36.26.70.203
As of: Dec 06, 2024 8:32pm UTC |
Latest
{
"ip": "36.26.70.203",
"services": [
{
"_decoded": "banner_grab",
"_encoding": {
"banner": "DISPLAY_UTF8"
},
"banner": "",
"banner_hashes": [
"sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"discovery_method": "PREDICTIVE_METHOD_16",
"extended_service_name": "DCERPC",
"observed_at": "2024-12-05T19:46:23.254894716Z",
"parsed": {
"dcerpc": {
"could_bind": true,
"could_query_epm": true,
"endpoints": [
{
"protocol": "[MS-EVEN6]: EventLog Remoting Protocol",
"executable": "wevtsvc.dll",
"explained_uuid": "f6beaff7-1e19-4fbb-9f8f-b89e2018337c v1.0 Event log TCPIP",
"bindings": [
"ncacn_ip_tcp:192.168.0.19[49153]",
"ncacn_np:\\\\ECS-6FDB-100875[\\pipe\\eventlog]",
"ncalrpc:[eventlog]"
]
},
{
"protocol": "N/A",
"executable": "MPSSVC.dll",
"explained_uuid": "7f9d11bf-7fb9-436b-a812-b2d50c5d4c03 v1.0 Fw APIs",
"bindings": [
"ncalrpc:[LRPC-5f165e7f5b13b8412c]"
]
},
{
"protocol": "[MS-CMPO]: MSDTC Connection Manager:",
"executable": "msdtcprx.dll",
"explained_uuid": "906b0ce0-c70b-1067-b317-00dd010662da v1.0",
"bindings": [
"ncalrpc:[LRPC-02feb1dcb7eb54c943]",
"ncalrpc:[OLE891266598B7B4FBC8C5CB672B5F0]",
"ncalrpc:[LRPC-815dbed1a1f9004763]",
"ncalrpc:[LRPC-815dbed1a1f9004763]",
"ncalrpc:[LRPC-815dbed1a1f9004763]",
"ncalrpc:[LRPC-815dbed1a1f9004763]"
]
},
{
"protocol": "N/A",
"executable": "IKEEXT.DLL",
"explained_uuid": "a398e520-d59a-4bdd-aa7a-3c1e0303a511 v1.0 IKE/Authip API",
"bindings": [
"ncalrpc:[senssvc]",
"ncalrpc:[OLE0883CDB6E93C4F1884F5DA70FD33]",
"ncalrpc:[IUserProfile2]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "3473dd4d-2e88-4006-9cba-22570909dd10 v5.1 WinHttp Auto-Proxy Service",
"bindings": [
"ncacn_np:\\\\ECS-6FDB-100875[\\PIPE\\W32TIME_ALT]",
"ncalrpc:[W32TIME_ALT]",
"ncalrpc:[LRPC-04810c404526ec01c3]",
"ncalrpc:[OLEF0EA4DBD2B784455AAD2A6E0BB93]"
]
},
{
"protocol": "[MS-SAMR]: Security Account Manager (SAM) Remote Protocol",
"executable": "samsrv.dll",
"explained_uuid": "12345778-1234-abcd-ef00-0123456789ac v1.0",
"bindings": [
"ncacn_ip_tcp:192.168.0.19[49162]",
"ncalrpc:[samss lpc]",
"ncalrpc:[dsrole]",
"ncacn_np:\\\\ECS-6FDB-100875[\\PIPE\\protected_storage]",
"ncalrpc:[protected_storage]",
"ncalrpc:[lsasspirpc]",
"ncalrpc:[lsapolicylookup]",
"ncalrpc:[LSARPC_ENDPOINT]",
"ncalrpc:[securityevent]",
"ncalrpc:[audit]",
"ncalrpc:[LRPC-5ef6041de42022af85]",
"ncacn_np:\\\\ECS-6FDB-100875[\\pipe\\lsass]"
]
},
{
"protocol": "N/A",
"executable": "MPSSVC.dll",
"explained_uuid": "2fb92682-6599-42dc-ae13-bd2ca89bd11c v1.0 Fw APIs",
"bindings": [
"ncalrpc:[LRPC-5f165e7f5b13b8412c]"
]
},
{
"protocol": "[MS-RSP]: Remote Shutdown Protocol",
"executable": "wininit.exe",
"explained_uuid": "d95afe70-a6d5-4259-822e-2c84da1ddb0d v1.0",
"bindings": [
"ncacn_ip_tcp:192.168.0.19[49152]",
"ncalrpc:[WindowsShutdown]",
"ncacn_np:\\\\ECS-6FDB-100875[\\PIPE\\InitShutdown]",
"ncalrpc:[WMsgKRpc04EA80]"
]
},
{
"protocol": "N/A",
"executable": "iphlpsvc.dll",
"explained_uuid": "552d076a-cb29-4e44-8b6a-d15e59e2c0af v1.0 IP Transition Configuration endpoint",
"bindings": [
"ncacn_np:\\\\ECS-6FDB-100875[\\PIPE\\srvsvc]",
"ncalrpc:[senssvc]",
"ncalrpc:[OLE0883CDB6E93C4F1884F5DA70FD33]",
"ncalrpc:[IUserProfile2]"
]
},
{
"protocol": "N/A",
"executable": "gpsvc.dll",
"explained_uuid": "2eb08e3e-639f-4fba-97b1-14f878961076 v1.0",
"bindings": [
"ncalrpc:[IUserProfile2]"
]
},
{
"protocol": "N/A",
"executable": "spoolsv.exe",
"explained_uuid": "4a452661-8290-4b36-8fbe-7f4093a94978 v1.0 Spooler function endpoint",
"bindings": [
"ncalrpc:[spoolss]"
]
},
{
"protocol": "[MS-PAN]: Print System Asynchronous Notification Protocol",
"executable": "spoolsv.exe",
"explained_uuid": "ae33069b-a2a8-46ee-a235-ddfd339be281 v1.0 Spooler base remote object endpoint",
"bindings": [
"ncalrpc:[spoolss]"
]
},
{
"protocol": "[MS-SCMR]: Service Control Manager Remote Protocol",
"executable": "services.exe",
"explained_uuid": "367abb81-9844-35f1-ad32-98f038001003 v2.0",
"bindings": [
"ncacn_ip_tcp:192.168.0.19[49156]"
]
},
{
"protocol": "N/A",
"executable": "dhcpcsvc.dll",
"explained_uuid": "3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 v1.0 DHCP Client LRPC Endpoint",
"bindings": [
"ncalrpc:[dhcpcsvc]",
"ncacn_ip_tcp:192.168.0.19[49153]",
"ncacn_np:\\\\ECS-6FDB-100875[\\pipe\\eventlog]",
"ncalrpc:[eventlog]"
]
},
{
"protocol": "N/A",
"executable": "nrpsrv.dll",
"explained_uuid": "30adc50c-5cbc-46ce-9a0e-91914789e23c v1.0 NRP server endpoint",
"bindings": [
"ncacn_ip_tcp:192.168.0.19[49153]",
"ncacn_np:\\\\ECS-6FDB-100875[\\pipe\\eventlog]",
"ncalrpc:[eventlog]"
]
},
{
"protocol": "N/A",
"executable": "certprop.dll",
"explained_uuid": "30b044a5-a225-43f0-b3a4-e060df91f9c1 v1.0",
"bindings": [
"ncacn_np:\\\\ECS-6FDB-100875[\\PIPE\\srvsvc]",
"ncalrpc:[senssvc]",
"ncalrpc:[OLE0883CDB6E93C4F1884F5DA70FD33]",
"ncalrpc:[IUserProfile2]"
]
},
{
"protocol": "N/A",
"executable": "nsisvc.dll",
"explained_uuid": "7ea70bcf-48af-4f6a-8968-6a440754d5fa v1.0 NSI server endpoint",
"bindings": [
"ncalrpc:[LRPC-04810c404526ec01c3]",
"ncalrpc:[OLEF0EA4DBD2B784455AAD2A6E0BB93]"
]
},
{
"protocol": "N/A",
"executable": "BFE.DLL",
"explained_uuid": "dd490425-5325-4565-b774-7e27d6c09c24 v1.0 Base Firewall Engine API",
"bindings": [
"ncalrpc:[LRPC-5f165e7f5b13b8412c]"
]
},
{
"protocol": "N/A",
"executable": "sysntfy.dll",
"explained_uuid": "c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 v1.0 Impl friendly name",
"bindings": [
"ncalrpc:[LRPC-4b211326f34a40ba29]",
"ncacn_np:\\\\ECS-6FDB-100875[\\PIPE\\srvsvc]",
"ncalrpc:[senssvc]",
"ncalrpc:[OLE0883CDB6E93C4F1884F5DA70FD33]",
"ncalrpc:[IUserProfile2]",
"ncalrpc:[senssvc]",
"ncalrpc:[OLE0883CDB6E93C4F1884F5DA70FD33]",
"ncalrpc:[IUserProfile2]",
"ncalrpc:[IUserProfile2]",
"ncalrpc:[IUserProfile2]"
]
},
{
"protocol": "N/A",
"executable": "dhcpcsvc6.dll",
"explained_uuid": "3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 v1.0 DHCPv6 Client LRPC Endpoint",
"bindings": [
"ncalrpc:[dhcpcsvc6]",
"ncalrpc:[dhcpcsvc]",
"ncacn_ip_tcp:192.168.0.19[49153]",
"ncacn_np:\\\\ECS-6FDB-100875[\\pipe\\eventlog]",
"ncalrpc:[eventlog]"
]
},
{
"protocol": "N/A",
"executable": "srvsvc.dll",
"explained_uuid": "98716d03-89ac-44c7-bb8c-285824e51c4a v1.0 XactSrv service",
"bindings": [
"ncalrpc:[senssvc]",
"ncalrpc:[OLE0883CDB6E93C4F1884F5DA70FD33]",
"ncalrpc:[IUserProfile2]"
]
},
{
"protocol": "N/A",
"executable": "N/A",
"explained_uuid": "7f1343fe-50a9-4927-a778-0c5859517bac v1.0 DfsDs service",
"bindings": [
"ncacn_np:\\\\ECS-6FDB-100875[\\PIPE\\wkssvc]",
"ncalrpc:[DNSResolver]"
]
},
{
"protocol": "[MS-PAN]: Print System Asynchronous Notification Protocol",
"executable": "spoolsv.exe",
"explained_uuid": "0b6edbfa-4a24-4fc6-8a23-942b1eca65d1 v1.0 Spooler function endpoint",
"bindings": [
"ncalrpc:[spoolss]"
]
},
{
"protocol": "[MS-RPRN]: Print System Remote Protocol",
"executable": "spoolsv.exe",
"explained_uuid": "12345678-1234-abcd-ef00-0123456789ab v1.0 IPSec Policy agent endpoint",
"bindings": [
"ncalrpc:[LRPC-93a89f39dda3f285e0]",
"ncacn_ip_tcp:192.168.0.19[49154]"
]
},
{
"protocol": "N/A",
"executable": "authui.dll",
"explained_uuid": "24019106-a203-4642-b88d-82dae9158929 v1.0",
"bindings": [
"ncalrpc:[LRPC-54e288a249f578693b]"
]
},
{
"protocol": "N/A",
"executable": "winlogon.exe",
"explained_uuid": "76f226c3-ec14-4325-8a99-6a46348418af v1.0",
"bindings": [
"ncalrpc:[WindowsShutdown]",
"ncacn_np:\\\\ECS-6FDB-100875[\\PIPE\\InitShutdown]",
"ncalrpc:[WMsgKRpc04EA80]",
"ncalrpc:[WMsgKRpc04ECB1]",
"ncalrpc:[WMsgKRpc02D51E2]"
]
},
{
"protocol": "[MS-FASP]: Firewall and Advanced Security Protocol",
"executable": "FwRemoteSvr.dll",
"explained_uuid": "6b5bdd1e-528c-422c-af8c-a4079be4fe48 v1.0 Remote Fw APIs",
"bindings": [
"ncacn_ip_tcp:192.168.0.19[49154]"
]
},
{
"protocol": "N/A",
"executable": "winlogon.exe",
"explained_uuid": "12e65dd8-887f-41ef-91bf-8d816c42c2e7 v1.0 Secure Desktop LRPC interface",
"bindings": [
"ncalrpc:[WMsgKRpc02D51E2]"
]
}
]
}
},
"perspective_id": "PERSPECTIVE_HE",
"port": 135,
"service_name": "DCERPC",
"source_ip": "162.142.125.197",
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 407 Proxy Authentication Required\r\nServer: Proxy\r\nProxy-Authenticate: Basic realm=\"CCProxy Authorization\"\r\nConnection: Close\r\nProxy-Connection: Close\r\nContent-Length: 267\r\n",
"banner_hashes": [
"sha256:e8e8e06461037e53bfa703e0593ad4d1e36fd45b4610ebdcf582c0be0d20ce2e"
],
"banner_hex": "485454502f312e31203430372050726f78792041757468656e7469636174696f6e2052657175697265640d0a5365727665723a2050726f78790d0a50726f78792d41757468656e7469636174653a204261736963207265616c6d3d22434350726f787920417574686f72697a6174696f6e220d0a436f6e6e656374696f6e3a20436c6f73650d0a50726f78792d436f6e6e656374696f6e3a20436c6f73650d0a436f6e74656e742d4c656e6774683a203236370d0a",
"discovery_method": "PREDICTIVE_METHOD_7",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://36.26.70.203:808/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 407,
"status_reason": "Proxy Authentication Required",
"headers": {
"Server": [
"Proxy"
],
"_encoding": {
"Server": "DISPLAY_UTF8",
"Proxy_Authenticate": "DISPLAY_UTF8",
"Proxy_Connection": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Proxy_Authenticate": [
"Basic realm=\"CCProxy Authorization\""
],
"Proxy_Connection": [
"Close"
],
"Content_Length": [
"267"
],
"Connection": [
"Close"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8"
},
"html_tags": [
"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />"
],
"body_size": 267,
"body": "<html>\r\n<head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" /></head>\r\n<body>\r\n<h1>Unauthorized ...</h1>\r\n<h2>\r\nIP Address: 162.142.125.211:38266<br>\r\nMAC Address: <br>\r\nServer Time: 2024-12-07 00:46:03<br>\r\nAuth Result: \r\n</h2>\r\n</body>\r\n</html>",
"body_hashes": [
"sha256:8ce77c28fe06836b39a020d1689d30ac7c49fba02d96855505847528918678ce",
"sha1:b7992948be6805e334d0b172aade0355173275bc"
],
"body_hash": "sha1:b7992948be6805e334d0b172aade0355173275bc"
},
"supports_http2": false
},
"labels": [
"proxy"
],
"observed_at": "2024-12-06T16:46:03.030599332Z",
"perspective_id": "PERSPECTIVE_HE",
"port": 808,
"service_name": "HTTP",
"source_ip": "162.142.125.211",
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "banner_grab",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "\u0005\u0002",
"banner_hashes": [
"sha256:7c2f2290b282a9630f38a2449df18d5595dd88a3e9c9ca138fc5d3a72266211c"
],
"banner_hex": "0502",
"discovery_method": "PREDICTIVE_METHOD_18",
"extended_service_name": "SOCKS",
"observed_at": "2024-12-06T03:28:34.467856319Z",
"parsed": {
"socks": {
"no_authentication_required": false,
"preferred_authentication": "Username/Password",
"preferred_authentication_value": 2,
"socks_version": 5
}
},
"perspective_id": "PERSPECTIVE_ORANGE",
"port": 1080,
"service_name": "SOCKS",
"source_ip": "167.94.145.107",
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "rdp",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "RDP",
"labels": [
"network-administration",
"remote-access"
],
"observed_at": "2024-12-05T19:49:10.457450437Z",
"perspective_id": "PERSPECTIVE_HE",
"port": 3389,
"rdp": {
"selected_security_protocol": {
"error": true,
"error_hybrid_required": true,
"raw_value": 5,
"standard_rdp": false,
"tls": false,
"credssp": false,
"rdstls": false,
"credssp_early_auth": false,
"error_ssl_required": false,
"error_ssl_forbidden": false,
"error_ssl_cert_missing": false,
"error_bad_flags": false,
"error_ssl_user_auth_required": false,
"error_unknown": false
},
"x224_cc_pdu_srcref": 13330
},
"service_name": "RDP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "microsoft",
"product": "windows",
"source": "OSI_TRANSPORT_LAYER"
}
],
"source_ip": "162.142.125.203",
"transport_fingerprint": {
"id": 310,
"os": "Windows 2008 R2 / 2012",
"raw": "8192,128,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 404 Not Found\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: <REDACTED>\r\nConnection: close\r\nContent-Length: 315\r\n",
"banner_hashes": [
"sha256:d7de42c1e8c09cf951e3ad6248fda3ab48a60ca3eac8b25effd4b3067df8f362"
],
"banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d75732d61736369690d0a5365727665723a204d6963726f736f66742d485454504150492f322e300d0a446174653a20203c52454441435445443e0d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d4c656e6774683a203331350d0a",
"discovery_method": "PREDICTIVE_METHOD_15",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://36.26.70.203:47001/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 404,
"status_reason": "Not Found",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Content_Type": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8"
},
"Server": [
"Microsoft-HTTPAPI/2.0"
],
"Content_Length": [
"315"
],
"Content_Type": [
"text/html; charset=us-ascii"
],
"Connection": [
"close"
]
},
"_encoding": {
"html_tags": "DISPLAY_UTF8",
"body": "DISPLAY_UTF8",
"body_hash": "DISPLAY_UTF8",
"html_title": "DISPLAY_UTF8"
},
"html_tags": [
"<TITLE>Not Found</TITLE>",
"<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\">"
],
"body_size": 315,
"body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Not Found</h2>\r\n<hr><p>HTTP Error 404. The requested resource is not found.</p>\r\n</BODY></HTML>\r\n",
"body_hashes": [
"sha256:ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0",
"sha1:a66898b36c94c53766e66c1a7aaeb149447ec083"
],
"body_hash": "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083",
"html_title": "Not Found"
},
"supports_http2": false
},
"observed_at": "2024-12-06T20:32:08.181119312Z",
"perspective_id": "PERSPECTIVE_HE",
"port": 47001,
"service_name": "HTTP",
"software": [
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "Microsoft",
"product": "Windows",
"other": {
"family": "Windows"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:microsoft:http_api:2.0:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Microsoft",
"product": "HTTP API",
"version": "2.0",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "162.142.125.44",
"transport_protocol": "TCP",
"truncated": false
}
],
"location": {
"continent": "Asia",
"country": "China",
"country_code": "CN",
"city": "Ningbo",
"postal_code": "315000",
"timezone": "Asia/Shanghai",
"province": "Zhejiang",
"coordinates": {
"latitude": 29.87819,
"longitude": 121.54945
}
},
"location_updated_at": "2024-12-06T16:46:04.360677399Z",
"autonomous_system": {
"asn": 58461,
"description": "CT-HANGZHOU-IDC No.288,Fu-chun Road",
"bgp_prefix": "36.26.64.0/19",
"name": "CT-HANGZHOU-IDC No.288,Fu-chun Road",
"country_code": "CN"
},
"autonomous_system_updated_at": "2024-12-06T16:46:04.360705092Z",
"whois": {
"network": {
"handle": "CHINANET-ZJ",
"name": "CHINANET-ZJ network",
"cidrs": [
"36.26.64.0/19"
],
"updated": "2021-06-24T00:00:00Z"
}
},
"operating_system": {
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "Microsoft",
"product": "Windows",
"other": {
"family": "Windows"
}
},
"dns": {},
"last_updated_at": "2024-12-06T20:32:12.920Z",
"labels": [
"network-administration",
"proxy",
"remote-access"
]
}