195.52.223.247
As of: Mar 22, 2025 8:22pm UTC |
Latest
{
"ip": "195.52.223.247",
"services": [
{
"_decoded": "ftp",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "220 ProFTPD Server (ProFTPD) [195.52.223.247]\r\n",
"banner_hashes": [
"sha256:7532687251fbb3cd02c55fc62864bf569aa8bfb890957a6e0191f58fce6dd2f3"
],
"banner_hex": "3232302050726f4654504420536572766572202850726f4654504429205b3139352e35322e3232332e3234375d0d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "FTPes",
"ftp": {
"_encoding": {
"banner": "DISPLAY_UTF8",
"auth_tls_response": "DISPLAY_UTF8"
},
"banner": "220 ProFTPD Server (ProFTPD) [195.52.223.247]\r\n",
"auth_tls_response": "234 AUTH TLS successful\r\n",
"status_code": 220,
"status_meaning": "Service ready for new user.",
"implicit_tls": false
},
"labels": [
"file-sharing"
],
"observed_at": "2025-03-21T03:16:54.118537135Z",
"pending_removal_since": "2025-03-22T13:43:57.097657302Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 21,
"service_name": "FTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "ProFTPD Project",
"product": "ProFTPD",
"other": {
"family": "ProFTPD"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
"part": "o",
"product": "linux",
"source": "OSI_TRANSPORT_LAYER"
},
{
"other": {
"ip": "195.52.223.247"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "199.45.154.132",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 23
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52"
},
"transport_fingerprint": {
"id": 72,
"os": "Ubuntu / Debian / CentOS",
"raw": "28960,64,true,MSTNW,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "smtp",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "220 webhoster.ag ESMTP Postfix\r\n",
"banner_hashes": [
"sha256:0c7145a49a84237b2d8ef83263a29d5bb3fbcb05938bb9c8654432b0dd0f78db"
],
"banner_hex": "32323020776562686f737465722e61672045534d545020506f73746669780d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "SMTP-STARTTLS",
"labels": [
"email"
],
"observed_at": "2025-03-22T13:41:56.035927523Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 25,
"service_name": "SMTP",
"smtp": {
"_encoding": {
"banner": "DISPLAY_UTF8",
"ehlo": "DISPLAY_UTF8",
"start_tls": "DISPLAY_UTF8"
},
"banner": "220 webhoster.ag ESMTP Postfix\r\n",
"ehlo": "250-webhoster.ag\r\n250-PIPELINING\r\n250-SIZE 102400000\r\n250-ETRN\r\n250-STARTTLS\r\n250-AUTH CRAM-MD5 PLAIN LOGIN\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250-DSN\r\n250-SMTPUTF8\r\n250 CHUNKING\r\n",
"start_tls": "220 2.0.0 Ready to start TLS\r\n"
},
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Postfix",
"product": "Postfix",
"other": {
"family": "Postfix"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "162.142.125.205",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036",
"ja4s": "t130200_1302_a56c5b993250"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "dns",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "none",
"banner_hashes": [
"sha256:140bedbf9c3f6d56a9846d2ba7088798683f4da0c248231336e6a05679e4fdfe"
],
"banner_hex": "6e6f6e65",
"dns": {
"version": "none",
"server_type": "AUTHORITATIVE",
"r_code": "REFUSED",
"resolves_correctly": false
},
"extended_service_name": "DNS",
"observed_at": "2025-03-22T11:28:19.273080505Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 53,
"service_name": "DNS",
"source_ip": "167.94.138.202",
"transport_protocol": "UDP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 415 Unsupported Media Type\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 176\r\nConnection: keep-alive\r\nServer: imunify360-webshield/1.21\r\n",
"banner_hashes": [
"sha256:4f3ddf616e1e4be52550fc6679a102322c36bbccb72e05d81975ae285355e00c"
],
"banner_hex": "485454502f312e312034313520556e737570706f72746564204d6564696120547970650d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203137360d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a5365727665723a20696d756e6966793336302d776562736869656c642f312e32310d0a",
"discovery_method": "PREDICTIVE_METHOD_20",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://195.52.223.247/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 415,
"status_reason": "Unsupported Media Type",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"imunify360-webshield/1.21"
],
"Content_Length": [
"176"
],
"Content_Type": [
"text/html"
],
"Connection": [
"keep-alive"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>415 Unsupported Media Type</title>"
],
"body_size": 176,
"body": "<html>\r\n<head><title>415 Unsupported Media Type</title></head>\r\n<body>\r\n<center><h1>415 Unsupported Media Type</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n",
"body_hashes": [
"sha256:084f5137476bbfeb65b6782e663f46b289ccdbccc5a4ec0b715e1f889c8d26d6",
"sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"tlsh:f3c0127d24a6bc0a966368ba34c3a890d1a2c2310bd8aa414204026b3083022ead33e5"
],
"body_hash": "sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"html_title": "415 Unsupported Media Type"
},
"supports_http2": true
},
"observed_at": "2025-03-22T07:48:02.817810233Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 80,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:imunify_security:imunify360:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Imunify Security",
"product": "Imunify360",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.138.62",
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "pop3",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "+OK Dovecot ready. <[email protected]>\r\n",
"banner_hashes": [
"sha256:bc8953e993395687ba86db40d4a7718dc3186a4acb2ca6715b84d4cb04fb4d95"
],
"banner_hex": "2b4f4b20446f7665636f742072656164792e203c31366464392e316332372e36376465306161392e6c6b555351564e57663831652b78596f5654493966413d3d40776562686f737465722e61673e0d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "PREDICTIVE_METHOD_12",
"extended_service_name": "POP3S",
"labels": [
"email"
],
"observed_at": "2025-03-22T00:56:09.336341050Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"pop3": {
"_encoding": {
"banner": "DISPLAY_UTF8",
"start_tls": "DISPLAY_UTF8"
},
"banner": "+OK Dovecot ready. <[email protected]>\r\n",
"start_tls": "+OK Begin TLS negotiation now.\r\n"
},
"port": 110,
"service_name": "POP3",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Dovecot",
"product": "Dovecot",
"other": {
"family": "Dovecot"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "206.168.34.64",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 23
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "imap",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.\r\n",
"banner_hashes": [
"sha256:3535c1c91c9938cc78b1a93a8b510daff703245d7abc0d8ca0e217b0480eeca0"
],
"banner_hex": "2a204f4b205b4341504142494c49545920494d41503472657631205341534c2d4952204c4f47494e2d524546455252414c5320494420454e41424c452049444c45204c49544552414c2b205354415254544c5320415554483d504c41494e20415554483d4c4f47494e20415554483d4449474553542d4d443520415554483d4352414d2d4d44355d20446f7665636f742072656164792e0d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "IMAPS",
"imap": {
"_encoding": {
"banner": "DISPLAY_UTF8"
},
"banner": "* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.\r\n",
"start_tls": "a001 OK Begin TLS negotiation now.\r\n"
},
"labels": [
"email"
],
"observed_at": "2025-03-21T16:39:43.567207610Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 143,
"service_name": "IMAP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
"part": "o",
"product": "linux",
"source": "OSI_TRANSPORT_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Dovecot",
"product": "Dovecot",
"other": {
"family": "Dovecot"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "162.142.125.208",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 23
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52",
"versions": [
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52"
}
]
},
"transport_fingerprint": {
"id": 72,
"os": "Ubuntu / Debian / CentOS",
"raw": "28960,64,true,MSTNW,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncontent-type: text/html\r\nlast-modified: Sun, 19 Jan 2020 16:22:53 GMT\r\netag: \"14e8-5e24825d-89c22ce5629bf447;gz\"\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-length: 1694\r\ndate: <REDACTED>\r\nserver: LiteSpeed\r\nx-powered-by: PleskLin\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n",
"banner_hashes": [
"sha256:10406dc87134cecab33de44371c4270b22e14e79176e0fb0a67e6f7cb4e22222"
],
"banner_hex": "485454502f312e3120323030204f4b0d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a4b6565702d416c6976653a2074696d656f75743d352c206d61783d3130300d0a636f6e74656e742d747970653a20746578742f68746d6c0d0a6c6173742d6d6f6469666965643a2053756e2c203139204a616e20323032302031363a32323a353320474d540d0a657461673a2022313465382d35653234383235642d383963323263653536323962663434373b677a220d0a6163636570742d72616e6765733a2062797465730d0a636f6e74656e742d656e636f64696e673a20677a69700d0a766172793a204163636570742d456e636f64696e670d0a636f6e74656e742d6c656e6774683a20313639340d0a646174653a20203c52454441435445443e0d0a7365727665723a204c69746553706565640d0a782d706f77657265642d62793a20506c65736b4c696e0d0a616c742d7376633a2068333d223a343433223b206d613d323539323030302c2068332d32393d223a343433223b206d613d323539323030302c2068332d513035303d223a343433223b206d613d323539323030302c2068332d513034363d223a343433223b206d613d323539323030302c2068332d513034333d223a343433223b206d613d323539323030302c20717569633d223a343433223b206d613d323539323030303b20763d2234332c3436220d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "PREDICTIVE_METHOD_20",
"extended_service_name": "HTTPS",
"http": {
"request": {
"method": "GET",
"uri": "https://195.52.223.247/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 200,
"status_reason": "OK",
"headers": {
"alt_svc": [
"h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\""
],
"_encoding": {
"alt_svc": "DISPLAY_UTF8",
"date": "DISPLAY_UTF8",
"vary": "DISPLAY_UTF8",
"Keep_Alive": "DISPLAY_UTF8",
"content_encoding": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8",
"last_modified": "DISPLAY_UTF8",
"content_type": "DISPLAY_UTF8",
"etag": "DISPLAY_UTF8",
"x_powered_by": "DISPLAY_UTF8",
"accept_ranges": "DISPLAY_UTF8",
"content_length": "DISPLAY_UTF8",
"server": "DISPLAY_UTF8"
},
"date": [
"<REDACTED>"
],
"vary": [
"Accept-Encoding"
],
"Keep_Alive": [
"timeout=5, max=100"
],
"content_encoding": [
"gzip"
],
"Connection": [
"Keep-Alive"
],
"last_modified": [
"Sun, 19 Jan 2020 16:22:53 GMT"
],
"content_type": [
"text/html"
],
"etag": [
"\"14e8-5e24825d-89c22ce5629bf447;gz\""
],
"x_powered_by": [
"PleskLin"
],
"accept_ranges": [
"bytes"
],
"content_length": [
"1694"
],
"server": [
"LiteSpeed"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>Web Server's Default Page</title>",
"<meta charset=\"utf-8\">",
"<meta name=\"copyright\" content=\"Copyright 1999-2020. webhoster.de AG\">",
"<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\">",
"<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">"
],
"body_size": 5352,
"body": "<!doctype html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <title>Web Server's Default Page</title>\n <meta name=\"copyright\" content=\"Copyright 1999-2020. webhoster.de AG\">\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <link rel=\"shortcut icon\" href=\"favicon.ico\">\n <link rel=\"preload\" href=\"fonts/lato-v16-latin-regular.woff2\" as=\"font\" type=\"font/woff2\" crossorigin>\n <link rel=\"stylesheet\" href=\"style.css\">\n</head>\n<body>\n <header class=\"header\">\n <div class=\"header__inner\">\n <div class=\"header__content\">\n <a class=\"header__logo\" href=\"https://www.webhoster.ag\" target=\"_blank\">\n <img src=\"img/webhosterlogo.png\" alt=\"webhoster logo\">\n </a>\n <h1 class=\"header__title\">Webhoster Standard Seite</h1>\n <p class=\"header__message\">\n Dieses Seite wurde generiert von der <a href=\"https://www.webhoster.ag\" target=\"_blank\">webhoster.de AG</a><br>\n Sie sehen die Website, weil bisher keine Daten hochgeladen wurden.\n </p>\n <div class=\"note\">\n <span class=\"note__message\">Loggen Sie in die Verwaltungsoberfl\u00e4che ein.</span>\n <script>document.write('<a class=\"note__button\" href=\"https://' + location.hostname + (location.protocol === 'https:' ? ':8443' : '') + '\">Webhoster Login</a>');</script>\n </div>\n </div>\n </div>\n </header>\n <main class=\"content\">\n <div class=\"content__inner\">\n <h2 class=\"content__title\">Wichtige Webhosting Informationen</h2>\n <p><b><a href=\"https://www.webhosting.de/umzug-confixx-plesk/\">Umzug Confixx zu Plesk</a></b> falls Ihr Account umgezogen wurde finden Sie hier alle wichtigen Neuerungen.<br>Bitte pr\u00fcfen Sie auch Ihr eMailprogramm. Eine Anleitung f\u00fcr die richtige Konfiguration Ihre eMail Programme finden Sie unter <a href=\"https://www.webhoster.ag/email/\">webhoster.ag/email</a>.\n\t\t</p>\n <h2 class=\"content__title\"><a href=\"https://www.webhoster.ag/wie-ist-meine-ip\">Wie ist meine IP?</a></h2>\n\t <p><script src=\"https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js\"></script>\n <script>\n$.get(\"https://ipinfo.io/json\", function (response) {\n $(\"#ip\").html(\"IP: \" + response.ip);\n $(\"#address\").html(\"Location: \" + response.city + \", \" + response.region);\n $(\"#details\").html(JSON.stringify(response, null, 4));\n}, \"jsonp\");\n </script>\n<div id=\"ip\"></div> Bitte geben Sie Ihre IP Adresse bei Serviceanfragen an. Hiermit k\u00f6nnen wir Ihnen schneller helfen. Wenn Sie sofort technischen Service ben\u00f6tigen, klicken Sie bitte unten auf Soforthilfe. Wir sind immer f\u00fcr Sie da.<br><br>\nProbleme mit eMails? Schauen Sie einmal unter <a href=\"https://www.webhoster.ag/email/\">eMail Einrichtung</a> f\u00fcr die richtigen Einstellungen.\n\t\t</p>\n <ul class=\"resources-list\">\n <li class=\"resources-list__item\">\n <a class=\"plesk-guides\" href=\"https://www.webhoster.ag/anleitungen/\" target=\"_blank\">\n <img class=\"icon\" src=\"img/plesk-guides.svg\" alt=\"Anleitungen\">\n <span>Webhoster Anleitungen</span>\n </a>\n </li>\n <li class=\"resources-list__item\">\n <a href=\"https://www.webhoster.ag/soforthilfe/\" target=\"_blank\">\n <img class=\"icon\" src=\"img/knowlede-base.svg\" alt=\"Knowledge Base\">\n <span>Soforthilfe</span>\n </a>\n </li>\n <li class=\"resources-list__item\">\n <a href=\"https://www.webhosting.de\" target=\"_blank\">\n <img class=\"icon\" src=\"img/forum.svg\" alt=\"Forum\">\n <span>Forum</span>\n </a>\n </li>\n <li class=\"resources-list__item\">\n <a href=\"https://www.webhoster.ag/blog/\" target=\"_blank\">\n <img class=\"icon\" src=\"img/developers-blog.svg\" alt=\"Webhoster Blog\">\n <span>Webhoster Blog</span>\n </a>\n </li>\n <li class=\"resources-list__item\">\n <a href=\"https://www.youtube.com/c/webhoster\" target=\"_blank\">\n <img class=\"icon\" src=\"img/video-guides.svg\" alt=\"Video Guides\">\n <span>Video Anleitungen</span>\n </a>\n </li>\n <li class=\"resources-list__item\">\n <a href=\"https://www.facebook.com/webhosterde\" target=\"_blank\">\n <img class=\"icon\" src=\"img/facebook.svg\" alt=\"Facebook\">\n <span>Facebook</span>\n </a>\n </li>\n </ul>\n </div>\n </main>\n <footer class=\"footer\">\n <div class=\"footer__inner\">Diese Website wurde von der webhoster.de AG erstellt. Wir sind webhosting Anbieter seit 1996 und bieten hochverf\u00fcgbare Webhosting Leistungen an.\n Erfahre mehr bei: <a href=\"https://www.webhoster.de\" target=\"_blank\">webhoster.de</a>\n </div>\n </footer>\n</body>\n</html>\n",
"favicons": [
{
"size": 1150,
"name": "https://195.52.223.247/favicon.ico",
"md5_hash": "ec49973c1991bf39fcdb53260467f39f",
"hashes": [
"md5:ec49973c1991bf39fcdb53260467f39f",
"sha256:3550474f9a466ace7857064d81db50a25ba7c81de043bc9df8289bd90e32e411"
],
"shodan_hash": -1050786453
}
],
"body_hashes": [
"sha256:4e3f5e7b41a8888828a9784054173060f69aa021c62eb753a55883fab9c2c007",
"sha1:eb0b61184dc93fe40a907d7e673bc5363046b6ff",
"tlsh:88b1207204f5a57f5352d2c2ea21e7bcbdc2802bcd516d15b1fd464e2fe2e4a89a314c"
],
"body_hash": "sha1:eb0b61184dc93fe40a907d7e673bc5363046b6ff",
"html_title": "Web Server's Default Page"
},
"supports_http2": true
},
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "21d19d00021d21d00042d43d00000091f9827a8676a9d9f27d421962a09b5d",
"cipher_and_version_fingerprint": "21d19d00021d21d00042d43d000000",
"tls_extensions_sha256": "91f9827a8676a9d9f27d421962a09b5d",
"observed_at": "2025-03-22T20:21:31.075572029Z"
},
"labels": [
"jquery",
"web.control-panel.hosting"
],
"observed_at": "2025-03-22T15:14:16.094305974Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 443,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "LiteSpeed Technologies",
"product": "LiteSpeed Web Server",
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:*:plesklin:*:*:*:*:*:*:*:*",
"part": "a",
"product": "PleskLin",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.145.104",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 29
}
},
"session_ticket": {
"length": 176,
"lifetime_hint": 7200
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "e35df3e00ca4ef31d42b34bebaa2f86e",
"ja4s": "t120300_c030_bec8bdbaef8a",
"versions": [
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "e35df3e00ca4ef31d42b34bebaa2f86e",
"ja4s": "t120300_c030_bec8bdbaef8a"
}
]
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "smtp",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "220 webhoster.ag ESMTP Postfix\r\n",
"banner_hashes": [
"sha256:0c7145a49a84237b2d8ef83263a29d5bb3fbcb05938bb9c8654432b0dd0f78db"
],
"banner_hex": "32323020776562686f737465722e61672045534d545020506f73746669780d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "PREDICTIVE_METHOD_20",
"extended_service_name": "SMTP-STARTTLS",
"labels": [
"email"
],
"observed_at": "2025-03-22T07:42:12.266602155Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 587,
"service_name": "SMTP",
"smtp": {
"_encoding": {
"banner": "DISPLAY_UTF8",
"ehlo": "DISPLAY_UTF8",
"start_tls": "DISPLAY_UTF8"
},
"banner": "220 webhoster.ag ESMTP Postfix\r\n",
"ehlo": "250-webhoster.ag\r\n250-PIPELINING\r\n250-SIZE 102400000\r\n250-ETRN\r\n250-STARTTLS\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250-DSN\r\n250-SMTPUTF8\r\n250 CHUNKING\r\n",
"start_tls": "220 2.0.0 Ready to start TLS\r\n"
},
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
"part": "o",
"product": "linux",
"source": "OSI_TRANSPORT_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Postfix",
"product": "Postfix",
"other": {
"family": "Postfix"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "206.168.34.213",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 23
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52"
},
"transport_fingerprint": {
"id": 72,
"os": "Ubuntu / Debian / CentOS",
"raw": "28960,64,true,MSTNW,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "imap",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.\r\n",
"banner_hashes": [
"sha256:5200893fa5fc0d7030ad2e4a151c50852c895346b68e6176baf4c5efdbae3c96"
],
"banner_hex": "2a204f4b205b4341504142494c49545920494d41503472657631205341534c2d4952204c4f47494e2d524546455252414c5320494420454e41424c452049444c45204c49544552414c2b20415554483d504c41494e20415554483d4c4f47494e20415554483d4449474553542d4d443520415554483d4352414d2d4d44355d20446f7665636f742072656164792e0d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "PREDICTIVE_METHOD_18",
"extended_service_name": "IMAPS",
"imap": {
"_encoding": {
"banner": "DISPLAY_UTF8"
},
"banner": "* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.\r\n"
},
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "2ad2ad0002ad2ad0002ad2ad2ad2ad5367dd7e1b5519f6c6bcd2f69e963253",
"cipher_and_version_fingerprint": "2ad2ad0002ad2ad0002ad2ad2ad2ad",
"tls_extensions_sha256": "5367dd7e1b5519f6c6bcd2f69e963253",
"observed_at": "2025-03-18T22:08:56.458246377Z"
},
"labels": [
"email"
],
"observed_at": "2025-03-21T16:38:40.705989895Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 993,
"service_name": "IMAP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
"part": "o",
"product": "linux",
"source": "OSI_TRANSPORT_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Dovecot",
"product": "Dovecot",
"other": {
"family": "Dovecot"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "162.142.125.216",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 23
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52",
"versions": [
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52"
}
]
},
"transport_fingerprint": {
"id": 72,
"os": "Ubuntu / Debian / CentOS",
"raw": "28960,64,true,MSTNW,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "ssh",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "SSH-2.0-OpenSSH_7.4",
"banner_hashes": [
"sha256:be0da7ee170f9a69bc13b9e61ecfc9110c27db40f3f2e4c0ffae6741f064af8a"
],
"banner_hex": "5353482d322e302d4f70656e5353485f372e34",
"discovery_method": "REFRESH",
"extended_service_name": "SSH",
"labels": [
"remote-access"
],
"observed_at": "2025-03-22T02:22:52.474448975Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 2941,
"service_name": "SSH",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.4:*:*:*:*:*:*:*",
"part": "a",
"vendor": "OpenBSD",
"product": "OpenSSH",
"version": "7.4",
"other": {
"family": "OpenSSH"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "199.45.155.105",
"ssh": {
"endpoint_id": {
"_encoding": {
"raw": "DISPLAY_UTF8"
},
"raw": "SSH-2.0-OpenSSH_7.4",
"protocol_version": "2.0",
"software_version": "OpenSSH_7.4"
},
"kex_init_message": {
"kex_algorithms": [
"curve25519-sha256",
"[email protected]",
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group16-sha512",
"diffie-hellman-group18-sha512",
"diffie-hellman-group-exchange-sha1",
"diffie-hellman-group14-sha256",
"diffie-hellman-group14-sha1",
"diffie-hellman-group1-sha1",
"[email protected]"
],
"host_key_algorithms": [
"ssh-rsa",
"rsa-sha2-512",
"rsa-sha2-256",
"ecdsa-sha2-nistp256",
"ssh-ed25519"
],
"client_to_server_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]",
"aes128-cbc",
"aes192-cbc",
"aes256-cbc",
"blowfish-cbc",
"cast128-cbc",
"3des-cbc"
],
"server_to_client_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]",
"aes128-cbc",
"aes192-cbc",
"aes256-cbc",
"blowfish-cbc",
"cast128-cbc",
"3des-cbc"
],
"client_to_server_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"server_to_client_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"client_to_server_compression": [
"none",
"[email protected]"
],
"server_to_client_compression": [
"none",
"[email protected]"
],
"first_kex_follows": false
},
"algorithm_selection": {
"kex_algorithm": "[email protected]",
"host_key_algorithm": "ecdsa-sha2-nistp256",
"client_to_server_alg_group": {
"cipher": "aes128-ctr",
"mac": "hmac-sha2-256",
"compression": "none"
},
"server_to_client_alg_group": {
"cipher": "aes128-ctr",
"mac": "hmac-sha2-256",
"compression": "none"
}
},
"server_host_key": {
"fingerprint_sha256": "12f0fd79c79847cff6bacaa91079db7ec2b422315d67ae3701405307095e9669",
"ecdsa_public_key": {
"_encoding": {
"b": "DISPLAY_BASE64",
"gx": "DISPLAY_BASE64",
"gy": "DISPLAY_BASE64",
"n": "DISPLAY_BASE64",
"p": "DISPLAY_BASE64",
"x": "DISPLAY_BASE64",
"y": "DISPLAY_BASE64"
},
"b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=",
"curve": "P-256",
"gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=",
"gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=",
"length": 256,
"n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE=",
"p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=",
"x": "OwwpggdbBvD5VhwnKzx2NwySLf/sYSivLb/lyACvinM=",
"y": "BSuOzvaqSUfd59K+8X0E4YQbFaP9pk7hngXkPw7pO/U="
}
},
"hassh_fingerprint": "98fecded130dda2056c8711b651ef4a5"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\nx-frame-options: SAMEORIGIN\r\ncontent-security-policy: frame-ancestors 'self'\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nset-cookie: LSWSWEBUI=cbadd4dc0fb22a1b06d6fb51ceca740f; path=/; secure; HttpOnly\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1637\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: <REDACTED>\r\nserver: LiteSpeed\r\n",
"banner_hashes": [
"sha256:2e06d771bd7868887d0d331f70f99a0cf2ef7a4adc1e5528f8454cc014054d1c"
],
"banner_hex": "485454502f312e3120323030204f4b0d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a4b6565702d416c6976653a2074696d656f75743d352c206d61783d3130300d0a782d6672616d652d6f7074696f6e733a2053414d454f524947494e0d0a636f6e74656e742d73656375726974792d706f6c6963793a206672616d652d616e636573746f7273202773656c66270d0a72656665727265722d706f6c6963793a2073616d652d6f726967696e0d0a782d636f6e74656e742d747970652d6f7074696f6e733a206e6f736e6966660d0a7365742d636f6f6b69653a204c53575357454255493d63626164643464633066623232613162303664366662353163656361373430663b20706174683d2f3b207365637572653b20487474704f6e6c790d0a657870697265733a205468752c203139204e6f7620313938312030383a35323a303020474d540d0a63616368652d636f6e74726f6c3a206e6f2d73746f72652c206e6f2d63616368652c206d7573742d726576616c69646174652c20706f73742d636865636b3d302c207072652d636865636b3d300d0a707261676d613a206e6f2d63616368650d0a636f6e74656e742d747970653a20746578742f68746d6c3b20636861727365743d5554462d380d0a636f6e74656e742d6c656e6774683a20313633370d0a636f6e74656e742d656e636f64696e673a20677a69700d0a766172793a204163636570742d456e636f64696e670d0a646174653a20203c52454441435445443e0d0a7365727665723a204c69746553706565640d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "PREDICTIVE_METHOD_30",
"extended_service_name": "HTTPS",
"http": {
"request": {
"method": "GET",
"uri": "https://195.52.223.247:7088/login.php",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 200,
"status_reason": "OK",
"headers": {
"cache_control": [
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
],
"_encoding": {
"cache_control": "DISPLAY_UTF8",
"x_frame_options": "DISPLAY_UTF8",
"expires": "DISPLAY_UTF8",
"content_type": "DISPLAY_UTF8",
"server": "DISPLAY_UTF8",
"pragma": "DISPLAY_UTF8",
"content_security_policy": "DISPLAY_UTF8",
"set_cookie": "DISPLAY_UTF8",
"x_content_type_options": "DISPLAY_UTF8",
"date": "DISPLAY_UTF8",
"referrer_policy": "DISPLAY_UTF8",
"vary": "DISPLAY_UTF8",
"Keep_Alive": "DISPLAY_UTF8",
"content_encoding": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8",
"content_length": "DISPLAY_UTF8"
},
"x_frame_options": [
"SAMEORIGIN"
],
"expires": [
"Thu, 19 Nov 1981 08:52:00 GMT"
],
"content_type": [
"text/html; charset=UTF-8"
],
"server": [
"LiteSpeed"
],
"pragma": [
"no-cache"
],
"content_security_policy": [
"frame-ancestors 'self'"
],
"set_cookie": [
"LSWSWEBUI=cbadd4dc0fb22a1b06d6fb51ceca740f; path=/; secure; HttpOnly"
],
"x_content_type_options": [
"nosniff"
],
"date": [
"<REDACTED>"
],
"referrer_policy": [
"same-origin"
],
"vary": [
"Accept-Encoding"
],
"Keep_Alive": [
"timeout=5, max=100"
],
"content_encoding": [
"gzip"
],
"Connection": [
"Keep-Alive"
],
"content_length": [
"1637"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title> - LiteSpeed WebAdmin Console</title>",
"<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>",
"<meta HTTP-EQUIV='Cache-control' CONTENT='no-cache'>",
"<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>",
"<meta HTTP-EQUIV='Expires' CONTENT='-1'>",
"<meta name=\"robots\" content=\"noindex\">"
],
"body_size": 5780,
"body": "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.0 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>\n\t\t<html>\n\t\t<head>\n\t\t<title> - LiteSpeed WebAdmin Console</title>\n\t\t<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>\n\t\t<meta HTTP-EQUIV='Cache-control' CONTENT='no-cache'>\n\t\t<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>\n\t\t<meta HTTP-EQUIV='Expires' CONTENT='-1'>\n <meta name=\"robots\" content=\"noindex\">\n\t\t<link rel='Shortcut Icon' type='image/x-icon' href='/static/images/icons/favicon.ico' />\n\t\t<link rel='stylesheet' type='text/css' href='/static/styles/style.css'>\n\t\t<script type='text/javascript'\n\t\tsrc='/static/scripts/general.js'></script>\n\t\t</head>\n\t\t<body >\n\t\t<form name='mgrform' method='post' action='/service/serviceMgr.php'>\n\t\t<input type='hidden' name='act'><input type='hidden' name='actId'><input type='hidden' name='vl'><input type='hidden' name='tk' value='0.84296500 1742611630'>\n\t\t</form>\n\t\t<div id=\"main-wrapper\"> <style>\n html,\n body {\n margin: 0;\n font-size: 16px;\n height:100%;\n }\n form {\n margin:0;\n }\n #main-wrapper {\n width:auto;\n margin:0;\n height:100%;\n }\n .center-wrapper {\n display: flex;\n justify-content: center;\n min-height: 100%;\n padding: 20vh 1rem 1rem 1rem;\n box-sizing: border-box;\n }\n .login-form-inner {\n width: 100%;\n box-sizing: border-box;\n max-width: 320px;\n margin: 0 auto;\n padding: 1.25rem 1.5rem 1.5rem 1.5rem;\n border: 1px solid #ced4da;\n background-color: #f5f9fc;\n box-shadow: 0 .55rem 1.25rem rgba(0, 65, 98, .04);\n }\n .login-form-input {\n width: 100%;\n }\n .login-form-logo {\n text-align: center;\n margin-bottom: 1rem;\n }\n .login-form h1 {\n border-bottom: 1px solid #ced4da;\n font-size: .938rem;\n padding: 1.15rem 1.5rem 1rem 1.5rem;\n margin: -1.25rem -1.5rem 1.75rem -1.5rem;\n color: #0a2246;\n background-color: #cbddec;\n line-height: 1;\n }\n .login-form-label {\n font-size: .938rem;\n }\n .login-form-input {\n display: block;\n width: 100%;\n height: calc(1.5rem + .75rem + 2px);\n padding: .375rem .75rem;\n font-size: 1rem;\n font-weight: 400;\n line-height: 1.5;\n color: #495057;\n background-color: #fff;\n background-clip: padding-box;\n border: 1px solid #ced4da;\n border-radius: 0;\n margin-top: 0.25rem;\n margin-bottom: 1.25rem;\n }\n .text-center {\n text-align: center;\n }\n .login-button {\n color: #fff;\n background-color: #142c4e;\n border-color: #142c4e;\n padding: .275rem .75rem;\n font-size: 1rem;\n line-height: 1.5;\n border-radius: 0;\n box-shadow: none;\n min-width: 8rem;\n cursor: pointer;\n transition:.3s;\n }\n .login-button:hover {\n background-color: #165180;\n }\n .login-form-msg {\n font-size: .864rem;\n margin-bottom: 1.5rem;\n color: #5d6879;\n }\n </style>\n <div class=\"center-wrapper\">\n <div>\n <form id=\"login\" action=\"login.php\" method=\"post\">\n <div class=\"login-form\">\n <div class=\"login-form-logo\"><img src=\"/static/images/logo/product_logo.svg\" width=\"300px\" border=\"0\"></div>\n <div class=\"login-form-inner\">\n <h1>WebAdmin Console</h1>\n <div class=\"\">\n <label for=\"uid\" class=\"login-form-label\">Username</label>\n <input name=\"userid\" id=\"uid\" type=\"text\" class=\"login-form-input\">\n </div>\n <div class=\"\">\n <label for=\"pass\" class=\"login-form-label\">Password</label>\n <input name=\"pass\" id=\"pass\" type=\"password\" class=\"login-form-input\">\n </div>\n <div class=\"\">\n <input type=\"submit\" class=\"login-button\" value=\"Login\">\n </div>\n </div>\n </div>\n</form>\n <div id=\"copyright\" class=\"text-center\">Copyright © 2002-2025 <a href=\"https://www.litespeedtech.com\">LiteSpeed Technologies, Inc.</a> All Rights Reserved.</div>\n </div>\n </div>\n </div>\n </body>\n</html>\n",
"favicons": [
{
"size": 1150,
"name": "https://195.52.223.247:7088/favicon.ico",
"md5_hash": "1f3b03dca43591a72ef5333db1f665a9",
"hashes": [
"md5:1f3b03dca43591a72ef5333db1f665a9",
"sha256:aca4c15f1af4015041d36d1d60816b8dd1d83beeb5a45e63025984ed4cf30125"
],
"shodan_hash": -1494963435
}
],
"body_hashes": [
"sha256:d407d2f65062375c534c05dcf86dc99f4a0d01da02a90abf34a95797e06597b5",
"sha1:915aa64c654d1d058fe384d3c75ed27a17d821a7",
"tlsh:d0c1220c19ab09036943453467f65b897a99c0238a06cf2dbefe2784cf8eb5159db7dc"
],
"body_hash": "sha1:915aa64c654d1d058fe384d3c75ed27a17d821a7",
"html_title": " - LiteSpeed WebAdmin Console"
},
"supports_http2": true
},
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "29d29d00029d29d00042d43d00041d598ac0c1012db967bb1ad0ff2491b3ae",
"cipher_and_version_fingerprint": "29d29d00029d29d00042d43d00041d",
"tls_extensions_sha256": "598ac0c1012db967bb1ad0ff2491b3ae",
"observed_at": "2025-03-22T04:59:30.851459709Z"
},
"labels": [
"login-page"
],
"observed_at": "2025-03-22T02:47:05.862928031Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 7088,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "LiteSpeed Technologies",
"product": "LiteSpeed Web Server",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "162.142.125.219",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "d75f9129bb5d05492a65ff78e081bcb2",
"ja4s": "t130200_1303_234ea6891581",
"versions": [
{
"tls_version": "TLSv1_3",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "d75f9129bb5d05492a65ff78e081bcb2",
"ja4s": "t130200_1303_234ea6891581"
},
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "303951d4c50efb2e991652225a6f02b1",
"ja4s": "t120200_c02f_344b4dce5a52"
}
]
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 415 Unsupported Media Type\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 176\r\nConnection: keep-alive\r\nServer: imunify360-webshield/1.21\r\n",
"banner_hashes": [
"sha256:4f3ddf616e1e4be52550fc6679a102322c36bbccb72e05d81975ae285355e00c"
],
"banner_hex": "485454502f312e312034313520556e737570706f72746564204d6564696120547970650d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203137360d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a5365727665723a20696d756e6966793336302d776562736869656c642f312e32310d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "HTTPS",
"http": {
"request": {
"method": "GET",
"uri": "https://195.52.223.247:8443/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 415,
"status_reason": "Unsupported Media Type",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"imunify360-webshield/1.21"
],
"Content_Length": [
"176"
],
"Content_Type": [
"text/html"
],
"Connection": [
"keep-alive"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>415 Unsupported Media Type</title>"
],
"body_size": 176,
"body": "<html>\r\n<head><title>415 Unsupported Media Type</title></head>\r\n<body>\r\n<center><h1>415 Unsupported Media Type</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n",
"body_hashes": [
"sha256:084f5137476bbfeb65b6782e663f46b289ccdbccc5a4ec0b715e1f889c8d26d6",
"sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"tlsh:f3c0127d24a6bc0a966368ba34c3a890d1a2c2310bd8aa414204026b3083022ead33e5"
],
"body_hash": "sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"html_title": "415 Unsupported Media Type"
},
"supports_http2": false
},
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "21d19d00021d21d00042d43d00000091f9827a8676a9d9f27d421962a09b5d",
"cipher_and_version_fingerprint": "21d19d00021d21d00042d43d000000",
"tls_extensions_sha256": "91f9827a8676a9d9f27d421962a09b5d",
"observed_at": "2025-03-22T09:34:25.720469734Z"
},
"observed_at": "2025-03-22T05:51:55.892586985Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 8443,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:imunify_security:imunify360:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Imunify Security",
"product": "Imunify360",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "206.168.34.74",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "475c9302dc42b2751db9edcac3b74891",
"ja4s": "t130200_1303_a56c5b993250",
"versions": [
{
"tls_version": "TLSv1_3",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "475c9302dc42b2751db9edcac3b74891",
"ja4s": "t130200_1303_a56c5b993250"
}
]
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 415 Unsupported Media Type\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 176\r\nConnection: keep-alive\r\nServer: imunify360-webshield/1.21\r\n",
"banner_hashes": [
"sha256:4f3ddf616e1e4be52550fc6679a102322c36bbccb72e05d81975ae285355e00c"
],
"banner_hex": "485454502f312e312034313520556e737570706f72746564204d6564696120547970650d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203137360d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a5365727665723a20696d756e6966793336302d776562736869656c642f312e32310d0a",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://195.52.223.247:8880/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 415,
"status_reason": "Unsupported Media Type",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"imunify360-webshield/1.21"
],
"Content_Length": [
"176"
],
"Content_Type": [
"text/html"
],
"Connection": [
"keep-alive"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>415 Unsupported Media Type</title>"
],
"body_size": 176,
"body": "<html>\r\n<head><title>415 Unsupported Media Type</title></head>\r\n<body>\r\n<center><h1>415 Unsupported Media Type</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n",
"body_hashes": [
"sha256:084f5137476bbfeb65b6782e663f46b289ccdbccc5a4ec0b715e1f889c8d26d6",
"sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"tlsh:f3c0127d24a6bc0a966368ba34c3a890d1a2c2310bd8aa414204026b3083022ead33e5"
],
"body_hash": "sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"html_title": "415 Unsupported Media Type"
},
"supports_http2": true
},
"observed_at": "2025-03-22T13:39:58.079080215Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 8880,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:imunify_security:imunify360:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Imunify Security",
"product": "Imunify360",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.138.185",
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 415 Unsupported Media Type\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 176\r\nConnection: keep-alive\r\nServer: imunify360-webshield/1.21\r\n",
"banner_hashes": [
"sha256:4f3ddf616e1e4be52550fc6679a102322c36bbccb72e05d81975ae285355e00c"
],
"banner_hex": "485454502f312e312034313520556e737570706f72746564204d6564696120547970650d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203137360d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a5365727665723a20696d756e6966793336302d776562736869656c642f312e32310d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "PREDICTIVE_METHOD_30",
"extended_service_name": "HTTPS",
"http": {
"request": {
"method": "GET",
"uri": "https://195.52.223.247:52223/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 415,
"status_reason": "Unsupported Media Type",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"imunify360-webshield/1.21"
],
"Content_Length": [
"176"
],
"Content_Type": [
"text/html"
],
"Connection": [
"keep-alive"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>415 Unsupported Media Type</title>"
],
"body_size": 176,
"body": "<html>\r\n<head><title>415 Unsupported Media Type</title></head>\r\n<body>\r\n<center><h1>415 Unsupported Media Type</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n",
"body_hashes": [
"sha256:084f5137476bbfeb65b6782e663f46b289ccdbccc5a4ec0b715e1f889c8d26d6",
"sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"tlsh:f3c0127d24a6bc0a966368ba34c3a890d1a2c2310bd8aa414204026b3083022ead33e5"
],
"body_hash": "sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"html_title": "415 Unsupported Media Type"
},
"supports_http2": true
},
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "21d19d00021d21d00042d43d00000091f9827a8676a9d9f27d421962a09b5d",
"cipher_and_version_fingerprint": "21d19d00021d21d00042d43d000000",
"tls_extensions_sha256": "91f9827a8676a9d9f27d421962a09b5d",
"observed_at": "2025-03-21T02:31:52.227120333Z"
},
"observed_at": "2025-03-22T13:39:46.901339823Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 52223,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:imunify_security:imunify360:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Imunify Security",
"product": "Imunify360",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "162.142.125.198",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "475c9302dc42b2751db9edcac3b74891",
"ja4s": "t130200_1303_a56c5b993250",
"versions": [
{
"tls_version": "TLSv1_3",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "475c9302dc42b2751db9edcac3b74891",
"ja4s": "t130200_1303_a56c5b993250"
},
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "d25619cb77d3219fc9fc14cb6b35eacc",
"ja4s": "t120200_cca8_344b4dce5a52"
}
]
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 415 Unsupported Media Type\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 176\r\nConnection: keep-alive\r\nServer: imunify360-webshield/1.21\r\n",
"banner_hashes": [
"sha256:4f3ddf616e1e4be52550fc6679a102322c36bbccb72e05d81975ae285355e00c"
],
"banner_hex": "485454502f312e312034313520556e737570706f72746564204d6564696120547970650d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203137360d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a5365727665723a20696d756e6966793336302d776562736869656c642f312e32310d0a",
"discovery_method": "PREDICTIVE_METHOD_30",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://195.52.223.247:52224/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 415,
"status_reason": "Unsupported Media Type",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"imunify360-webshield/1.21"
],
"Content_Length": [
"176"
],
"Content_Type": [
"text/html"
],
"Connection": [
"keep-alive"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>415 Unsupported Media Type</title>"
],
"body_size": 176,
"body": "<html>\r\n<head><title>415 Unsupported Media Type</title></head>\r\n<body>\r\n<center><h1>415 Unsupported Media Type</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n",
"body_hashes": [
"sha256:084f5137476bbfeb65b6782e663f46b289ccdbccc5a4ec0b715e1f889c8d26d6",
"sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"tlsh:f3c0127d24a6bc0a966368ba34c3a890d1a2c2310bd8aa414204026b3083022ead33e5"
],
"body_hash": "sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"html_title": "415 Unsupported Media Type"
},
"supports_http2": true
},
"observed_at": "2025-03-22T13:43:50.946754949Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 52224,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:imunify_security:imunify360:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Imunify Security",
"product": "Imunify360",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "162.142.125.198",
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 415 Unsupported Media Type\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 176\r\nConnection: keep-alive\r\nServer: imunify360-webshield/1.21\r\n",
"banner_hashes": [
"sha256:4f3ddf616e1e4be52550fc6679a102322c36bbccb72e05d81975ae285355e00c"
],
"banner_hex": "485454502f312e312034313520556e737570706f72746564204d6564696120547970650d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203137360d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a5365727665723a20696d756e6966793336302d776562736869656c642f312e32310d0a",
"certificate": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"discovery_method": "PREDICTIVE_METHOD_30",
"extended_service_name": "HTTPS",
"http": {
"request": {
"method": "GET",
"uri": "https://195.52.223.247:52233/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 415,
"status_reason": "Unsupported Media Type",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"imunify360-webshield/1.21"
],
"Content_Length": [
"176"
],
"Content_Type": [
"text/html"
],
"Connection": [
"keep-alive"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>415 Unsupported Media Type</title>"
],
"body_size": 176,
"body": "<html>\r\n<head><title>415 Unsupported Media Type</title></head>\r\n<body>\r\n<center><h1>415 Unsupported Media Type</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n",
"body_hashes": [
"sha256:084f5137476bbfeb65b6782e663f46b289ccdbccc5a4ec0b715e1f889c8d26d6",
"sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"tlsh:f3c0127d24a6bc0a966368ba34c3a890d1a2c2310bd8aa414204026b3083022ead33e5"
],
"body_hash": "sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"html_title": "415 Unsupported Media Type"
},
"supports_http2": true
},
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "21d19d00021d21d00042d43d00000091f9827a8676a9d9f27d421962a09b5d",
"cipher_and_version_fingerprint": "21d19d00021d21d00042d43d000000",
"tls_extensions_sha256": "91f9827a8676a9d9f27d421962a09b5d",
"observed_at": "2025-03-21T03:03:14.362083306Z"
},
"observed_at": "2025-03-22T02:52:20.175434714Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 52233,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:imunify_security:imunify360:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Imunify Security",
"product": "Imunify360",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.146.59",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"chain_fps_sha_256": [
"d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
],
"leaf_data": {
"names": [
"*.webhoster.ag",
"webhoster.ag"
],
"subject_dn": "CN=*.webhoster.ag",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"pubkey_bit_size": 4096,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "a0877f2f71a0d4d67d29653f4dcd23da7f826d75997625c6a000bc90b941fedb",
"fingerprint": "c6241932315465e381a241ff4c655a71ec4e7096a964e0d50f25d23213d1cace",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
],
"country": [
"GB"
]
},
"subject": {
"common_name": [
"*.webhoster.ag"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "vrPL4t9kvZ0ilt7TPWdwsypu4SPr3RBzJmC8ygxrbvtuEyZuEdF9XcL0vlSHhLnp6crNeVBGL1jMgWFT8grH4QLoHERKh7wjkJXRV4mIOurFuNwX7gAnf0OZRHLS3Grep9dS9ouIUfqSQH4Bqz1bp9Suq27SD1t3YD43IUDqsXi6yDZa6AaKxiAepXTUm7dlrR/Bv4jfvclsJ/7FoQpsk3JAiXHWHSj5KSVU6sie94qj7jwdjDFKhf7GWzob6kmz6PDg7HNah6nUe1gKLxKbXUtAM52p70pre2bq7ep64iUCURpkFfME1XdM9pJozvD6Y8eVbHi2H70Ne7tlgWBxmASHybIwVAYrzqp0AZ4/lrJl2Wx5mJUcne6sDPYaUFqkXWqwTaLT27W29UXz1AToAlufmSYATk4gcAStHmA2frSvf5zZD1rj3ASRfUVsZp1NrWY6BWmwACLiQrBdp0DHNBLE+Lxaj8qkwiM6DOK8eSIHbB7vW65g1cIZ/bxkCexh2g0bkenlQ+9G6LYVIRjEvo/dhRRj9aFTf09rS/qwcieZyL/mlMrpcT3C1PiLGIdARZnbt05DjMoPj7pq4U/h6fad6bXN8nNCy8Ix53+I7GI6O79v0yjkzH2EBudWLm7zhsK+uU29oaxP8nhd4iscaPR+czTRa4o4VtDkDxmUOI0=",
"exponent": "AAEAAQ==",
"length": 512
},
"fingerprint": "280011949ab1aa6314fff396edf4d93cd8b3723a9d179d3a5f9cfd0746e3dca8"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
"subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
},
{
"fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
"subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
}
]
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "475c9302dc42b2751db9edcac3b74891",
"ja4s": "t130200_1303_a56c5b993250",
"versions": [
{
"tls_version": "TLSv1_3",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "475c9302dc42b2751db9edcac3b74891",
"ja4s": "t130200_1303_a56c5b993250"
},
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "d25619cb77d3219fc9fc14cb6b35eacc",
"ja4s": "t120200_cca8_344b4dce5a52"
}
]
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 415 Unsupported Media Type\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 176\r\nConnection: keep-alive\r\nServer: imunify360-webshield/1.21\r\n",
"banner_hashes": [
"sha256:4f3ddf616e1e4be52550fc6679a102322c36bbccb72e05d81975ae285355e00c"
],
"banner_hex": "485454502f312e312034313520556e737570706f72746564204d6564696120547970650d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203137360d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a5365727665723a20696d756e6966793336302d776562736869656c642f312e32310d0a",
"discovery_method": "PREDICTIVE_METHOD_30",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://195.52.223.247:52234/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 415,
"status_reason": "Unsupported Media Type",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"imunify360-webshield/1.21"
],
"Content_Length": [
"176"
],
"Content_Type": [
"text/html"
],
"Connection": [
"keep-alive"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>415 Unsupported Media Type</title>"
],
"body_size": 176,
"body": "<html>\r\n<head><title>415 Unsupported Media Type</title></head>\r\n<body>\r\n<center><h1>415 Unsupported Media Type</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n",
"body_hashes": [
"sha256:084f5137476bbfeb65b6782e663f46b289ccdbccc5a4ec0b715e1f889c8d26d6",
"sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"tlsh:f3c0127d24a6bc0a966368ba34c3a890d1a2c2310bd8aa414204026b3083022ead33e5"
],
"body_hash": "sha1:e79993ccd634e3f7d6c78957fb005eb477b582ea",
"html_title": "415 Unsupported Media Type"
},
"supports_http2": true
},
"observed_at": "2025-03-22T02:57:14.744535441Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 52234,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:imunify_security:imunify360:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Imunify Security",
"product": "Imunify360",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "206.168.34.211",
"transport_protocol": "TCP",
"truncated": false
}
],
"location": {
"continent": "Europe",
"country": "Germany",
"country_code": "DE",
"city": "Frankfurt am Main",
"postal_code": "60306",
"timezone": "Europe/Berlin",
"province": "Hesse",
"coordinates": {
"latitude": 50.11552,
"longitude": 8.68417
}
},
"location_updated_at": "2025-03-22T02:22:55.730881921Z",
"autonomous_system": {
"asn": 12312,
"description": "ECOTEL",
"bgp_prefix": "195.52.0.0/16",
"name": "ECOTEL",
"country_code": "DE"
},
"autonomous_system_updated_at": "2025-03-22T02:22:55.730942099Z",
"whois": {
"network": {
"handle": "TIS-D406966-NET",
"name": "webhoster.de AG",
"cidrs": [
"195.52.223.0/24"
],
"created": "2014-11-24T00:00:00Z",
"updated": "2017-11-01T00:00:00Z"
},
"organization": {
"handle": "ORG-ECA1-RIPE",
"name": "ecotel communication ag",
"address": "Prinzenallee 11\\n40549\\nDuesseldorf\\nGERMANY",
"abuse_contacts": [
{
"handle": "NET12312-RIPE",
"name": "AS12312 Network Management",
"email": "[email protected]"
}
],
"admin_contacts": [
{
"handle": "MB50402-RIPE",
"name": "Matthias Belz"
},
{
"handle": "PW1632-RIPE",
"name": "Peter Winkler",
"email": "[email protected]"
}
]
}
},
"operating_system": {
"uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
"part": "o",
"product": "linux",
"source": "OSI_TRANSPORT_LAYER"
},
"dns": {
"names": [
"vm208.ehrenwert.it",
"test.server.ehrenwert.it",
"vm207.ehrenwert.it",
"vm209.ehrenwert.it",
"briefzentrum.mx.ehrenwert.it",
"imwebsein.dedicated.customers.ehrenwert.it",
"1.tm.virtual.customers.ehrenwert.it",
"antispam.ehrenwert.it",
"breiding-vps1.aula.ehrenwert.it",
"endcore-vps1.kunden.ehrenwert.it",
"vm201.server.ehrenwert.it",
"schulze-vps1.kunden.ehrenwert.it",
"rechnungen.ehrenwert.it",
"ehrenwert.it"
],
"records": {
"briefzentrum.mx.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-02-24T22:20:51.974302919Z"
},
"antispam.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-15T23:26:01.565956020Z"
},
"imwebsein.dedicated.customers.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-19T22:54:24.881525260Z"
},
"vm209.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-11T22:09:45.759801388Z"
},
"vm208.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-14T22:14:49.760244514Z"
},
"vm201.server.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-13T00:00:04.069762648Z"
},
"test.server.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-09T21:17:53.934543146Z"
},
"rechnungen.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-18T21:03:15.563693364Z"
},
"schulze-vps1.kunden.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-21T21:17:17.764418527Z"
},
"ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-02-23T20:35:24.584391536Z"
},
"endcore-vps1.kunden.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-16T21:25:53.232448106Z"
},
"1.tm.virtual.customers.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-02-27T23:37:33.920100306Z"
},
"breiding-vps1.aula.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-14T22:14:43.495700193Z"
},
"vm207.ehrenwert.it": {
"record_type": "A",
"resolved_at": "2025-03-19T22:54:28.692301276Z"
}
},
"reverse_dns": {
"names": [
"breiding-vps1.aula.ehrenwert.it"
],
"resolved_at": "2025-03-19T09:21:06.446316222Z"
}
},
"last_updated_at": "2025-03-22T20:22:23.529Z",
"labels": [
"email",
"file-sharing",
"jquery",
"login-page",
"remote-access",
"web.control-panel.hosting"
]
}