185.104.28.45

As of: Feb 24, 2024 3:56pm UTC | Latest

Basic Information

Reverse DNS
dedi0011.zxcs.nl
Forward DNS
kuhlakku.de, mail.tandartspraktijkhogeweide.nl, mail.schildersbedrijf-malestein.nl, shop.kwpn.nl, jachtverenigingsoestdijk.nl, ...
Routing
185.104.28.0/24  via AS-ZXCS, NL (AS206281)
OS
Red Hat Enterprise Linux 6
Services (16)
21/FTP, 25/SMTP, 53/DNS, 80/HTTP, 110/POP3, 143/IMAP, 443/HTTP, 465/SMTP, 587/SMTP, 993/IMAP, 995/POP3, 1167/UNKNOWN, 2222/HTTP, 3306/MYSQL, 7685/SSH, 19999/HTTP
Labels
Database Email File Sharing Login Page Remote Access

FTP 21/TCP
02/23/2024 03:30 UTC

File Sharing

Software

ProFTPD Project ProFTPD
linux

Details

Banner
220 ProFTPD Server ready.
Auth TLS Response
234 AUTH TLS successful
Status Code
220
Status Meaning
Service ready for new user.

TLS

Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Certificate
Fingerprint
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
Subject
CN=*.zxcs.nl
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Names
*.zxcs.nl, zxcs.nl
Fingerprint
JA3S
0debd3853f330c574b05e0b6d882dc27

SMTP 25/TCP
02/23/2024 03:07 UTC

Email

Software

exim 4.92.2
linux

Details

Banner
220 dedi0011.zxcs.nl ESMTP Exim 4.92.2 Fri, 23 Feb 2024 04:07:03 +0100
EHLO
250-dedi0011.zxcs.nl Hello scanner-06.ch1.censys-scanner.com [167.94.138.34]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
Start TLS
220 TLS go ahead

TLS

Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Certificate
Fingerprint
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
Subject
CN=*.zxcs.nl
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Names
*.zxcs.nl, zxcs.nl
Fingerprint
JA3S
303951d4c50efb2e991652225a6f02b1

DNS 53/UDP
02/24/2024 08:56 UTC


Software

ISC BIND 9.8.2rc1
Red Hat Enterprise Linux 6

Details

Server Type
AUTHORITATIVE
R Code
REFUSED

HTTP 80/TCP
02/23/2024 09:00 UTC


Software

Apache HTTPD

Details

http://185.104.28.45/
Status
200  OK
Body Hash
sha1:315d1347f4b707e4ed8a73f22de8235f189ef18b
Response Body
      Apache is functioning normally
    

POP3 110/TCP
02/23/2024 11:01 UTC

Email

Details

Banner
+OK ZXCS ready.
Start TLS
+OK Begin TLS negotiation now.

TLS

Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Certificate
Fingerprint
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
Subject
CN=*.zxcs.nl
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Names
*.zxcs.nl, zxcs.nl
Fingerprint
JA3S
303951d4c50efb2e991652225a6f02b1

IMAP 143/TCP
02/24/2024 08:40 UTC

Email

Software

linux

Details

Banner
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] ZXCS ready.
Start TLS
a001 OK Begin TLS negotiation now.

TLS

Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Certificate
Fingerprint
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
Subject
CN=*.zxcs.nl
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Names
*.zxcs.nl, zxcs.nl
Fingerprint
JA3S
303951d4c50efb2e991652225a6f02b1

HTTP 443/TCP
02/23/2024 05:44 UTC


Software

Apache HTTPD

Details

https://185.104.28.45/
Status
500  Proxy Error
Body Hash
sha1:cbd7e1e779091ad6fbc4a98af49d3fe8ef79c977
HTML Title
500 Proxy Error
Response Body
      # Proxy Error

The proxy server could not handle the request

Reason: **Error during SSL Handshake with remote server**

Additionally, a 500 Internal Server Error error was encountered while trying
to use an ErrorDocument to handle the request.
    

TLS

Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Certificate
Fingerprint
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
Subject
CN=*.zxcs.nl
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Names
*.zxcs.nl, zxcs.nl
Fingerprint
JARM
2ad2ad0002ad2ad0002ad2ad2ad2adff55efa0f9599f60e6c551dfff2d0de5
JA3S
0debd3853f330c574b05e0b6d882dc27

SMTP 465/TCP
02/24/2024 10:41 UTC

Email

Software

exim 4.92.2
linux

Details

Banner
220 dedi0011.zxcs.nl ESMTP Exim 4.92.2 Sat, 24 Feb 2024 11:41:01 +0100
EHLO
250-dedi0011.zxcs.nl Hello scanner-06.ch1.censys-scanner.com [167.94.138.34]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP

TLS

Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Certificate
Fingerprint
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
Subject
CN=*.zxcs.nl
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Names
*.zxcs.nl, zxcs.nl
Fingerprint
JARM
29d29d15d29d29d06c29d29d29d29d71dbc091d32d86fce1e9de57eec374d8
JA3S
303951d4c50efb2e991652225a6f02b1

SMTP 587/TCP
02/23/2024 20:15 UTC

Email

Software

exim 4.92.2
linux

Details

Banner
220 dedi0011.zxcs.nl ESMTP Exim 4.92.2 Fri, 23 Feb 2024 21:15:25 +0100
EHLO
250-dedi0011.zxcs.nl Hello www.censys.io [167.94.145.52]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
Start TLS
220 TLS go ahead

TLS

Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Certificate
Fingerprint
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
Subject
CN=*.zxcs.nl
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Names
*.zxcs.nl, zxcs.nl
Fingerprint
JA3S
303951d4c50efb2e991652225a6f02b1

IMAP 993/TCP
02/24/2024 12:43 UTC

Email

Software

linux

Details

Banner
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] ZXCS ready.

TLS

Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Certificate
Fingerprint
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
Subject
CN=*.zxcs.nl
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Names
*.zxcs.nl, zxcs.nl
Fingerprint
JARM
15d2ad16d29d29d00015d2ad15d29de87e6567d901388794cb6a875a1928aa
JA3S
303951d4c50efb2e991652225a6f02b1

POP3 995/TCP
02/24/2024 10:19 UTC

Email

Details

Banner
+OK ZXCS ready.

TLS

Handshake
Version Selected
TLSv1_2
Cipher Selected
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Certificate
Fingerprint
38db8c253614f4f120a2c9b09ff34b091d3154c822b994c71664f6dfe2dd1a70
Subject
CN=*.zxcs.nl
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Names
*.zxcs.nl, zxcs.nl
Fingerprint
JARM
15d2ad16d29d29d00015d2ad15d29de87e6567d901388794cb6a875a1928aa
JA3S
303951d4c50efb2e991652225a6f02b1

UNKNOWN 1167/TCP
02/23/2024 16:00 UTC


Software

linux

Details

Banner (Hex)
  
00000000
00000010
00000020
00000030
00000040
00000050
00000060
00000070
00000080
00000090
000000A0
000000B0
000000C0
000000D0
000000E0
000000F0
00000100
00000110
00000120
00000130
00 00 01 2e 52 ab 02 0a 14 08 a3 80 04 10 01 18
00 20 00 2a 08 4e 4f 54 46 4f 55 4e 44 10 00 1a
90 02 2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 55 42
4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 47
66 4d 41 30 47 43 53 71 47 53 49 62 33 44 51 45
42 41 51 55 41 41 34 47 4e 41 44 43 42 69 51 4b
42 67 51 43 2b 6c 7a 4e 77 56 54 48 41 48 34 65
71 75 6e 74 73 4c 31 73 76 41 37 42 6f 0a 56 6a
4e 6b 55 64 35 68 70 69 41 73 44 70 4b 38 6f 76
64 45 69 34 65 64 6b 65 50 68 69 74 33 4b 4e 44
33 47 77 6a 4e 31 30 7a 61 4b 72 74 53 54 30 32
77 76 65 35 6f 59 4b 52 43 46 4d 76 6e 7a 0a 46
57 31 30 69 74 51 65 37 58 43 72 5a 41 72 4b 49
46 6b 47 4d 63 46 6c 6a 68 4f 71 52 65 58 79 2f
6d 7a 64 48 31 77 5a 50 4b 51 73 46 44 51 6d 48
6e 38 45 42 76 7a 32 70 54 4a 50 69 6c 69 4c 0a
46 6f 45 67 66 53 32 42 52 61 79 70 7a 6b 65 75
76 77 49 44 41 51 41 42 0a 2d 2d 2d 2d 2d 45 4e
44 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d
2d 0a
....R...........
. .*.NOTFOUND...
..-----BEGIN PUB
LIC KEY-----.MIG
fMA0GCSqGSIb3DQE
BAQUAA4GNADCBiQK
BgQC+lzNwVTHAH4e
quntsL1svA7Bo.Vj
NkUd5hpiAsDpK8ov
dEi4edkePhit3KND
3GwjN10zaKrtST02
wve5oYKRCFMvnz.F
W10itQe7XCrZArKI
FkGMcFljhOqReXy/
mzdH1wZPKQsFDQmH
n8EBvz2pTJPiliL.
FoEgfS2BRaypzkeu
vwIDAQAB.-----EN
D PUBLIC KEY----
-.

HTTP 2222/TCP
02/23/2024 06:13 UTC

Login Page

Details

http://185.104.28.45:2222/
Status
200  OK
Body Hash
sha1:9c3918a9ee0ddc95cef3eeb8db0c35f75d7acbc3
HTML Title
DirectAdmin Login
Response Body
        
  
  
  

# DirectAdmin Login Page

Please enter your Username and Password  
---  
Username:|  
Password:|  
  
Fri Feb 23 07:13:01 2024

yes
    

MYSQL 3306/TCP
02/24/2024 03:48 UTC

Database

Software

MariaDB
linux

Details

Error Code
1130
Error ID
ER_HOST_NOT_PRIVILEGED
Error Message
Host 'scanner-06.ch1.censys-scanner.com' is not allowed to connect to this MariaDB server

SSH 7685/TCP
02/23/2024 15:33 UTC

Remote Access

Software

OpenBSD OpenSSH 5.3

Details

Host Key
Algorithm
ssh-rsa
Fingerprint
4ebafa2e3104fda2a8984e810d2dd93f1c86846c63006b3c9f03fcdbd77d2ee7
Negotiated
Key Exchange
diffie-hellman-group14-sha1
Symmetric Cipher
aes128-ctr [] aes128-ctr []
MAC
hmac-sha2-256 [] hmac-sha2-256 []

HTTP 19999/TCP
02/23/2024 16:02 UTC


Details

http://185.104.28.45:19999/
Status
200  OK
Body Hash
sha1:dccae256a4e56a3fdbd047a11c2c7fd514705548
HTML Title
netdata dashboard
Response Body
      
    

Geographic Location

City
Amsterdam
Province
North Holland
Country
Netherlands (NL)
Coordinates
52.37403, 4.88969
Timezone
Europe/Amsterdam