185.104.28.45

As of: Nov 28, 2022 9:20pm UTC | Latest

Basic Information

Reverse DNS
dedi0011.zxcs.nl
OS
Red Hat Enterprise Linux 6
Network
AS-ZXCS (NL)
Routing
185.104.28.0/24  via  AS206281
Protocols
21/FTP , 25/SMTP , 53/DNS , 80/HTTP , 110/POP3 , 143/IMAP , 443/HTTP , 465/SMTP , 587/SMTP , 993/IMAP , 995/POP3 , 1167/UNKNOWN , 2222/HTTP , 3306/MYSQL , 19999/HTTP

21/FTP TCP
Observed Nov 28, 2022 at 8:21am UTC

View All Data

Software

ProFTPD Project ProFTPD

Details

Banner
220 ProFTPD Server ready.
Auth TLS Response
234 AUTH TLS successful
Status Code
220
Status Meaning
Service ready for new user.

TLS

Fingerprint
JA3S
0debd3853f330c574b05e0b6d882dc27
Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Leaf Certificate
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
CN=*.zxcs.nl
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

25/SMTP TCP
Observed Nov 27, 2022 at 6:40pm UTC

View All Data

Software

exim 4.92.2

Details

Banner
220 dedi0011.zxcs.nl ESMTP Exim 4.92.2 Sun, 27 Nov 2022 19:40:43 +0100
EHLO
250-dedi0011.zxcs.nl Hello scanner-09.ch1.censys-scanner.com [167.248.133.61]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
Start TLS
220 TLS go ahead

TLS

Fingerprint
JA3S
303951d4c50efb2e991652225a6f02b1
Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Leaf Certificate
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
CN=*.zxcs.nl
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

53/DNS UDP
Observed Nov 28, 2022 at 7:42pm UTC

View All Data

Software

ISC BIND 9.8.2rc1
Red Hat Enterprise Linux 6

Details

Server Type
AUTHORITATIVE
R Code
REFUSED

80/HTTP TCP
Observed Nov 26, 2022 at 4:10pm UTC

View All Data Go

Software

Apache HTTPD

Details

http://185.104.28.45
Request
GET /
Protocol
HTTP/1.1
Status Code
200
Status Reason
OK
Body Hash
sha1:315d1347f4b707e4ed8a73f22de8235f189ef18b
Response Body
Apache is functioning normally

110/POP3 TCP
Observed Nov 27, 2022 at 12:40pm UTC

View All Data

Details

Banner
+OK ZXCS ready.
Start TLS
+OK Begin TLS negotiation now.

TLS

Fingerprint
JA3S
303951d4c50efb2e991652225a6f02b1
Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Leaf Certificate
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
CN=*.zxcs.nl
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

143/IMAP TCP
Observed Nov 28, 2022 at 7:10am UTC

View All Data

Details

Banner
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] ZXCS ready.
Start TLS
a001 OK Begin TLS negotiation now.

TLS

Fingerprint
JA3S
303951d4c50efb2e991652225a6f02b1
Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Leaf Certificate
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
CN=*.zxcs.nl
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

443/HTTP TCP
Observed Nov 27, 2022 at 2:22am UTC

View All Data Go

Software

Apache HTTPD

Details

https://185.104.28.45
Request
GET /
Protocol
HTTP/1.1
Status Code
500
Status Reason
Proxy Error
Body Hash
sha1:cbd7e1e779091ad6fbc4a98af49d3fe8ef79c977
HTML Title
500 Proxy Error
Response Body
# Proxy Error

The proxy server could not handle the request

Reason: **Error during SSL Handshake with remote server**

Additionally, a 500 Internal Server Error error was encountered while trying
to use an ErrorDocument to handle the request.

TLS

Fingerprint
JARM
2ad2ad0002ad2ad0002ad2ad2ad2adff55efa0f9599f60e6c551dfff2d0de5
JA3S
0debd3853f330c574b05e0b6d882dc27
Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Leaf Certificate
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
CN=*.zxcs.nl
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

465/SMTP TCP
Observed Nov 27, 2022 at 11:39am UTC

View All Data

Software

exim 4.92.2

Details

Banner
220 dedi0011.zxcs.nl ESMTP Exim 4.92.2 Sun, 27 Nov 2022 12:39:22 +0100
EHLO
250-dedi0011.zxcs.nl Hello scanner-09.ch1.censys-scanner.com [167.248.133.61]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP

TLS

Fingerprint
JARM
29d29d15d29d29d06c29d29d29d29d71dbc091d32d86fce1e9de57eec374d8
JA3S
303951d4c50efb2e991652225a6f02b1
Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Leaf Certificate
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
CN=*.zxcs.nl
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

587/SMTP TCP
Observed Nov 28, 2022 at 9:13pm UTC

View All Data

Software

exim 4.92.2

Details

Banner
220 dedi0011.zxcs.nl ESMTP Exim 4.92.2 Mon, 28 Nov 2022 22:13:24 +0100
EHLO
250-dedi0011.zxcs.nl Hello scanner-04.ch1.censys-scanner.com [162.142.125.7]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
Start TLS
220 TLS go ahead

TLS

Fingerprint
JA3S
303951d4c50efb2e991652225a6f02b1
Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Leaf Certificate
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
CN=*.zxcs.nl
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

993/IMAP TCP
Observed Nov 28, 2022 at 3:45am UTC

View All Data

Details

Banner
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] ZXCS ready.

TLS

Fingerprint
JARM
15d2ad16d29d29d00015d2ad15d29de87e6567d901388794cb6a875a1928aa
JA3S
303951d4c50efb2e991652225a6f02b1
Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Leaf Certificate
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
CN=*.zxcs.nl
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

995/POP3 TCP
Observed Nov 26, 2022 at 11:10pm UTC

View All Data

Details

Banner
+OK ZXCS ready.

TLS

Fingerprint
JARM
15d2ad16d29d29d00015d2ad15d29de87e6567d901388794cb6a875a1928aa
JA3S
303951d4c50efb2e991652225a6f02b1
Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Leaf Certificate
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
CN=*.zxcs.nl
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

1167/UNKNOWN TCP
Observed Nov 27, 2022 at 9:50pm UTC

View All Data

Details

Banner (Hex)
  
00000000
00000010
00000020
00000030
00000040
00000050
00000060
00000070
00000080
00000090
000000A0
000000B0
000000C0
000000D0
000000E0
000000F0
00000100
00000110
00000120
00000130
00 00 01 2e 52 ab 02 0a  14 08 a3 80 04 10 01 18 
00 20 00 2a 08 4e 4f 54  46 4f 55 4e 44 10 00 1a 
90 02 2d 2d 2d 2d 2d 42  45 47 49 4e 20 50 55 42 
4c 49 43 20 4b 45 59 2d  2d 2d 2d 2d 0a 4d 49 47 
66 4d 41 30 47 43 53 71  47 53 49 62 33 44 51 45 
42 41 51 55 41 41 34 47  4e 41 44 43 42 69 51 4b 
42 67 51 43 2b 6c 7a 4e  77 56 54 48 41 48 34 65 
71 75 6e 74 73 4c 31 73  76 41 37 42 6f 0a 56 6a 
4e 6b 55 64 35 68 70 69  41 73 44 70 4b 38 6f 76 
64 45 69 34 65 64 6b 65  50 68 69 74 33 4b 4e 44 
33 47 77 6a 4e 31 30 7a  61 4b 72 74 53 54 30 32 
77 76 65 35 6f 59 4b 52  43 46 4d 76 6e 7a 0a 46 
57 31 30 69 74 51 65 37  58 43 72 5a 41 72 4b 49 
46 6b 47 4d 63 46 6c 6a  68 4f 71 52 65 58 79 2f 
6d 7a 64 48 31 77 5a 50  4b 51 73 46 44 51 6d 48 
6e 38 45 42 76 7a 32 70  54 4a 50 69 6c 69 4c 0a 
46 6f 45 67 66 53 32 42  52 61 79 70 7a 6b 65 75 
76 77 49 44 41 51 41 42  0a 2d 2d 2d 2d 2d 45 4e 
44 20 50 55 42 4c 49 43  20 4b 45 59 2d 2d 2d 2d 
2d 0a                                            
....R...........
. .*.NOTFOUND...
..-----BEGIN PUB
LIC KEY-----.MIG
fMA0GCSqGSIb3DQE
BAQUAA4GNADCBiQK
BgQC+lzNwVTHAH4e
quntsL1svA7Bo.Vj
NkUd5hpiAsDpK8ov
dEi4edkePhit3KND
3GwjN10zaKrtST02
wve5oYKRCFMvnz.F
W10itQe7XCrZArKI
FkGMcFljhOqReXy/
mzdH1wZPKQsFDQmH
n8EBvz2pTJPiliL.
FoEgfS2BRaypzkeu
vwIDAQAB.-----EN
D PUBLIC KEY----
-.

2222/HTTP TCP
Observed Nov 28, 2022 at 8:29pm UTC

View All Data Go

Details

http://185.104.28.45:2222
Request
GET /
Protocol
HTTP/1.1
Status Code
200
Status Reason
OK
Body Hash
sha1:9338b354b60d63f297ee817e4ce8797bd5569656
HTML Title
DirectAdmin Login
Response Body
  
  
  
  

# DirectAdmin Login Page

Please enter your Username and Password  
---  
Username:|  
Password:|  
  
Mon Nov 28 21:29:31 2022

yes

3306/MYSQL TCP
Observed Nov 27, 2022 at 3:22pm UTC

View All Data

Software

MariaDB

Details

Error Code
1130
Error ID
ER_HOST_NOT_PRIVILEGED
Error Message
Host 'scanner-07.ch1.censys-scanner.com' is not allowed to connect to this MariaDB server

19999/HTTP TCP
Observed Nov 27, 2022 at 8:56am UTC

View All Data Go

Details

http://185.104.28.45:19999
Request
GET /
Protocol
HTTP/1.1
Status Code
200
Status Reason
OK
Body Hash
sha1:dccae256a4e56a3fdbd047a11c2c7fd514705548
HTML Title
netdata dashboard
Response Body

Geographic Location

Country
Netherlands (NL)
Coordinates
52.3824, 4.8995
Timezone
Europe/Amsterdam