112.4.139.162
As of: Mar 25, 2025 2:07am UTC |
Latest
{
"ip": "112.4.139.162",
"services": [
{
"_decoded": "banner_grab",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "\u0010Z\u000b\u0000LIOR<\u0002\u0000\u0000\ufffd\ufffd\ufffd\ufffd\u0000\u0000\u0012\u0000\ufffdXsUP\ufffd\ufffd\ufffdI\ufffd\ufffd\ufffd\u0011\ufffd&\u0182\ufffd\ufffd1\ufffdUgN\ufffd\u000e;\ufffd\u001c\ufffd\ufffd%N\ufffd\ufffd\u001d\u0010\u0003\u0000\u0000ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
"banner_hashes": [
"sha256:4a9ac3416c262168885633e711868380a6898de1068c63b641bc2a6aa858f2ae"
],
"banner_hex": "105a0b004c494f523c020000ffffffff00001200d1587355509195954997b6e611ea26c68292c9319e55674e900e3bfc1cffc5254ecade1d100300005a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "MSMQ",
"observed_at": "2025-03-24T00:35:50.114392590Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 1801,
"service_name": "MSMQ",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "microsoft",
"product": "windows",
"source": "OSI_TRANSPORT_LAYER"
}
],
"source_ip": "167.94.138.171",
"transport_fingerprint": {
"id": 310,
"os": "Windows 2008 R2 / 2012",
"raw": "8192,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "rdp",
"_encoding": {
"certificate": "DISPLAY_HEX"
},
"certificate": "6ba0484fdb9d7295eedbdfb1392104186e7f397ad6f05bb75df10661f5c3e364",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "RDP",
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "26d26d16d26d26d22c26d26d26d26dd7fc4c7c6ef19b77a4ca0787979cdc13",
"cipher_and_version_fingerprint": "26d26d16d26d26d22c26d26d26d26d",
"tls_extensions_sha256": "d7fc4c7c6ef19b77a4ca0787979cdc13",
"observed_at": "2025-03-08T12:45:48.485885053Z"
},
"labels": [
"network-administration",
"remote-access"
],
"observed_at": "2025-03-23T22:33:37.331348192Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 3389,
"rdp": {
"version": {
"major": 5,
"raw": 0,
"minor": 0
},
"protocol_flags": {
"extended_client_data_supported": true,
"dynvc_graphics_pipeline": true,
"neg_resp_reserved": true,
"restricted_admin_mode": true,
"restricted_auth_mode": false
},
"selected_security_protocol": {
"standard_rdp": true,
"tls": true,
"raw_value": 1,
"credssp": false,
"rdstls": false,
"credssp_early_auth": false,
"error": false,
"error_ssl_required": false,
"error_ssl_forbidden": false,
"error_ssl_cert_missing": false,
"error_bad_flags": false,
"error_hybrid_required": false,
"error_ssl_user_auth_required": false,
"error_unknown": false
},
"x224_cc_pdu_srcref": 13330,
"connect_response": {
"domain_parameters": {
"max_channel_ids": 34,
"max_user_id_channels": 3,
"num_priorities": 1,
"max_provider_height": 1,
"max_mcspdu_size": 65528,
"domain_protocol_version": 2,
"max_token_ids": 0,
"min_throughput": 0
},
"connect_id": 0
},
"certificate_info": {}
},
"service_name": "RDP",
"source_ip": "167.94.138.114",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "6ba0484fdb9d7295eedbdfb1392104186e7f397ad6f05bb75df10661f5c3e364",
"leaf_data": {
"subject_dn": "CN=WIN-JV8KANDEECF",
"issuer_dn": "CN=WIN-JV8KANDEECF",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "debe47736b5dacb84a5ab6d26704d9a0a29243aab609fdfef0572e5880f7444e",
"fingerprint": "6ba0484fdb9d7295eedbdfb1392104186e7f397ad6f05bb75df10661f5c3e364",
"issuer": {
"common_name": [
"WIN-JV8KANDEECF"
]
},
"subject": {
"common_name": [
"WIN-JV8KANDEECF"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "0rlUfz/avWbsqVCR6Ab0hFY23ep2v7TXHVbJoZ33l9Ey1ADlUueylSLhsURkdPHMVGkfPWnhZn2OX/Adf8V51q8cm5wiLptnbAuydvyEx/LgNuYwYkR2m7CZQbj91Uwo50P9ODggCMhEgM8aFyGpnKHrm10Y0GE6stzJ0dezRYFQhDhv3fvVuXcdK9XJmQxKslTHCbc7rDpHiyTGgcaITu7H9xe0kKLpq07CdICNuZYQ4UEjtUCh1TuocmYnkUcQKWped33JWdfFuVauWHjOaZ7nCkfjNyJl2FVUha9hLpjVpRL2z1eeRpzbTKqsuj4vcslGakQFuVrHoyYrE8qigQ==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "743770b9d7c2870a27e77a36edcdc8a1da77ad8a5dcef4f3f27b21b7efd84137"
},
"signature": {
"self_signed": true,
"signature_algorithm": "SHA1-RSA"
}
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "f75082535b4a79c07b31bdd0e2b7eb87",
"ja4s": "t120100_009d_bc98f8e001b5",
"versions": [
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "f75082535b4a79c07b31bdd0e2b7eb87",
"ja4s": "t120100_009d_bc98f8e001b5"
},
{
"tls_version": "TLSv1_1",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "1308be477c8afb355e2860ab89378ae5",
"ja4s": "t110100_c014_bc98f8e001b5"
},
{
"tls_version": "TLSv1_0",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "bcf3a836c82d12ee988005fb0c011445",
"ja4s": "t100100_c014_bc98f8e001b5"
}
]
},
"transport_fingerprint": {
"raw": "64000,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "postgres",
"discovery_method": "PREDICTIVE_METHOD_7",
"extended_service_name": "POSTGRES",
"labels": [
"database"
],
"observed_at": "2025-03-24T08:18:35.754142151Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 5432,
"postgres": {
"supported_versions": "\ufffd: \ufffd\u05a7\ufffd\u05b5\ufffd\u01f0\ufffd\u042d\ufffd 0.0: \ufffd\u05a7\ufffd 1.0 \ufffd 3.0",
"protocol_error": {
"code": "0A000",
"line": "1746",
"message": "\ufffd\u05a7\ufffd\u05b5\ufffd\u01f0\ufffd\u042d\ufffd 255.255: \ufffd\u05a7\ufffd 1.0 \ufffd 3.0",
"file": "src\\backend\\postmaster\\postmaster.c",
"severity": "\ufffd",
"routine": "ProcessStartupPacket"
},
"startup_error": {
"code": "28000",
"line": "1841",
"message": "\ufffd\u00fb\ufffd\u05b8\ufffd PostgreSQL \ufffd\u00fb\ufffd",
"file": "src\\backend\\postmaster\\postmaster.c",
"severity": "\ufffd",
"routine": "ProcessStartupPacket"
}
},
"service_name": "POSTGRES",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "microsoft",
"product": "windows",
"source": "OSI_TRANSPORT_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Postgresql",
"product": "Postgresql",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "206.168.34.70",
"transport_fingerprint": {
"id": 310,
"os": "Windows 2008 R2 / 2012",
"raw": "8192,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "vnc",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "RFB 005.000",
"banner_hashes": [
"sha256:a85d97da833dd9de15e2cb503cf9fdef11a5a6ddc013fea7f07adf10dbd6c6b3"
],
"banner_hex": "524642203030352e303030",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "VNC",
"labels": [
"remote-access"
],
"observed_at": "2025-03-25T02:06:50.884204153Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 5900,
"service_name": "VNC",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "microsoft",
"product": "windows",
"source": "OSI_TRANSPORT_LAYER"
}
],
"source_ip": "199.45.154.139",
"transport_fingerprint": {
"id": 310,
"os": "Windows 2008 R2 / 2012",
"raw": "8192,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false,
"vnc": {
"_encoding": {
"version": "DISPLAY_HEX",
"connection_failed_reason": "DISPLAY_UTF8",
"desktop_name": "DISPLAY_UTF8"
},
"version": "524642203030352e303030",
"connection_failed_reason": "",
"screen_info": {
"pixel_format": {
"bits_per_pixel": 0,
"depth": 0,
"big_endian": false,
"true_color": false,
"red_max": 0,
"green_max": 0,
"blue_max": 0,
"red_shift": 0,
"green_shift": 0,
"blue_shift": 0,
"padding1": 0,
"padding2": 0,
"padding3": 0
},
"width": 0,
"height": 0,
"name_len": 0
},
"desktop_name": ""
}
},
{
"_decoded": "banner_grab",
"_encoding": {
"banner": "DISPLAY_UTF8"
},
"banner": "",
"banner_hashes": [
"sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "WINRM",
"observed_at": "2025-03-24T03:22:11.844784484Z",
"parsed": {
"winrm": {
"auth_types": [
"Negotiate"
],
"ntlm_info": {
"encryption_56bit_supported": true,
"encryption_128bit_supported": true,
"ntlm1_supported": true,
"ntlm2_supported": true,
"always_sign_supported": true,
"challenge_type": 3,
"target_name": "WIN-JV8KANDEECF",
"netbios_computer_name": "WIN-JV8KANDEECF",
"netbios_domain_name": "WIN-JV8KANDEECF",
"dns_server_name": "WIN-JV8KANDEECF",
"dns_domain_name": "WIN-JV8KANDEECF",
"os_version": "6.3.9600",
"ntlm_version": 15
}
}
},
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 5985,
"service_name": "WINRM",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "microsoft",
"product": "windows",
"source": "OSI_TRANSPORT_LAYER"
}
],
"source_ip": "199.45.155.88",
"transport_fingerprint": {
"id": 310,
"os": "Windows 2008 R2 / 2012",
"raw": "8192,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 404 Not Found\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: <REDACTED>\r\nConnection: close\r\nContent-Length: 315\r\n",
"banner_hashes": [
"sha256:d7de42c1e8c09cf951e3ad6248fda3ab48a60ca3eac8b25effd4b3067df8f362"
],
"banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d75732d61736369690d0a5365727665723a204d6963726f736f66742d485454504150492f322e300d0a446174653a20203c52454441435445443e0d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d4c656e6774683a203331350d0a",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://112.4.139.162:47001/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 404,
"status_reason": "Not Found",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"Microsoft-HTTPAPI/2.0"
],
"Content_Length": [
"315"
],
"Content_Type": [
"text/html; charset=us-ascii"
],
"Connection": [
"close"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<TITLE>Not Found</TITLE>",
"<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\">"
],
"body_size": 315,
"body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Not Found</h2>\r\n<hr><p>HTTP Error 404. The requested resource is not found.</p>\r\n</BODY></HTML>\r\n",
"body_hashes": [
"sha256:ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0",
"sha1:a66898b36c94c53766e66c1a7aaeb149447ec083",
"tlsh:8be07d6d9856aac542a0f4bc75d193b48115038fd4e547d90051b21714891bcc1f0dcf"
],
"body_hash": "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083",
"html_title": "Not Found"
},
"supports_http2": false
},
"observed_at": "2025-03-24T17:22:14.386183979Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 47001,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "Microsoft",
"product": "Windows",
"other": {
"family": "Windows"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:microsoft:http_api:2.0:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Microsoft",
"product": "HTTP API",
"version": "2.0",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.138.45",
"transport_protocol": "TCP",
"truncated": false
}
],
"location": {
"continent": "Asia",
"country": "China",
"country_code": "CN",
"city": "Nanjing",
"postal_code": "210000",
"timezone": "Asia/Shanghai",
"province": "Jiangsu",
"coordinates": {
"latitude": 32.06167,
"longitude": 118.77778
}
},
"location_updated_at": "2025-03-15T08:23:26.090899259Z",
"autonomous_system": {
"asn": 56046,
"description": "CMNET-JIANGSU-AP China Mobile communications corporation",
"bgp_prefix": "112.4.128.0/19",
"name": "CMNET-JIANGSU-AP China Mobile communications corporation",
"country_code": "CN"
},
"autonomous_system_updated_at": "2025-03-15T08:23:26.091281164Z",
"whois": {
"network": {
"handle": "CMNET",
"name": "China Mobile Communications Corporation",
"cidrs": [
"112.0.0.0/10"
],
"updated": "2020-12-15T00:00:00Z"
},
"organization": {
"handle": "ORG-CMCC1-AP",
"name": "China Mobile Communications Corporation",
"address": "29,Jinrong Ave.,\\nXicheng District,",
"country": "CN"
}
},
"operating_system": {
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "Microsoft",
"product": "Windows",
"other": {
"family": "Windows"
}
},
"dns": {},
"last_updated_at": "2025-03-25T02:07:38.783Z",
"labels": [
"database",
"network-administration",
"remote-access"
]
}