195.52.223.247
As of: Oct 10, 2024 11:23pm UTC |
Latest
{
"ip": "195.52.223.247",
"services": [
{
"_decoded": "dns",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "none",
"banner_hashes": [
"sha256:140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe"
],
"banner_hex": "6e6f6e65",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"dns": {
"version": "none",
"server_type": "AUTHORITATIVE",
"r_code": "REFUSED",
"resolves_correctly": false
},
"extended_service_name": "DNS",
"observed_at": "2024-10-10T15:06:27.758828853Z",
"perspective_id": "PERSPECTIVE_PCCW",
"port": 53,
"service_name": "DNS",
"source_ip": "199.45.154.152",
"transport_protocol": "UDP",
"truncated": false
},
{
"_decoded": "smtp",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "220 webhoster.ag ESMTP Postfix\r\n",
"banner_hashes": [
"sha256:0c7145a49a84237b2d8ef83263a29d5bb3fbcb05938bb9c8654432b0dd0f78db"
],
"banner_hex": "32323020776562686f737465722e61672045534d545020506f73746669780d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "PREDICTIVE_METHOD_16",
"extended_service_name": "SMTPS",
"labels": [
"email"
],
"observed_at": "2024-10-09T12:08:19.237209883Z",
"perspective_id": "PERSPECTIVE_NTT_2",
"port": 465,
"service_name": "SMTP",
"smtp": {
"_encoding": {
"banner": "DISPLAY_UTF8",
"ehlo": "DISPLAY_UTF8"
},
"banner": "220 webhoster.ag ESMTP Postfix\r\n",
"ehlo": "250-webhoster.ag\r\n250-PIPELINING\r\n250-SIZE 102400000\r\n250-ETRN\r\n250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250-DSN\r\n250-SMTPUTF8\r\n250 CHUNKING\r\n"
},
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
"part": "o",
"product": "linux",
"source": "OSI_TRANSPORT_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Postfix",
"product": "Postfix",
"other": {
"family": "Postfix"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "199.45.155.69",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 23
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52",
"versions": [
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52"
}
]
},
"transport_fingerprint": {
"id": 72,
"os": "Ubuntu / Debian / CentOS",
"raw": "28960,64,true,MSTNW,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 200 OK\r\nDate: <REDACTED>\r\nContent-Length: 1485\r\nConnection: keep-alive\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store, must-revalidate, max-age=0\r\nServer: imunify360-webshield/1.21\r\n",
"banner_hashes": [
"sha256:6f099fa24982e6b8942e337f62b0a63a1bb2308e6678c512390936f43e33cc0d"
],
"banner_hex": "485454502f312e3120323030204f4b0d0a446174653a203c52454441435445443e0d0a436f6e74656e742d4c656e6774683a20313438350d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a43616368652d436f6e74726f6c3a206e6f2d63616368652c206e6f2d73746f72652c206d7573742d726576616c69646174652c206d61782d6167653d300d0a5365727665723a20696d756e6966793336302d776562736869656c642f312e32310d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "PREDICTIVE_METHOD_12",
"extended_service_name": "HTTPS",
"http": {
"request": {
"method": "GET",
"uri": "https://195.52.223.247:8443/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 200,
"status_reason": "OK",
"headers": {
"Cache_Control": [
"no-cache, no-store, must-revalidate, max-age=0"
],
"_encoding": {
"Cache_Control": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Date": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"imunify360-webshield/1.21"
],
"Content_Length": [
"1485"
],
"Content_Type": [
"text/html"
],
"Date": [
"<REDACTED>"
],
"Connection": [
"keep-alive"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>One moment, please...</title>",
"<meta charset=\"utf-8\">",
"<meta name=\"robots\" content=\"noindex, nofollow\">"
],
"body_size": 1485,
"body": "\n<!doctype html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"robots\" content=\"noindex, nofollow\">\n <title>One moment, please...</title>\n <style>\n body {\n background: #F6F7F8;\n color: #303131;\n font-family: sans-serif;\n margin-top: 45vh;\n text-align: center;\n }\n </style>\n </head>\n<body>\n <h1>Please wait while your request is being verified...</h1>\n <form id=\"wsidchk-form\" style=\"display:none;\" action=\"/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f\" method=\"GET\">\n <input type=\"hidden\" id=\"wsidchk\" name=\"wsidchk\"/>\n </form>\n <script>\n (function(){\n var west=+((+!+[])+(+!+[]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![])+(+![]+[])+(+!+[]+!![])+(+![]+[])+(+!+[]+!![])+(+!+[]+!![]+!![]+[])),\n east=+((+!+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])),\n x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} },\n y=function(y,z){x() ? document.addEventListener('DOMContentLoaded',y,z) : document.attachEvent('onreadystatechange',y);};\n y(function(){\n document.getElementById('wsidchk').value = west + east;\n document.getElementById('wsidchk-form').submit();\n }, false);\n })();\n </script>\n</body>\n</html>",
"body_hashes": [
"sha256:11b8ad5e5b87e8a1887847bb1fdcfcf95ad70719327d01f03d71c8bb6ec1edc1",
"sha1:0af4ced29eff2fdc326f32b5407e690832999327"
],
"body_hash": "sha1:0af4ced29eff2fdc326f32b5407e690832999327",
"html_title": "One moment, please..."
},
"supports_http2": true
},
"observed_at": "2024-10-09T11:28:03.440608781Z",
"pending_removal_since": "2024-10-10T23:23:01.620260224Z",
"perspective_id": "PERSPECTIVE_NTT_2",
"port": 8443,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:imunify_security:imunify360:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Imunify Security",
"product": "Imunify360",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "199.45.155.69",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "475c9302dc42b2751db9edcac3b74891",
"ja4s": "t130200_1303_a56c5b993250",
"versions": [
{
"tls_version": "TLSv1_3",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "475c9302dc42b2751db9edcac3b74891",
"ja4s": "t130200_1303_a56c5b993250"
},
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "d25619cb77d3219fc9fc14cb6b35eacc",
"ja4s": "t120200_cca8_344b4dce5a52"
}
]
},
"transport_protocol": "TCP",
"truncated": false
}
],
"location": {
"continent": "Europe",
"country": "Germany",
"country_code": "DE",
"city": "Frankfurt am Main",
"postal_code": "60306",
"timezone": "Europe/Berlin",
"province": "Hesse",
"coordinates": {
"latitude": 50.11552,
"longitude": 8.68417
}
},
"location_updated_at": "2024-10-06T12:47:53.781414941Z",
"autonomous_system": {
"asn": 12312,
"description": "ECOTEL",
"bgp_prefix": "195.52.0.0/16",
"name": "ECOTEL",
"country_code": "DE"
},
"autonomous_system_updated_at": "2024-10-06T12:47:53.781534435Z",
"whois": {
"network": {
"handle": "TIS-D406966-NET",
"name": "webhoster.de AG",
"cidrs": [
"195.52.223.0/24"
],
"created": "2014-11-24T00:00:00Z",
"updated": "2017-11-01T00:00:00Z"
},
"organization": {
"handle": "ORG-ECA1-RIPE",
"name": "ecotel communication ag",
"address": "Prinzenallee 11\\n40549\\nDuesseldorf\\nGERMANY",
"abuse_contacts": [
{
"handle": "NET12312-RIPE",
"name": "AS12312 Network Management",
"email": "[email protected]"
}
],
"admin_contacts": [
{
"handle": "MB50402-RIPE",
"name": "Matthias Belz"
},
{
"handle": "PW1632-RIPE",
"name": "Peter Winkler",
"email": "[email protected]"
}
]
}
},
"operating_system": {
"uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
"part": "o",
"product": "linux",
"source": "OSI_TRANSPORT_LAYER"
},
"dns": {
"names": [
"test.server.ehrenwert.it",
"vm201.server.ehrenwert.it",
"vm208.ehrenwert.it",
"vm209.ehrenwert.it"
],
"records": {
"test.server.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2024-10-07T18:25:59.407565284Z"
},
"vm208.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2024-10-08T19:47:12.580765516Z"
},
"vm201.server.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2024-10-07T18:26:00.038714349Z"
},
"vm209.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2024-10-10T20:33:33.287069944Z"
}
},
"reverse_dns": {
"names": [
"breiding-vps1.aula.ehrenwert.it"
],
"resolved_at": "2024-10-08T05:43:27.309459960Z"
}
},
"last_updated_at": "2024-10-10T23:23:16.987Z",
"labels": [
"email"
]
}