193.142.146.220

As of: Jun 19, 2024 10:19am UTC | Latest
{
  "ip": "193.142.146.220",
  "services": [
    {
      "_decoded": "banner_grab",
      "_encoding": {
        "banner": "DISPLAY_UTF8"
      },
      "banner": "",
      "banner_hashes": [
        "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      ],
      "discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
      "extended_service_name": "DCERPC",
      "observed_at": "2024-06-18T20:44:56.306859566Z",
      "parsed": {
        "dcerpc": {
          "could_bind": true,
          "could_query_epm": true,
          "endpoints": [
            {
              "protocol": "N/A",
              "executable": "MPSSVC.dll",
              "explained_uuid": "7f9d11bf-7fb9-436b-a812-b2d50c5d4c03 v1.0 Fw APIs",
              "bindings": [
                "ncalrpc:[LRPC-b7b75183b99830943e]",
                "ncalrpc:[LRPC-a81739acad799b537b]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "bf4dc912-e52f-4904-8ebe-9317c1bdd497 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-c457b9ef0852d05e82]",
                "ncalrpc:[OLE576214EAEFDCA441203B33F6122B]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "3473dd4d-2e88-4006-9cba-22570909dd10 v5.1 WinHttp Auto-Proxy Service",
              "bindings": [
                "ncalrpc:[93f49e0d-4558-4ea2-ac17-cc184d9c3565]",
                "ncalrpc:[LRPC-7902d41c552297c95e]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "fc48cd89-98d6-4628-9839-86f7a3e4161a v1.0",
              "bindings": [
                "ncalrpc:[dabrpc]",
                "ncalrpc:[csebpub]",
                "ncalrpc:[LRPC-4e4580f2f1f6d30511]",
                "ncalrpc:[LRPC-dce0feded45d00c27f]",
                "ncalrpc:[LRPC-b8c0bd64fae6440662]",
                "ncalrpc:[LRPC-57dde3595a1be9a05f]",
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "5824833b-3c1a-4ad2-bdfd-c31d19e23ed2 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "3a9ef155-691d-4449-8d05-09ad57031823 v1.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49667]",
                "ncalrpc:[LRPC-6f18af28d2dedd4371]",
                "ncalrpc:[ubpmtaskhostchannel]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\PIPE\\atsvc]",
                "ncalrpc:[LRPC-3a54236ff1b6cf495c]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "0d3c7f20-1c8d-4654-a1b3-51563b298bda v1.0 UserMgrCli",
              "bindings": [
                "ncalrpc:[LRPC-3e8166f5fe57b9edfc]",
                "ncalrpc:[OLEC0A7842F8A8D412FBD24B9BCDAD6]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "a4b8d482-80ce-40d6-934d-b22a01a44fe7 v1.0 LicenseManager",
              "bindings": [
                "ncalrpc:[LicenseServiceEndpoint]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "0361ae94-0316-4c6c-8ad8-c594375800e2 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "IKEEXT.DLL",
              "explained_uuid": "a398e520-d59a-4bdd-aa7a-3c1e0303a511 v1.0 IKE/Authip API",
              "bindings": [
                "ncalrpc:[LRPC-42489430cea33b4b7d]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "1a0d010f-1c33-432c-b0f5-8cf4e8053099 v1.0 IdSegSrv service",
              "bindings": [
                "ncalrpc:[LRPC-cef6a5c12571d3ebee]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "98cd761e-e77d-41c8-a3c0-0fb756d90ec2 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-9533cc69e4e3681b48]",
                "ncalrpc:[OLE3B3A462685D2242C3085E82ED36E]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "5222821f-d5e2-4885-84f1-5f6185a0ec41 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-d666fa353637ac99b7]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "sysntfy.dll",
              "explained_uuid": "c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 v1.0 Impl friendly name",
              "bindings": [
                "ncalrpc:[LRPC-dda7c9975e5732adbf]",
                "ncalrpc:[IUserProfile2]",
                "ncalrpc:[LRPC-f73a847112d322ee38]",
                "ncalrpc:[LRPC-0e9283d575ab7413a0]",
                "ncalrpc:[senssvc]",
                "ncalrpc:[LRPC-0b18afa59b110bbd04]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "nsisvc.dll",
              "explained_uuid": "7ea70bcf-48af-4f6a-8968-6a440754d5fa v1.0 NSI server endpoint",
              "bindings": [
                "ncalrpc:[LRPC-b82e0474264a399003]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "dhcpcsvc.dll",
              "explained_uuid": "3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 v1.0 DHCP Client LRPC Endpoint",
              "bindings": [
                "ncalrpc:[dhcpcsvc]",
                "ncalrpc:[dhcpcsvc6]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "nrpsrv.dll",
              "explained_uuid": "30adc50c-5cbc-46ce-9a0e-91914789e23c v1.0 NRP server endpoint",
              "bindings": [
                "ncalrpc:[LRPC-02d5d1005580e788fb]",
                "ncalrpc:[DNSResolver]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "f3f09ffd-fbcf-4291-944d-70ad6e0e73bb v1.0",
              "bindings": [
                "ncalrpc:[LRPC-79ac03cad452102a37]",
                "ncalrpc:[LRPC-6e57895b7a8de86ef3]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "schedsvc.dll",
              "explained_uuid": "0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-3a54236ff1b6cf495c]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "sysmain.dll",
              "explained_uuid": "b58aa02e-2884-4e97-8176-4ee06d794184 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-42e3b6686b4b03f881]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "0fc77b1a-95d8-4a2e-a0c0-cff54237462b v0.0",
              "bindings": [
                "ncalrpc:[LRPC-50c5ef2fd7573b116c]",
                "ncalrpc:[OLE341A8BE00688E67916D6BE04DC35]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "8ec21e98-b5ce-4916-a3d6-449fa428a007 v0.0",
              "bindings": [
                "ncalrpc:[LRPC-50c5ef2fd7573b116c]",
                "ncalrpc:[OLE341A8BE00688E67916D6BE04DC35]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "appinfo.dll",
              "explained_uuid": "201ef99a-7fa0-444c-9399-19ba84f12a1a v1.0 AppInfo",
              "bindings": [
                "ncalrpc:[LRPC-03ac89dd5e326a3099]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "2c7fd9ce-e706-4b40-b412-953107ef9bb0 v0.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "[MS-RSP]: Remote Shutdown Protocol",
              "executable": "wininit.exe",
              "explained_uuid": "d95afe70-a6d5-4259-822e-2c84da1ddb0d v1.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49665]",
                "ncalrpc:[WindowsShutdown]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\PIPE\\InitShutdown]",
                "ncalrpc:[WMsgKRpc06FAD0]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "c521facf-09a9-42c5-b155-72388595cbf0 v0.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "2513bcbe-6cd4-4348-855e-7efb3c336dd3 v2.0",
              "bindings": [
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "[MS-EVEN6]: EventLog Remoting Protocol",
              "executable": "wevtsvc.dll",
              "explained_uuid": "f6beaff7-1e19-4fbb-9f8f-b89e2018337c v1.0 Event log TCPIP",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49666]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\pipe\\eventlog]",
                "ncalrpc:[eventlog]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "3f787932-3452-4363-8651-6ea97bb373bb v1.0 NSP Rpc Interface",
              "bindings": [
                "ncalrpc:[LRPC-4cb30e15b962b0f9b5]",
                "ncalrpc:[OLE0646C07CACAE151363AAE5C3FF8E]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "2e6035b2-e8f1-41a7-a044-656b439c4c34 v1.0 Proxy Manager provider server endpoint",
              "bindings": [
                "ncalrpc:[TeredoControl]",
                "ncalrpc:[TeredoDiagnostics]",
                "ncalrpc:[LRPC-de4da19f5fbbbaaf8e]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "d22895ef-aff4-42c5-a5b2-b14466d34ab4 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-9533cc69e4e3681b48]",
                "ncalrpc:[OLE3B3A462685D2242C3085E82ED36E]"
              ]
            },
            {
              "protocol": "[MS-CMPO]: MSDTC Connection Manager:",
              "executable": "msdtcprx.dll",
              "explained_uuid": "906b0ce0-c70b-1067-b317-00dd010662da v1.0",
              "bindings": [
                "ncalrpc:[LRPC-08bd68d172164e502b]",
                "ncalrpc:[LRPC-08bd68d172164e502b]",
                "ncalrpc:[LRPC-08bd68d172164e502b]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "e53d94ca-7464-4839-b044-09a2fb8b3ae5 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "winlogon.exe",
              "explained_uuid": "12e65dd8-887f-41ef-91bf-8d816c42c2e7 v1.0 Secure Desktop LRPC interface",
              "bindings": [
                "ncalrpc:[WMsgKRpc0129C932]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "51a227ae-825b-41f2-b4a9-1ac9557a1018 v1.0 Ngc Pop Key Service",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49664]",
                "ncalrpc:[samss lpc]",
                "ncalrpc:[SidKey Local End Point]",
                "ncalrpc:[protected_storage]",
                "ncalrpc:[lsasspirpc]",
                "ncalrpc:[lsapolicylookup]",
                "ncalrpc:[LSA_EAS_ENDPOINT]",
                "ncalrpc:[LSA_IDPEXT_ENDPOINT]",
                "ncalrpc:[lsacap]",
                "ncalrpc:[LSARPC_ENDPOINT]",
                "ncalrpc:[securityevent]",
                "ncalrpc:[audit]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\pipe\\lsass]"
              ]
            },
            {
              "protocol": "[MS-TSCH]: Task Scheduler Service Remoting Protocol",
              "executable": "taskcomp.dll",
              "explained_uuid": "1ff70682-0a51-30e8-076d-740be8cee98b v1.0",
              "bindings": [
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\PIPE\\atsvc]",
                "ncalrpc:[LRPC-3a54236ff1b6cf495c]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "BFE.DLL",
              "explained_uuid": "dd490425-5325-4565-b774-7e27d6c09c24 v1.0 Base Firewall Engine API",
              "bindings": [
                "ncalrpc:[LRPC-a81739acad799b537b]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "857fb1be-084f-4fb5-b59c-4b2c4be5f0cf v1.0",
              "bindings": [
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "f44e62af-dab1-44c2-8013-049a9de417d6 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-d0c9b4aa7e7865910d]",
                "ncalrpc:[OLE425D7F1B45F930CF4A0C24B863FC]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "b1ef227e-dfa5-421e-82bb-67a6a129c496 v0.0",
              "bindings": [
                "ncalrpc:[LRPC-50c5ef2fd7573b116c]",
                "ncalrpc:[OLE341A8BE00688E67916D6BE04DC35]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "appinfo.dll",
              "explained_uuid": "fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 v1.0 AppInfo",
              "bindings": [
                "ncalrpc:[LRPC-03ac89dd5e326a3099]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "88abcbc3-34ea-76ae-8215-767520655a23 v0.0",
              "bindings": [
                "ncalrpc:[LRPC-57dde3595a1be9a05f]",
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "13560fa9-8c09-4b56-a1fd-04d083b9b2a1 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-d0c9b4aa7e7865910d]",
                "ncalrpc:[OLE425D7F1B45F930CF4A0C24B863FC]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "dd59071b-3215-4c59-8481-972edadc0f6a v1.0",
              "bindings": [
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "085b0334-e454-4d91-9b8c-4134f9e793f3 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "fae436b0-b864-4a87-9eda-298547cd82f2 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "appmgmts.dll",
              "explained_uuid": "8c7daf44-b6dc-11d1-9a4c-0020af6e7c57 v1.0 Group Policy RPC Interface",
              "bindings": [
                "ncalrpc:[LRPC-5cf6aa4637a4805ae7]"
              ]
            },
            {
              "protocol": "[MS-PAR]: Print System Asynchronous Remote Protocol",
              "executable": "spoolsv.exe",
              "explained_uuid": "76f03f96-cdfd-44fc-a22c-64950a001209 v1.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49669]",
                "ncalrpc:[LRPC-80672efb385f8ffe67]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "certprop.dll",
              "explained_uuid": "30b044a5-a225-43f0-b3a4-e060df91f9c1 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-08519b016785aea4eb]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "iphlpsvc.dll",
              "explained_uuid": "552d076a-cb29-4e44-8b6a-d15e59e2c0af v1.0 IP Transition Configuration endpoint",
              "bindings": [
                "ncalrpc:[LRPC-de4da19f5fbbbaaf8e]"
              ]
            },
            {
              "protocol": "[MS-FASP]: Firewall and Advanced Security Protocol",
              "executable": "FwRemoteSvr.dll",
              "explained_uuid": "6b5bdd1e-528c-422c-af8c-a4079be4fe48 v1.0 Remote Fw APIs",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49671]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "appinfo.dll",
              "explained_uuid": "5f54ce7d-5b79-4175-8584-cb65313a0e98 v1.0 AppInfo",
              "bindings": [
                "ncalrpc:[LRPC-03ac89dd5e326a3099]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "d09bdeb5-6171-4a34-bfe2-06fa82652568 v1.0",
              "bindings": [
                "ncalrpc:[csebpub]",
                "ncalrpc:[LRPC-4e4580f2f1f6d30511]",
                "ncalrpc:[LRPC-dce0feded45d00c27f]",
                "ncalrpc:[LRPC-b8c0bd64fae6440662]",
                "ncalrpc:[LRPC-57dde3595a1be9a05f]",
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]",
                "ncalrpc:[LRPC-dce0feded45d00c27f]",
                "ncalrpc:[LRPC-b8c0bd64fae6440662]",
                "ncalrpc:[LRPC-57dde3595a1be9a05f]",
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]",
                "ncalrpc:[LRPC-b8c0bd64fae6440662]",
                "ncalrpc:[LRPC-57dde3595a1be9a05f]",
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]",
                "ncalrpc:[LRPC-49bc83a519fefea68f]",
                "ncalrpc:[LRPC-ff27e3d9cc1a86d49d]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "1832bcf6-cab8-41d4-85d2-c9410764f75a v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "55e6b932-1979-45d6-90c5-7f6270724112 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-57dde3595a1be9a05f]",
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "a500d4c6-0dd1-4543-bc0c-d5f93486eaf8 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-2288476917a86d404b]",
                "ncalrpc:[LRPC-ff27e3d9cc1a86d49d]"
              ]
            },
            {
              "protocol": "[MS-SAMR]: Security Account Manager (SAM) Remote Protocol",
              "executable": "samsrv.dll",
              "explained_uuid": "12345778-1234-abcd-ef00-0123456789ac v1.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49664]",
                "ncalrpc:[samss lpc]",
                "ncalrpc:[SidKey Local End Point]",
                "ncalrpc:[protected_storage]",
                "ncalrpc:[lsasspirpc]",
                "ncalrpc:[lsapolicylookup]",
                "ncalrpc:[LSA_EAS_ENDPOINT]",
                "ncalrpc:[LSA_IDPEXT_ENDPOINT]",
                "ncalrpc:[lsacap]",
                "ncalrpc:[LSARPC_ENDPOINT]",
                "ncalrpc:[securityevent]",
                "ncalrpc:[audit]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\pipe\\lsass]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "6982a06e-5fe2-46b1-b39c-a2c545bfa069 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "2d98a740-581d-41b9-aa0d-a88b9d5ce938 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "7df1ceae-de4e-4e6f-ab14-49636e7c2052 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-111055f0df68a70c01]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "9b008953-f195-4bf9-bde0-4471971e58ed v1.0",
              "bindings": [
                "ncalrpc:[LRPC-dce0feded45d00c27f]",
                "ncalrpc:[LRPC-b8c0bd64fae6440662]",
                "ncalrpc:[LRPC-57dde3595a1be9a05f]",
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "c605f9fb-f0a3-4e2a-a073-73560f8d9e3e v1.0",
              "bindings": [
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "e40f7b57-7a25-4cd3-a135-7f7d3df9d16b v1.0",
              "bindings": [
                "ncalrpc:[LRPC-6b8ea9c2940568f9e3]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "33d84484-3626-47ee-8c6f-e7e98b113be1 v2.0",
              "bindings": [
                "ncalrpc:[LRPC-6f18af28d2dedd4371]",
                "ncalrpc:[ubpmtaskhostchannel]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\PIPE\\atsvc]",
                "ncalrpc:[LRPC-3a54236ff1b6cf495c]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "b18fbab6-56f8-4702-84e0-41053293a869 v1.0 UserMgrCli",
              "bindings": [
                "ncalrpc:[LRPC-3e8166f5fe57b9edfc]",
                "ncalrpc:[OLEC0A7842F8A8D412FBD24B9BCDAD6]"
              ]
            },
            {
              "protocol": "[MS-PAN]: Print System Asynchronous Notification Protocol",
              "executable": "spoolsv.exe",
              "explained_uuid": "ae33069b-a2a8-46ee-a235-ddfd339be281 v1.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49669]",
                "ncalrpc:[LRPC-80672efb385f8ffe67]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "c503f532-443a-4c69-8300-ccd1fbdb3839 v2.0",
              "bindings": [
                "ncalrpc:[LRPC-67aee871fe0e3459e2]",
                "ncalrpc:[OLE3256E2F49D874812DDC3C39A51D5]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 v2.0 KeyIso",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49664]",
                "ncalrpc:[samss lpc]",
                "ncalrpc:[SidKey Local End Point]",
                "ncalrpc:[protected_storage]",
                "ncalrpc:[lsasspirpc]",
                "ncalrpc:[lsapolicylookup]",
                "ncalrpc:[LSA_EAS_ENDPOINT]",
                "ncalrpc:[LSA_IDPEXT_ENDPOINT]",
                "ncalrpc:[lsacap]",
                "ncalrpc:[LSARPC_ENDPOINT]",
                "ncalrpc:[securityevent]",
                "ncalrpc:[audit]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\pipe\\lsass]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "880fd55e-43b9-11e0-b1a8-cf4edfd72085 v1.0 KAPI Service endpoint",
              "bindings": [
                "ncalrpc:[LRPC-d4fa3937ac46fa4b7a]",
                "ncalrpc:[OLE72E05C7285033C3612A37C73EFE7]",
                "ncalrpc:[LRPC-49bc83a519fefea68f]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "eb081a0d-10ee-478a-a1dd-50995283e7a8 v3.0 Witness Client Test Interface",
              "bindings": [
                "ncalrpc:[LRPC-a92ed06cfbc8465490]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "95095ec8-32ea-4eb0-a3e2-041f97b36168 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-9533cc69e4e3681b48]",
                "ncalrpc:[OLE3B3A462685D2242C3085E82ED36E]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "8782d3b9-ebbd-4644-a3d8-e8725381919b v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "178d84be-9291-4994-82c6-3f909aca5a03 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "appinfo.dll",
              "explained_uuid": "58e604e8-9adb-4d2e-a464-3b0683fb1480 v1.0 AppInfo",
              "bindings": [
                "ncalrpc:[LRPC-03ac89dd5e326a3099]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "0497b57d-2e66-424f-a0c6-157cd5d41700 v1.0 AppInfo",
              "bindings": [
                "ncalrpc:[LRPC-03ac89dd5e326a3099]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "4ed8abcc-f1e2-438b-981f-bb0e8abc010c v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "c36be077-e14b-4fe9-8abc-e856ef4f048b v1.0 Proxy Manager client server endpoint",
              "bindings": [
                "ncalrpc:[TeredoControl]",
                "ncalrpc:[TeredoDiagnostics]",
                "ncalrpc:[LRPC-de4da19f5fbbbaaf8e]"
              ]
            },
            {
              "protocol": "[MS-TSCH]: Task Scheduler Service Remoting Protocol",
              "executable": "schedsvc.dll",
              "explained_uuid": "86d35949-83c9-4044-b424-db363231fd0c v1.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49667]",
                "ncalrpc:[LRPC-6f18af28d2dedd4371]",
                "ncalrpc:[ubpmtaskhostchannel]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\PIPE\\atsvc]",
                "ncalrpc:[LRPC-3a54236ff1b6cf495c]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "abfb6ca3-0c5e-4734-9285-0aee72fe8d1c v1.0",
              "bindings": [
                "ncalrpc:[LRPC-d0c9b4aa7e7865910d]",
                "ncalrpc:[OLE425D7F1B45F930CF4A0C24B863FC]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "gpsvc.dll",
              "explained_uuid": "2eb08e3e-639f-4fba-97b1-14f878961076 v1.0 Group Policy RPC Interface",
              "bindings": [
                "ncalrpc:[LRPC-c27eb7a25103bb1dda]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "650a7e26-eab8-5533-ce43-9c1dfce11511 v1.0 Vpn APIs",
              "bindings": [
                "ncalrpc:[LRPC-af9db1fd2377be3a65]",
                "ncalrpc:[VpnikeRpc]",
                "ncalrpc:[RasmanLrpc]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\PIPE\\ROUTER]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "d4051bde-9cdd-4910-b393-4aa85ec3c482 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-9533cc69e4e3681b48]",
                "ncalrpc:[OLE3B3A462685D2242C3085E82ED36E]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "76c217bc-c8b4-4201-a745-373ad9032b1a v1.0",
              "bindings": [
                "ncalrpc:[LRPC-57dde3595a1be9a05f]",
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "0ff1f646-13bb-400a-ab50-9a78f2b7a85a v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "29770a8f-829b-4158-90a2-78cd488501f7 v1.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49668]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\pipe\\SessEnvPublicRpc]",
                "ncalrpc:[SessEnvPrivateRpc]",
                "ncalrpc:[LRPC-0b18afa59b110bbd04]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "winlogon.exe",
              "explained_uuid": "76f226c3-ec14-4325-8a99-6a46348418af v1.0",
              "bindings": [
                "ncalrpc:[WindowsShutdown]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\PIPE\\InitShutdown]",
                "ncalrpc:[WMsgKRpc06FAD0]",
                "ncalrpc:[WMsgKRpc0803D1]",
                "ncalrpc:[WMsgKRpc0129C932]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d v1.0",
              "bindings": [
                "ncalrpc:[LRPC-9533cc69e4e3681b48]",
                "ncalrpc:[OLE3B3A462685D2242C3085E82ED36E]"
              ]
            },
            {
              "protocol": "[MS-RPRN]: Print System Remote Protocol",
              "executable": "spoolsv.exe",
              "explained_uuid": "12345678-1234-abcd-ef00-0123456789ab v1.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49669]",
                "ncalrpc:[LRPC-80672efb385f8ffe67]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "3b338d89-6cfa-44b8-847e-531531bc9992 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "dhcpcsvc6.dll",
              "explained_uuid": "3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 v1.0 DHCPv6 Client LRPC Endpoint",
              "bindings": [
                "ncalrpc:[dhcpcsvc6]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "f2c9b409-c1c9-4100-8639-d8ab1486694a v1.0 Witness Client Upcall Server",
              "bindings": [
                "ncalrpc:[LRPC-a92ed06cfbc8465490]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "509bc7ae-77be-4ee8-b07c-0d096bb44345 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-91d8fc7ced5a9d92cc]",
                "ncalrpc:[OLE37FCCF52146CA5C664FB5DDC1F83]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "d249bd56-4cc0-4fd3-8ce6-6fe050d590cb v0.0",
              "bindings": [
                "ncalrpc:[LRPC-0b1ffa40c313fd5e7a]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "082a3471-31b6-422a-b931-a54401960c62 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "8bfc3be1-6def-4e2d-af74-7c47cd0ade4a v1.0",
              "bindings": [
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "c2d1b5dd-fa81-4460-9dd6-e7658b85454b v1.0",
              "bindings": [
                "ncalrpc:[LRPC-d0c9b4aa7e7865910d]",
                "ncalrpc:[OLE425D7F1B45F930CF4A0C24B863FC]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "b37f900a-eae4-4304-a2ab-12bb668c0188 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-d0c9b4aa7e7865910d]",
                "ncalrpc:[OLE425D7F1B45F930CF4A0C24B863FC]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "7f1343fe-50a9-4927-a778-0c5859517bac v1.0 DfsDs service",
              "bindings": [
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\PIPE\\wkssvc]",
                "ncalrpc:[LRPC-a92ed06cfbc8465490]"
              ]
            },
            {
              "protocol": "[MS-PAN]: Print System Asynchronous Notification Protocol",
              "executable": "spoolsv.exe",
              "explained_uuid": "0b6edbfa-4a24-4fc6-8a23-942b1eca65d1 v1.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49669]",
                "ncalrpc:[LRPC-80672efb385f8ffe67]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "697dcda9-3ba9-4eb2-9247-e11f1901b0d2 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-4e4580f2f1f6d30511]",
                "ncalrpc:[LRPC-dce0feded45d00c27f]",
                "ncalrpc:[LRPC-b8c0bd64fae6440662]",
                "ncalrpc:[LRPC-57dde3595a1be9a05f]",
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "20c40295-8dba-48e6-aebf-3e78ef3bb144 v2.0",
              "bindings": [
                "ncalrpc:[OLE8964DAD6A22A701C3126C257B1F8]",
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "MPSSVC.dll",
              "explained_uuid": "2fb92682-6599-42dc-ae13-bd2ca89bd11c v1.0 Fw APIs",
              "bindings": [
                "ncalrpc:[LRPC-9f1eda00aa5a32eea2]",
                "ncalrpc:[LRPC-639e30e96006ba3c10]",
                "ncalrpc:[LRPC-b7b75183b99830943e]",
                "ncalrpc:[LRPC-a81739acad799b537b]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "f47433c3-3e9d-4157-aad4-83aa1f5c2d4c v1.0 Fw APIs",
              "bindings": [
                "ncalrpc:[LRPC-639e30e96006ba3c10]",
                "ncalrpc:[LRPC-b7b75183b99830943e]",
                "ncalrpc:[LRPC-a81739acad799b537b]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 v1.0 Adh APIs",
              "bindings": [
                "ncalrpc:[TeredoControl]",
                "ncalrpc:[TeredoDiagnostics]",
                "ncalrpc:[LRPC-de4da19f5fbbbaaf8e]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "spoolsv.exe",
              "explained_uuid": "4a452661-8290-4b36-8fbe-7f4093a94978 v1.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49669]",
                "ncalrpc:[LRPC-80672efb385f8ffe67]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "d8140e00-5c46-4ae6-80ac-2f9a76df224c v0.0",
              "bindings": [
                "ncalrpc:[LRPC-0b1ffa40c313fd5e7a]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "95406f0b-b239-4318-91bb-cea3a46ff0dc v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "srvsvc.dll",
              "explained_uuid": "98716d03-89ac-44c7-bb8c-285824e51c4a v1.0 XactSrv service",
              "bindings": [
                "ncalrpc:[LRPC-cef6a5c12571d3ebee]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "8fb74744-b2ff-4c00-be0d-9ef9a191fe1b v1.0 Ngc Pop Key Service",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49664]",
                "ncalrpc:[samss lpc]",
                "ncalrpc:[SidKey Local End Point]",
                "ncalrpc:[protected_storage]",
                "ncalrpc:[lsasspirpc]",
                "ncalrpc:[lsapolicylookup]",
                "ncalrpc:[LSA_EAS_ENDPOINT]",
                "ncalrpc:[LSA_IDPEXT_ENDPOINT]",
                "ncalrpc:[lsacap]",
                "ncalrpc:[LSARPC_ENDPOINT]",
                "ncalrpc:[securityevent]",
                "ncalrpc:[audit]",
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\pipe\\lsass]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "4dace966-a243-4450-ae3f-9b7bcb5315b8 v2.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "e38f5360-8572-473e-b696-1b46873beeab v1.0",
              "bindings": [
                "ncalrpc:[LRPC-9533cc69e4e3681b48]",
                "ncalrpc:[OLE3B3A462685D2242C3085E82ED36E]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "4c9dbf19-d39e-4bb9-90ee-8f7179b20283 v1.0",
              "bindings": [
                "ncalrpc:[LRPC-9533cc69e4e3681b48]",
                "ncalrpc:[OLE3B3A462685D2242C3085E82ED36E]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "0d47017b-b33b-46ad-9e18-fe96456c5078 v1.0",
              "bindings": [
                "ncalrpc:[umpo]"
              ]
            },
            {
              "protocol": "[MS-TSCH]: Task Scheduler Service Remoting Protocol",
              "executable": "taskcomp.dll",
              "explained_uuid": "378e52b0-c0a9-11cf-822d-00aa0051e40f v1.0",
              "bindings": [
                "ncacn_np:\\\\WINDOWS-1BBOQBP[\\PIPE\\atsvc]",
                "ncalrpc:[LRPC-3a54236ff1b6cf495c]"
              ]
            },
            {
              "protocol": "[MS-SCMR]: Service Control Manager Remote Protocol",
              "executable": "services.exe",
              "explained_uuid": "367abb81-9844-35f1-ad32-98f038001003 v2.0",
              "bindings": [
                "ncacn_ip_tcp:193.142.146.220[49670]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "pcasvc.dll",
              "explained_uuid": "0767a036-0d22-48aa-ba69-b619480f38cb v1.0 PcaSvc",
              "bindings": [
                "ncalrpc:[LRPC-df0e1f1eb8e3c80056]"
              ]
            },
            {
              "protocol": "N/A",
              "executable": "N/A",
              "explained_uuid": "0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e v1.0",
              "bindings": [
                "ncalrpc:[LRPC-79cfe07620a143b481]",
                "ncalrpc:[actkernel]",
                "ncalrpc:[umpo]"
              ]
            }
          ]
        }
      },
      "perspective_id": "PERSPECTIVE_TATA",
      "port": 135,
      "service_name": "DCERPC",
      "source_ip": "167.94.138.127",
      "transport_fingerprint": {
        "raw": "65535,128,true,MNWST,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "smb",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "SMB SMB 2.1",
      "banner_hashes": [
        "sha256:51d9f41a595c653b76dbff0adeec37710decd99e91825ba2de9ef6e273bfcaf0"
      ],
      "banner_hex": "534d4220534d4220322e31",
      "discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
      "extended_service_name": "SMB",
      "labels": [
        "file-sharing"
      ],
      "observed_at": "2024-06-19T07:43:35.268730531Z",
      "perspective_id": "PERSPECTIVE_ORANGE",
      "port": 445,
      "service_name": "SMB",
      "smb": {
        "smb_version": {
          "major": 2,
          "minor": 1,
          "version_string": "SMB 2.1",
          "revision": 0
        },
        "smb_capabilities": {
          "smb_dfs_support": true,
          "smb_leasing_support": true,
          "smb_multicredit_support": true,
          "smb_multichan_support": false,
          "smb_persistent_handle_support": false,
          "smb_directory_leasing_support": false,
          "smb_encryption_support": false
        },
        "has_ntlm": true,
        "negotiation_log": {
          "header_log": {
            "_encoding": {
              "protocol_id": "DISPLAY_HEX"
            },
            "protocol_id": "00000000fe534d42",
            "credits": 1,
            "flags": 1,
            "status": 0,
            "command": 0
          },
          "security_mode": 1,
          "dialect_revision": 528,
          "_encoding": {
            "server_guid": "DISPLAY_HEX"
          },
          "server_guid": "00000000000000000000000000000000b79a01493f987e48a071a08a759ad48b",
          "capabilities": 7,
          "system_time": 1718783015,
          "server_start_time": 1240428288,
          "authentication_types": [
            "1.3.6.1.4.1.311.2.2.30",
            "1.3.6.1.4.1.311.2.2.10"
          ]
        },
        "session_setup_log": {
          "header_log": {
            "_encoding": {
              "protocol_id": "DISPLAY_HEX"
            },
            "protocol_id": "00000000fe534d42",
            "status": 3221225494,
            "command": 1,
            "credits": 1,
            "flags": 1
          },
          "target_name": "WINDOWS-1BBOQBP",
          "negotiate_flags": 2726953477,
          "setup_flags": 0
        },
        "smbv1_support": false
      },
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
          "part": "o",
          "vendor": "Microsoft",
          "product": "Windows",
          "other": {
            "family": "Windows"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "167.94.145.96",
      "transport_fingerprint": {
        "raw": "65535,128,true,MNWST,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "banner_grab",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "{\"packetID\":0}\n",
      "banner_hashes": [
        "sha256:f28f002492ce9c0681832d540093951397619636a9ac36caf6081c28d26b2653"
      ],
      "banner_hex": "7b227061636b65744944223a307d0a",
      "discovery_method": "IPV4_WALK_FULL_PRIORITY_3",
      "extended_service_name": "UNKNOWN",
      "observed_at": "2024-06-17T23:57:14.753288091Z",
      "perspective_id": "PERSPECTIVE_TATA",
      "port": 2244,
      "service_name": "UNKNOWN",
      "source_ip": "167.94.138.45",
      "transport_fingerprint": {
        "raw": "65535,128,true,MNWST,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "rdp",
      "_encoding": {
        "certificate": "DISPLAY_HEX"
      },
      "certificate": "e42252d00516f916d204e5da6e5f4f69fc79dd75a1347c282e3b11209b315ee5",
      "discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
      "extended_service_name": "RDP",
      "jarm": {
        "_encoding": {
          "fingerprint": "DISPLAY_HEX",
          "cipher_and_version_fingerprint": "DISPLAY_HEX",
          "tls_extensions_sha256": "DISPLAY_HEX"
        },
        "fingerprint": "14d14d16d14d14d08c14d14d14d14dfd9c9d14e4f4f67f94f0359f8b28f532",
        "cipher_and_version_fingerprint": "14d14d16d14d14d08c14d14d14d14d",
        "tls_extensions_sha256": "fd9c9d14e4f4f67f94f0359f8b28f532",
        "observed_at": "2024-06-08T17:23:47.692751815Z"
      },
      "labels": [
        "network-administration",
        "remote-access"
      ],
      "observed_at": "2024-06-19T06:28:17.312779288Z",
      "perspective_id": "PERSPECTIVE_ORANGE",
      "port": 3389,
      "rdp": {
        "protocol_flags": {
          "extended_client_data_supported": true,
          "dynvc_graphics_pipeline": true,
          "neg_resp_reserved": true,
          "restricted_admin_mode": true,
          "restricted_auth_mode": true
        },
        "selected_security_protocol": {
          "rdstls": true,
          "raw_value": 4,
          "standard_rdp": false,
          "tls": false,
          "credssp": false,
          "credssp_early_auth": false,
          "error": false,
          "error_ssl_required": false,
          "error_ssl_forbidden": false,
          "error_ssl_cert_missing": false,
          "error_bad_flags": false,
          "error_hybrid_required": false,
          "error_ssl_user_auth_required": false,
          "error_unknown": false
        },
        "x224_cc_pdu_srcref": 13330
      },
      "service_name": "RDP",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
          "part": "o",
          "vendor": "Microsoft",
          "product": "Windows",
          "other": {
            "family": "Windows"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "167.94.145.110",
      "tls": {
        "version_selected": "TLSv1_2",
        "cipher_selected": "TLS_RSA_WITH_AES_256_GCM_SHA384",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "e42252d00516f916d204e5da6e5f4f69fc79dd75a1347c282e3b11209b315ee5",
          "leaf_data": {
            "subject_dn": "CN=WINDOWS-1BBOQBP",
            "issuer_dn": "CN=WINDOWS-1BBOQBP",
            "pubkey_bit_size": 2048,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "7ecbe1f0e4933b1c638a1a35f0c3e71351762c5a71f7d2f1bdfb5ba36ae2800e",
            "fingerprint": "e42252d00516f916d204e5da6e5f4f69fc79dd75a1347c282e3b11209b315ee5",
            "issuer": {
              "common_name": [
                "WINDOWS-1BBOQBP"
              ]
            },
            "subject": {
              "common_name": [
                "WINDOWS-1BBOQBP"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "xLUamuOP1f+Ka4lvhXLHd8AkZ5D8Fd3Uw6TaW27d87KBZZs4FQsd+i3hHe6xH0+nWQz1VRaHeg83boXTgZE87//1lEUN388QupaKQXu4ctJ/0ADT4DKGMm9lsDP+oi+xtOUOrOxNIp9/IrdQ1PFoYbUcjcK7U3rzt5Oxn/elTpxXsZKXRCK8U10ZzZclKLsfsQfn+bgEpPTpibIT0yarhxnB64sQusuBf2feNAU9tZD9oHZKLuOWax89/uqDUle+lHBkuGvMEzJa0B2OlcYkIAiBCSpbx01++DK2zcgpxvF+6OhU8RCkhH3LG3uy5F3D8b9zSZAoLb+6DR7FUwMB7Q==",
                "exponent": "AAEAAQ==",
                "length": 256
              },
              "fingerprint": "aa07b9752f9eb20b6786d1aa208c830c5b5270e2c1e4c4b9d92cddc471748488"
            },
            "signature": {
              "self_signed": true,
              "signature_algorithm": "SHA256-RSA"
            }
          }
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "f75082535b4a79c07b31bdd0e2b7eb87",
        "ja4s": "t120100_009d_bc98f8e001b5",
        "versions": [
          {
            "tls_version": "TLSv1_2",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "f75082535b4a79c07b31bdd0e2b7eb87",
            "ja4s": "t120100_009d_bc98f8e001b5"
          },
          {
            "tls_version": "TLSv1_1",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "9f2e2080c0409c26ea913d9273e88773",
            "ja4s": "t110100_0035_bc98f8e001b5"
          },
          {
            "tls_version": "TLSv1_0",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "91589ea825a2ee41810c85fab06d2ef6",
            "ja4s": "t100100_0035_bc98f8e001b5"
          }
        ]
      },
      "transport_fingerprint": {
        "raw": "64000,128,true,MNWST,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "banner_grab",
      "_encoding": {
        "banner": "DISPLAY_UTF8"
      },
      "banner": "",
      "banner_hashes": [
        "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      ],
      "discovery_method": "PREDICTIVE_METHOD_18",
      "extended_service_name": "WINRM",
      "observed_at": "2024-06-19T10:19:31.078615515Z",
      "parsed": {
        "winrm": {
          "auth_types": [
            "Negotiate"
          ],
          "ntlm_info": {
            "encryption_56bit_supported": true,
            "encryption_128bit_supported": true,
            "ntlm1_supported": true,
            "ntlm2_supported": true,
            "always_sign_supported": true,
            "challenge_type": 3,
            "target_name": "W\u0000I\u0000N\u0000D\u0000O\u0000W\u0000S\u0000-\u00001\u0000B\u0000B\u0000O\u0000Q\u0000B\u0000P\u0000",
            "netbios_computer_name": "W\u0000I\u0000N\u0000D\u0000O\u0000W\u0000S\u0000-\u00001\u0000B\u0000B\u0000O\u0000Q\u0000B\u0000P\u0000",
            "netbios_domain_name": "W\u0000I\u0000N\u0000D\u0000O\u0000W\u0000S\u0000-\u00001\u0000B\u0000B\u0000O\u0000Q\u0000B\u0000P\u0000",
            "dns_server_name": "W\u0000I\u0000N\u0000D\u0000O\u0000W\u0000S\u0000-\u00001\u0000B\u0000B\u0000O\u0000Q\u0000B\u0000P\u0000",
            "dns_domain_name": "W\u0000I\u0000N\u0000D\u0000O\u0000W\u0000S\u0000-\u00001\u0000B\u0000B\u0000O\u0000Q\u0000B\u0000P\u0000",
            "dns_tree_name": "",
            "os_version": "10.0.20348",
            "ntlm_version": 15
          }
        }
      },
      "perspective_id": "PERSPECTIVE_HE",
      "port": 5985,
      "service_name": "WINRM",
      "source_ip": "162.142.125.193",
      "transport_fingerprint": {
        "raw": "65535,128,true,MNWST,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "http",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "HTTP/1.1 404 Not Found\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate:  <REDACTED>\r\nConnection: close\r\nContent-Length: 315\r\n",
      "banner_hashes": [
        "sha256:d7de42c1e8c09cf951e3ad6248fda3ab48a60ca3eac8b25effd4b3067df8f362"
      ],
      "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d75732d61736369690d0a5365727665723a204d6963726f736f66742d485454504150492f322e300d0a446174653a20203c52454441435445443e0d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d4c656e6774683a203331350d0a",
      "discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
      "extended_service_name": "HTTP",
      "http": {
        "request": {
          "method": "GET",
          "uri": "http://193.142.146.220:47001/",
          "headers": {
            "User_Agent": [
              "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
            ],
            "_encoding": {
              "User_Agent": "DISPLAY_UTF8",
              "Accept": "DISPLAY_UTF8"
            },
            "Accept": [
              "*/*"
            ]
          }
        },
        "response": {
          "protocol": "HTTP/1.1",
          "status_code": 404,
          "status_reason": "Not Found",
          "headers": {
            "Date": [
              "<REDACTED>"
            ],
            "_encoding": {
              "Date": "DISPLAY_UTF8",
              "Server": "DISPLAY_UTF8",
              "Content_Length": "DISPLAY_UTF8",
              "Content_Type": "DISPLAY_UTF8",
              "Connection": "DISPLAY_UTF8"
            },
            "Server": [
              "Microsoft-HTTPAPI/2.0"
            ],
            "Content_Length": [
              "315"
            ],
            "Content_Type": [
              "text/html; charset=us-ascii"
            ],
            "Connection": [
              "close"
            ]
          },
          "_encoding": {
            "html_tags": "DISPLAY_UTF8",
            "body": "DISPLAY_UTF8",
            "body_hash": "DISPLAY_UTF8",
            "html_title": "DISPLAY_UTF8"
          },
          "html_tags": [
            "<TITLE>Not Found</TITLE>",
            "<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\">"
          ],
          "body_size": 315,
          "body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Not Found</h2>\r\n<hr><p>HTTP Error 404. The requested resource is not found.</p>\r\n</BODY></HTML>\r\n",
          "body_hashes": [
            "sha256:ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0",
            "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083"
          ],
          "body_hash": "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083",
          "html_title": "Not Found"
        },
        "supports_http2": false
      },
      "observed_at": "2024-06-19T07:48:37.686327307Z",
      "perspective_id": "PERSPECTIVE_NTT",
      "port": 47001,
      "service_name": "HTTP",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
          "part": "o",
          "vendor": "Microsoft",
          "product": "Windows",
          "other": {
            "family": "Windows"
          },
          "source": "OSI_APPLICATION_LAYER"
        },
        {
          "uniform_resource_identifier": "cpe:2.3:a:microsoft:http_api:2.0:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "Microsoft",
          "product": "HTTP API",
          "version": "2.0",
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "206.168.34.120",
      "transport_protocol": "TCP",
      "truncated": false
    }
  ],
  "location": {
    "continent": "Europe",
    "country": "Netherlands",
    "country_code": "NL",
    "city": "Amsterdam",
    "postal_code": "1012",
    "timezone": "Europe/Amsterdam",
    "province": "North Holland",
    "coordinates": {
      "latitude": 52.37403,
      "longitude": 4.88969
    }
  },
  "location_updated_at": "2024-06-09T04:52:36.808848300Z",
  "autonomous_system": {
    "asn": 208046,
    "description": "COLOCATIONX-DATACENTER Dedicated Server Provider",
    "bgp_prefix": "193.142.146.0/24",
    "name": "COLOCATIONX-DATACENTER Dedicated Server Provider",
    "country_code": "GB"
  },
  "autonomous_system_updated_at": "2024-06-09T04:52:36.808926648Z",
  "whois": {
    "network": {
      "handle": "COLOCATIONX-IP-RANGE",
      "name": "ColocationX Datacenter",
      "cidrs": [
        "193.142.146.0/24"
      ],
      "created": "2019-10-11T00:00:00Z",
      "updated": "2022-11-12T00:00:00Z"
    },
    "organization": {
      "handle": "ORG-CL709-RIPE",
      "name": "ColocationX Ltd.",
      "address": "Kingsfordweg 151, 1043GR Amsterdam",
      "abuse_contacts": [
        {
          "handle": "CLN38-RIPE",
          "name": "ColocationX Ltd. 24x7 NOC",
          "email": "[email protected]"
        }
      ]
    }
  },
  "operating_system": {
    "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
    "part": "o",
    "vendor": "Microsoft",
    "product": "Windows",
    "other": {
      "family": "Windows"
    }
  },
  "dns": {},
  "last_updated_at": "2024-06-19T10:19:31.502Z",
  "labels": [
    "file-sharing",
    "network-administration",
    "remote-access"
  ]
}