108.163.202.98

As of: Oct 11, 2024 2:47pm UTC | Latest
{
  "ip": "108.163.202.98",
  "services": [
    {
      "_decoded": "http",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "HTTP/1.1 999 No Hacking\r\nserver: WWW Server/1.1\r\ndate: <REDACTED>\r\ncontent-type: text/html; charset=windows-1252\r\ncontent-length: 1160\r\npragma: no-cache\r\ncache-control: no-cache\r\nexpires: Fri, 11 Oct 2024 14:47:17 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains;\r\ncontent-security-policy-report-only: default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; connect-src 'self' *.google-analytics.com col.site24x7rum.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.site24x7rum.com *.google-analytics.com *.bootstrapcdn.com; img-src 'self'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com\r\n",
      "banner_hashes": [
        "sha256:37e3edef22251a722f7743ca314017af275405b47f4b51c09f48a043e7f76607"
      ],
      "banner_hex": "485454502f312e3120393939204e6f204861636b696e670d0a7365727665723a20575757205365727665722f312e310d0a646174653a203c52454441435445443e0d0a636f6e74656e742d747970653a20746578742f68746d6c3b20636861727365743d77696e646f77732d313235320d0a636f6e74656e742d6c656e6774683a20313136300d0a707261676d613a206e6f2d63616368650d0a63616368652d636f6e74726f6c3a206e6f2d63616368650d0a657870697265733a204672692c203131204f637420323032342031343a34373a313720474d540d0a7374726963742d7472616e73706f72742d73656375726974793a206d61782d6167653d33313533363030303b20696e636c756465537562446f6d61696e733b0d0a636f6e74656e742d73656375726974792d706f6c6963792d7265706f72742d6f6e6c793a2064656661756c742d73726320276e6f6e65273b20626173652d757269202773656c66273b206672616d652d616e636573746f7273202773656c66273b20666f726d2d616374696f6e202773656c66273b20636f6e6e6563742d737263202773656c6627202a2e676f6f676c652d616e616c79746963732e636f6d20636f6c2e736974653234783772756d2e636f6d3b207374796c652d7372632d656c656d202773656c66272027756e736166652d696e6c696e652720666f6e74732e676f6f676c65617069732e636f6d202a2e626f6f74737472617063646e2e636f6d3b207363726970742d7372632d656c656d202773656c66272027756e736166652d696e6c696e6527202a2e676f6f676c657461676d616e616765722e636f6d202a2e676f6f676c65617069732e636f6d202a2e736974653234783772756d2e636f6d202a2e676f6f676c652d616e616c79746963732e636f6d202a2e626f6f74737472617063646e2e636f6d3b20696d672d737263202773656c66273b20666f6e742d737263202773656c662720666f6e74732e677374617469632e636f6d206d617863646e2e626f6f74737472617063646e2e636f6d0d0a",
      "extended_service_name": "HTTP",
      "http": {
        "request": {
          "method": "GET",
          "uri": "http://108.163.202.98/",
          "headers": {
            "User_Agent": [
              "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
            ],
            "_encoding": {
              "User_Agent": "DISPLAY_UTF8",
              "Accept": "DISPLAY_UTF8"
            },
            "Accept": [
              "*/*"
            ]
          }
        },
        "response": {
          "protocol": "HTTP/1.1",
          "status_code": 999,
          "status_reason": "No Hacking",
          "headers": {
            "cache_control": [
              "no-cache"
            ],
            "_encoding": {
              "cache_control": "DISPLAY_UTF8",
              "date": "DISPLAY_UTF8",
              "expires": "DISPLAY_UTF8",
              "content_type": "DISPLAY_UTF8",
              "server": "DISPLAY_UTF8",
              "content_security_policy_report_only": "DISPLAY_UTF8",
              "pragma": "DISPLAY_UTF8",
              "content_length": "DISPLAY_UTF8",
              "strict_transport_security": "DISPLAY_UTF8"
            },
            "date": [
              "<REDACTED>"
            ],
            "expires": [
              "Fri, 11 Oct 2024 14:47:17 GMT"
            ],
            "content_type": [
              "text/html; charset=windows-1252"
            ],
            "server": [
              "WWW Server/1.1"
            ],
            "content_security_policy_report_only": [
              "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; connect-src 'self' *.google-analytics.com col.site24x7rum.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.site24x7rum.com *.google-analytics.com *.bootstrapcdn.com; img-src 'self'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com"
            ],
            "pragma": [
              "no-cache"
            ],
            "content_length": [
              "1160"
            ],
            "strict_transport_security": [
              "max-age=31536000; includeSubDomains;"
            ]
          },
          "_encoding": {
            "html_tags": "DISPLAY_UTF8",
            "body": "DISPLAY_UTF8",
            "body_hash": "DISPLAY_UTF8",
            "html_title": "DISPLAY_UTF8"
          },
          "html_tags": [
            "<TITLE>WebKnight Application Firewall Alert</TITLE>",
            "<META NAME=\"ROBOTS\" CONTENT=\"NOINDEX\">"
          ],
          "body_size": 1160,
          "body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n<HTML>\r\n<HEAD>\r\n<TITLE>WebKnight Application Firewall Alert</TITLE>\r\n<META NAME=\"ROBOTS\" CONTENT=\"NOINDEX\">\r\n</HEAD>\r\n<BODY text=\"#000000\" vlink=\"#FF3300\" link=\"#FF3300\" bgcolor=\"#ffffff\">\r\n<TABLE cellspacing=\"5\" cellpadding=\"3\" width=\"410\">\r\n<TR>\r\n<TD align=\"left\">\r\n<FONT face=\"Verdana,Arial,Helvetica\" size=\"2\">\r\n<FONT size=\"3\"><B>WebKnight Application Firewall Alert</B></FONT><BR><BR><BR>\r\nYour request triggered an alert! If you feel that you have received this page in error, please contact the administrator of this web site.\r\n<BR>\r\n<HR>\r\n<BR><B>What is WebKnight?</B><BR>\r\nAQTRONIX WebKnight is an application firewall for web servers and is released under the GNU General Public License. It is an ISAPI filter for securing web servers by blocking certain requests. If an alert is triggered WebKnight will take over and protect the web server.<BR><BR>\r\n<HR>\r\n<BR>For more information on WebKnight: <A HREF=\"http://www.aqtronix.com/webknight/\">http://www.aqtronix.com/WebKnight/</A><BR><BR>\r\n<B><FONT color=\"#FF3300\">AQTRONIX</FONT> WebKnight</B></FONT>\r\n</TD>\r\n</TR>\r\n</TABLE>\r\n</BODY>\r\n</HTML>",
          "body_hashes": [
            "sha256:b26e7904e549025dc41c8205638e86ab1de19060b526d1a4035bad7333b7bbaf",
            "sha1:6c6c91eb5535b48857da0129027ccfccde8a1c7a"
          ],
          "body_hash": "sha1:6c6c91eb5535b48857da0129027ccfccde8a1c7a",
          "html_title": "WebKnight Application Firewall Alert"
        },
        "supports_http2": true
      },
      "observed_at": "2024-10-11T14:47:17.402331484Z",
      "perspective_id": "PERSPECTIVE_HE",
      "port": 80,
      "service_name": "HTTP",
      "source_ip": "162.142.125.215",
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "http",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "HTTP/1.1 999 No Hacking\r\nserver: WWW Server/1.1\r\ndate: <REDACTED>\r\ncontent-type: text/html; charset=windows-1252\r\ncontent-length: 1160\r\npragma: no-cache\r\ncache-control: no-cache\r\nexpires: Thu, 10 Oct 2024 23:27:49 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains;\r\ncontent-security-policy-report-only: default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; connect-src 'self' *.google-analytics.com col.site24x7rum.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.site24x7rum.com *.google-analytics.com *.bootstrapcdn.com; img-src 'self'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com\r\n",
      "banner_hashes": [
        "sha256:4b94fecb4aef79f2ac49464411f6c8c819bb930ac115b4855ba497141916fe9c"
      ],
      "banner_hex": "485454502f312e3120393939204e6f204861636b696e670d0a7365727665723a20575757205365727665722f312e310d0a646174653a203c52454441435445443e0d0a636f6e74656e742d747970653a20746578742f68746d6c3b20636861727365743d77696e646f77732d313235320d0a636f6e74656e742d6c656e6774683a20313136300d0a707261676d613a206e6f2d63616368650d0a63616368652d636f6e74726f6c3a206e6f2d63616368650d0a657870697265733a205468752c203130204f637420323032342032333a32373a343920474d540d0a7374726963742d7472616e73706f72742d73656375726974793a206d61782d6167653d33313533363030303b20696e636c756465537562446f6d61696e733b0d0a636f6e74656e742d73656375726974792d706f6c6963792d7265706f72742d6f6e6c793a2064656661756c742d73726320276e6f6e65273b20626173652d757269202773656c66273b206672616d652d616e636573746f7273202773656c66273b20666f726d2d616374696f6e202773656c66273b20636f6e6e6563742d737263202773656c6627202a2e676f6f676c652d616e616c79746963732e636f6d20636f6c2e736974653234783772756d2e636f6d3b207374796c652d7372632d656c656d202773656c66272027756e736166652d696e6c696e652720666f6e74732e676f6f676c65617069732e636f6d202a2e626f6f74737472617063646e2e636f6d3b207363726970742d7372632d656c656d202773656c66272027756e736166652d696e6c696e6527202a2e676f6f676c657461676d616e616765722e636f6d202a2e676f6f676c65617069732e636f6d202a2e736974653234783772756d2e636f6d202a2e676f6f676c652d616e616c79746963732e636f6d202a2e626f6f74737472617063646e2e636f6d3b20696d672d737263202773656c66273b20666f6e742d737263202773656c662720666f6e74732e677374617469632e636f6d206d617863646e2e626f6f74737472617063646e2e636f6d0d0a",
      "certificate": "0b36eb6cb526a11bd110a98f8c871ecad79bca44cd14c6b9f5f8abc4ff732494",
      "extended_service_name": "HTTPS",
      "http": {
        "request": {
          "method": "GET",
          "uri": "https://108.163.202.98/",
          "headers": {
            "User_Agent": [
              "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
            ],
            "_encoding": {
              "User_Agent": "DISPLAY_UTF8",
              "Accept": "DISPLAY_UTF8"
            },
            "Accept": [
              "*/*"
            ]
          }
        },
        "response": {
          "protocol": "HTTP/1.1",
          "status_code": 999,
          "status_reason": "No Hacking",
          "headers": {
            "cache_control": [
              "no-cache"
            ],
            "_encoding": {
              "cache_control": "DISPLAY_UTF8",
              "date": "DISPLAY_UTF8",
              "expires": "DISPLAY_UTF8",
              "content_type": "DISPLAY_UTF8",
              "server": "DISPLAY_UTF8",
              "content_security_policy_report_only": "DISPLAY_UTF8",
              "pragma": "DISPLAY_UTF8",
              "content_length": "DISPLAY_UTF8",
              "strict_transport_security": "DISPLAY_UTF8"
            },
            "date": [
              "<REDACTED>"
            ],
            "expires": [
              "Thu, 10 Oct 2024 23:27:49 GMT"
            ],
            "content_type": [
              "text/html; charset=windows-1252"
            ],
            "server": [
              "WWW Server/1.1"
            ],
            "content_security_policy_report_only": [
              "default-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; connect-src 'self' *.google-analytics.com col.site24x7rum.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.site24x7rum.com *.google-analytics.com *.bootstrapcdn.com; img-src 'self'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com"
            ],
            "pragma": [
              "no-cache"
            ],
            "content_length": [
              "1160"
            ],
            "strict_transport_security": [
              "max-age=31536000; includeSubDomains;"
            ]
          },
          "_encoding": {
            "html_tags": "DISPLAY_UTF8",
            "body": "DISPLAY_UTF8",
            "body_hash": "DISPLAY_UTF8",
            "html_title": "DISPLAY_UTF8"
          },
          "html_tags": [
            "<TITLE>WebKnight Application Firewall Alert</TITLE>",
            "<META NAME=\"ROBOTS\" CONTENT=\"NOINDEX\">"
          ],
          "body_size": 1160,
          "body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n<HTML>\r\n<HEAD>\r\n<TITLE>WebKnight Application Firewall Alert</TITLE>\r\n<META NAME=\"ROBOTS\" CONTENT=\"NOINDEX\">\r\n</HEAD>\r\n<BODY text=\"#000000\" vlink=\"#FF3300\" link=\"#FF3300\" bgcolor=\"#ffffff\">\r\n<TABLE cellspacing=\"5\" cellpadding=\"3\" width=\"410\">\r\n<TR>\r\n<TD align=\"left\">\r\n<FONT face=\"Verdana,Arial,Helvetica\" size=\"2\">\r\n<FONT size=\"3\"><B>WebKnight Application Firewall Alert</B></FONT><BR><BR><BR>\r\nYour request triggered an alert! If you feel that you have received this page in error, please contact the administrator of this web site.\r\n<BR>\r\n<HR>\r\n<BR><B>What is WebKnight?</B><BR>\r\nAQTRONIX WebKnight is an application firewall for web servers and is released under the GNU General Public License. It is an ISAPI filter for securing web servers by blocking certain requests. If an alert is triggered WebKnight will take over and protect the web server.<BR><BR>\r\n<HR>\r\n<BR>For more information on WebKnight: <A HREF=\"http://www.aqtronix.com/webknight/\">http://www.aqtronix.com/WebKnight/</A><BR><BR>\r\n<B><FONT color=\"#FF3300\">AQTRONIX</FONT> WebKnight</B></FONT>\r\n</TD>\r\n</TR>\r\n</TABLE>\r\n</BODY>\r\n</HTML>",
          "body_hashes": [
            "sha256:b26e7904e549025dc41c8205638e86ab1de19060b526d1a4035bad7333b7bbaf",
            "sha1:6c6c91eb5535b48857da0129027ccfccde8a1c7a"
          ],
          "body_hash": "sha1:6c6c91eb5535b48857da0129027ccfccde8a1c7a",
          "html_title": "WebKnight Application Firewall Alert"
        },
        "supports_http2": true
      },
      "jarm": {
        "_encoding": {
          "fingerprint": "DISPLAY_HEX",
          "cipher_and_version_fingerprint": "DISPLAY_HEX",
          "tls_extensions_sha256": "DISPLAY_HEX"
        },
        "fingerprint": "23d40d40d00040d00042d43d00000051af7d8070a18e002eaaedf620fa118c",
        "cipher_and_version_fingerprint": "23d40d40d00040d00042d43d000000",
        "tls_extensions_sha256": "51af7d8070a18e002eaaedf620fa118c",
        "observed_at": "2024-09-24T15:54:44.403865702Z"
      },
      "observed_at": "2024-10-10T23:27:49.466744168Z",
      "perspective_id": "PERSPECTIVE_NTT",
      "port": 443,
      "service_name": "HTTP",
      "source_ip": "206.168.34.47",
      "tls": {
        "version_selected": "TLSv1_3",
        "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX",
            "chain_fps_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "0b36eb6cb526a11bd110a98f8c871ecad79bca44cd14c6b9f5f8abc4ff732494",
          "chain_fps_sha_256": [
            "5dfdb3cf31b26f23d87c09f3a0cef642f64069a9fb7cfe29270bb5dc0f1e16bb"
          ],
          "leaf_data": {
            "names": [
              "freefirstaidkit.afbdirect.com"
            ],
            "subject_dn": "CN=freefirstaidkit.afbdirect.com",
            "issuer_dn": "C=US, O=Let's Encrypt, CN=E5",
            "pubkey_bit_size": 256,
            "pubkey_algorithm": "ECDSA",
            "tbs_fingerprint": "24ba195186907807994fdfb68df0e02051af291218b88ae86c59e2df2db7c4da",
            "fingerprint": "0b36eb6cb526a11bd110a98f8c871ecad79bca44cd14c6b9f5f8abc4ff732494",
            "issuer": {
              "common_name": [
                "E5"
              ],
              "organization": [
                "Let's Encrypt"
              ],
              "country": [
                "US"
              ]
            },
            "subject": {
              "common_name": [
                "freefirstaidkit.afbdirect.com"
              ]
            },
            "public_key": {
              "key_algorithm": "ECDSA",
              "ecdsa": {
                "_encoding": {
                  "b": "DISPLAY_BASE64",
                  "gx": "DISPLAY_BASE64",
                  "gy": "DISPLAY_BASE64",
                  "n": "DISPLAY_BASE64",
                  "p": "DISPLAY_BASE64",
                  "x": "DISPLAY_BASE64",
                  "y": "DISPLAY_BASE64"
                },
                "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=",
                "curve": "P-256",
                "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=",
                "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=",
                "length": 256,
                "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE=",
                "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=",
                "x": "ch/+WLxnirMttBTDzbOThVNM6YTEYELmVREtvEFkv3I=",
                "y": "bhZnMPa/hYG/zB/eV4Rzi7XbM3OQt8Md+1T3YSN9gpw="
              },
              "fingerprint": "cf0609a62b806aa0346adc8b647f17f0430721e214d5dc35a8c2ab720e273397"
            },
            "signature": {
              "signature_algorithm": "ECDSA-SHA384",
              "self_signed": false
            }
          },
          "chain": [
            {
              "fingerprint": "5dfdb3cf31b26f23d87c09f3a0cef642f64069a9fb7cfe29270bb5dc0f1e16bb",
              "subject_dn": "C=US, O=Let's Encrypt, CN=E5",
              "issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
            }
          ]
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "475c9302dc42b2751db9edcac3b74891",
        "ja4s": "t130200_1303_a56c5b993250",
        "versions": [
          {
            "tls_version": "TLSv1_3",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "475c9302dc42b2751db9edcac3b74891",
            "ja4s": "t130200_1303_a56c5b993250"
          },
          {
            "tls_version": "TLSv1_2",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "954f7e9207d4c9012fd0692885732b12",
            "ja4s": "t120200_cca9_344b4dce5a52"
          }
        ]
      },
      "transport_protocol": "TCP",
      "truncated": false
    }
  ],
  "location": {
    "continent": "North America",
    "country": "United States",
    "country_code": "US",
    "city": "Franklin Park",
    "postal_code": "60131",
    "timezone": "America/Chicago",
    "province": "Illinois",
    "coordinates": {
      "latitude": 41.93531,
      "longitude": -87.86562
    }
  },
  "location_updated_at": "2024-10-02T05:43:42.250284234Z",
  "autonomous_system": {
    "asn": 32475,
    "description": "SINGLEHOP-LLC",
    "bgp_prefix": "108.163.192.0/18",
    "name": "SINGLEHOP-LLC",
    "country_code": "US"
  },
  "autonomous_system_updated_at": "2024-10-10T23:27:56.848593386Z",
  "whois": {
    "network": {
      "handle": "SINGLEHOP",
      "name": "SingleHop LLC",
      "cidrs": [
        "108.163.192.0/18"
      ],
      "created": "2011-11-15T00:00:00Z",
      "updated": "2018-02-27T00:00:00Z",
      "allocation_type": "ALLOCATION"
    },
    "organization": {
      "handle": "SL-1370",
      "name": "SingleHop LLC",
      "street": "250 Williams Street\\nSuite E-100",
      "city": "Atlanta",
      "state": "GA",
      "postal_code": "30303",
      "country": "US",
      "abuse_contacts": [
        {
          "handle": "NETWO1546-ARIN",
          "name": "Network Operations",
          "email": "[email protected]"
        }
      ],
      "admin_contacts": [
        {
          "handle": "MIKEA15-ARIN",
          "name": "Mike Davis",
          "email": "[email protected]"
        }
      ],
      "tech_contacts": [
        {
          "handle": "NETWO9886-ARIN",
          "name": "Network Engineering",
          "email": "[email protected]"
        }
      ]
    }
  },
  "dns": {
    "reverse_dns": {
      "names": [
        "asa5505.aleyant.com"
      ],
      "resolved_at": "2024-10-11T00:30:55.928873825Z"
    }
  },
  "last_updated_at": "2024-10-11T14:47:17.985Z"
}