      "banner_hashes": [
        "sha256:24ab649ab91670a4ac758ded5d35a973f2cf5e46e7eebd644d700a56c3e38088"
      ],
      "banner_hex": "3232302d2d2d2d2d2d2d2d2d2d2057656c636f6d6520746f20507572652d46545064205b707269767365705d205b544c535d202d2d2d2d2d2d2d2d2d2d0d0a3232302d596f75206172652075736572206e756d6265722031206f6620353020616c6c6f7765642e0d0a3232302d4c6f63616c2074696d65206973206e6f772032323a34322e2053657276657220706f72743a2032312e0d0a3232302d54686973206973206120707269766174652073797374656d202d204e6f20616e6f6e796d6f7573206c6f67696e0d0a3232302d4950763620636f6e6e656374696f6e732061726520616c736f2077656c636f6d65206f6e2074686973207365727665722e0d0a32323020596f752077696c6c20626520646973636f6e6e6563746564206166746572203135206d696e75746573206f6620696e61637469766974792e0d0a",
      "certificate": "43119440dbff54ab944c5fb7f56d58aa83faf2aaaf761507f45e06dc711ddb8a",
      "discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
      "extended_service_name": "FTPes",
      "ftp": {
        "_encoding": {
          "banner": "DISPLAY_UTF8",
          "auth_tls_response": "DISPLAY_UTF8"
        },
        "banner": "220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\r\n220-You are user number 1 of 50 allowed.\r\n220-Local time is now 22:42. Server port: 21.\r\n220-This is a private system - No anonymous login\r\n220-IPv6 connections are also welcome on this server.\r\n220 You will be disconnected after 15 minutes of inactivity.\r\n",
        "auth_tls_response": "234 AUTH TLS OK.\r\n",
        "status_code": 220,
        "status_meaning": "Service ready for new user.",
        "implicit_tls": false
      },
      "labels": [
        "file-sharing"
      ],
      "observed_at": "2024-02-27T14:42:17.889499065Z",
      "perspective_id": "PERSPECTIVE_ORANGE",
      "port": 21,
      "service_name": "FTP",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:a:pureftpd:pure\\-ftpd:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "PureFTPd",
          "product": "Pure-FTPd",
          "other": {
            "family": "Pure-FTPd"
          },
          "source": "OSI_APPLICATION_LAYER"
        },
        {
          "product": "pureftpd",
          "other": {
            "config": "[privsep] [TLS"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "167.94.145.54",
      "tls": {
        "version_selected": "TLSv1_2",
        "cipher_selected": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "43119440dbff54ab944c5fb7f56d58aa83faf2aaaf761507f45e06dc711ddb8a",
          "leaf_data": {
            "names": [
              "104.244.74.28"
            ],
            "subject_dn": "C=CN, ST=Guangdong, L=Dongguan, O=BT-PANEL, OU=BT, CN=104.244.74.28, [email protected]",
            "issuer_dn": "C=CN, ST=Guangdong, L=Dongguan, O=BT-PANEL, OU=BT, CN=104.244.74.28, [email protected]",
            "pubkey_bit_size": 2048,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "bf86852cab76e526bde8da39ba1dea2178371e6767e313dd0be588ec76072c8a",
            "fingerprint": "43119440dbff54ab944c5fb7f56d58aa83faf2aaaf761507f45e06dc711ddb8a",
            "issuer": {
              "common_name": [
                "104.244.74.28"
              ],
              "locality": [
                "Dongguan"
              ],
              "organization": [
                "BT-PANEL"
              ],
              "organizational_unit": [
                "BT"
              ],
              "province": [
                "Guangdong"
              ],
              "country": [
                "CN"
              ],
              "email_address": [
                "[email protected]"
              ]
            },
            "subject": {
              "common_name": [
                "104.244.74.28"
              ],
              "locality": [
                "Dongguan"
              ],
              "organization": [
                "BT-PANEL"
              ],
              "organizational_unit": [
                "BT"
              ],
              "province": [
                "Guangdong"
              ],
              "country": [
                "CN"
              ],
              "email_address": [
                "[email protected]"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "8tXcXNxz+FSXZVjljSMFeCUbrzCLsgNAxpplXBxiX+7GEgO2fd0G0K/xcY3OEpN1mYGd28yKXIbJFh9bgObRJ/IHAzHs1fUtIQ58L4Hh28ywnVALr0hDhIwExAyvyYqXHzVinIU2LTghfFPJIaEOUp+tV6QIkcc26Ou3iR+Hagqq8e+wRic9kGu7pfPUcFC92owMzNa7lChFcamKKGqehN8jAMAlEcIt1i+0hajFYZy5sfGMIdZnE+X0cwV98Yv1G8uRKoJNFINWijtwDsPwo21eS/VcsvkdLbF2jDdzHbgaM2zXvpjpdhM0P06WWcZ6CfyGdnzPmkKvfSVvikyHsQ==",
                "exponent": "AAEAAQ==",
                "length": 256
              },
              "fingerprint": "8e387206b8547997a65e73faa34b4c441e2cbe4dfd937df738c3f619ad841313"
            },
            "signature": {
              "self_signed": true,
              "signature_algorithm": "SHA256-RSA"
            }
          }
        },
        "server_key_exchange": {
          "ec_params": {
            "named_curve": 23
          }
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "303951d4c50efb2e991652225a6f02b1"
      },
      "transport_fingerprint": {
        "raw": "28960,64,true,MSTNW,1400,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "ssh",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "SSH-2.0-OpenSSH_7.4",
      "banner_hashes": [
        "sha256:be0da7ee170f9a69bc13b9e61ecfc9110c27db40f3f2e4c0ffae6741f064af8a"
      ],
      "banner_hex": "5353482d322e302d4f70656e5353485f372e34",
      "discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
      "extended_service_name": "SSH",
      "labels": [
        "remote-access"
      ],
      "observed_at": "2024-02-27T06:17:49.063679541Z",
      "perspective_id": "PERSPECTIVE_HE",
      "port": 22,
      "service_name": "SSH",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.4:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "OpenBSD",
          "product": "OpenSSH",
          "version": "7.4",
          "other": {
            "family": "OpenSSH"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "162.142.125.217",
      "ssh": {
        "endpoint_id": {
          "_encoding": {
            "raw": "DISPLAY_UTF8"
          },
          "raw": "SSH-2.0-OpenSSH_7.4",
          "protocol_version": "2.0",
          "software_version": "OpenSSH_7.4"
        },
        "kex_init_message": {
          "kex_algorithms": [
            "curve25519-sha256",
            "[email protected]",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "diffie-hellman-group-exchange-sha256",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha1",
            "diffie-hellman-group14-sha256",
            "diffie-hellman-group14-sha1",
            "diffie-hellman-group1-sha1"
          ],
          "host_key_algorithms": [
            "ssh-rsa",
            "rsa-sha2-512",
            "rsa-sha2-256",
            "ecdsa-sha2-nistp256",
            "ssh-ed25519"
          ],
          "client_to_server_ciphers": [
            "[email protected]",
            "aes128-ctr",
            "aes192-ctr",
            "aes256-ctr",
            "[email protected]",
            "[email protected]",
            "aes128-cbc",
            "aes192-cbc",
            "aes256-cbc",
            "blowfish-cbc",
            "cast128-cbc",
            "3des-cbc"
          ],
          "server_to_client_ciphers": [
            "[email protected]",
            "aes128-ctr",
            "aes192-ctr",
            "aes256-ctr",
            "[email protected]",
            "[email protected]",
            "aes128-cbc",
            "aes192-cbc",
            "aes256-cbc",
            "blowfish-cbc",
            "cast128-cbc",
            "3des-cbc"
          ],
          "client_to_server_macs": [
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "hmac-sha2-256",
            "hmac-sha2-512",
            "hmac-sha1"
          ],
          "server_to_client_macs": [
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "hmac-sha2-256",
            "hmac-sha2-512",
            "hmac-sha1"
          ],
          "client_to_server_compression": [
            "none",
            "[email protected]"
          ],
          "server_to_client_compression": [
            "none",
            "[email protected]"
          ],
          "first_kex_follows": false
        },
        "algorithm_selection": {
          "kex_algorithm": "[email protected]",
          "host_key_algorithm": "ecdsa-sha2-nistp256",
          "client_to_server_alg_group": {
            "cipher": "aes128-ctr",
            "mac": "hmac-sha2-256",
            "compression": "none"
          },
          "server_to_client_alg_group": {
            "cipher": "aes128-ctr",
            "mac": "hmac-sha2-256",
            "compression": "none"
          }
        },
        "server_host_key": {
          "fingerprint_sha256": "6ca55f87a35039bb0d38b1bbab9f2a207450760308321bf6ea205e8ee669902b",
          "ecdsa_public_key": {
            "_encoding": {
              "b": "DISPLAY_BASE64",
              "gx": "DISPLAY_BASE64",
              "gy": "DISPLAY_BASE64",
              "n": "DISPLAY_BASE64",
              "p": "DISPLAY_BASE64",
              "x": "DISPLAY_BASE64",
              "y": "DISPLAY_BASE64"
            },
            "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=",
            "curve": "P-256",
            "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=",
            "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=",
            "length": 256,
            "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE=",
            "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=",
            "x": "36q3TzsyVwAisuQlAkjuyXn8s3WrUfxGD4x9u93Y/9A=",
            "y": "w1cKiNN7Mji243NxyAbJUwbVyuZ6Mmnp7mkTXTh9m3Q="
          }
        },
        "hassh_fingerprint": "6832f1ce43d4397c2c0a3e2f8c94334e"
      },
      "transport_fingerprint": {
        "raw": "28960,64,true,MSTNW,1400,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "http",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "HTTP/1.1 200 OK\r\nServer: nginx\r\nDate:  <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 138\r\nLast-Modified: Tue, 20 Feb 2024 13:16:50 GMT\r\nConnection: keep-alive\r\nETag: \"65d4a642-8a\"\r\nAccept-Ranges: bytes\r\n",
      "banner_hashes": [
        "sha256:0ac8549956c37ee0b066262a5eb210d498c03c1d0feb77a6873cc563455a23d0"
      ],
      "banner_hex": "485454502f312e3120323030204f4b0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203133380d0a4c6173742d4d6f6469666965643a205475652c2032302046656220323032342031333a31363a353020474d540d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a455461673a202236356434613634322d3861220d0a4163636570742d52616e6765733a2062797465730d0a",
      "discovery_method": "PREDICTIVE_METHOD_7",
      "extended_service_name": "HTTP",
      "http": {
        "request": {
          "method": "GET",
          "uri": "http://104.244.74.28/",
          "headers": {
            "Accept": [
              "*/*"
            ],
            "_encoding": {
              "Accept": "DISPLAY_UTF8",
              "User_Agent": "DISPLAY_UTF8"
            },
            "User_Agent": [
              "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
            ]
          }
        },
        "response": {
          "protocol": "HTTP/1.1",
          "status_code": 200,
          "status_reason": "OK",
          "headers": {
            "Date": [
              "<REDACTED>"
            ],
            "_encoding": {
              "Date": "DISPLAY_UTF8",
              "Server": "DISPLAY_UTF8",
              "Content_Type": "DISPLAY_UTF8",
              "Last_Modified": "DISPLAY_UTF8",
              "Connection": "DISPLAY_UTF8",
              "ETag": "DISPLAY_UTF8",
              "Accept_Ranges": "DISPLAY_UTF8",
              "Content_Length": "DISPLAY_UTF8"
            },
            "Server": [
              "nginx"
            ],
            "Content_Type": [
              "text/html"
            ],
            "Last_Modified": [
              "Tue, 20 Feb 2024 13:16:50 GMT"
            ],
            "Connection": [
              "keep-alive"
            ],
            "ETag": [
              "\"65d4a642-8a\""
            ],
            "Accept_Ranges": [
              "bytes"
            ],
            "Content_Length": [
              "138"
            ]
          },
          "_encoding": {
            "html_tags": "DISPLAY_UTF8",
            "body": "DISPLAY_UTF8",
            "body_hash": "DISPLAY_UTF8",
            "html_title": "DISPLAY_UTF8"
          },
          "html_tags": [
            "<title>404 Not Found</title>"
          ],
          "body_size": 138,
          "body": "<html>\n<head><title>404 Not Found</title></head>\n<body>\n<center><h1>404 Not Found</h1></center>\n<hr><center>nginx</center>\n</body>\n</html>",
          "body_hashes": [
            "sha256:301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f",
            "sha1:8d2a4760aa0b47984d11cd1a66448719177fb791"
          ],
          "body_hash": "sha1:8d2a4760aa0b47984d11cd1a66448719177fb791",
          "html_title": "404 Not Found"
        },
        "supports_http2": false
      },
      "observed_at": "2024-02-27T01:12:51.226673953Z",
      "perspective_id": "PERSPECTIVE_TATA",
      "port": 80,
      "service_name": "HTTP",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "nginx",
          "product": "nginx",
          "other": {
            "family": "nginx"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "167.94.138.36",
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "http",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate:  <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\n",
      "banner_hashes": [
        "sha256:2584d2702600e977a52d8a5828ac2451807e731013082395adce056fc53b2efa"
      ],
      "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203134360d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a",
      "discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
      "extended_service_name": "HTTP",
      "http": {
        "request": {
          "method": "GET",
          "uri": "http://104.244.74.28:888/",
          "headers": {
            "User_Agent": [
              "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
            ],
            "_encoding": {
              "User_Agent": "DISPLAY_UTF8",
              "Accept": "DISPLAY_UTF8"
            },
            "Accept": [
              "*/*"
            ]
          }
        },
        "response": {
          "protocol": "HTTP/1.1",
          "status_code": 403,
          "status_reason": "Forbidden",
          "headers": {
            "Server": [
              "nginx"
            ],
            "_encoding": {
              "Server": "DISPLAY_UTF8",
              "Content_Type": "DISPLAY_UTF8",
              "Date": "DISPLAY_UTF8",
              "Content_Length": "DISPLAY_UTF8",
              "Connection": "DISPLAY_UTF8"
            },
            "Content_Type": [
              "text/html"
            ],
            "Date": [
              "<REDACTED>"
            ],
            "Content_Length": [
              "146"
            ],
            "Connection": [
              "keep-alive"
            ]
          },
          "_encoding": {
            "html_tags": "DISPLAY_UTF8",
            "body": "DISPLAY_UTF8",
            "body_hash": "DISPLAY_UTF8",
            "html_title": "DISPLAY_UTF8"
          },
          "html_tags": [
            "<title>403 Forbidden</title>"
          ],
          "body_size": 146,
          "body": "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
          "body_hashes": [
            "sha256:32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864",
            "sha1:4d7b3cb41e90618358d0ee066c45c76227a13747"
          ],
          "body_hash": "sha1:4d7b3cb41e90618358d0ee066c45c76227a13747",
          "html_title": "403 Forbidden"
        },
        "supports_http2": false
      },
      "observed_at": "2024-02-27T11:55:17.648906150Z",
      "perspective_id": "PERSPECTIVE_TELIA",
      "port": 888,
      "service_name": "HTTP",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "nginx",
          "product": "nginx",
          "other": {
            "family": "nginx"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "167.94.146.51",
      "transport_protocol": "TCP",
      "truncated": false
    }
  ],
  "location": {
    "continent": "Europe",
    "country": "Luxembourg",
    "country_code": "LU",
    "city": "Dudelange",
    "postal_code": "L-3410",
    "timezone": "Europe/Luxembourg",
    "province": "Esch-sur-Alzette",
    "coordinates": {
      "latitude": 49.48056,
      "longitude": 6.0875
    }
  },
  "location_updated_at": "2024-02-21T06:41:12.149470694Z",
  "autonomous_system": {
    "asn": 53667,
    "description": "PONYNET",
    "bgp_prefix": "104.244.74.0/24",
    "name": "PONYNET",
    "country_code": "US"
  },
  "autonomous_system_updated_at": "2024-02-21T06:41:12.149656329Z",
  "whois": {
    "network": {
      "handle": "BUYVM-LUXEMBOURG-01",
      "name": "BuyVM"
    },
    "organization": {
      "handle": "BUYVM",
      "name": "BuyVM",
      "street": "3, op der Poukewiss",
      "city": "Roost",
      "postal_code": "7795",
      "country": "LU",
      "abuse_contacts": [
        {
          "handle": "FDI19-ARIN",
          "name": "Francisco Dias",
          "email": "[email protected]"
        }
      ],
      "admin_contacts": [
        {
          "handle": "FDI19-ARIN",
          "name": "Francisco Dias",
          "email": "[email protected]"
        }
      ],
      "tech_contacts": [
        {
          "handle": "FDI19-ARIN",
          "name": "Francisco Dias",
          "email": "[email protected]"
        }
      ]
    }
  },
  "dns": {
    "names": [
      "tor-exit.a9.wtf"
    ],
    "records": {
      "tor-exit.a9.wtf": {
        "record_type": "A",
        "resolved_at": "2024-02-24T00:40:24.927259166Z"
      }
    }
  },
  "last_updated_at": "2024-02-27T14:42:18.100Z",
  "labels": [
    "file-sharing",
    "remote-access"
  ]
}