31.31.198.216

As of: Feb 06, 2023 12:49am UTC | Latest

Basic Information

Reverse DNS: spl96.hosting.reg.ru
OS: linux
Network: AS-REG (RU)
Routing: 31.31.198.0/24 via AS197695
Protocols: 21/FTP , 22/SSH , 25/SMTP , 53/DNS , 80/HTTP , 110/POP3 , 111/PORTMAP , 143/IMAP , 443/HTTP , 465/SMTP , 587/SMTP , 993/IMAP , 995/POP3 , 3306/MYSQL , 4190/PIGEONHOLE , 8443/HTTP , 8880/HTTP

21/FTP TCP
Observed Feb 05, 2023 at 1:56am UTC

View All Data

Software

ProFTPD Project ProFTPD

Details

Banner

220 ProFTPD Server (ProFTPD) [31.31.198.216]

Auth TLS Response

234 AUTH TLS successful

Status Code

220

Status Meaning

Service ready for new user.

TLS

JA3S: 303951d4c50efb2e991652225a6f02b1
Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

22/SSH TCP
Observed Feb 05, 2023 at 4:05am UTC

View All Data

Software

linux

Dropbear SSH Project Dropbear SSH 2022.82

Details

Algorithm: ecdsa-sha2-nistp256
Fingerprint: 9b8b116109a495b2c75ee345ccc10daa50a81722aaf3cdce6ecd8a6eb41b653b
Key Exchange: [email protected]
Symmetric Cipher: aes128-ctr [] aes128-ctr []
MAC: hmac-sha2-256 [] hmac-sha2-256 []

25/SMTP TCP
Observed Feb 04, 2023 at 3:34pm UTC

View All Data

Software

Postfix

Details

Banner

220 spl96.hosting.reg.ru ESMTP Postfix

EHLO

250-spl96.hosting.reg.ru
250-PIPELINING
250-SIZE 52428800
250-ETRN
250-STARTTLS
250-AUTH CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING

Start TLS

220 2.0.0 Ready to start TLS

TLS

JA3S: 303951d4c50efb2e991652225a6f02b1
Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

53/DNS UDP
Observed Feb 05, 2023 at 5:00pm UTC

View All Data

Details

Server Type: AUTHORITATIVE
R Code: REFUSED

80/HTTP TCP
Observed Feb 05, 2023 at 5:00pm UTC

View All Data Go

Software

PleskLin

nginx

Details

http://31.31.198.216

Request

GET /

Protocol

HTTP/1.1

Status Code

200

Status Reason

Body Hash

sha1:cf1c4b1e5f18d99aaf0cb9d4960dae1ea75e8f78

HTML Title

Домен не&nbsp;добавлен в&nbsp;панели

Response Body

110/POP3 TCP
Observed Feb 04, 2023 at 2:02pm UTC

View All Data

Software

Dovecot

Details

Banner

+OK Dovecot ready. <[email protected]>

Start TLS

+OK Begin TLS negotiation now.

TLS

JA3S: 303951d4c50efb2e991652225a6f02b1
Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

111/PORTMAP UDP
Observed Feb 05, 2023 at 5:00pm UTC

View All Data

Details

Banner (Hex)

  00000000
00000010
00000020
00000030
00000040
00000050
00000060
00000070
00000080
00000090
1a a9 ff e1 00 00 00 01  00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00  00 00 00 01 00 01 86 a0 
00 00 00 04 00 00 00 06  00 00 00 6f 00 00 00 01 
00 01 86 a0 00 00 00 03  00 00 00 06 00 00 00 6f 
00 00 00 01 00 01 86 a0  00 00 00 02 00 00 00 06 
00 00 00 6f 00 00 00 01  00 01 86 a0 00 00 00 04 
00 00 00 11 00 00 00 6f  00 00 00 01 00 01 86 a0 
00 00 00 03 00 00 00 11  00 00 00 6f 00 00 00 01 
00 01 86 a0 00 00 00 02  00 00 00 11 00 00 00 6f 
00 00 00 00                                      
................
................
...........o....
...............o
................
...o............
.......o........
...........o....
...............o
....

143/IMAP TCP
Observed Feb 05, 2023 at 4:41am UTC

View All Data

Details

Banner

* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.

Start TLS

a001 OK Begin TLS negotiation now.

TLS

JA3S: 303951d4c50efb2e991652225a6f02b1
Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

443/HTTP TCP
Observed Feb 04, 2023 at 1:51pm UTC

View All Data Go

Software

linux

PleskLin

nginx

Details

https://31.31.198.216

Request

GET /

Protocol

HTTP/1.1

Status Code

200

Status Reason

Body Hash

sha1:cf1c4b1e5f18d99aaf0cb9d4960dae1ea75e8f78

HTML Title

Домен не&nbsp;добавлен в&nbsp;панели

Response Body

TLS

JARM: 29d29d00029d29d00042d42d0000005d86ccb1a0567e012264097a0315d7a7
JA3S: 15af977ce25de452b96affa2addb1036
Version Selected: TLSv1_3
Cipher Selected: TLS_AES_256_GCM_SHA384

465/SMTP TCP
Observed Feb 05, 2023 at 11:20pm UTC

View All Data

Software

linux

Postfix

Details

Banner

220 spl96.hosting.reg.ru ESMTP Postfix

EHLO

250-spl96.hosting.reg.ru
250-PIPELINING
250-SIZE 52428800
250-ETRN
250-AUTH CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING

TLS

JA3S: 303951d4c50efb2e991652225a6f02b1
Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

587/SMTP TCP
Observed Feb 04, 2023 at 9:16pm UTC

View All Data

Software

Postfix

Details

Banner

220 spl96.hosting.reg.ru ESMTP Postfix

EHLO

250-spl96.hosting.reg.ru
250-PIPELINING
250-SIZE 52428800
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING

Start TLS

220 2.0.0 Ready to start TLS

TLS

JA3S: 303951d4c50efb2e991652225a6f02b1
Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

993/IMAP TCP
Observed Feb 05, 2023 at 5:03am UTC

View All Data

Details

Banner

* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.

TLS

JARM: 29d29d15d29d29d21c29d29d29d29d579b2ec9bfaf00aff9d6fe780b7932ae
JA3S: 303951d4c50efb2e991652225a6f02b1
Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

995/POP3 TCP
Observed Feb 05, 2023 at 2:01pm UTC

View All Data

Software

linux

Dovecot

Details

Banner

+OK Dovecot ready. <5b05.6df7.63dfb69c./[email protected]>

TLS

JA3S: 303951d4c50efb2e991652225a6f02b1
Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

3306/MYSQL TCP
Observed Feb 05, 2023 at 9:17pm UTC

View All Data

Software

Oracle MySQL 5.7.27-30

Details

Protocol Version: 10
Character Set: 8

TLS

JA3S: 303951d4c50efb2e991652225a6f02b1
Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

4190/PIGEONHOLE TCP
Observed Feb 04, 2023 at 1:51pm UTC

View All Data

Details

Banner

"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4

8443/HTTP TCP
Observed Feb 05, 2023 at 5:35am UTC

View All Data Go

Software

Parallels Plesk Panel

Parallels Plesk

Details

https://31.31.198.216:8443

Request

GET /login_up.php

Protocol

HTTP/1.1

Status Code

200

Status Reason

Body Hash

sha1:9fc84a3126bdb024fb8a8166f46e726c848d9107

HTML Title

Reg.ru Plesk Panel

Response Body

TLS

JARM: 29d29d00029d29d21c29d29d29d29d6a7bd8f51d54bfc07e1cd34e5ca50bb3
JA3S: ccc514751b175866924439bdbb5bba34
Version Selected: TLSv1_2
Cipher Selected: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

8880/HTTP TCP
Observed Feb 05, 2023 at 8:35pm UTC

View All Data Go

Software

Parallels Plesk Panel

Parallels Plesk

Details

http://31.31.198.216:8880

Request

GET /login_up.php

Protocol

HTTP/1.1

Status Code

200

Status Reason

Body Hash

sha1:5eed201da53494808dc2be35dec67b8551955325

HTML Title

Reg.ru Plesk Panel

Response Body

Geographic Location

Country: Russia (RU)
Coordinates: 55.7386, 37.6068
Timezone: Europe/Moscow

31.31.198.216

Basic Information

21/FTP TCP Observed Feb 05, 2023 at 1:56am UTC

Software

ProFTPD Project ProFTPD

Details

TLS

Fingerprint

Handshake

Leaf Certificate

Issuer Chain

22/SSH TCP Observed Feb 05, 2023 at 4:05am UTC

Software

linux

Dropbear SSH Project Dropbear SSH 2022.82

Details

Host Key

Negotiated

25/SMTP TCP Observed Feb 04, 2023 at 3:34pm UTC

Software

Postfix

Details

TLS

Fingerprint

Handshake

Leaf Certificate

Issuer Chain

53/DNS UDP Observed Feb 05, 2023 at 5:00pm UTC

Details

80/HTTP TCP Observed Feb 05, 2023 at 5:00pm UTC

Software

PleskLin

nginx

Details

http://31.31.198.216

110/POP3 TCP Observed Feb 04, 2023 at 2:02pm UTC

Software

Dovecot

Details

TLS

Fingerprint

Handshake

Leaf Certificate

Issuer Chain

111/PORTMAP UDP Observed Feb 05, 2023 at 5:00pm UTC

Details

Banner (Hex)

143/IMAP TCP Observed Feb 05, 2023 at 4:41am UTC

Details

TLS

Fingerprint

Handshake

Leaf Certificate

Issuer Chain

443/HTTP TCP Observed Feb 04, 2023 at 1:51pm UTC

Software

linux

PleskLin

nginx

Details

https://31.31.198.216

TLS

Fingerprint

Handshake

Leaf Certificate

Issuer Chain

465/SMTP TCP Observed Feb 05, 2023 at 11:20pm UTC

Software

linux

Postfix

Details

TLS

Fingerprint

Handshake

Leaf Certificate

Issuer Chain

587/SMTP TCP Observed Feb 04, 2023 at 9:16pm UTC

Software

Postfix

Details

21/FTP TCP
Observed Feb 05, 2023 at 1:56am UTC

22/SSH TCP
Observed Feb 05, 2023 at 4:05am UTC

25/SMTP TCP
Observed Feb 04, 2023 at 3:34pm UTC

53/DNS UDP
Observed Feb 05, 2023 at 5:00pm UTC

80/HTTP TCP
Observed Feb 05, 2023 at 5:00pm UTC

110/POP3 TCP
Observed Feb 04, 2023 at 2:02pm UTC

111/PORTMAP UDP
Observed Feb 05, 2023 at 5:00pm UTC

143/IMAP TCP
Observed Feb 05, 2023 at 4:41am UTC

443/HTTP TCP
Observed Feb 04, 2023 at 1:51pm UTC

465/SMTP TCP
Observed Feb 05, 2023 at 11:20pm UTC

587/SMTP TCP
Observed Feb 04, 2023 at 9:16pm UTC

993/IMAP TCP
Observed Feb 05, 2023 at 5:03am UTC

995/POP3 TCP
Observed Feb 05, 2023 at 2:01pm UTC

3306/MYSQL TCP
Observed Feb 05, 2023 at 9:17pm UTC

4190/PIGEONHOLE TCP
Observed Feb 04, 2023 at 1:51pm UTC

8443/HTTP TCP
Observed Feb 05, 2023 at 5:35am UTC

8880/HTTP TCP
Observed Feb 05, 2023 at 8:35pm UTC