2.58.56.13
As of: May 22, 2025 3:04am UTC |
Latest
{
"ip": "2.58.56.13",
"services": [
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 200 OK\r\nDate: <REDACTED>\r\nServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30\r\nLast-Modified: Sun, 19 Nov 2023 10:41:05 GMT\r\nETag: \"1443-60a7f01a55240\"\r\nAccept-Ranges: bytes\r\nContent-Length: 5187\r\nContent-Type: text/html\r\n",
"banner_hashes": [
"sha256:aed5852ebe68342a5511d0340cd9f5d74da4e5f9727678c91c8f0dcb6cb36073"
],
"banner_hex": "485454502f312e3120323030204f4b0d0a446174653a20203c52454441435445443e0d0a5365727665723a204170616368652f322e342e3538202857696e363429204f70656e53534c2f332e312e33205048502f382e302e33300d0a4c6173742d4d6f6469666965643a2053756e2c203139204e6f7620323032332031303a34313a303520474d540d0a455461673a2022313434332d36306137663031613535323430220d0a4163636570742d52616e6765733a2062797465730d0a436f6e74656e742d4c656e6774683a20353138370d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a",
"discovery_method": "PREDICTIVE_METHOD_20",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://2.58.56.13/dashboard/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 200,
"status_reason": "OK",
"headers": {
"Server": [
"Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30"
],
"_encoding": {
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Accept_Ranges": "DISPLAY_UTF8",
"Date": "DISPLAY_UTF8",
"ETag": "DISPLAY_UTF8",
"Last_Modified": "DISPLAY_UTF8"
},
"Content_Length": [
"5187"
],
"Content_Type": [
"text/html"
],
"Accept_Ranges": [
"bytes"
],
"Date": [
"<REDACTED>"
],
"ETag": [
"\"1443-60a7f01a55240\""
],
"Last_Modified": [
"Sun, 19 Nov 2023 10:41:05 GMT"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>Welcome to XAMPP</title>",
"<meta charset=\"utf-8\">",
"<meta content=\"IE=edge,chrome=1\" http-equiv=\"X-UA-Compatible\">",
"<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />",
"<meta name=\"description\" content=\"XAMPP is an easy to install Apache distribution containing MariaDB, PHP and Perl.\" />",
"<meta name=\"keywords\" content=\"xampp, apache, php, perl, mariadb, open source distribution\" />"
],
"body_size": 5187,
"body": "<!doctype html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <!-- Always force latest IE rendering engine or request Chrome Frame -->\n <meta content=\"IE=edge,chrome=1\" http-equiv=\"X-UA-Compatible\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n\n <!-- Use title if it's in the page YAML frontmatter -->\n <title>Welcome to XAMPP</title>\n\n <meta name=\"description\" content=\"XAMPP is an easy to install Apache distribution containing MariaDB, PHP and Perl.\" />\n <meta name=\"keywords\" content=\"xampp, apache, php, perl, mariadb, open source distribution\" />\n\n <link href=\"/dashboard/stylesheets/normalize.css\" rel=\"stylesheet\" type=\"text/css\" /><link href=\"/dashboard/stylesheets/all.css\" rel=\"stylesheet\" type=\"text/css\" />\n <link href=\"//cdnjs.cloudflare.com/ajax/libs/font-awesome/3.1.0/css/font-awesome.min.css\" rel=\"stylesheet\" type=\"text/css\" />\n\n <script src=\"/dashboard/javascripts/modernizr.js\" type=\"text/javascript\"></script>\n\n\n <link href=\"/dashboard/images/favicon.png\" rel=\"icon\" type=\"image/png\" />\n\n\n </head>\n\n <body class=\"index\">\n <div id=\"fb-root\"></div>\n <script>(function(d, s, id) {\n var js, fjs = d.getElementsByTagName(s)[0];\n if (d.getElementById(id)) return;\n js = d.createElement(s); js.id = id;\n js.src = \"//connect.facebook.net/en_US/all.js#xfbml=1&appId=277385395761685\";\n fjs.parentNode.insertBefore(js, fjs);\n }(document, 'script', 'facebook-jssdk'));</script>\n <header class=\"header contain-to-grid\">\n <nav class=\"top-bar\" data-topbar>\n <ul class=\"title-area\">\n <li class=\"name\">\n <h1><a href=\"/dashboard/index.html\">Apache Friends</a></h1>\n </li>\n <li class=\"toggle-topbar menu-icon\">\n <a href=\"#\">\n <span>Menu</span>\n </a>\n </li>\n </ul>\n\n <section class=\"top-bar-section\">\n <!-- Left Nav Section -->\n <ul class=\"left\">\n <li class=\"item \"><a href=\"/dashboard/faq.html\">FAQs</a></li>\n <li class=\"item \"><a href=\"/dashboard/howto.html\">HOW-TO Guides</a></li>\n <li class=\"item \"><a target=\"_blank\" href=\"/dashboard/phpinfo.php\">PHPInfo</a></li>\n <li class=\"item \"><a href=\"/phpmyadmin/\">phpMyAdmin</a></li>\n </ul>\n </section>\n </nav>\n </header>\n\n <div class=\"wrapper\">\n <div class=\"hero\">\n <div class=\"row\">\n <div class=\"large-12 columns\">\n <h1><img src=\"/dashboard/images/xampp-logo.svg\" />XAMPP <span>Apache + MariaDB + PHP + Perl</span></h1>\n </div>\n </div>\n</div>\n<div class=\"row\">\n <div class=\"large-12 columns\">\n <h2>Welcome to XAMPP for Windows 8.0.30</h2>\n </div>\n</div>\n<div class=\"row\">\n <div class=\"large-12 columns\">\n <p>\n You have successfully installed XAMPP on this system! Now you can start using Apache, MariaDB, PHP and other components.\n You can find more info in the <a href=\"/dashboard/faq.html\">FAQs</a> section or check the <a href=\"/dashboard/howto.html\">HOW-TO Guides</a> for getting started with PHP applications.\n </p>\n <p>\n XAMPP is meant only for development purposes. It has certain configuration settings that make it easy to develop locally but that are insecure if you want to have your installation accessible to others.\n </p>\n <p>\n Start the XAMPP Control Panel to check the server status.\n </p>\n </div>\n</div>\n<div class=\"row\">\n <div class=\"large-12 columns\">\n <h3>Community</h3>\n </div>\n</div>\n<div class=\"row\">\n <div class=\"large-12 columns\">\n <p>\n XAMPP has been around for more than 10 years – there is a huge community behind it. You can get involved by joining our <a href=\"https://community.apachefriends.org\">Forums</a>, liking us on <a href=\"https://www.facebook.com/we.are.xampp\">Facebook</a>, or following our exploits on <a href=\"https://twitter.com/apachefriends\">Twitter</a>.\n </p>\n </div>\n</div>\n\n\n </div>\n\n <footer class=\"footer row\">\n <div class=\"columns\">\n <div class=\"footer_lists-container row collapse\">\n <div class=\"footer_social columns large-2\">\n <ul class=\"social\">\n <li class=\"twitter\"><a href=\"https://twitter.com/apachefriends\">Follow us on Twitter</a></li>\n <li class=\"facebook\"><a href=\"https://www.facebook.com/we.are.xampp\">Like us on Facebook</a></li>\n</ul>\n\n <p class=\"footer_copyright\">Copyright (c) 2022, Apache Friends</p>\n </div>\n <ul class=\"footer_links columns large-9\">\n <li><a href=\"https://www.apachefriends.org/blog.html\">Blog</a></li>\n <li><a href=\"/privacy_policy.html\">Privacy Policy</a></li>\n <li>\n<a target=\"_blank\" href=\"http://www.fastly.com/\"> CDN provided by\n <img width=\"48\" data-2x=\"/dashboard/images/[email protected]\" src=\"/dashboard/images/fastly-logo.png\" />\n</a> </li>\n </ul>\n </div>\n </div>\n </footer>\n\n <!-- JS Libraries -->\n <script src=\"//code.jquery.com/jquery-1.10.2.min.js\"></script>\n <script src=\"/dashboard/javascripts/all.js\" type=\"text/javascript\"></script>\n </body>\n</html>\n",
"favicons": [
{
"size": 2508,
"name": "http://2.58.56.13/dashboard/images/favicon.png",
"md5_hash": "56f7c04657931f2d0b79371b2d6e9820",
"hashes": [
"md5:56f7c04657931f2d0b79371b2d6e9820",
"sha256:0ce37ed9046fdaaee0efbc4d6705459427204d7353e961e6c20fbb0d5e081a46"
],
"shodan_hash": 1927481616
},
{
"size": 30894,
"name": "http://2.58.56.13/favicon.ico",
"md5_hash": "6eb4a43cb64c97f76562af703893c8fd",
"hashes": [
"md5:6eb4a43cb64c97f76562af703893c8fd",
"sha256:1d7c95c5eea00a8083a95810f902682f9e26e7fbb7876b022a403642d776d0c9"
],
"shodan_hash": -1275226814
}
],
"body_hashes": [
"sha256:a30ba978322489eaee4aa52e54829ab3db2caca9cc187ace024139598847f5c2",
"sha1:55d1f54a73119fb9271f50e02eb40849280ea814",
"tlsh:d6b1933b64e91227125386a17a706b2cfed2d15beb0a694472dc521d9f93e83cd1f0cd"
],
"body_hash": "sha1:55d1f54a73119fb9271f50e02eb40849280ea814",
"html_title": "Welcome to XAMPP"
},
"supports_http2": false
},
"labels": [
"jquery",
"modernizr"
],
"observed_at": "2025-05-20T01:04:01.917294095Z",
"pending_removal_since": "2025-05-22T03:03:48.953145773Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 80,
"service_name": "HTTP",
"software": [
{
"product": "apache",
"other": {
"info": "(Win64) OpenSSL/3.1.3 PHP/8.0.30"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:xampp:xampp_server:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "XAMPP",
"product": "XAMPP Server",
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:*:openssl:3.1.3:*:*:*:*:*:*:*",
"part": "a",
"product": "OpenSSL",
"version": "3.1.3",
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:apache:http_server:2.4.58:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Apache",
"product": "HTTPD",
"version": "2.4.58",
"component_uniform_resource_identifiers": [
"cpe:2.3:a:*:openssl:3.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:*:php:8.0.30:*:*:*:*:*:*:*"
],
"other": {
"family": "Apache"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:*:php:8.0.30:*:*:*:*:*:*:*",
"part": "a",
"product": "PHP",
"version": "8.0.30",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "162.142.125.37",
"transport_fingerprint": {
"raw": "65535,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "banner_grab",
"_encoding": {
"banner": "DISPLAY_UTF8"
},
"banner": "",
"banner_hashes": [
"sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "DCERPC",
"observed_at": "2025-05-21T08:03:44.633243472Z",
"parsed": {
"dcerpc": {
"could_bind": true,
"could_query_epm": true,
"endpoints": [
{
"protocol": "[MS-RSP]: Remote Shutdown Protocol",
"executable": "wininit.exe",
"explained_uuid": "d95afe70-a6d5-4259-822e-2c84da1ddb0d v1.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49665]",
"ncalrpc:[WindowsShutdown]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\PIPE\\InitShutdown]",
"ncalrpc:[WMsgKRpc056200]"
]
},
{
"protocol": "N/A",
"executable": "nrpsrv.dll",
"explained_uuid": "30adc50c-5cbc-46ce-9a0e-91914789e23c v1.0 NRP server endpoint",
"bindings": [
"ncalrpc:[LRPC-9a8aa38a056a6af8af]",
"ncalrpc:[DNSResolver]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 v1.0 Adh APIs",
"bindings": [
"ncalrpc:[OLEB3EA0D9F2E3238DDA180457A101C]",
"ncalrpc:[TeredoControl]",
"ncalrpc:[TeredoDiagnostics]",
"ncalrpc:[LRPC-27166bab6b60f6b5c2]"
]
},
{
"protocol": "[MS-SCMR]: Service Control Manager Remote Protocol",
"executable": "services.exe",
"explained_uuid": "367abb81-9844-35f1-ad32-98f038001003 v2.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49670]"
]
},
{
"protocol": "N/A",
"executable": "appinfo.dll",
"explained_uuid": "5f54ce7d-5b79-4175-8584-cb65313a0e98 v1.0 AppInfo",
"bindings": [
"ncalrpc:[LRPC-031aaeee48728143d8]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "bf4dc912-e52f-4904-8ebe-9317c1bdd497 v1.0",
"bindings": [
"ncalrpc:[LRPC-fcc7dd1b1349a3381f]",
"ncalrpc:[OLE2F7A4DDFCB14A41F4FF5906F89C9]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "178d84be-9291-4994-82c6-3f909aca5a03 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "a500d4c6-0dd1-4543-bc0c-d5f93486eaf8 v1.0",
"bindings": [
"ncalrpc:[LRPC-0977fdb40638330a95]",
"ncalrpc:[LRPC-47ab808d8b0c4ac4dc]"
]
},
{
"protocol": "N/A",
"executable": "dhcpcsvc6.dll",
"explained_uuid": "3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 v1.0 DHCPv6 Client LRPC Endpoint",
"bindings": [
"ncalrpc:[dhcpcsvc6]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "98cd761e-e77d-41c8-a3c0-0fb756d90ec2 v1.0",
"bindings": [
"ncalrpc:[LRPC-ae9f3264475023d2c0]",
"ncalrpc:[OLE103DF0ED18D62F9098BC6EEA88B1]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "0ff1f646-13bb-400a-ab50-9a78f2b7a85a v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "sysntfy.dll",
"explained_uuid": "c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 v1.0 Impl friendly name",
"bindings": [
"ncalrpc:[LRPC-849db6d8f0d2a26001]",
"ncalrpc:[LRPC-bb9cdcbe2ddc55ff0d]",
"ncalrpc:[IUserProfile2]",
"ncalrpc:[LRPC-f3afadea25d2a0da9b]",
"ncalrpc:[senssvc]",
"ncalrpc:[LRPC-a62c000cde62609754]"
]
},
{
"protocol": "N/A",
"executable": "certprop.dll",
"explained_uuid": "30b044a5-a225-43f0-b3a4-e060df91f9c1 v1.0",
"bindings": [
"ncalrpc:[LRPC-f5667d090855c781b7]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "7f1343fe-50a9-4927-a778-0c5859517bac v1.0 DfsDs service",
"bindings": [
"ncacn_np:\\\\COPY-OF-VM-2022[\\PIPE\\wkssvc]",
"ncalrpc:[LRPC-c8f9fb77f1555a8db9]"
]
},
{
"protocol": "N/A",
"executable": "spoolsv.exe",
"explained_uuid": "4a452661-8290-4b36-8fbe-7f4093a94978 v1.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49669]",
"ncalrpc:[LRPC-06c9c01f32dfcaed87]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d v1.0",
"bindings": [
"ncalrpc:[LRPC-ae9f3264475023d2c0]",
"ncalrpc:[OLE103DF0ED18D62F9098BC6EEA88B1]"
]
},
{
"protocol": "N/A",
"executable": "appinfo.dll",
"explained_uuid": "58e604e8-9adb-4d2e-a464-3b0683fb1480 v1.0 AppInfo",
"bindings": [
"ncalrpc:[LRPC-031aaeee48728143d8]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "2c7fd9ce-e706-4b40-b412-953107ef9bb0 v0.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "schedsvc.dll",
"explained_uuid": "0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53 v1.0",
"bindings": [
"ncalrpc:[LRPC-3fcb2ba46b948b02ea]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "29770a8f-829b-4158-90a2-78cd488501f7 v1.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49668]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\pipe\\SessEnvPublicRpc]",
"ncalrpc:[SessEnvPrivateRpc]",
"ncalrpc:[LRPC-a62c000cde62609754]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "abfb6ca3-0c5e-4734-9285-0aee72fe8d1c v1.0",
"bindings": [
"ncalrpc:[LRPC-b35e136c2f99e7534d]",
"ncalrpc:[OLEF81E4249778C7685E2B765F44B20]"
]
},
{
"protocol": "[MS-PAN]: Print System Asynchronous Notification Protocol",
"executable": "spoolsv.exe",
"explained_uuid": "ae33069b-a2a8-46ee-a235-ddfd339be281 v1.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49669]",
"ncalrpc:[LRPC-06c9c01f32dfcaed87]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "0497b57d-2e66-424f-a0c6-157cd5d41700 v1.0 AppInfo",
"bindings": [
"ncalrpc:[LRPC-031aaeee48728143d8]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "8fb74744-b2ff-4c00-be0d-9ef9a191fe1b v1.0 Ngc Pop Key Service",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49664]",
"ncalrpc:[samss lpc]",
"ncalrpc:[SidKey Local End Point]",
"ncalrpc:[protected_storage]",
"ncalrpc:[lsasspirpc]",
"ncalrpc:[lsapolicylookup]",
"ncalrpc:[LSA_EAS_ENDPOINT]",
"ncalrpc:[LSA_IDPEXT_ENDPOINT]",
"ncalrpc:[lsacap]",
"ncalrpc:[LSARPC_ENDPOINT]",
"ncalrpc:[securityevent]",
"ncalrpc:[audit]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\pipe\\lsass]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "1832bcf6-cab8-41d4-85d2-c9410764f75a v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "3a9ef155-691d-4449-8d05-09ad57031823 v1.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49667]",
"ncalrpc:[LRPC-6aa73eed284fc135fc]",
"ncalrpc:[ubpmtaskhostchannel]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\PIPE\\atsvc]",
"ncalrpc:[LRPC-3fcb2ba46b948b02ea]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "5222821f-d5e2-4885-84f1-5f6185a0ec41 v1.0",
"bindings": [
"ncalrpc:[LRPC-484f9858fd43fb4438]"
]
},
{
"protocol": "N/A",
"executable": "gpsvc.dll",
"explained_uuid": "2eb08e3e-639f-4fba-97b1-14f878961076 v1.0 Group Policy RPC Interface",
"bindings": [
"ncalrpc:[LRPC-6693ae24875716aba9]"
]
},
{
"protocol": "[MS-TSCH]: Task Scheduler Service Remoting Protocol",
"executable": "taskcomp.dll",
"explained_uuid": "378e52b0-c0a9-11cf-822d-00aa0051e40f v1.0",
"bindings": [
"ncacn_np:\\\\COPY-OF-VM-2022[\\PIPE\\atsvc]",
"ncalrpc:[LRPC-3fcb2ba46b948b02ea]"
]
},
{
"protocol": "N/A",
"executable": "IKEEXT.DLL",
"explained_uuid": "a398e520-d59a-4bdd-aa7a-3c1e0303a511 v1.0 IKE/Authip API",
"bindings": [
"ncalrpc:[LRPC-1aa7211603ac7b17d7]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "fae436b0-b864-4a87-9eda-298547cd82f2 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "MPSSVC.dll",
"explained_uuid": "7f9d11bf-7fb9-436b-a812-b2d50c5d4c03 v1.0 Fw APIs",
"bindings": [
"ncalrpc:[LRPC-f7ff88e85d2193dd80]",
"ncalrpc:[LRPC-6e3abe0dfcd2418e5a]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "c2d1b5dd-fa81-4460-9dd6-e7658b85454b v1.0",
"bindings": [
"ncalrpc:[LRPC-b35e136c2f99e7534d]",
"ncalrpc:[OLEF81E4249778C7685E2B765F44B20]"
]
},
{
"protocol": "N/A",
"executable": "iphlpsvc.dll",
"explained_uuid": "552d076a-cb29-4e44-8b6a-d15e59e2c0af v1.0 IP Transition Configuration endpoint",
"bindings": [
"ncalrpc:[LRPC-27166bab6b60f6b5c2]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "d8140e00-5c46-4ae6-80ac-2f9a76df224c v0.0",
"bindings": [
"ncalrpc:[LRPC-96e8235ee359dc8d82]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 v2.0 KeyIso",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49664]",
"ncalrpc:[samss lpc]",
"ncalrpc:[SidKey Local End Point]",
"ncalrpc:[protected_storage]",
"ncalrpc:[lsasspirpc]",
"ncalrpc:[lsapolicylookup]",
"ncalrpc:[LSA_EAS_ENDPOINT]",
"ncalrpc:[LSA_IDPEXT_ENDPOINT]",
"ncalrpc:[lsacap]",
"ncalrpc:[LSARPC_ENDPOINT]",
"ncalrpc:[securityevent]",
"ncalrpc:[audit]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\pipe\\lsass]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "13560fa9-8c09-4b56-a1fd-04d083b9b2a1 v1.0",
"bindings": [
"ncalrpc:[LRPC-b35e136c2f99e7534d]",
"ncalrpc:[OLEF81E4249778C7685E2B765F44B20]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "51a227ae-825b-41f2-b4a9-1ac9557a1018 v1.0 Ngc Pop Key Service",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49664]",
"ncalrpc:[samss lpc]",
"ncalrpc:[SidKey Local End Point]",
"ncalrpc:[protected_storage]",
"ncalrpc:[lsasspirpc]",
"ncalrpc:[lsapolicylookup]",
"ncalrpc:[LSA_EAS_ENDPOINT]",
"ncalrpc:[LSA_IDPEXT_ENDPOINT]",
"ncalrpc:[lsacap]",
"ncalrpc:[LSARPC_ENDPOINT]",
"ncalrpc:[securityevent]",
"ncalrpc:[audit]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\pipe\\lsass]"
]
},
{
"protocol": "[MS-SAMR]: Security Account Manager (SAM) Remote Protocol",
"executable": "samsrv.dll",
"explained_uuid": "12345778-1234-abcd-ef00-0123456789ac v1.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49664]",
"ncalrpc:[samss lpc]",
"ncalrpc:[SidKey Local End Point]",
"ncalrpc:[protected_storage]",
"ncalrpc:[lsasspirpc]",
"ncalrpc:[lsapolicylookup]",
"ncalrpc:[LSA_EAS_ENDPOINT]",
"ncalrpc:[LSA_IDPEXT_ENDPOINT]",
"ncalrpc:[lsacap]",
"ncalrpc:[LSARPC_ENDPOINT]",
"ncalrpc:[securityevent]",
"ncalrpc:[audit]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\pipe\\lsass]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "d09bdeb5-6171-4a34-bfe2-06fa82652568 v1.0",
"bindings": [
"ncalrpc:[csebpub]",
"ncalrpc:[LRPC-678642d476e0fdf2a7]",
"ncalrpc:[LRPC-63f9b2bfc20302931e]",
"ncalrpc:[LRPC-b8c80d4a3b4bdae8e0]",
"ncalrpc:[LRPC-683923a22cc7c213ce]",
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]",
"ncalrpc:[LRPC-63f9b2bfc20302931e]",
"ncalrpc:[LRPC-b8c80d4a3b4bdae8e0]",
"ncalrpc:[LRPC-683923a22cc7c213ce]",
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]",
"ncalrpc:[LRPC-b8c80d4a3b4bdae8e0]",
"ncalrpc:[LRPC-683923a22cc7c213ce]",
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]",
"ncalrpc:[LRPC-30032645bb3d5a3fc6]",
"ncalrpc:[LRPC-47ab808d8b0c4ac4dc]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "8782d3b9-ebbd-4644-a3d8-e8725381919b v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "b37f900a-eae4-4304-a2ab-12bb668c0188 v1.0",
"bindings": [
"ncalrpc:[LRPC-b35e136c2f99e7534d]",
"ncalrpc:[OLEF81E4249778C7685E2B765F44B20]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "95095ec8-32ea-4eb0-a3e2-041f97b36168 v1.0",
"bindings": [
"ncalrpc:[LRPC-ae9f3264475023d2c0]",
"ncalrpc:[OLE103DF0ED18D62F9098BC6EEA88B1]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "2513bcbe-6cd4-4348-855e-7efb3c336dd3 v2.0",
"bindings": [
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "2e6035b2-e8f1-41a7-a044-656b439c4c34 v1.0 Proxy Manager provider server endpoint",
"bindings": [
"ncalrpc:[TeredoControl]",
"ncalrpc:[TeredoDiagnostics]",
"ncalrpc:[LRPC-27166bab6b60f6b5c2]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "650a7e26-eab8-5533-ce43-9c1dfce11511 v1.0 Vpn APIs",
"bindings": [
"ncalrpc:[LRPC-093c80ac2ef7507d5b]",
"ncalrpc:[VpnikeRpc]",
"ncalrpc:[RasmanLrpc]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\PIPE\\ROUTER]"
]
},
{
"protocol": "N/A",
"executable": "winlogon.exe",
"explained_uuid": "76f226c3-ec14-4325-8a99-6a46348418af v1.0",
"bindings": [
"ncalrpc:[WindowsShutdown]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\PIPE\\InitShutdown]",
"ncalrpc:[WMsgKRpc056200]",
"ncalrpc:[WMsgKRpc058201]",
"ncalrpc:[WMsgKRpc07161E2]",
"ncalrpc:[WMsgKRpc01AD152E93]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "9b008953-f195-4bf9-bde0-4471971e58ed v1.0",
"bindings": [
"ncalrpc:[LRPC-63f9b2bfc20302931e]",
"ncalrpc:[LRPC-b8c80d4a3b4bdae8e0]",
"ncalrpc:[LRPC-683923a22cc7c213ce]",
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "6982a06e-5fe2-46b1-b39c-a2c545bfa069 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "509bc7ae-77be-4ee8-b07c-0d096bb44345 v1.0",
"bindings": [
"ncalrpc:[LRPC-07031c4e9bf51d33de]",
"ncalrpc:[OLEF8E237F730A72ABB97E8867DD02E]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "33d84484-3626-47ee-8c6f-e7e98b113be1 v2.0",
"bindings": [
"ncalrpc:[LRPC-6aa73eed284fc135fc]",
"ncalrpc:[ubpmtaskhostchannel]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\PIPE\\atsvc]",
"ncalrpc:[LRPC-3fcb2ba46b948b02ea]"
]
},
{
"protocol": "N/A",
"executable": "appinfo.dll",
"explained_uuid": "fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 v1.0 AppInfo",
"bindings": [
"ncalrpc:[LRPC-031aaeee48728143d8]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "c36be077-e14b-4fe9-8abc-e856ef4f048b v1.0 Proxy Manager client server endpoint",
"bindings": [
"ncalrpc:[TeredoControl]",
"ncalrpc:[TeredoDiagnostics]",
"ncalrpc:[LRPC-27166bab6b60f6b5c2]"
]
},
{
"protocol": "N/A",
"executable": "MPSSVC.dll",
"explained_uuid": "2fb92682-6599-42dc-ae13-bd2ca89bd11c v1.0 Fw APIs",
"bindings": [
"ncalrpc:[LRPC-7568e1132baf46f771]",
"ncalrpc:[LRPC-a4e589f4b831988d61]",
"ncalrpc:[LRPC-f7ff88e85d2193dd80]",
"ncalrpc:[LRPC-6e3abe0dfcd2418e5a]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "b18fbab6-56f8-4702-84e0-41053293a869 v1.0 UserMgrCli",
"bindings": [
"ncalrpc:[LRPC-56c6795ab1cb15c6ac]",
"ncalrpc:[OLE9D54F2210F0B23F8768A2CFFFEF1]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "0fc77b1a-95d8-4a2e-a0c0-cff54237462b v0.0",
"bindings": [
"ncalrpc:[LRPC-4899868cf9fbc8ed72]",
"ncalrpc:[OLEA3443A8C54A8BE32B74FF2F10945]",
"ncalrpc:[LRPC-8cb3a6ae95b657d72e]",
"ncalrpc:[OLE4D60521D16CD3B1205287D55BF58]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "c521facf-09a9-42c5-b155-72388595cbf0 v0.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "857fb1be-084f-4fb5-b59c-4b2c4be5f0cf v1.0",
"bindings": [
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "e40f7b57-7a25-4cd3-a135-7f7d3df9d16b v1.0",
"bindings": [
"ncalrpc:[LRPC-69aa4ab4286149edbc]"
]
},
{
"protocol": "N/A",
"executable": "dhcpcsvc.dll",
"explained_uuid": "3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 v1.0 DHCP Client LRPC Endpoint",
"bindings": [
"ncalrpc:[dhcpcsvc]",
"ncalrpc:[dhcpcsvc6]"
]
},
{
"protocol": "[MS-TSCH]: Task Scheduler Service Remoting Protocol",
"executable": "schedsvc.dll",
"explained_uuid": "86d35949-83c9-4044-b424-db363231fd0c v1.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49667]",
"ncalrpc:[LRPC-6aa73eed284fc135fc]",
"ncalrpc:[ubpmtaskhostchannel]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\PIPE\\atsvc]",
"ncalrpc:[LRPC-3fcb2ba46b948b02ea]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "3473dd4d-2e88-4006-9cba-22570909dd10 v5.1 WinHttp Auto-Proxy Service",
"bindings": [
"ncalrpc:[32c121bd-8c4c-4093-872b-18640f2e2326]",
"ncalrpc:[LRPC-fcf5ee1f1c6b84ebcf]"
]
},
{
"protocol": "N/A",
"executable": "appinfo.dll",
"explained_uuid": "201ef99a-7fa0-444c-9399-19ba84f12a1a v1.0 AppInfo",
"bindings": [
"ncalrpc:[LRPC-031aaeee48728143d8]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "88abcbc3-34ea-76ae-8215-767520655a23 v0.0",
"bindings": [
"ncalrpc:[LRPC-683923a22cc7c213ce]",
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "c605f9fb-f0a3-4e2a-a073-73560f8d9e3e v1.0",
"bindings": [
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "2d98a740-581d-41b9-aa0d-a88b9d5ce938 v1.0",
"bindings": [
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "nsisvc.dll",
"explained_uuid": "7ea70bcf-48af-4f6a-8968-6a440754d5fa v1.0 NSI server endpoint",
"bindings": [
"ncalrpc:[LRPC-90798f03530e88f7f2]"
]
},
{
"protocol": "N/A",
"executable": "srvsvc.dll",
"explained_uuid": "98716d03-89ac-44c7-bb8c-285824e51c4a v1.0 XactSrv service",
"bindings": [
"ncalrpc:[LRPC-43a0d41d3d31b4ccb0]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "1d45e083-478f-437c-9618-3594ced8c235 v1.0",
"bindings": [
"ncalrpc:[LRPC-ae9f3264475023d2c0]",
"ncalrpc:[OLE103DF0ED18D62F9098BC6EEA88B1]"
]
},
{
"protocol": "[MS-FASP]: Firewall and Advanced Security Protocol",
"executable": "FwRemoteSvr.dll",
"explained_uuid": "6b5bdd1e-528c-422c-af8c-a4079be4fe48 v1.0 Remote Fw APIs",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49671]",
"ncalrpc:[ipsec]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "0361ae94-0316-4c6c-8ad8-c594375800e2 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "8ec21e98-b5ce-4916-a3d6-449fa428a007 v0.0",
"bindings": [
"ncalrpc:[LRPC-4899868cf9fbc8ed72]",
"ncalrpc:[OLEA3443A8C54A8BE32B74FF2F10945]",
"ncalrpc:[LRPC-8cb3a6ae95b657d72e]",
"ncalrpc:[OLE4D60521D16CD3B1205287D55BF58]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "5824833b-3c1a-4ad2-bdfd-c31d19e23ed2 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "[MS-CMPO]: MSDTC Connection Manager:",
"executable": "msdtcprx.dll",
"explained_uuid": "906b0ce0-c70b-1067-b317-00dd010662da v1.0",
"bindings": [
"ncalrpc:[LRPC-3e04986716d8242cd3]",
"ncalrpc:[LRPC-3e04986716d8242cd3]",
"ncalrpc:[LRPC-3e04986716d8242cd3]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "fc48cd89-98d6-4628-9839-86f7a3e4161a v1.0",
"bindings": [
"ncalrpc:[dabrpc]",
"ncalrpc:[csebpub]",
"ncalrpc:[LRPC-678642d476e0fdf2a7]",
"ncalrpc:[LRPC-63f9b2bfc20302931e]",
"ncalrpc:[LRPC-b8c80d4a3b4bdae8e0]",
"ncalrpc:[LRPC-683923a22cc7c213ce]",
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "55e6b932-1979-45d6-90c5-7f6270724112 v1.0",
"bindings": [
"ncalrpc:[LRPC-683923a22cc7c213ce]",
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "f3f09ffd-fbcf-4291-944d-70ad6e0e73bb v1.0",
"bindings": [
"ncalrpc:[LRPC-3c1e7ea86635cddd15]",
"ncalrpc:[LRPC-8c2acde2e43db0bd3e]"
]
},
{
"protocol": "[MS-RPRN]: Print System Remote Protocol",
"executable": "spoolsv.exe",
"explained_uuid": "12345678-1234-abcd-ef00-0123456789ab v1.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49669]",
"ncalrpc:[LRPC-06c9c01f32dfcaed87]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "d4051bde-9cdd-4910-b393-4aa85ec3c482 v1.0",
"bindings": [
"ncalrpc:[LRPC-ae9f3264475023d2c0]",
"ncalrpc:[OLE103DF0ED18D62F9098BC6EEA88B1]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "7df1ceae-de4e-4e6f-ab14-49636e7c2052 v1.0",
"bindings": [
"ncalrpc:[LRPC-8f6eafd1c73c280179]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "d249bd56-4cc0-4fd3-8ce6-6fe050d590cb v0.0",
"bindings": [
"ncalrpc:[LRPC-96e8235ee359dc8d82]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "082a3471-31b6-422a-b931-a54401960c62 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "085b0334-e454-4d91-9b8c-4134f9e793f3 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "4dace966-a243-4450-ae3f-9b7bcb5315b8 v2.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "76c217bc-c8b4-4201-a745-373ad9032b1a v1.0",
"bindings": [
"ncalrpc:[LRPC-683923a22cc7c213ce]",
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "f47433c3-3e9d-4157-aad4-83aa1f5c2d4c v1.0 Fw APIs",
"bindings": [
"ncalrpc:[LRPC-a4e589f4b831988d61]",
"ncalrpc:[LRPC-f7ff88e85d2193dd80]",
"ncalrpc:[LRPC-6e3abe0dfcd2418e5a]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "4c9dbf19-d39e-4bb9-90ee-8f7179b20283 v1.0",
"bindings": [
"ncalrpc:[LRPC-ae9f3264475023d2c0]",
"ncalrpc:[OLE103DF0ED18D62F9098BC6EEA88B1]"
]
},
{
"protocol": "N/A",
"executable": "pcasvc.dll",
"explained_uuid": "0767a036-0d22-48aa-ba69-b619480f38cb v1.0 PcaSvc",
"bindings": [
"ncalrpc:[LRPC-14bf9add69a2113f8e]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "b1ef227e-dfa5-421e-82bb-67a6a129c496 v0.0",
"bindings": [
"ncalrpc:[LRPC-4899868cf9fbc8ed72]",
"ncalrpc:[OLEA3443A8C54A8BE32B74FF2F10945]",
"ncalrpc:[LRPC-8cb3a6ae95b657d72e]",
"ncalrpc:[OLE4D60521D16CD3B1205287D55BF58]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "f2c9b409-c1c9-4100-8639-d8ab1486694a v1.0 Witness Client Upcall Server",
"bindings": [
"ncalrpc:[LRPC-c8f9fb77f1555a8db9]"
]
},
{
"protocol": "[MS-PAN]: Print System Asynchronous Notification Protocol",
"executable": "spoolsv.exe",
"explained_uuid": "0b6edbfa-4a24-4fc6-8a23-942b1eca65d1 v1.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49669]",
"ncalrpc:[LRPC-06c9c01f32dfcaed87]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "697dcda9-3ba9-4eb2-9247-e11f1901b0d2 v1.0",
"bindings": [
"ncalrpc:[LRPC-678642d476e0fdf2a7]",
"ncalrpc:[LRPC-63f9b2bfc20302931e]",
"ncalrpc:[LRPC-b8c80d4a3b4bdae8e0]",
"ncalrpc:[LRPC-683923a22cc7c213ce]",
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "95406f0b-b239-4318-91bb-cea3a46ff0dc v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "e53d94ca-7464-4839-b044-09a2fb8b3ae5 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "[MS-TSCH]: Task Scheduler Service Remoting Protocol",
"executable": "taskcomp.dll",
"explained_uuid": "1ff70682-0a51-30e8-076d-740be8cee98b v1.0",
"bindings": [
"ncacn_np:\\\\COPY-OF-VM-2022[\\PIPE\\atsvc]",
"ncalrpc:[LRPC-3fcb2ba46b948b02ea]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "3f787932-3452-4363-8651-6ea97bb373bb v1.0 NSP Rpc Interface",
"bindings": [
"ncalrpc:[LRPC-4db25ef385375e0f74]",
"ncalrpc:[OLE38E1E00986B2FFBC1AFBF836DB25]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "f44e62af-dab1-44c2-8013-049a9de417d6 v1.0",
"bindings": [
"ncalrpc:[LRPC-b35e136c2f99e7534d]",
"ncalrpc:[OLEF81E4249778C7685E2B765F44B20]"
]
},
{
"protocol": "[MS-PAR]: Print System Asynchronous Remote Protocol",
"executable": "spoolsv.exe",
"explained_uuid": "76f03f96-cdfd-44fc-a22c-64950a001209 v1.0",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49669]",
"ncalrpc:[LRPC-06c9c01f32dfcaed87]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "e38f5360-8572-473e-b696-1b46873beeab v1.0",
"bindings": [
"ncalrpc:[LRPC-ae9f3264475023d2c0]",
"ncalrpc:[OLE103DF0ED18D62F9098BC6EEA88B1]"
]
},
{
"protocol": "N/A",
"executable": "winlogon.exe",
"explained_uuid": "12e65dd8-887f-41ef-91bf-8d816c42c2e7 v1.0 Secure Desktop LRPC interface",
"bindings": [
"ncalrpc:[WMsgKRpc07161E2]",
"ncalrpc:[WMsgKRpc01AD152E93]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "dd59071b-3215-4c59-8481-972edadc0f6a v1.0",
"bindings": [
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "d22895ef-aff4-42c5-a5b2-b14466d34ab4 v1.0",
"bindings": [
"ncalrpc:[LRPC-ae9f3264475023d2c0]",
"ncalrpc:[OLE103DF0ED18D62F9098BC6EEA88B1]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "0d47017b-b33b-46ad-9e18-fe96456c5078 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "eb081a0d-10ee-478a-a1dd-50995283e7a8 v3.0 Witness Client Test Interface",
"bindings": [
"ncalrpc:[LRPC-c8f9fb77f1555a8db9]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "0d3c7f20-1c8d-4654-a1b3-51563b298bda v1.0 UserMgrCli",
"bindings": [
"ncalrpc:[LRPC-56c6795ab1cb15c6ac]",
"ncalrpc:[OLE9D54F2210F0B23F8768A2CFFFEF1]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "20c40295-8dba-48e6-aebf-3e78ef3bb144 v2.0",
"bindings": [
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "880fd55e-43b9-11e0-b1a8-cf4edfd72085 v1.0 KAPI Service endpoint",
"bindings": [
"ncalrpc:[LRPC-33da41bf222dad8317]",
"ncalrpc:[OLEE85D4A9C5F539ECAA52D9BA1109E]",
"ncalrpc:[LRPC-30032645bb3d5a3fc6]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "1a0d010f-1c33-432c-b0f5-8cf4e8053099 v1.0 IdSegSrv service",
"bindings": [
"ncalrpc:[LRPC-43a0d41d3d31b4ccb0]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e v1.0",
"bindings": [
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "a4b8d482-80ce-40d6-934d-b22a01a44fe7 v1.0 LicenseManager",
"bindings": [
"ncalrpc:[LicenseServiceEndpoint]"
]
},
{
"protocol": "N/A",
"executable": "appmgmts.dll",
"explained_uuid": "8c7daf44-b6dc-11d1-9a4c-0020af6e7c57 v1.0 Group Policy RPC Interface",
"bindings": [
"ncalrpc:[LRPC-68bad16177e8c09c72]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "4ed8abcc-f1e2-438b-981f-bb0e8abc010c v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "[MS-EVEN6]: EventLog Remoting Protocol",
"executable": "wevtsvc.dll",
"explained_uuid": "f6beaff7-1e19-4fbb-9f8f-b89e2018337c v1.0 Event log TCPIP",
"bindings": [
"ncacn_ip_tcp:2.58.56.13[49666]",
"ncacn_np:\\\\COPY-OF-VM-2022[\\pipe\\eventlog]",
"ncalrpc:[eventlog]"
]
},
{
"protocol": "N/A",
"executable": "BFE.DLL",
"explained_uuid": "dd490425-5325-4565-b774-7e27d6c09c24 v1.0 Base Firewall Engine API",
"bindings": [
"ncalrpc:[LRPC-6e3abe0dfcd2418e5a]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0 v1.0",
"bindings": [
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "8bfc3be1-6def-4e2d-af74-7c47cd0ade4a v1.0",
"bindings": [
"ncalrpc:[LRPC-b8136b61c05f6a5051]",
"ncalrpc:[OLE0CA0AECB0722A339179DAD840195]",
"ncalrpc:[actkernel]",
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "3b338d89-6cfa-44b8-847e-531531bc9992 v1.0",
"bindings": [
"ncalrpc:[umpo]"
]
},
{
"protocol": "N/A",
"executable": "sysmain.dll",
"explained_uuid": "b58aa02e-2884-4e97-8176-4ee06d794184 v1.0",
"bindings": [
"ncalrpc:[LRPC-ca7c2065abbedd47a9]"
]
}
]
}
},
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 135,
"service_name": "DCERPC",
"source_ip": "162.142.125.113",
"transport_fingerprint": {
"raw": "65535,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "banner_grab",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "\ufffd\u0000\u0000\u0001\ufffd",
"banner_hashes": [
"sha256:ffda6a629d2fc268bbf42019878a56c91ba8a0ca8162c9caa291fff957623e04"
],
"banner_hex": "8300000182",
"discovery_method": "PREDICTIVE_METHOD_23",
"extended_service_name": "NETBIOS",
"observed_at": "2025-05-22T00:52:03.029750502Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 139,
"service_name": "NETBIOS",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "microsoft",
"product": "windows",
"source": "OSI_TRANSPORT_LAYER"
}
],
"source_ip": "162.142.125.204",
"transport_fingerprint": {
"id": 310,
"os": "Windows 2008 R2 / 2012",
"raw": "8192,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 200 OK\r\nDate: <REDACTED>\r\nServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30\r\nLast-Modified: Sun, 19 Nov 2023 10:41:05 GMT\r\nETag: \"1443-60a7f01a55240\"\r\nAccept-Ranges: bytes\r\nContent-Length: 5187\r\nContent-Type: text/html\r\n",
"banner_hashes": [
"sha256:aed5852ebe68342a5511d0340cd9f5d74da4e5f9727678c91c8f0dcb6cb36073"
],
"banner_hex": "485454502f312e3120323030204f4b0d0a446174653a20203c52454441435445443e0d0a5365727665723a204170616368652f322e342e3538202857696e363429204f70656e53534c2f332e312e33205048502f382e302e33300d0a4c6173742d4d6f6469666965643a2053756e2c203139204e6f7620323032332031303a34313a303520474d540d0a455461673a2022313434332d36306137663031613535323430220d0a4163636570742d52616e6765733a2062797465730d0a436f6e74656e742d4c656e6774683a20353138370d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a",
"certificate": "016973380c0f1df00bd9593ed8d5efa3706cd6df7993f6141272b80522acdd23",
"discovery_method": "PREDICTIVE_METHOD_20",
"extended_service_name": "HTTPS",
"http": {
"request": {
"method": "GET",
"uri": "https://2.58.56.13/dashboard/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 200,
"status_reason": "OK",
"headers": {
"Server": [
"Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30"
],
"_encoding": {
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Accept_Ranges": "DISPLAY_UTF8",
"Date": "DISPLAY_UTF8",
"ETag": "DISPLAY_UTF8",
"Last_Modified": "DISPLAY_UTF8"
},
"Content_Length": [
"5187"
],
"Content_Type": [
"text/html"
],
"Accept_Ranges": [
"bytes"
],
"Date": [
"<REDACTED>"
],
"ETag": [
"\"1443-60a7f01a55240\""
],
"Last_Modified": [
"Sun, 19 Nov 2023 10:41:05 GMT"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<title>Welcome to XAMPP</title>",
"<meta charset=\"utf-8\">",
"<meta content=\"IE=edge,chrome=1\" http-equiv=\"X-UA-Compatible\">",
"<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />",
"<meta name=\"description\" content=\"XAMPP is an easy to install Apache distribution containing MariaDB, PHP and Perl.\" />",
"<meta name=\"keywords\" content=\"xampp, apache, php, perl, mariadb, open source distribution\" />"
],
"body_size": 5187,
"body": "<!doctype html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <!-- Always force latest IE rendering engine or request Chrome Frame -->\n <meta content=\"IE=edge,chrome=1\" http-equiv=\"X-UA-Compatible\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n\n <!-- Use title if it's in the page YAML frontmatter -->\n <title>Welcome to XAMPP</title>\n\n <meta name=\"description\" content=\"XAMPP is an easy to install Apache distribution containing MariaDB, PHP and Perl.\" />\n <meta name=\"keywords\" content=\"xampp, apache, php, perl, mariadb, open source distribution\" />\n\n <link href=\"/dashboard/stylesheets/normalize.css\" rel=\"stylesheet\" type=\"text/css\" /><link href=\"/dashboard/stylesheets/all.css\" rel=\"stylesheet\" type=\"text/css\" />\n <link href=\"//cdnjs.cloudflare.com/ajax/libs/font-awesome/3.1.0/css/font-awesome.min.css\" rel=\"stylesheet\" type=\"text/css\" />\n\n <script src=\"/dashboard/javascripts/modernizr.js\" type=\"text/javascript\"></script>\n\n\n <link href=\"/dashboard/images/favicon.png\" rel=\"icon\" type=\"image/png\" />\n\n\n </head>\n\n <body class=\"index\">\n <div id=\"fb-root\"></div>\n <script>(function(d, s, id) {\n var js, fjs = d.getElementsByTagName(s)[0];\n if (d.getElementById(id)) return;\n js = d.createElement(s); js.id = id;\n js.src = \"//connect.facebook.net/en_US/all.js#xfbml=1&appId=277385395761685\";\n fjs.parentNode.insertBefore(js, fjs);\n }(document, 'script', 'facebook-jssdk'));</script>\n <header class=\"header contain-to-grid\">\n <nav class=\"top-bar\" data-topbar>\n <ul class=\"title-area\">\n <li class=\"name\">\n <h1><a href=\"/dashboard/index.html\">Apache Friends</a></h1>\n </li>\n <li class=\"toggle-topbar menu-icon\">\n <a href=\"#\">\n <span>Menu</span>\n </a>\n </li>\n </ul>\n\n <section class=\"top-bar-section\">\n <!-- Left Nav Section -->\n <ul class=\"left\">\n <li class=\"item \"><a href=\"/dashboard/faq.html\">FAQs</a></li>\n <li class=\"item \"><a href=\"/dashboard/howto.html\">HOW-TO Guides</a></li>\n <li class=\"item \"><a target=\"_blank\" href=\"/dashboard/phpinfo.php\">PHPInfo</a></li>\n <li class=\"item \"><a href=\"/phpmyadmin/\">phpMyAdmin</a></li>\n </ul>\n </section>\n </nav>\n </header>\n\n <div class=\"wrapper\">\n <div class=\"hero\">\n <div class=\"row\">\n <div class=\"large-12 columns\">\n <h1><img src=\"/dashboard/images/xampp-logo.svg\" />XAMPP <span>Apache + MariaDB + PHP + Perl</span></h1>\n </div>\n </div>\n</div>\n<div class=\"row\">\n <div class=\"large-12 columns\">\n <h2>Welcome to XAMPP for Windows 8.0.30</h2>\n </div>\n</div>\n<div class=\"row\">\n <div class=\"large-12 columns\">\n <p>\n You have successfully installed XAMPP on this system! Now you can start using Apache, MariaDB, PHP and other components.\n You can find more info in the <a href=\"/dashboard/faq.html\">FAQs</a> section or check the <a href=\"/dashboard/howto.html\">HOW-TO Guides</a> for getting started with PHP applications.\n </p>\n <p>\n XAMPP is meant only for development purposes. It has certain configuration settings that make it easy to develop locally but that are insecure if you want to have your installation accessible to others.\n </p>\n <p>\n Start the XAMPP Control Panel to check the server status.\n </p>\n </div>\n</div>\n<div class=\"row\">\n <div class=\"large-12 columns\">\n <h3>Community</h3>\n </div>\n</div>\n<div class=\"row\">\n <div class=\"large-12 columns\">\n <p>\n XAMPP has been around for more than 10 years – there is a huge community behind it. You can get involved by joining our <a href=\"https://community.apachefriends.org\">Forums</a>, liking us on <a href=\"https://www.facebook.com/we.are.xampp\">Facebook</a>, or following our exploits on <a href=\"https://twitter.com/apachefriends\">Twitter</a>.\n </p>\n </div>\n</div>\n\n\n </div>\n\n <footer class=\"footer row\">\n <div class=\"columns\">\n <div class=\"footer_lists-container row collapse\">\n <div class=\"footer_social columns large-2\">\n <ul class=\"social\">\n <li class=\"twitter\"><a href=\"https://twitter.com/apachefriends\">Follow us on Twitter</a></li>\n <li class=\"facebook\"><a href=\"https://www.facebook.com/we.are.xampp\">Like us on Facebook</a></li>\n</ul>\n\n <p class=\"footer_copyright\">Copyright (c) 2022, Apache Friends</p>\n </div>\n <ul class=\"footer_links columns large-9\">\n <li><a href=\"https://www.apachefriends.org/blog.html\">Blog</a></li>\n <li><a href=\"/privacy_policy.html\">Privacy Policy</a></li>\n <li>\n<a target=\"_blank\" href=\"http://www.fastly.com/\"> CDN provided by\n <img width=\"48\" data-2x=\"/dashboard/images/[email protected]\" src=\"/dashboard/images/fastly-logo.png\" />\n</a> </li>\n </ul>\n </div>\n </div>\n </footer>\n\n <!-- JS Libraries -->\n <script src=\"//code.jquery.com/jquery-1.10.2.min.js\"></script>\n <script src=\"/dashboard/javascripts/all.js\" type=\"text/javascript\"></script>\n </body>\n</html>\n",
"favicons": [
{
"size": 2508,
"name": "https://2.58.56.13/dashboard/images/favicon.png",
"md5_hash": "56f7c04657931f2d0b79371b2d6e9820",
"hashes": [
"sha256:0ce37ed9046fdaaee0efbc4d6705459427204d7353e961e6c20fbb0d5e081a46",
"md5:56f7c04657931f2d0b79371b2d6e9820"
],
"shodan_hash": 1927481616
},
{
"size": 30894,
"name": "https://2.58.56.13/favicon.ico",
"md5_hash": "6eb4a43cb64c97f76562af703893c8fd",
"hashes": [
"sha256:1d7c95c5eea00a8083a95810f902682f9e26e7fbb7876b022a403642d776d0c9",
"md5:6eb4a43cb64c97f76562af703893c8fd"
],
"shodan_hash": -1275226814
}
],
"body_hashes": [
"sha256:a30ba978322489eaee4aa52e54829ab3db2caca9cc187ace024139598847f5c2",
"sha1:55d1f54a73119fb9271f50e02eb40849280ea814",
"tlsh:d6b1933b64e91227125386a17a706b2cfed2d15beb0a694472dc521d9f93e83cd1f0cd"
],
"body_hash": "sha1:55d1f54a73119fb9271f50e02eb40849280ea814",
"html_title": "Welcome to XAMPP"
},
"supports_http2": false
},
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "2ad2ad16d2ad2ad00042d42d00000061256d32ed7779c14686ad100544dc8d",
"cipher_and_version_fingerprint": "2ad2ad16d2ad2ad00042d42d000000",
"tls_extensions_sha256": "61256d32ed7779c14686ad100544dc8d",
"observed_at": "2025-05-14T18:05:20.870411407Z"
},
"labels": [
"jquery",
"modernizr"
],
"observed_at": "2025-05-19T21:24:25.486427625Z",
"pending_removal_since": "2025-05-21T04:11:11.877426972Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 443,
"service_name": "HTTP",
"software": [
{
"product": "apache",
"other": {
"info": "(Win64) OpenSSL/3.1.3 PHP/8.0.30"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:xampp:xampp_server:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "XAMPP",
"product": "XAMPP Server",
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:*:openssl:3.1.3:*:*:*:*:*:*:*",
"part": "a",
"product": "OpenSSL",
"version": "3.1.3",
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:apache:http_server:2.4.58:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Apache",
"product": "HTTPD",
"version": "2.4.58",
"component_uniform_resource_identifiers": [
"cpe:2.3:a:*:openssl:3.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:*:php:8.0.30:*:*:*:*:*:*:*"
],
"other": {
"family": "Apache"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:*:php:8.0.30:*:*:*:*:*:*:*",
"part": "a",
"product": "PHP",
"version": "8.0.30",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.138.177",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "016973380c0f1df00bd9593ed8d5efa3706cd6df7993f6141272b80522acdd23",
"leaf_data": {
"subject_dn": "CN=localhost",
"issuer_dn": "CN=localhost",
"pubkey_bit_size": 1024,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "5c1ccae60a0866288a8e4c4b42ee59bd1f0e5c1ae2e67cd562f3069d664d9b5d",
"fingerprint": "016973380c0f1df00bd9593ed8d5efa3706cd6df7993f6141272b80522acdd23",
"issuer": {
"common_name": [
"localhost"
]
},
"subject": {
"common_name": [
"localhost"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "wSXTJ+PsrQ2Dam3nX5p1ECPikJ2gY5WPHUGaWNWcY4xbc4aQeczD1qOJuHW8HpR8fG7jregnXAvGDGr5DzL+s8R6ECMEKyko1Kr5sy9mEPinwc1gxGsoV+NnO/eezUgi3DjqSBOAOkCXVwxHNUY9cWKa7lOdYw5neijJpDT/Ge0=",
"exponent": "AAEAAQ==",
"length": 128
},
"fingerprint": "9ef15a1ce89f8df6b8fed558a36547e5205501e6b21fe5b00790e4716a3bd248"
},
"signature": {
"self_signed": true,
"signature_algorithm": "SHA1-RSA"
}
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036",
"ja4s": "t130200_1302_a56c5b993250",
"versions": [
{
"tls_version": "TLSv1_3",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036",
"ja4s": "t130200_1302_a56c5b993250"
},
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "0debd3853f330c574b05e0b6d882dc27",
"ja4s": "t120200_c030_344b4dce5a52"
}
]
},
"transport_fingerprint": {
"raw": "65535,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "smb",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "SMB SMB 3.0.2",
"banner_hashes": [
"sha256:729f6be41e181a9619ca668ca4ebfdb4072312ee0541bdd82c537c69e87ec834"
],
"banner_hex": "534d4220534d4220332e302e32",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "SMB",
"labels": [
"file-sharing"
],
"observed_at": "2025-05-21T05:05:19.409308129Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 445,
"service_name": "SMB",
"smb": {
"smb_version": {
"major": 3,
"revision": 2,
"version_string": "SMB 3.0.2",
"minor": 0
},
"smb_capabilities": {
"smb_dfs_support": true,
"smb_leasing_support": true,
"smb_multicredit_support": true,
"smb_multichan_support": false,
"smb_persistent_handle_support": false,
"smb_directory_leasing_support": false,
"smb_encryption_support": false
},
"has_ntlm": true,
"negotiation_log": {
"header_log": {
"_encoding": {
"protocol_id": "DISPLAY_HEX"
},
"protocol_id": "00000000fe534d42",
"credits": 1,
"flags": 1,
"status": 0,
"command": 0
},
"security_mode": 1,
"dialect_revision": 770,
"_encoding": {
"server_guid": "DISPLAY_HEX"
},
"server_guid": "0000000000000000000000000000000019f7f5dd86b8664191a676d3841957bb",
"capabilities": 7,
"system_time": 1747803919,
"server_start_time": 1240428288,
"authentication_types": [
"1.3.6.1.4.1.311.2.2.30",
"1.3.6.1.4.1.311.2.2.10"
]
},
"session_setup_log": {
"header_log": {
"_encoding": {
"protocol_id": "DISPLAY_HEX"
},
"protocol_id": "00000000fe534d42",
"status": 3221225494,
"command": 1,
"credits": 1,
"flags": 1
},
"target_name": "COPY-OF-VM-2022",
"negotiate_flags": 2726953477,
"setup_flags": 0
},
"smbv1_support": false
},
"source_ip": "167.94.146.55",
"transport_fingerprint": {
"raw": "65535,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "mysql",
"discovery_method": "PREDICTIVE_METHOD_20",
"extended_service_name": "MYSQL",
"labels": [
"database"
],
"mysql": {
"error_code": 1130,
"error_id": "ER_HOST_NOT_PRIVILEGED",
"error_message": "Host '167.94.138.206' is not allowed to connect to this MariaDB server",
"protocol_version": 0,
"connection_id": 0,
"character_set": 0
},
"observed_at": "2025-05-22T01:51:17.098858765Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 3306,
"service_name": "MYSQL",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "MariaDB",
"product": "MariaDB",
"other": {
"family": "MySQL"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.138.206",
"transport_fingerprint": {
"raw": "65535,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "rdp",
"_encoding": {
"certificate": "DISPLAY_HEX"
},
"certificate": "2abc1c4d6c439ddd8f34673633ceed1ca8c39a41b3f552d760222dc90158a969",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "RDP",
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "14d14d16d14d14d08c14d14d14d14dfd9c9d14e4f4f67f94f0359f8b28f532",
"cipher_and_version_fingerprint": "14d14d16d14d14d08c14d14d14d14d",
"tls_extensions_sha256": "fd9c9d14e4f4f67f94f0359f8b28f532",
"observed_at": "2025-05-16T15:40:01.408488924Z"
},
"labels": [
"network-administration",
"remote-access"
],
"observed_at": "2025-05-21T20:07:02.583348406Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 3389,
"rdp": {
"version": {
"major": -1,
"minor": -1,
"raw": 0
},
"protocol_flags": {
"extended_client_data_supported": true,
"dynvc_graphics_pipeline": true,
"neg_resp_reserved": true,
"restricted_admin_mode": true,
"restricted_auth_mode": true
},
"selected_security_protocol": {
"standard_rdp": true,
"tls": true,
"raw_value": 1,
"credssp": false,
"rdstls": false,
"credssp_early_auth": false,
"error": false,
"error_ssl_required": false,
"error_ssl_forbidden": false,
"error_ssl_cert_missing": false,
"error_bad_flags": false,
"error_hybrid_required": false,
"error_ssl_user_auth_required": false,
"error_unknown": false
},
"x224_cc_pdu_srcref": 13330,
"connect_response": {
"domain_parameters": {
"max_channel_ids": 34,
"max_user_id_channels": 3,
"num_priorities": 1,
"max_provider_height": 1,
"max_mcspdu_size": 65528,
"domain_protocol_version": 2,
"max_token_ids": 0,
"min_throughput": 0
},
"connect_id": 0
},
"certificate_info": {}
},
"service_name": "RDP",
"source_ip": "162.142.125.220",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "2abc1c4d6c439ddd8f34673633ceed1ca8c39a41b3f552d760222dc90158a969",
"leaf_data": {
"subject_dn": "CN=Copy-of-VM-2022",
"issuer_dn": "CN=Copy-of-VM-2022",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "b6ff16d633afafe33d02986c64803884fadd6af1b22d19d01b7c37dd4131f823",
"fingerprint": "2abc1c4d6c439ddd8f34673633ceed1ca8c39a41b3f552d760222dc90158a969",
"issuer": {
"common_name": [
"Copy-of-VM-2022"
]
},
"subject": {
"common_name": [
"Copy-of-VM-2022"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "ve6EHZPTAoAuNsJ+pol/8AkXAeMnHYiqnERNOiY5+D3xdkOvMDBR7HQDA1fou7yosAUT3ZOipnDWUxpxLa4+f/+1NCXFBDKZlcr/4J0d5nCroX5sSa8humTJZaylJ6K2rpFBvII/Vccu/nSayGVjRVqAlaOjxkIfWolNjQHGGj/FuPNBC8xRJJuw0Ukej389ScipHaxX3wrqX98lxVkPOla99RiiJA+Hp5zAeBzho84yG5dtqQQ+rSO48qaOpafgMtQS1jXOTOugA184fEdQf5USIf5nOH/UaiQfVIIXmk/MMHsBkzj1hh7sOGqnwYQXNJOCElY/c4GjW4WNuTGmLQ==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "a73d8b7f7051cf7e79ef67e74727f715134c571699f02bd16d11c81cb546aa62"
},
"signature": {
"self_signed": true,
"signature_algorithm": "SHA256-RSA"
}
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "f75082535b4a79c07b31bdd0e2b7eb87",
"ja4s": "t120100_009d_bc98f8e001b5",
"versions": [
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "f75082535b4a79c07b31bdd0e2b7eb87",
"ja4s": "t120100_009d_bc98f8e001b5"
},
{
"tls_version": "TLSv1_1",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "9f2e2080c0409c26ea913d9273e88773",
"ja4s": "t110100_0035_bc98f8e001b5"
},
{
"tls_version": "TLSv1_0",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "91589ea825a2ee41810c85fab06d2ef6",
"ja4s": "t100100_0035_bc98f8e001b5"
}
]
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "banner_grab",
"_encoding": {
"banner": "DISPLAY_UTF8"
},
"banner": "",
"banner_hashes": [
"sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"discovery_method": "PREDICTIVE_METHOD_18",
"extended_service_name": "WINRM",
"observed_at": "2025-05-21T03:10:44.640158603Z",
"parsed": {
"winrm": {
"auth_types": [
"Negotiate"
],
"ntlm_info": {
"encryption_56bit_supported": true,
"encryption_128bit_supported": true,
"ntlm1_supported": true,
"ntlm2_supported": true,
"always_sign_supported": true,
"challenge_type": 3,
"target_name": "COPY-OF-VM-2022",
"netbios_computer_name": "COPY-OF-VM-2022",
"netbios_domain_name": "COPY-OF-VM-2022",
"dns_server_name": "Copy-of-VM-2022",
"dns_domain_name": "Copy-of-VM-2022",
"os_version": "10.0.20348",
"ntlm_version": 15
}
}
},
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 5985,
"service_name": "WINRM",
"source_ip": "206.168.34.64",
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "banner_grab",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX"
},
"banner": "",
"banner_hashes": [
"sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"certificate": "e8226d72787fb88841b2a439bc72397f981e3983b07ce6699ce8070bdbd7534e",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "WINRM",
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "2ad2ad16d00000022c000000000000a8c820d3c34e26add345de07974cf54b",
"cipher_and_version_fingerprint": "2ad2ad16d00000022c000000000000",
"tls_extensions_sha256": "a8c820d3c34e26add345de07974cf54b",
"observed_at": "2025-05-16T15:40:16.997198442Z"
},
"observed_at": "2025-05-22T03:01:01.355146199Z",
"parsed": {
"winrm": {
"auth_types": [
"Negotiate",
"Basic realm=\"WSMAN\""
],
"ntlm_info": {
"encryption_56bit_supported": true,
"encryption_128bit_supported": true,
"ntlm1_supported": true,
"ntlm2_supported": true,
"always_sign_supported": true,
"challenge_type": 3,
"target_name": "COPY-OF-VM-2022",
"netbios_computer_name": "COPY-OF-VM-2022",
"netbios_domain_name": "COPY-OF-VM-2022",
"dns_server_name": "Copy-of-VM-2022",
"dns_domain_name": "Copy-of-VM-2022",
"os_version": "10.0.20348",
"ntlm_version": 15
}
}
},
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 5986,
"service_name": "WINRM",
"source_ip": "162.142.125.40",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "e8226d72787fb88841b2a439bc72397f981e3983b07ce6699ce8070bdbd7534e",
"leaf_data": {
"subject_dn": "CN=Cloudbase-Init WinRM",
"issuer_dn": "CN=Cloudbase-Init WinRM",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "9cf59234c3a99ce7edbd1c621a6b1f316238275f81d75b22cbb5d5f67545b777",
"fingerprint": "e8226d72787fb88841b2a439bc72397f981e3983b07ce6699ce8070bdbd7534e",
"issuer": {
"common_name": [
"Cloudbase-Init WinRM"
]
},
"subject": {
"common_name": [
"Cloudbase-Init WinRM"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "1wL5LxqcPz6cPwkChilvol/Zx5GIV6ooET2SRvLpWl42RvWR3G58rS0JIMJqnnx+cCb8Kb37TKkwnSATreKYCAvx6VFSL1rR2Z4VNtUtAVo+dDR8j5nZHFYwGvnNnNUev/iUAgz02IJfMxjcEdo8FYmRQcnHBaoTMQRDNAcdtPfjTNtevhbmEieGwJ48FbEw+0rACzpKnwNz6n7vXvDI3gPARWGqq6TZtYmY36V8MuO/F8KsS/HwaLXs9izWhLE+sF7ES83VPd1+Kt7hFVfpjuHzKlI83gRB7z1sb0LatoN1sQ82YYM+RSmerNz1yRZGdlvOfZpv4xoL4xlaVz0H6Q==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "506925abf63f40e383c6d044dbbabfabe0a3a9a7aac92e88216f1175766812d2"
},
"signature": {
"self_signed": true,
"signature_algorithm": "SHA256-RSA"
}
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036",
"ja4s": "t130200_1302_a56c5b993250",
"versions": [
{
"tls_version": "TLSv1_3",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036",
"ja4s": "t130200_1302_a56c5b993250"
},
{
"tls_version": "TLSv1_2",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "364ff14b04ef93c3b4cfa429d729c0d9",
"ja4s": "t120100_c030_bc98f8e001b5"
},
{
"tls_version": "TLSv1_1",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "1308be477c8afb355e2860ab89378ae5",
"ja4s": "t110100_c014_bc98f8e001b5"
},
{
"tls_version": "TLSv1_0",
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "bcf3a836c82d12ee988005fb0c011445",
"ja4s": "t100100_c014_bc98f8e001b5"
}
]
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 404 Not Found\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: <REDACTED>\r\nConnection: close\r\nContent-Length: 315\r\n",
"banner_hashes": [
"sha256:d7de42c1e8c09cf951e3ad6248fda3ab48a60ca3eac8b25effd4b3067df8f362"
],
"banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d75732d61736369690d0a5365727665723a204d6963726f736f66742d485454504150492f322e300d0a446174653a20203c52454441435445443e0d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d4c656e6774683a203331350d0a",
"discovery_method": "PREDICTIVE_METHOD_18",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://2.58.56.13:47001/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 404,
"status_reason": "Not Found",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"Microsoft-HTTPAPI/2.0"
],
"Content_Length": [
"315"
],
"Content_Type": [
"text/html; charset=us-ascii"
],
"Connection": [
"close"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<TITLE>Not Found</TITLE>",
"<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\">"
],
"body_size": 315,
"body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Not Found</h2>\r\n<hr><p>HTTP Error 404. The requested resource is not found.</p>\r\n</BODY></HTML>\r\n",
"body_hashes": [
"sha256:ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0",
"sha1:a66898b36c94c53766e66c1a7aaeb149447ec083",
"tlsh:8be07d6d9856aac542a0f4bc75d193b48115038fd4e547d90051b21714891bcc1f0dcf"
],
"body_hash": "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083",
"html_title": "Not Found"
},
"supports_http2": false
},
"observed_at": "2025-05-21T19:33:21.873690722Z",
"perspective_id": "PERSPECTIVE_UNKNOWN",
"port": 47001,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "Microsoft",
"product": "Windows",
"other": {
"family": "Windows"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:microsoft:http_api:2.0:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Microsoft",
"product": "HTTP API",
"version": "2.0",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.146.53",
"transport_protocol": "TCP",
"truncated": false
}
],
"location": {
"continent": "Europe",
"country": "Netherlands",
"country_code": "NL",
"city": "Lelystad",
"postal_code": "8224",
"timezone": "Europe/Amsterdam",
"province": "Flevoland",
"coordinates": {
"latitude": 52.50833,
"longitude": 5.475
}
},
"location_updated_at": "2025-05-09T03:23:48.884395745Z",
"autonomous_system": {
"asn": 210558,
"description": "SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK",
"bgp_prefix": "2.58.56.0/24",
"name": "SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK",
"country_code": "DE"
},
"autonomous_system_updated_at": "2025-05-09T03:23:48.884551607Z",
"whois": {
"network": {
"handle": "DE-1337SERVICES-20190321",
"name": "1337 Services GmbH",
"cidrs": [
"2.58.56.0/24"
],
"created": "2022-10-31T00:00:00Z",
"updated": "2025-04-23T00:00:00Z"
},
"organization": {
"handle": "ORG-SG394-RIPE",
"name": "1337 Services GmbH",
"address": "Ludwig-Erhard-Str. 18\\n20459\\nHamburg\\nGERMANY",
"abuse_contacts": [
{
"handle": "AR65902-RIPE",
"name": "Abuse-C Role",
"email": "[email protected]"
}
],
"admin_contacts": [
{
"handle": "SN9633-RIPE",
"name": "1337 Services NOC",
"email": "[email protected]"
}
]
}
},
"operating_system": {
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "Microsoft",
"product": "Windows",
"other": {
"family": "Windows"
}
},
"dns": {
"reverse_dns": {
"names": [
"2.58.56.13.powered.by.rdp.sh"
],
"resolved_at": "2025-05-10T09:30:13.713303193Z"
}
},
"last_updated_at": "2025-05-22T03:04:04.716Z",
"labels": [
"database",
"file-sharing",
"jquery",
"modernizr",
"network-administration",
"remote-access"
]
}