31.31.196.28

As of: Sep 27, 2023 11:28am UTC | Latest

Basic Information

Reverse DNS: server209.hosting.reg.ru
OS: linux
Network: AS-REG (RU)
Routing: 31.31.196.0/24 via AS197695
Protocols: 21/FTP , 22/SSH , 25/SMTP , 53/DNS , 80/HTTP , 110/POP3 , 111/PORTMAP , 143/IMAP , 443/HTTP , 465/SMTP , 587/SMTP , 993/IMAP , 995/POP3 , 1500/HTTP , 3306/MYSQL
Labels: database , email , file-sharing , remote-access

21/FTP TCP
Observed Sep 26, 2023 at 10:38am UTC

View All Data

Labels

File Sharing

Details

Banner

220 FTP Server ready.

Auth TLS Response

234 AUTH TLS successful

Status Code

220

Status Meaning

Service ready for new user.

TLS

Fingerprint

JA3S: 303951d4c50efb2e991652225a6f02b1

Handshake

Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Leaf Certificate

9693742aab10afb226c0ef0ee86a13fbbd4256bf3ba659a0c0bf5cc38803d672
CN=*.hosting.reg.ru
C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4

22/SSH TCP
Observed Sep 27, 2023 at 7:19am UTC

View All Data

Labels

Remote Access

Software

linux

Dropbear SSH Project Dropbear SSH 2022.82

Details

Host Key

Algorithm: ecdsa-sha2-nistp256
Fingerprint: e52702aad3c4363b464c7a64cd8dbc45c9d1bd027c318575c74abc546b4f7de0

Negotiated

Key Exchange: [email protected]
Symmetric Cipher: aes128-ctr [] aes128-ctr []
MAC: hmac-sha2-256 [] hmac-sha2-256 []

25/SMTP TCP
Observed Sep 26, 2023 at 6:41pm UTC

View All Data

Labels

Email

Software

linux

exim 4.96

Details

Banner

220 server209.hosting.reg.ru ESMTP Exim 4.96 Tue, 26 Sep 2023 21:41:24 +0300

EHLO

250-server209.hosting.reg.ru Hello scanner-26.ch1.censys-scanner.com [167.248.133.125]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-PIPECONNECT
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP

Start TLS

220 TLS go ahead

TLS

Fingerprint

JA3S: 303951d4c50efb2e991652225a6f02b1

Handshake

Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Leaf Certificate

9693742aab10afb226c0ef0ee86a13fbbd4256bf3ba659a0c0bf5cc38803d672
CN=*.hosting.reg.ru
C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4

Issuer Chain

7c4e90207b2b7caec080426cc469908cb27b925ee3b1c999c22b8568812fda8c

53/DNS UDP
Observed Sep 26, 2023 at 8:57pm UTC

View All Data

Details

Server Type: AUTHORITATIVE
R Code: REFUSED

80/HTTP TCP
Observed Sep 26, 2023 at 8:18am UTC

View All Data Go

Software

nginx

Details

http://31.31.196.28

Request

GET /

Protocol

HTTP/1.1

Status Code

200

Status Reason

Body Hash

sha1:ce9c7868089c71d595acb3c3aad088605927b1f4

HTML Title

Домен не&nbsp;добавлен в&nbsp;панели

Response Body

110/POP3 TCP
Observed Sep 25, 2023 at 3:15pm UTC

View All Data

Labels

Email

Software

linux

Dovecot

Details

Banner

+OK Dovecot ready.

Start TLS

+OK Begin TLS negotiation now.

TLS

Fingerprint

JA3S: 303951d4c50efb2e991652225a6f02b1

Handshake

Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Leaf Certificate

9693742aab10afb226c0ef0ee86a13fbbd4256bf3ba659a0c0bf5cc38803d672
CN=*.hosting.reg.ru
C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4

Issuer Chain

7c4e90207b2b7caec080426cc469908cb27b925ee3b1c999c22b8568812fda8c

111/PORTMAP UDP
Observed Sep 26, 2023 at 2:09am UTC

View All Data

Details

Banner (Hex)

  00000000
00000010
00000020
00000030
00000040
00000050
00000060
00000070
00000080
00000090
1a a9 ff e1 00 00 00 01  00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00  00 00 00 01 00 01 86 a0 
00 00 00 04 00 00 00 06  00 00 00 6f 00 00 00 01 
00 01 86 a0 00 00 00 03  00 00 00 06 00 00 00 6f 
00 00 00 01 00 01 86 a0  00 00 00 02 00 00 00 06 
00 00 00 6f 00 00 00 01  00 01 86 a0 00 00 00 04 
00 00 00 11 00 00 00 6f  00 00 00 01 00 01 86 a0 
00 00 00 03 00 00 00 11  00 00 00 6f 00 00 00 01 
00 01 86 a0 00 00 00 02  00 00 00 11 00 00 00 6f 
00 00 00 00                                      
................
................
...........o....
...............o
................
...o............
.......o........
...........o....
...............o
....

143/IMAP TCP
Observed Sep 26, 2023 at 3:12pm UTC

View All Data

Labels

Email

Software

Dovecot

Details

Banner

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

Start TLS

a001 OK Begin TLS negotiation now.

TLS

Fingerprint

JA3S: 303951d4c50efb2e991652225a6f02b1

Handshake

Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Leaf Certificate

9693742aab10afb226c0ef0ee86a13fbbd4256bf3ba659a0c0bf5cc38803d672
CN=*.hosting.reg.ru
C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4

Issuer Chain

7c4e90207b2b7caec080426cc469908cb27b925ee3b1c999c22b8568812fda8c

443/HTTP TCP
Observed Sep 27, 2023 at 6:51am UTC

View All Data Go

Software

nginx

Details

https://31.31.196.28

Request

GET /

Protocol

HTTP/1.1

Status Code

200

Status Reason

Body Hash

sha1:ce9c7868089c71d595acb3c3aad088605927b1f4

HTML Title

Домен не&nbsp;добавлен в&nbsp;панели

Response Body

TLS

Fingerprint

JARM: 29d29d00029d29d00042d42d0000005d86ccb1a0567e012264097a0315d7a7
JA3S: 15af977ce25de452b96affa2addb1036

Handshake

Version Selected: TLSv1_3
Cipher Selected: TLS_AES_256_GCM_SHA384

Leaf Certificate

9693742aab10afb226c0ef0ee86a13fbbd4256bf3ba659a0c0bf5cc38803d672
CN=*.hosting.reg.ru
C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4

Issuer Chain

7c4e90207b2b7caec080426cc469908cb27b925ee3b1c999c22b8568812fda8c

ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

465/SMTP TCP
Observed Sep 26, 2023 at 5:05pm UTC

View All Data

Labels

Email

Software

exim 4.96

Details

Banner

220 server209.hosting.reg.ru ESMTP Exim 4.96 Tue, 26 Sep 2023 20:05:51 +0300

EHLO

250-server209.hosting.reg.ru Hello scanner-04.ch1.censys-scanner.com [162.142.125.12]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-PIPECONNECT
250-AUTH LOGIN PLAIN
250 HELP

TLS

Fingerprint

JARM: 05d02d20d21d20d05c05d02d05d20da01e52cd5e3f9306da4ac348a0fe7af8
JA3S: 303951d4c50efb2e991652225a6f02b1

Handshake

Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Leaf Certificate

9693742aab10afb226c0ef0ee86a13fbbd4256bf3ba659a0c0bf5cc38803d672
CN=*.hosting.reg.ru
C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4

Issuer Chain

7c4e90207b2b7caec080426cc469908cb27b925ee3b1c999c22b8568812fda8c

587/SMTP TCP
Observed Sep 27, 2023 at 9:10am UTC

View All Data

Labels

Email

Software

exim 4.96

Details

Banner

220 server209.hosting.reg.ru ESMTP Exim 4.96 Wed, 27 Sep 2023 12:10:47 +0300

EHLO

250-server209.hosting.reg.ru Hello scanner-04.ch1.censys-scanner.com [162.142.125.13]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-PIPECONNECT
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP

Start TLS

220 TLS go ahead

TLS

Fingerprint

JA3S: 303951d4c50efb2e991652225a6f02b1

Handshake

Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Leaf Certificate

9693742aab10afb226c0ef0ee86a13fbbd4256bf3ba659a0c0bf5cc38803d672
CN=*.hosting.reg.ru
C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4

Issuer Chain

7c4e90207b2b7caec080426cc469908cb27b925ee3b1c999c22b8568812fda8c

993/IMAP TCP
Observed Sep 26, 2023 at 11:36pm UTC

View All Data

Labels

Email

Software

linux

Dovecot

Details

Banner

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

TLS

Fingerprint

JARM: 05d02d20d21d20d05c05d02d05d20da23a7a927f270a23608b3c7a72999cab
JA3S: 303951d4c50efb2e991652225a6f02b1

Handshake

Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Leaf Certificate

9693742aab10afb226c0ef0ee86a13fbbd4256bf3ba659a0c0bf5cc38803d672
CN=*.hosting.reg.ru
C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4

Issuer Chain

7c4e90207b2b7caec080426cc469908cb27b925ee3b1c999c22b8568812fda8c

995/POP3 TCP
Observed Sep 27, 2023 at 11:28am UTC

View All Data

Labels

Email

Software

linux

Dovecot

Details

Banner

+OK Dovecot ready.

TLS

Fingerprint

JARM: 05d02d20d21d20d05c05d02d05d20da23a7a927f270a23608b3c7a72999cab
JA3S: 303951d4c50efb2e991652225a6f02b1

Handshake

Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Leaf Certificate

9693742aab10afb226c0ef0ee86a13fbbd4256bf3ba659a0c0bf5cc38803d672
CN=*.hosting.reg.ru
C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4

Issuer Chain

7c4e90207b2b7caec080426cc469908cb27b925ee3b1c999c22b8568812fda8c

1500/HTTP TCP
Observed Sep 26, 2023 at 2:55pm UTC

View All Data Go

Software

linux

Details

https://31.31.196.28:1500

Request

GET /

Protocol

HTTP/1.1

Status Code

200

Status Reason

Body Hash

sha1:d665754edabfee98b8ddba3e87edb66610db45bc

HTML Title

Authorization

Response Body

      Javascript required for login

Your browser is out of date, so the interface may work incorrectly. Please
update or change the browser

TLS

Fingerprint

JARM: 29d02d00029d29d22c29d02d29d29ddec047dae5c8df4f14546ec68b9cee76
JA3S: 303951d4c50efb2e991652225a6f02b1

Handshake

Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Leaf Certificate

9693742aab10afb226c0ef0ee86a13fbbd4256bf3ba659a0c0bf5cc38803d672
CN=*.hosting.reg.ru
C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4

Issuer Chain

7c4e90207b2b7caec080426cc469908cb27b925ee3b1c999c22b8568812fda8c

3306/MYSQL TCP
Observed Sep 26, 2023 at 12:26am UTC

View All Data

Labels

Database

Software

Oracle MySQL 5.7.27-30

linux

Details

Protocol Version: 10
Character Set: 8

TLS

Fingerprint

JA3S: 303951d4c50efb2e991652225a6f02b1

Handshake

Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Leaf Certificate

281e864663a978b0facc45ca7960d21d03b1b8787c846ab6b55fd4c684ac8f02
CN=MySQL_Server_5.7.23-24_Auto_Generated_Server_Certificate
CN=MySQL_Server_5.7.23-24_Auto_Generated_CA_Certificate

Issuer Chain

af33dd4aec3d0e44c68d14c51c03d49f1fba029195952f1098199163f3c46eb9

Geographic Location

City: Moscow
Province: Moscow
Country: Russia (RU)
Coordinates: 55.75222, 37.61556
Timezone: Europe/Moscow

31.31.196.28

Basic Information

21/FTP TCP Observed Sep 26, 2023 at 10:38am UTC

Labels

File Sharing

Details

TLS

Fingerprint

Handshake

Leaf Certificate

22/SSH TCP Observed Sep 27, 2023 at 7:19am UTC

Labels

Remote Access

Software

linux

Dropbear SSH Project Dropbear SSH 2022.82

Details

Host Key

Negotiated

25/SMTP TCP Observed Sep 26, 2023 at 6:41pm UTC

Labels

Email

Software

linux

exim 4.96

Details

TLS

Fingerprint

Handshake

Leaf Certificate

Issuer Chain

53/DNS UDP Observed Sep 26, 2023 at 8:57pm UTC

Details

80/HTTP TCP Observed Sep 26, 2023 at 8:18am UTC

Software

nginx

Details

http://31.31.196.28

110/POP3 TCP Observed Sep 25, 2023 at 3:15pm UTC

Labels

Email

Software

linux

Dovecot

Details

TLS

Fingerprint

Handshake

Leaf Certificate

Issuer Chain

111/PORTMAP UDP Observed Sep 26, 2023 at 2:09am UTC

Details

Banner (Hex)

143/IMAP TCP Observed Sep 26, 2023 at 3:12pm UTC

Labels

Email

Software

Dovecot

Details

TLS

Fingerprint

Handshake

Leaf Certificate

Issuer Chain

443/HTTP TCP Observed Sep 27, 2023 at 6:51am UTC

Software

nginx

Details

https://31.31.196.28

TLS

Fingerprint

Handshake

Leaf Certificate

Issuer Chain

465/SMTP TCP Observed Sep 26, 2023 at 5:05pm UTC

Labels

Email

Software

exim 4.96

Details

21/FTP TCP
Observed Sep 26, 2023 at 10:38am UTC

22/SSH TCP
Observed Sep 27, 2023 at 7:19am UTC

25/SMTP TCP
Observed Sep 26, 2023 at 6:41pm UTC

53/DNS UDP
Observed Sep 26, 2023 at 8:57pm UTC

80/HTTP TCP
Observed Sep 26, 2023 at 8:18am UTC

110/POP3 TCP
Observed Sep 25, 2023 at 3:15pm UTC

111/PORTMAP UDP
Observed Sep 26, 2023 at 2:09am UTC

143/IMAP TCP
Observed Sep 26, 2023 at 3:12pm UTC

443/HTTP TCP
Observed Sep 27, 2023 at 6:51am UTC

465/SMTP TCP
Observed Sep 26, 2023 at 5:05pm UTC

587/SMTP TCP
Observed Sep 27, 2023 at 9:10am UTC

993/IMAP TCP
Observed Sep 26, 2023 at 11:36pm UTC

995/POP3 TCP
Observed Sep 27, 2023 at 11:28am UTC

1500/HTTP TCP
Observed Sep 26, 2023 at 2:55pm UTC

3306/MYSQL TCP
Observed Sep 26, 2023 at 12:26am UTC