37.17.225.253

As of: Apr 16, 2024 2:16am UTC | Latest
{
  "ip": "37.17.225.253",
  "services": [
    {
      "_decoded": "ftp",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "220 ProFTPD Server (v171530.goserver.host FTP Server) [::ffff:37.17.225.253]\r\n",
      "banner_hashes": [
        "sha256:fff1d3eb3ce2049e2e28d5621d7b574e9310009aff4d923af6f20bbfe924b7bf"
      ],
      "banner_hex": "3232302050726f46545044205365727665722028763137313533302e676f7365727665722e686f7374204654502053657276657229205b3a3a666666663a33372e31372e3232352e3235335d0d0a",
      "certificate": "42c865deb4cf7a0bc91352e4aa7d0ac98c89e7c49ccf3df98df62d59a18d1fcb",
      "extended_service_name": "FTPes",
      "ftp": {
        "_encoding": {
          "banner": "DISPLAY_UTF8",
          "auth_tls_response": "DISPLAY_UTF8"
        },
        "banner": "220 ProFTPD Server (v171530.goserver.host FTP Server) [::ffff:37.17.225.253]\r\n",
        "auth_tls_response": "234 AUTH TLS successful\r\n",
        "status_code": 220,
        "status_meaning": "Service ready for new user.",
        "implicit_tls": false
      },
      "labels": [
        "file-sharing"
      ],
      "observed_at": "2024-04-14T12:48:47.704446096Z",
      "perspective_id": "PERSPECTIVE_ORANGE",
      "port": 21,
      "service_name": "FTP",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "ProFTPD Project",
          "product": "ProFTPD",
          "other": {
            "family": "ProFTPD"
          },
          "source": "OSI_APPLICATION_LAYER"
        },
        {
          "other": {
            "ip": "::ffff:37.17.225.253"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "167.94.145.52",
      "tls": {
        "version_selected": "TLSv1_2",
        "cipher_selected": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "42c865deb4cf7a0bc91352e4aa7d0ac98c89e7c49ccf3df98df62d59a18d1fcb",
          "leaf_data": {
            "names": [
              "imageserver.goserver.host"
            ],
            "subject_dn": "C=US, ST=Some-State, O=Internet Widgits Pty Ltd, CN=imageserver.goserver.host",
            "issuer_dn": "C=US, ST=Some-State, O=Internet Widgits Pty Ltd, CN=imageserver.goserver.host",
            "pubkey_bit_size": 521,
            "pubkey_algorithm": "ECDSA",
            "tbs_fingerprint": "4372cc5a896724017d70d1bce1c088fc67c1752f68205b13be2b7ac5770d2cb8",
            "fingerprint": "42c865deb4cf7a0bc91352e4aa7d0ac98c89e7c49ccf3df98df62d59a18d1fcb",
            "issuer": {
              "common_name": [
                "imageserver.goserver.host"
              ],
              "organization": [
                "Internet Widgits Pty Ltd"
              ],
              "province": [
                "Some-State"
              ],
              "country": [
                "US"
              ]
            },
            "subject": {
              "common_name": [
                "imageserver.goserver.host"
              ],
              "organization": [
                "Internet Widgits Pty Ltd"
              ],
              "province": [
                "Some-State"
              ],
              "country": [
                "US"
              ]
            },
            "public_key": {
              "key_algorithm": "ECDSA",
              "ecdsa": {
                "_encoding": {
                  "b": "DISPLAY_BASE64",
                  "gx": "DISPLAY_BASE64",
                  "gy": "DISPLAY_BASE64",
                  "n": "DISPLAY_BASE64",
                  "p": "DISPLAY_BASE64",
                  "x": "DISPLAY_BASE64",
                  "y": "DISPLAY_BASE64"
                },
                "b": "UZU+uWGOHJofkpohoLaFQO6i2nJbmbMV87i0iZGO8QnhVhk5Uex+k3sWUsC9O7G/BzVz34g9LDTx70Uf1GtQPwA=",
                "curve": "P-521",
                "gx": "xoWOBrcEBOnNnj7LZiOVtEKcZIE5BT+1Ifgor2BrTT26oUted+/nWSj+HcEnov+o3jNIs8GFakKb+X5+McLlvWY=",
                "gy": "ARg5KWp4mjvABFyKX7QsfRvZmPVESVebRGgXr70XJz5mLJfucple9CZAxVC5AT+tB2E1PHCGonLCQIi+lHaf0WZQ",
                "length": 521,
                "n": "Af//////////////////////////////////////////+lGGh4O/L5Zrf8wBSPcJpdA7tcm4iZxHrrtvtx6ROGQJ",
                "p": "Af//////////////////////////////////////////////////////////////////////////////////////",
                "x": "wl/MZcUJZD//XYr8gybr03bxXVIgPPh9mBdv32z4Tox1aFwbqM/+05s6E4T314kfaWeL5G04+iXmH0kTx5bw8qo=",
                "y": "AaJPU9Ls4m0jqf0wyAXSJKMOj9mW8SmMj35627/UI+X/bJe3/hQknKaW3GAdUpMSdVF0ztohGG4p2LqEXgUdow1J"
              },
              "fingerprint": "9653113942d28f4c97c49846472440662cb32e0a7a9a8dee8082d2af60dfe7a4"
            },
            "signature": {
              "self_signed": true,
              "signature_algorithm": "ECDSA-SHA256"
            }
          }
        },
        "server_key_exchange": {
          "ec_params": {
            "named_curve": 29
          }
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "954f7e9207d4c9012fd0692885732b12",
        "ja4s": "t120200_544c535f45434448455f45434453415f574954485f43484143484132305f504f4c59313330355f534841323536_8b3ccbb12ea0",
        "versions": [
          {
            "tls_version": "TLSv1_2",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "954f7e9207d4c9012fd0692885732b12",
            "ja4s": "t120200_544c535f45434448455f45434453415f574954485f43484143484132305f504f4c59313330355f534841323536_8b3ccbb12ea0"
          }
        ]
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "ssh",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u2",
      "banner_hashes": [
        "sha256:f71d4566c21f4d0eba203ff797f0c45994b4e903c45433c323137e7b3f217ad8"
      ],
      "banner_hex": "5353482d322e302d4f70656e5353485f382e3470312044656269616e2d352b64656231317532",
      "extended_service_name": "SSH",
      "labels": [
        "remote-access"
      ],
      "observed_at": "2024-04-15T15:32:23.714892630Z",
      "perspective_id": "PERSPECTIVE_ORANGE",
      "port": 22,
      "service_name": "SSH",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "product": "linux",
          "source": "OSI_TRANSPORT_LAYER"
        }
      ],
      "source_ip": "167.94.145.55",
      "ssh": {
        "endpoint_id": {
          "_encoding": {
            "raw": "DISPLAY_UTF8"
          },
          "raw": "SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u2",
          "protocol_version": "2.0",
          "software_version": "OpenSSH_8.4p1",
          "comment": "Debian-5+deb11u2"
        },
        "kex_init_message": {
          "kex_algorithms": [
            "curve25519-sha256",
            "[email protected]",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "diffie-hellman-group-exchange-sha256",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group14-sha256"
          ],
          "host_key_algorithms": [
            "rsa-sha2-512",
            "rsa-sha2-256",
            "ssh-rsa",
            "ecdsa-sha2-nistp256",
            "ssh-ed25519"
          ],
          "client_to_server_ciphers": [
            "[email protected]",
            "aes128-ctr",
            "aes192-ctr",
            "aes256-ctr",
            "[email protected]",
            "[email protected]"
          ],
          "server_to_client_ciphers": [
            "[email protected]",
            "aes128-ctr",
            "aes192-ctr",
            "aes256-ctr",
            "[email protected]",
            "[email protected]"
          ],
          "client_to_server_macs": [
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "hmac-sha2-256",
            "hmac-sha2-512",
            "hmac-sha1"
          ],
          "server_to_client_macs": [
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "[email protected]",
            "hmac-sha2-256",
            "hmac-sha2-512",
            "hmac-sha1"
          ],
          "client_to_server_compression": [
            "none",
            "[email protected]"
          ],
          "server_to_client_compression": [
            "none",
            "[email protected]"
          ],
          "first_kex_follows": false
        },
        "algorithm_selection": {
          "kex_algorithm": "[email protected]",
          "host_key_algorithm": "ecdsa-sha2-nistp256",
          "client_to_server_alg_group": {
            "cipher": "aes128-ctr",
            "mac": "hmac-sha2-256",
            "compression": "none"
          },
          "server_to_client_alg_group": {
            "cipher": "aes128-ctr",
            "mac": "hmac-sha2-256",
            "compression": "none"
          }
        },
        "server_host_key": {
          "fingerprint_sha256": "1b2a62dcb04eb080fa7abb53deb9a1f6f39f767dce6539b9d9ffba388a3ec248",
          "ecdsa_public_key": {
            "_encoding": {
              "b": "DISPLAY_BASE64",
              "gx": "DISPLAY_BASE64",
              "gy": "DISPLAY_BASE64",
              "n": "DISPLAY_BASE64",
              "p": "DISPLAY_BASE64",
              "x": "DISPLAY_BASE64",
              "y": "DISPLAY_BASE64"
            },
            "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=",
            "curve": "P-256",
            "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=",
            "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=",
            "length": 256,
            "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE=",
            "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=",
            "x": "nS/Kg0kJAdwYpSg/DtKR2N0iOxaMBaf5fHwgRQYLJHM=",
            "y": "poSA+jjafc1DsbSuPsVvLxZL64tLFV3h5ewiw7uiw60="
          }
        },
        "hassh_fingerprint": "3ccd1778a76049721c71ad7d2bf62bbc"
      },
      "transport_fingerprint": {
        "id": 262,
        "os": "CentOS",
        "raw": "65160,64,true,MSTNW,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "smtp",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "220-webgo MAILSERVER - checking mail...\r\n220 v171530.goserver.host webgo GmbH SMTP Postfix (Debian/GNU)\r\n",
      "banner_hashes": [
        "sha256:7a6564b0cdb0fad4e3d5a9cdceb74ac2dcd161871804d2d2252fda799fdc3fe8"
      ],
      "banner_hex": "3232302d776562676f204d41494c534552564552202d20636865636b696e67206d61696c2e2e2e0d0a32323020763137313533302e676f7365727665722e686f737420776562676f20476d624820534d545020506f7374666978202844656269616e2f474e55290d0a",
      "certificate": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
      "extended_service_name": "SMTP-STARTTLS",
      "labels": [
        "email"
      ],
      "observed_at": "2024-04-15T17:50:10.842017488Z",
      "perspective_id": "PERSPECTIVE_NTT",
      "port": 25,
      "service_name": "SMTP",
      "smtp": {
        "_encoding": {
          "banner": "DISPLAY_UTF8",
          "ehlo": "DISPLAY_UTF8",
          "start_tls": "DISPLAY_UTF8"
        },
        "banner": "220-webgo MAILSERVER - checking mail...\r\n220 v171530.goserver.host webgo GmbH SMTP Postfix (Debian/GNU)\r\n",
        "ehlo": "250-v171530.goserver.host\r\n250-SIZE 52428800\r\n250-ETRN\r\n250-STARTTLS\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250-SMTPUTF8\r\n250 CHUNKING\r\n",
        "start_tls": "220 2.0.0 Ready to start TLS\r\n"
      },
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "product": "linux",
          "source": "OSI_TRANSPORT_LAYER"
        }
      ],
      "source_ip": "206.168.34.183",
      "tls": {
        "version_selected": "TLSv1_3",
        "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX",
            "chain_fps_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
          "chain_fps_sha_256": [
            "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
            "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"
          ],
          "leaf_data": {
            "names": [
              "*.goserver.host",
              "goserver.host"
            ],
            "subject_dn": "CN=*.goserver.host",
            "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
            "pubkey_bit_size": 4096,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "aeeb175ab87e742e9a9d7b966934357430eab9a4b02d3183cfc4b10bc6967fa9",
            "fingerprint": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
            "issuer": {
              "common_name": [
                "Sectigo RSA Domain Validation Secure Server CA"
              ],
              "locality": [
                "Salford"
              ],
              "organization": [
                "Sectigo Limited"
              ],
              "province": [
                "Greater Manchester"
              ],
              "country": [
                "GB"
              ]
            },
            "subject": {
              "common_name": [
                "*.goserver.host"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "qZ+61vCRZT1XoYRKpHZEn/tkZrTOrO6fdjb1n2bkyD9WSDg1+wyD6hJDT6FZ496gCzJLCMu1b1ibydW53oLGeeSVsXGMccR3btJfStjeX92/NflD+L/1X/JXk3I516tUGx/Vs/fbDe/Umcrrfbk/GeKJjHTRxtAmCW9X4RpRRi9d7vjdACNif9wCpqmPogBB9QtgqjzVYtSH9UP/eeg9ki1NQuc9rW2b3fv29AKsmc8RbpzcMwNilffugq+nmVr75p9kJfUQ9vG7k6qeQVRLC6jGjV31ae4QKHojzIibJb14+piZnqD0A45a7ndj/M7Q6vrRZ44QyScffcTtOMKKG5z1ibS/CDKZO8T+s3hqPS1U4WGB4JbwCfhSnqs4nZx5PjobRYErmM3kRiZCJt4UwW3OtnyDo/BGlJmBxhUroK8dhfydIm04jSYTbFpatlwbIRO4wXWnAYUGoMjoS1bcDpBHNPw9ABu03Op+NWKooO78+mw1Af9As+pq1IrpV9rrgLP+Rw/hfPM92mFWpnZwQssvlPywEKf974IuReLFI0nOXGCv6zIik85EblvXY8omXEdlM+5UM9k3lItn/Tju9GZSbOKaLX22H5LB3w9rh1MMZIo7Kg5+ulCEeoXjdIf825xp3KeIwlh4EhE+N0JVoFUXvptmmwQ7Dmxlq9Powhc=",
                "exponent": "AAEAAQ==",
                "length": 512
              },
              "fingerprint": "2cdd066c4d4a65499c5e0f967d14dad6d0abe870ef9c459d49264585e9f39768"
            },
            "signature": {
              "signature_algorithm": "SHA256-RSA",
              "self_signed": false
            }
          },
          "chain": [
            {
              "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
              "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
              "issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
            },
            {
              "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
              "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
              "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
            }
          ]
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "475c9302dc42b2751db9edcac3b74891",
        "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15",
        "versions": [
          {
            "tls_version": "TLSv1_3",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "475c9302dc42b2751db9edcac3b74891",
            "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15"
          }
        ]
      },
      "transport_fingerprint": {
        "id": 262,
        "os": "CentOS",
        "raw": "65160,64,true,MSTNW,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "http",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "HTTP/1.1 301 Moved Permanently\r\nDate:  <REDACTED>\r\nServer: Apache\r\nLocation: https://v171530.goserver.host/\r\nContent-Length: 238\r\nContent-Type: text/html; charset=iso-8859-1\r\n",
      "banner_hashes": [
        "sha256:9c019d3e7513dcace7e896cf1529eef16f49c43697f5547c4be0965c01fa1919"
      ],
      "banner_hex": "485454502f312e3120333031204d6f766564205065726d616e656e746c790d0a446174653a20203c52454441435445443e0d0a5365727665723a204170616368650d0a4c6f636174696f6e3a2068747470733a2f2f763137313533302e676f7365727665722e686f73742f0d0a436f6e74656e742d4c656e6774683a203233380d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d69736f2d383835392d310d0a",
      "extended_service_name": "HTTP",
      "http": {
        "request": {
          "method": "GET",
          "uri": "http://37.17.225.253/",
          "headers": {
            "User_Agent": [
              "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
            ],
            "_encoding": {
              "User_Agent": "DISPLAY_UTF8",
              "Accept": "DISPLAY_UTF8"
            },
            "Accept": [
              "*/*"
            ]
          }
        },
        "response": {
          "protocol": "HTTP/1.1",
          "status_code": 301,
          "status_reason": "Moved Permanently",
          "headers": {
            "Content_Type": [
              "text/html; charset=iso-8859-1"
            ],
            "_encoding": {
              "Content_Type": "DISPLAY_UTF8",
              "Location": "DISPLAY_UTF8",
              "Content_Length": "DISPLAY_UTF8",
              "Server": "DISPLAY_UTF8",
              "Date": "DISPLAY_UTF8"
            },
            "Location": [
              "https://v171530.goserver.host/"
            ],
            "Content_Length": [
              "238"
            ],
            "Server": [
              "Apache"
            ],
            "Date": [
              "<REDACTED>"
            ]
          },
          "_encoding": {
            "html_tags": "DISPLAY_UTF8",
            "body": "DISPLAY_UTF8",
            "body_hash": "DISPLAY_UTF8",
            "html_title": "DISPLAY_UTF8"
          },
          "html_tags": [
            "<title>301 Moved Permanently</title>"
          ],
          "body_size": 238,
          "body": "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"https://v171530.goserver.host/\">here</a>.</p>\n</body></html>\n",
          "body_hashes": [
            "sha256:dc0459d2928d6fed520b48515926d2e3a9fffe04e08ddc8ef7b3b1a8c62fc287",
            "sha1:8c839b47f0caa2b5c150186a56c0d455bf94534d"
          ],
          "body_hash": "sha1:8c839b47f0caa2b5c150186a56c0d455bf94534d",
          "html_title": "301 Moved Permanently"
        },
        "supports_http2": false
      },
      "observed_at": "2024-04-16T01:40:32.328829754Z",
      "perspective_id": "PERSPECTIVE_TATA",
      "port": 80,
      "service_name": "HTTP",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "Apache",
          "product": "HTTPD",
          "other": {
            "family": "Apache"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "167.94.138.34",
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "pop3",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "+OK Dovecot (Debian) ready.\r\n",
      "banner_hashes": [
        "sha256:d23f942eab9de1c939a3dcab0aefadf6c86ebc2b99ba56b2b364c14c7c2b8dad"
      ],
      "banner_hex": "2b4f4b20446f7665636f74202844656269616e292072656164792e0d0a",
      "certificate": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
      "extended_service_name": "POP3S",
      "labels": [
        "email"
      ],
      "observed_at": "2024-04-14T17:33:17.038798176Z",
      "perspective_id": "PERSPECTIVE_HE",
      "pop3": {
        "_encoding": {
          "banner": "DISPLAY_UTF8",
          "start_tls": "DISPLAY_UTF8"
        },
        "banner": "+OK Dovecot (Debian) ready.\r\n",
        "start_tls": "+OK Begin TLS negotiation now.\r\n"
      },
      "port": 110,
      "service_name": "POP3",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "product": "linux",
          "source": "OSI_TRANSPORT_LAYER"
        },
        {
          "uniform_resource_identifier": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "Dovecot",
          "product": "Dovecot",
          "other": {
            "family": "Dovecot"
          },
          "source": "OSI_APPLICATION_LAYER"
        },
        {
          "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "vendor": "Debian",
          "product": "Linux",
          "other": {
            "family": "Linux"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "162.142.125.225",
      "tls": {
        "version_selected": "TLSv1_3",
        "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX",
            "chain_fps_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
          "chain_fps_sha_256": [
            "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
            "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
          ],
          "leaf_data": {
            "names": [
              "*.goserver.host",
              "goserver.host"
            ],
            "subject_dn": "CN=*.goserver.host",
            "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
            "pubkey_bit_size": 4096,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "aeeb175ab87e742e9a9d7b966934357430eab9a4b02d3183cfc4b10bc6967fa9",
            "fingerprint": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
            "issuer": {
              "common_name": [
                "Sectigo RSA Domain Validation Secure Server CA"
              ],
              "locality": [
                "Salford"
              ],
              "organization": [
                "Sectigo Limited"
              ],
              "province": [
                "Greater Manchester"
              ],
              "country": [
                "GB"
              ]
            },
            "subject": {
              "common_name": [
                "*.goserver.host"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "qZ+61vCRZT1XoYRKpHZEn/tkZrTOrO6fdjb1n2bkyD9WSDg1+wyD6hJDT6FZ496gCzJLCMu1b1ibydW53oLGeeSVsXGMccR3btJfStjeX92/NflD+L/1X/JXk3I516tUGx/Vs/fbDe/Umcrrfbk/GeKJjHTRxtAmCW9X4RpRRi9d7vjdACNif9wCpqmPogBB9QtgqjzVYtSH9UP/eeg9ki1NQuc9rW2b3fv29AKsmc8RbpzcMwNilffugq+nmVr75p9kJfUQ9vG7k6qeQVRLC6jGjV31ae4QKHojzIibJb14+piZnqD0A45a7ndj/M7Q6vrRZ44QyScffcTtOMKKG5z1ibS/CDKZO8T+s3hqPS1U4WGB4JbwCfhSnqs4nZx5PjobRYErmM3kRiZCJt4UwW3OtnyDo/BGlJmBxhUroK8dhfydIm04jSYTbFpatlwbIRO4wXWnAYUGoMjoS1bcDpBHNPw9ABu03Op+NWKooO78+mw1Af9As+pq1IrpV9rrgLP+Rw/hfPM92mFWpnZwQssvlPywEKf974IuReLFI0nOXGCv6zIik85EblvXY8omXEdlM+5UM9k3lItn/Tju9GZSbOKaLX22H5LB3w9rh1MMZIo7Kg5+ulCEeoXjdIf825xp3KeIwlh4EhE+N0JVoFUXvptmmwQ7Dmxlq9Powhc=",
                "exponent": "AAEAAQ==",
                "length": 512
              },
              "fingerprint": "2cdd066c4d4a65499c5e0f967d14dad6d0abe870ef9c459d49264585e9f39768"
            },
            "signature": {
              "signature_algorithm": "SHA256-RSA",
              "self_signed": false
            }
          },
          "chain": [
            {
              "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
              "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
              "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
            },
            {
              "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
              "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
              "issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
            }
          ]
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "475c9302dc42b2751db9edcac3b74891",
        "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15",
        "versions": [
          {
            "tls_version": "TLSv1_3",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "475c9302dc42b2751db9edcac3b74891",
            "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15"
          }
        ]
      },
      "transport_fingerprint": {
        "id": 262,
        "os": "CentOS",
        "raw": "65160,64,true,MSTNW,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "ntp",
      "extended_service_name": "NTP",
      "ntp": {
        "get_time_header": {
          "version": 3,
          "mode": 4,
          "stratum": 2,
          "poll": 3,
          "precision": -23,
          "_encoding": {
            "reference_id": "DISPLAY_UTF8"
          },
          "reference_id": "\ufffd\ufffd\u0003\ufffd",
          "leap_indicator": 0
        }
      },
      "observed_at": "2024-04-15T17:57:49.472879193Z",
      "perspective_id": "PERSPECTIVE_NTT",
      "port": 123,
      "service_name": "NTP",
      "source_ip": "206.168.34.123",
      "transport_protocol": "UDP",
      "truncated": false
    },
    {
      "_decoded": "imap",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.\r\n",
      "banner_hashes": [
        "sha256:919c7eb8925935ca095032b2483576e58d147c600a3c08d19c34846c4a48afb7"
      ],
      "banner_hex": "2a204f4b205b4341504142494c49545920494d41503472657631205341534c2d4952204c4f47494e2d524546455252414c5320494420454e41424c452049444c45204c49544552414c2b205354415254544c5320415554483d504c41494e20415554483d4c4f47494e5d20446f7665636f74202844656269616e292072656164792e0d0a",
      "certificate": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
      "extended_service_name": "IMAPS",
      "imap": {
        "_encoding": {
          "banner": "DISPLAY_UTF8"
        },
        "banner": "* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.\r\n",
        "start_tls": "a001 OK Begin TLS negotiation now.\r\n"
      },
      "labels": [
        "email"
      ],
      "observed_at": "2024-04-15T22:04:02.387350520Z",
      "perspective_id": "PERSPECTIVE_HE",
      "port": 143,
      "service_name": "IMAP",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "product": "linux",
          "source": "OSI_TRANSPORT_LAYER"
        },
        {
          "uniform_resource_identifier": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "Dovecot",
          "product": "Dovecot",
          "other": {
            "family": "Dovecot"
          },
          "source": "OSI_APPLICATION_LAYER"
        },
        {
          "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "vendor": "Debian",
          "product": "Linux",
          "other": {
            "family": "Linux"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "162.142.125.226",
      "tls": {
        "version_selected": "TLSv1_3",
        "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX",
            "chain_fps_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
          "chain_fps_sha_256": [
            "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
            "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
          ],
          "leaf_data": {
            "names": [
              "*.goserver.host",
              "goserver.host"
            ],
            "subject_dn": "CN=*.goserver.host",
            "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
            "pubkey_bit_size": 4096,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "aeeb175ab87e742e9a9d7b966934357430eab9a4b02d3183cfc4b10bc6967fa9",
            "fingerprint": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
            "issuer": {
              "common_name": [
                "Sectigo RSA Domain Validation Secure Server CA"
              ],
              "locality": [
                "Salford"
              ],
              "organization": [
                "Sectigo Limited"
              ],
              "province": [
                "Greater Manchester"
              ],
              "country": [
                "GB"
              ]
            },
            "subject": {
              "common_name": [
                "*.goserver.host"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "qZ+61vCRZT1XoYRKpHZEn/tkZrTOrO6fdjb1n2bkyD9WSDg1+wyD6hJDT6FZ496gCzJLCMu1b1ibydW53oLGeeSVsXGMccR3btJfStjeX92/NflD+L/1X/JXk3I516tUGx/Vs/fbDe/Umcrrfbk/GeKJjHTRxtAmCW9X4RpRRi9d7vjdACNif9wCpqmPogBB9QtgqjzVYtSH9UP/eeg9ki1NQuc9rW2b3fv29AKsmc8RbpzcMwNilffugq+nmVr75p9kJfUQ9vG7k6qeQVRLC6jGjV31ae4QKHojzIibJb14+piZnqD0A45a7ndj/M7Q6vrRZ44QyScffcTtOMKKG5z1ibS/CDKZO8T+s3hqPS1U4WGB4JbwCfhSnqs4nZx5PjobRYErmM3kRiZCJt4UwW3OtnyDo/BGlJmBxhUroK8dhfydIm04jSYTbFpatlwbIRO4wXWnAYUGoMjoS1bcDpBHNPw9ABu03Op+NWKooO78+mw1Af9As+pq1IrpV9rrgLP+Rw/hfPM92mFWpnZwQssvlPywEKf974IuReLFI0nOXGCv6zIik85EblvXY8omXEdlM+5UM9k3lItn/Tju9GZSbOKaLX22H5LB3w9rh1MMZIo7Kg5+ulCEeoXjdIf825xp3KeIwlh4EhE+N0JVoFUXvptmmwQ7Dmxlq9Powhc=",
                "exponent": "AAEAAQ==",
                "length": 512
              },
              "fingerprint": "2cdd066c4d4a65499c5e0f967d14dad6d0abe870ef9c459d49264585e9f39768"
            },
            "signature": {
              "signature_algorithm": "SHA256-RSA",
              "self_signed": false
            }
          },
          "chain": [
            {
              "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
              "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
              "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
            },
            {
              "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
              "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
              "issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
            }
          ]
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "475c9302dc42b2751db9edcac3b74891",
        "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15",
        "versions": [
          {
            "tls_version": "TLSv1_3",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "475c9302dc42b2751db9edcac3b74891",
            "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15"
          }
        ]
      },
      "transport_fingerprint": {
        "id": 262,
        "os": "CentOS",
        "raw": "65160,64,true,MSTNW,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "http",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "HTTP/1.1 200 OK\r\nDate:  <REDACTED>\r\nServer: Apache\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nExpires: Mon, 15 Apr 2024 10:49:02 GMT\r\nContent-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';\r\nX-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';\r\nX-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';\r\nX-XSS-Protection: 1; mode=block\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=0\r\nX-RateLimit-Limit: 60\r\nX-RateLimit-Remaining: 59\r\nX-RateLimit-Reset: 1713178202\r\nSet-Cookie: PHPSESSID=k2br4ueqtc7b3s7uhernbe5pr0; expires=Mon, 15-Apr-2024 10:59:02 GMT; Max-Age=600; path=/; domain=37.17.225.253; secure; HttpOnly; SameSite=Strict\r\nUpgrade: h2\r\nConnection: Upgrade\r\nLast-Modified: Mon, 15 Apr 2024 10:49:02 GMT\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 1139\r\nContent-Type: text/html; charset=UTF-8\r\n",
      "banner_hashes": [
        "sha256:8c42df8a92747bdc25a436b9adbd97867bbd7308b02c7ff2a248c127bed05737"
      ],
      "banner_hex": "485454502f312e3120323030204f4b0d0a446174653a20203c52454441435445443e0d0a5365727665723a204170616368650d0a43616368652d436f6e74726f6c3a206e6f2d73746f72652c206e6f2d63616368652c206d7573742d726576616c69646174650d0a507261676d613a206e6f2d63616368650d0a457870697265733a204d6f6e2c2031352041707220323032342031303a34393a303220474d540d0a436f6e74656e742d53656375726974792d506f6c6963793a2064656661756c742d737263202773656c66273b207363726970742d737263202773656c66272027756e736166652d696e6c696e65272027756e736166652d6576616c273b20636f6e6e6563742d737263202773656c66273b20696d672d737263202773656c662720646174613a3b207374796c652d737263202773656c66272027756e736166652d696e6c696e65273b206f626a6563742d737263202773656c66273b206672616d652d737263202773656c66273b206672616d652d616e636573746f7273202773656c66273b0d0a582d436f6e74656e742d53656375726974792d506f6c6963793a2064656661756c742d737263202773656c66273b207363726970742d737263202773656c66272027756e736166652d696e6c696e65272027756e736166652d6576616c273b20636f6e6e6563742d737263202773656c66273b20696d672d737263202773656c662720646174613a3b207374796c652d737263202773656c66272027756e736166652d696e6c696e65273b206f626a6563742d737263202773656c66273b206672616d652d737263202773656c66273b206672616d652d616e636573746f7273202773656c66273b0d0a582d5765624b69742d4353503a2064656661756c742d737263202773656c66273b207363726970742d737263202773656c66272027756e736166652d696e6c696e65272027756e736166652d6576616c273b20636f6e6e6563742d737263202773656c66273b20696d672d737263202773656c662720646174613a3b207374796c652d737263202773656c66272027756e736166652d696e6c696e65273b206f626a6563742d737263202773656c66273b206672616d652d737263202773656c66273b206672616d652d616e636573746f7273202773656c66273b0d0a582d5853532d50726f74656374696f6e3a20313b206d6f64653d626c6f636b0d0a582d4672616d652d4f7074696f6e733a2044454e590d0a582d436f6e74656e742d547970652d4f7074696f6e733a206e6f736e6966660d0a5374726963742d5472616e73706f72742d53656375726974793a206d61782d6167653d300d0a582d526174654c696d69742d4c696d69743a2036300d0a582d526174654c696d69742d52656d61696e696e673a2035390d0a582d526174654c696d69742d52657365743a20313731333137383230320d0a5365742d436f6f6b69653a205048505345535349443d6b3262723475657174633762337337756865726e6265357072303b20657870697265733d4d6f6e2c2031352d4170722d323032342031303a35393a303220474d543b204d61782d4167653d3630303b20706174683d2f3b20646f6d61696e3d33372e31372e3232352e3235333b207365637572653b20487474704f6e6c793b2053616d65536974653d5374726963740d0a557067726164653a2068320d0a436f6e6e656374696f6e3a20557067726164650d0a4c6173742d4d6f6469666965643a204d6f6e2c2031352041707220323032342031303a34393a303220474d540d0a566172793a204163636570742d456e636f64696e670d0a436f6e74656e742d456e636f64696e673a20677a69700d0a436f6e74656e742d4c656e6774683a20313133390d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d5554462d380d0a",
      "certificate": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
      "extended_service_name": "HTTPS",
      "http": {
        "request": {
          "method": "GET",
          "uri": "https://37.17.225.253/",
          "headers": {
            "Accept": [
              "*/*"
            ],
            "_encoding": {
              "Accept": "DISPLAY_UTF8",
              "User_Agent": "DISPLAY_UTF8"
            },
            "User_Agent": [
              "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
            ]
          }
        },
        "response": {
          "protocol": "HTTP/1.1",
          "status_code": 200,
          "status_reason": "OK",
          "headers": {
            "Strict_Transport_Security": [
              "max-age=0"
            ],
            "_encoding": {
              "Strict_Transport_Security": "DISPLAY_UTF8",
              "Cache_Control": "DISPLAY_UTF8",
              "Pragma": "DISPLAY_UTF8",
              "Content_Length": "DISPLAY_UTF8",
              "X_RateLimit_Reset": "DISPLAY_UTF8",
              "Content_Type": "DISPLAY_UTF8",
              "Last_Modified": "DISPLAY_UTF8",
              "Expires": "DISPLAY_UTF8",
              "Vary": "DISPLAY_UTF8",
              "Content_Encoding": "DISPLAY_UTF8",
              "X_RateLimit_Limit": "DISPLAY_UTF8",
              "X_RateLimit_Remaining": "DISPLAY_UTF8",
              "Date": "DISPLAY_UTF8",
              "Server": "DISPLAY_UTF8",
              "Upgrade": "DISPLAY_UTF8",
              "X_WebKit_CSP": "DISPLAY_UTF8",
              "X_Frame_Options": "DISPLAY_UTF8",
              "X_Content_Type_Options": "DISPLAY_UTF8",
              "X_XSS_Protection": "DISPLAY_UTF8",
              "Set_Cookie": "DISPLAY_UTF8",
              "Content_Security_Policy": "DISPLAY_UTF8",
              "Connection": "DISPLAY_UTF8",
              "X_Content_Security_Policy": "DISPLAY_UTF8"
            },
            "Cache_Control": [
              "no-store, no-cache, must-revalidate"
            ],
            "Pragma": [
              "no-cache"
            ],
            "Content_Length": [
              "1139"
            ],
            "X_RateLimit_Reset": [
              "1713178202"
            ],
            "Content_Type": [
              "text/html; charset=UTF-8"
            ],
            "Last_Modified": [
              "Mon, 15 Apr 2024 10:49:02 GMT"
            ],
            "Expires": [
              "Mon, 15 Apr 2024 10:49:02 GMT"
            ],
            "Vary": [
              "Accept-Encoding"
            ],
            "Content_Encoding": [
              "gzip"
            ],
            "X_RateLimit_Limit": [
              "60"
            ],
            "X_RateLimit_Remaining": [
              "59"
            ],
            "Date": [
              "<REDACTED>"
            ],
            "Server": [
              "Apache"
            ],
            "Upgrade": [
              "h2"
            ],
            "X_WebKit_CSP": [
              "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';"
            ],
            "X_Frame_Options": [
              "DENY"
            ],
            "X_Content_Type_Options": [
              "nosniff"
            ],
            "X_XSS_Protection": [
              "1; mode=block"
            ],
            "Set_Cookie": [
              "PHPSESSID=k2br4ueqtc7b3s7uhernbe5pr0; expires=Mon, 15-Apr-2024 10:59:02 GMT; Max-Age=600; path=/; domain=37.17.225.253; secure; HttpOnly; SameSite=Strict"
            ],
            "Content_Security_Policy": [
              "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';"
            ],
            "Connection": [
              "Upgrade"
            ],
            "X_Content_Security_Policy": [
              "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';"
            ]
          },
          "_encoding": {
            "html_tags": "DISPLAY_UTF8",
            "body": "DISPLAY_UTF8",
            "body_hash": "DISPLAY_UTF8",
            "html_title": "DISPLAY_UTF8"
          },
          "html_tags": [
            "<title>Froxlor</title>",
            "<meta charset=\"utf-8\">",
            "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">",
            "<meta name=\"robots\" content=\"noindex, nofollow, noarchive\"/>",
            "<meta name=\"googlebot\" content=\"nosnippet\"/>"
          ],
          "body_size": 2708,
          "body": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n\t<!-- Required meta tags -->\n\t<meta charset=\"utf-8\">\n\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n\t<meta name=\"robots\" content=\"noindex, nofollow, noarchive\"/>\n\t<meta name=\"googlebot\" content=\"nosnippet\"/>\n\t<link rel=\"icon\" type=\"image/x-icon\" href=\"templates/Froxlor/assets/img/icon.png\">\n\t\n\t<!-- CSS -->\n\t\t\t<link href=\"templates/Froxlor/assets/css/main.css?id=f52c7bf9a1e21f7f69711a722518b366\" rel=\"stylesheet\" type=\"text/css\" />\n<link href=\"templates/Froxlor/assets/css/custom.css\" rel=\"stylesheet\" type=\"text/css\" />\n\n\t\t\n\t<!-- Scripts -->\n\t\t\t<script type=\"text/javascript\" src=\"templates/Froxlor/assets/js/main.js?id=2ac5495294e39b0c6e23d4f068a88263\"></script>\n\n\t\t\t<title>Froxlor</title>\n</head>\n<body class=\"min-vh-100 d-flex flex-column\">\n\t\n\t\t\t<div class=\"container-fluid\">\n\t\t\t\t<div class=\"container\">\n\t\t<div class=\"row justify-content-center\">\n\t\t\t<form class=\"col-12 max-w-420 d-flex flex-column\" method=\"post\" enctype=\"application/x-www-form-urlencoded\">\n\t\t\t\t<img class=\"align-self-center my-5\" src=\"templates/Froxlor/assets/img/logo.png\" alt=\"Froxlor Server Management Panel\"/>\n\n\t\t\t\t<div class=\"card shadow\">\n\t\t\t\t\t<div class=\"card-body\">\n\t\t\t\t\t\t<h5 class=\"card-title\">Login</h5>\n\t\t\t\t\t\t<p>Bitte melden Sie sich an, um auf Ihr Konto zuzugreifen.</p>\n\n\t\t\t\t\t\t\n\t\t\t\t\t\t<div class=\"mb-3\">\n\t\t\t\t\t\t\t<label for=\"loginname\" class=\"col-form-label\">Benutzername</label>\n\t\t\t\t\t\t\t<input class=\"form-control\" type=\"text\" name=\"loginname\" id=\"loginname\" value=\"\" required autofocus/>\n\t\t\t\t\t\t</div>\n\n\t\t\t\t\t\t<div class=\"mb-3\">\n\t\t\t\t\t\t\t<label for=\"password\" class=\"col-form-label\">Passwort</label>\n\t\t\t\t\t\t\t<input class=\"form-control\" type=\"password\" name=\"password\" id=\"password\" value=\"\" required/>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t</div>\n\n\t\t\t\t\t<div class=\"card-body d-grid gap-2\">\n\t\t\t\t\t\t<button class=\"btn btn-primary rounded-top-0\" type=\"submit\" name=\"dologin\">Anmelden</button>\n\t\t\t\t\t</div>\n\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"card-footer\">\n\t\t\t\t\t\t\t<a class=\"card-link text-muted\" href=\"index.php?action=forgotpwd\">Passwort vergessen?</a>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</div>\n\t\t\t</form>\n\t\t</div>\n\t</div>\n\t\t\t<footer class=\"text-center mb-3\">\n\t<span>\n\t\t<img src=\"templates/Froxlor/assets/img/logo_grey.png\" alt=\"Froxlor\"/>\n\t\t\t\t\t\t\t\t\t&copy; 2009-2024 by <a href=\"https://www.froxlor.org/\" rel=\"external\" target=\"_blank\">the Froxlor Team</a><br>\n\t\t\t\t\t<a href=\"https://www.webgo.de/impressum\" target=\"_blank\" class=\"footer-link\">Impressum</a>\t\t\t<a href=\"https://www.webgo.de/agb\" target=\"_blank\" class=\"footer-link\">AGB</a>\t\t\t<a href=\"https://www.webgo.de/datenschutz\" target=\"_blank\" class=\"footer-link\">Datenschutzerkl\u00e4rung</a>\t\t\t</span>\n\n    </footer>\n\n\t\t</div>\n\t</body>\n</html>\n",
          "favicons": [
            {
              "size": 13450,
              "name": "https://37.17.225.253/templates/Froxlor/assets/img/icon.png",
              "md5_hash": "64390f232ba437cb42c392c993f69394",
              "hashes": [
                "md5:64390f232ba437cb42c392c993f69394",
                "sha256:63b36ee766d9b7e3557785747c9be1b5b596801d71f2fa2bae972ad3dc509471"
              ],
              "shodan_hash": -851019773
            }
          ],
          "body_hashes": [
            "sha256:a8f6ea5a130e0fa6c55161395803f3da85995b15d58dc87b328ba10d82bc18f2",
            "sha1:0b4c7201283570c762b611d8bea50f5d3fe8d6e8"
          ],
          "body_hash": "sha1:0b4c7201283570c762b611d8bea50f5d3fe8d6e8",
          "html_title": "Froxlor"
        },
        "supports_http2": true
      },
      "jarm": {
        "_encoding": {
          "fingerprint": "DISPLAY_HEX",
          "cipher_and_version_fingerprint": "DISPLAY_HEX",
          "tls_extensions_sha256": "DISPLAY_HEX"
        },
        "fingerprint": "33d19d1ad21d21d00042d43d00000021abd22a3b99c8267613a45603d83df2",
        "cipher_and_version_fingerprint": "33d19d1ad21d21d00042d43d000000",
        "tls_extensions_sha256": "21abd22a3b99c8267613a45603d83df2",
        "observed_at": "2024-04-08T11:14:47.934708650Z"
      },
      "labels": [
        "login-page"
      ],
      "observed_at": "2024-04-15T10:48:58.974704563Z",
      "perspective_id": "PERSPECTIVE_PCCW",
      "port": 443,
      "service_name": "HTTP",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "PHP",
          "product": "PHP",
          "other": {
            "family": "PHP"
          },
          "source": "OSI_APPLICATION_LAYER"
        },
        {
          "uniform_resource_identifier": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "Apache",
          "product": "HTTPD",
          "other": {
            "family": "Apache"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "199.45.154.54",
      "tls": {
        "version_selected": "TLSv1_3",
        "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX",
            "chain_fps_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
          "chain_fps_sha_256": [
            "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
            "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"
          ],
          "leaf_data": {
            "names": [
              "*.goserver.host",
              "goserver.host"
            ],
            "subject_dn": "CN=*.goserver.host",
            "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
            "pubkey_bit_size": 4096,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "aeeb175ab87e742e9a9d7b966934357430eab9a4b02d3183cfc4b10bc6967fa9",
            "fingerprint": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
            "issuer": {
              "common_name": [
                "Sectigo RSA Domain Validation Secure Server CA"
              ],
              "locality": [
                "Salford"
              ],
              "organization": [
                "Sectigo Limited"
              ],
              "province": [
                "Greater Manchester"
              ],
              "country": [
                "GB"
              ]
            },
            "subject": {
              "common_name": [
                "*.goserver.host"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "qZ+61vCRZT1XoYRKpHZEn/tkZrTOrO6fdjb1n2bkyD9WSDg1+wyD6hJDT6FZ496gCzJLCMu1b1ibydW53oLGeeSVsXGMccR3btJfStjeX92/NflD+L/1X/JXk3I516tUGx/Vs/fbDe/Umcrrfbk/GeKJjHTRxtAmCW9X4RpRRi9d7vjdACNif9wCpqmPogBB9QtgqjzVYtSH9UP/eeg9ki1NQuc9rW2b3fv29AKsmc8RbpzcMwNilffugq+nmVr75p9kJfUQ9vG7k6qeQVRLC6jGjV31ae4QKHojzIibJb14+piZnqD0A45a7ndj/M7Q6vrRZ44QyScffcTtOMKKG5z1ibS/CDKZO8T+s3hqPS1U4WGB4JbwCfhSnqs4nZx5PjobRYErmM3kRiZCJt4UwW3OtnyDo/BGlJmBxhUroK8dhfydIm04jSYTbFpatlwbIRO4wXWnAYUGoMjoS1bcDpBHNPw9ABu03Op+NWKooO78+mw1Af9As+pq1IrpV9rrgLP+Rw/hfPM92mFWpnZwQssvlPywEKf974IuReLFI0nOXGCv6zIik85EblvXY8omXEdlM+5UM9k3lItn/Tju9GZSbOKaLX22H5LB3w9rh1MMZIo7Kg5+ulCEeoXjdIf825xp3KeIwlh4EhE+N0JVoFUXvptmmwQ7Dmxlq9Powhc=",
                "exponent": "AAEAAQ==",
                "length": 512
              },
              "fingerprint": "2cdd066c4d4a65499c5e0f967d14dad6d0abe870ef9c459d49264585e9f39768"
            },
            "signature": {
              "signature_algorithm": "SHA256-RSA",
              "self_signed": false
            }
          },
          "chain": [
            {
              "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
              "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
              "issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
            },
            {
              "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
              "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
              "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
            }
          ]
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "475c9302dc42b2751db9edcac3b74891",
        "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15",
        "versions": [
          {
            "tls_version": "TLSv1_3",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "475c9302dc42b2751db9edcac3b74891",
            "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15"
          },
          {
            "tls_version": "TLSv1_2",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "303951d4c50efb2e991652225a6f02b1",
            "ja4s": "t120200_544c535f45434448455f5253415f574954485f4145535f3132385f47434d5f534841323536_8b3ccbb12ea0"
          }
        ]
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "smtp",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "220 v171530.goserver.host webgo GmbH SMTP Postfix (Debian/GNU)\r\n",
      "banner_hashes": [
        "sha256:26e83c8c024a4e455fe0403df3906136e4f9566b987c08d4ea947175e05b538a"
      ],
      "banner_hex": "32323020763137313533302e676f7365727665722e686f737420776562676f20476d624820534d545020506f7374666978202844656269616e2f474e55290d0a",
      "certificate": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
      "discovery_method": "PREDICTIVE_METHOD_18",
      "extended_service_name": "SMTPS",
      "jarm": {
        "_encoding": {
          "fingerprint": "DISPLAY_HEX",
          "cipher_and_version_fingerprint": "DISPLAY_HEX",
          "tls_extensions_sha256": "DISPLAY_HEX"
        },
        "fingerprint": "07d10d1ad21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d",
        "cipher_and_version_fingerprint": "07d10d1ad21d21d00042d43d000000",
        "tls_extensions_sha256": "aa99ce74e2c6d013c745aa52b5cc042d",
        "observed_at": "2024-04-14T01:33:51.327703695Z"
      },
      "labels": [
        "email"
      ],
      "observed_at": "2024-04-16T01:16:59.959405336Z",
      "perspective_id": "PERSPECTIVE_TELIA",
      "port": 465,
      "service_name": "SMTP",
      "smtp": {
        "_encoding": {
          "banner": "DISPLAY_UTF8",
          "ehlo": "DISPLAY_UTF8"
        },
        "banner": "220 v171530.goserver.host webgo GmbH SMTP Postfix (Debian/GNU)\r\n",
        "ehlo": "250-v171530.goserver.host\r\n250-PIPELINING\r\n250-SIZE 52428800\r\n250-ETRN\r\n250-AUTH PLAIN LOGIN\r\n250-AUTH=PLAIN LOGIN\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250-SMTPUTF8\r\n250 CHUNKING\r\n"
      },
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "product": "linux",
          "source": "OSI_TRANSPORT_LAYER"
        }
      ],
      "source_ip": "167.94.146.59",
      "tls": {
        "version_selected": "TLSv1_3",
        "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX",
            "chain_fps_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
          "chain_fps_sha_256": [
            "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
            "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"
          ],
          "leaf_data": {
            "names": [
              "*.goserver.host",
              "goserver.host"
            ],
            "subject_dn": "CN=*.goserver.host",
            "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
            "pubkey_bit_size": 4096,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "aeeb175ab87e742e9a9d7b966934357430eab9a4b02d3183cfc4b10bc6967fa9",
            "fingerprint": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
            "issuer": {
              "common_name": [
                "Sectigo RSA Domain Validation Secure Server CA"
              ],
              "locality": [
                "Salford"
              ],
              "organization": [
                "Sectigo Limited"
              ],
              "province": [
                "Greater Manchester"
              ],
              "country": [
                "GB"
              ]
            },
            "subject": {
              "common_name": [
                "*.goserver.host"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "qZ+61vCRZT1XoYRKpHZEn/tkZrTOrO6fdjb1n2bkyD9WSDg1+wyD6hJDT6FZ496gCzJLCMu1b1ibydW53oLGeeSVsXGMccR3btJfStjeX92/NflD+L/1X/JXk3I516tUGx/Vs/fbDe/Umcrrfbk/GeKJjHTRxtAmCW9X4RpRRi9d7vjdACNif9wCpqmPogBB9QtgqjzVYtSH9UP/eeg9ki1NQuc9rW2b3fv29AKsmc8RbpzcMwNilffugq+nmVr75p9kJfUQ9vG7k6qeQVRLC6jGjV31ae4QKHojzIibJb14+piZnqD0A45a7ndj/M7Q6vrRZ44QyScffcTtOMKKG5z1ibS/CDKZO8T+s3hqPS1U4WGB4JbwCfhSnqs4nZx5PjobRYErmM3kRiZCJt4UwW3OtnyDo/BGlJmBxhUroK8dhfydIm04jSYTbFpatlwbIRO4wXWnAYUGoMjoS1bcDpBHNPw9ABu03Op+NWKooO78+mw1Af9As+pq1IrpV9rrgLP+Rw/hfPM92mFWpnZwQssvlPywEKf974IuReLFI0nOXGCv6zIik85EblvXY8omXEdlM+5UM9k3lItn/Tju9GZSbOKaLX22H5LB3w9rh1MMZIo7Kg5+ulCEeoXjdIf825xp3KeIwlh4EhE+N0JVoFUXvptmmwQ7Dmxlq9Powhc=",
                "exponent": "AAEAAQ==",
                "length": 512
              },
              "fingerprint": "2cdd066c4d4a65499c5e0f967d14dad6d0abe870ef9c459d49264585e9f39768"
            },
            "signature": {
              "signature_algorithm": "SHA256-RSA",
              "self_signed": false
            }
          },
          "chain": [
            {
              "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
              "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
              "issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
            },
            {
              "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
              "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
              "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
            }
          ]
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "475c9302dc42b2751db9edcac3b74891",
        "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15",
        "versions": [
          {
            "tls_version": "TLSv1_3",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "475c9302dc42b2751db9edcac3b74891",
            "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15"
          },
          {
            "tls_version": "TLSv1_2",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "d25619cb77d3219fc9fc14cb6b35eacc",
            "ja4s": "t120200_544c535f45434448455f5253415f574954485f43484143484132305f504f4c59313330355f534841323536_8b3ccbb12ea0"
          }
        ]
      },
      "transport_fingerprint": {
        "id": 262,
        "os": "CentOS",
        "raw": "65160,64,true,MSTNW,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "smtp",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "220 v171530.goserver.host webgo GmbH SMTP Postfix (Debian/GNU)\r\n",
      "banner_hashes": [
        "sha256:26e83c8c024a4e455fe0403df3906136e4f9566b987c08d4ea947175e05b538a"
      ],
      "banner_hex": "32323020763137313533302e676f7365727665722e686f737420776562676f20476d624820534d545020506f7374666978202844656269616e2f474e55290d0a",
      "certificate": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
      "extended_service_name": "SMTP-STARTTLS",
      "labels": [
        "email"
      ],
      "observed_at": "2024-04-16T02:15:53.370064371Z",
      "perspective_id": "PERSPECTIVE_TELIA",
      "port": 587,
      "service_name": "SMTP",
      "smtp": {
        "_encoding": {
          "banner": "DISPLAY_UTF8",
          "ehlo": "DISPLAY_UTF8",
          "start_tls": "DISPLAY_UTF8"
        },
        "banner": "220 v171530.goserver.host webgo GmbH SMTP Postfix (Debian/GNU)\r\n",
        "ehlo": "250-v171530.goserver.host\r\n250-PIPELINING\r\n250-SIZE 52428800\r\n250-ETRN\r\n250-STARTTLS\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250-SMTPUTF8\r\n250 CHUNKING\r\n",
        "start_tls": "220 2.0.0 Ready to start TLS\r\n"
      },
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "product": "linux",
          "source": "OSI_TRANSPORT_LAYER"
        }
      ],
      "source_ip": "167.94.146.56",
      "tls": {
        "version_selected": "TLSv1_3",
        "cipher_selected": "TLS_AES_256_GCM_SHA384",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX",
            "chain_fps_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
          "chain_fps_sha_256": [
            "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
            "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"
          ],
          "leaf_data": {
            "names": [
              "*.goserver.host",
              "goserver.host"
            ],
            "subject_dn": "CN=*.goserver.host",
            "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
            "pubkey_bit_size": 4096,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "aeeb175ab87e742e9a9d7b966934357430eab9a4b02d3183cfc4b10bc6967fa9",
            "fingerprint": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
            "issuer": {
              "common_name": [
                "Sectigo RSA Domain Validation Secure Server CA"
              ],
              "locality": [
                "Salford"
              ],
              "organization": [
                "Sectigo Limited"
              ],
              "province": [
                "Greater Manchester"
              ],
              "country": [
                "GB"
              ]
            },
            "subject": {
              "common_name": [
                "*.goserver.host"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "qZ+61vCRZT1XoYRKpHZEn/tkZrTOrO6fdjb1n2bkyD9WSDg1+wyD6hJDT6FZ496gCzJLCMu1b1ibydW53oLGeeSVsXGMccR3btJfStjeX92/NflD+L/1X/JXk3I516tUGx/Vs/fbDe/Umcrrfbk/GeKJjHTRxtAmCW9X4RpRRi9d7vjdACNif9wCpqmPogBB9QtgqjzVYtSH9UP/eeg9ki1NQuc9rW2b3fv29AKsmc8RbpzcMwNilffugq+nmVr75p9kJfUQ9vG7k6qeQVRLC6jGjV31ae4QKHojzIibJb14+piZnqD0A45a7ndj/M7Q6vrRZ44QyScffcTtOMKKG5z1ibS/CDKZO8T+s3hqPS1U4WGB4JbwCfhSnqs4nZx5PjobRYErmM3kRiZCJt4UwW3OtnyDo/BGlJmBxhUroK8dhfydIm04jSYTbFpatlwbIRO4wXWnAYUGoMjoS1bcDpBHNPw9ABu03Op+NWKooO78+mw1Af9As+pq1IrpV9rrgLP+Rw/hfPM92mFWpnZwQssvlPywEKf974IuReLFI0nOXGCv6zIik85EblvXY8omXEdlM+5UM9k3lItn/Tju9GZSbOKaLX22H5LB3w9rh1MMZIo7Kg5+ulCEeoXjdIf825xp3KeIwlh4EhE+N0JVoFUXvptmmwQ7Dmxlq9Powhc=",
                "exponent": "AAEAAQ==",
                "length": 512
              },
              "fingerprint": "2cdd066c4d4a65499c5e0f967d14dad6d0abe870ef9c459d49264585e9f39768"
            },
            "signature": {
              "signature_algorithm": "SHA256-RSA",
              "self_signed": false
            }
          },
          "chain": [
            {
              "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
              "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
              "issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
            },
            {
              "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
              "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
              "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
            }
          ]
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "15af977ce25de452b96affa2addb1036",
        "ja4s": "t120200_544c535f4145535f3235365f47434d5f534841333834_9f090db0cf15",
        "versions": [
          {
            "tls_version": "TLSv1_3",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "15af977ce25de452b96affa2addb1036",
            "ja4s": "t120200_544c535f4145535f3235365f47434d5f534841333834_9f090db0cf15"
          }
        ]
      },
      "transport_fingerprint": {
        "id": 262,
        "os": "CentOS",
        "raw": "65160,64,true,MSTNW,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "imap",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.\r\n",
      "banner_hashes": [
        "sha256:f94f0aec4a9aca0a9d959bd3a2510a1ea07b3ddc0592bb16c3d0867ed8e3abf1"
      ],
      "banner_hex": "2a204f4b205b4341504142494c49545920494d41503472657631205341534c2d4952204c4f47494e2d524546455252414c5320494420454e41424c452049444c45204c49544552414c2b20415554483d504c41494e20415554483d4c4f47494e5d20446f7665636f74202844656269616e292072656164792e0d0a",
      "certificate": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
      "extended_service_name": "IMAPS",
      "imap": {
        "_encoding": {
          "banner": "DISPLAY_UTF8"
        },
        "banner": "* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.\r\n"
      },
      "jarm": {
        "_encoding": {
          "fingerprint": "DISPLAY_HEX",
          "cipher_and_version_fingerprint": "DISPLAY_HEX",
          "tls_extensions_sha256": "DISPLAY_HEX"
        },
        "fingerprint": "07d0cd1ad21d21d07c42d43d000000b90dd73924a70e89e21f5ed1b8fb5131",
        "cipher_and_version_fingerprint": "07d0cd1ad21d21d07c42d43d000000",
        "tls_extensions_sha256": "b90dd73924a70e89e21f5ed1b8fb5131",
        "observed_at": "2024-04-06T01:27:58.968267035Z"
      },
      "labels": [
        "email"
      ],
      "observed_at": "2024-04-15T15:19:17.523095876Z",
      "perspective_id": "PERSPECTIVE_HE",
      "port": 993,
      "service_name": "IMAP",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "product": "linux",
          "source": "OSI_TRANSPORT_LAYER"
        },
        {
          "uniform_resource_identifier": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "Dovecot",
          "product": "Dovecot",
          "other": {
            "family": "Dovecot"
          },
          "source": "OSI_APPLICATION_LAYER"
        },
        {
          "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "vendor": "Debian",
          "product": "Linux",
          "other": {
            "family": "Linux"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "162.142.125.217",
      "tls": {
        "version_selected": "TLSv1_3",
        "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX",
            "chain_fps_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
          "chain_fps_sha_256": [
            "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
            "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
          ],
          "leaf_data": {
            "names": [
              "*.goserver.host",
              "goserver.host"
            ],
            "subject_dn": "CN=*.goserver.host",
            "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
            "pubkey_bit_size": 4096,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "aeeb175ab87e742e9a9d7b966934357430eab9a4b02d3183cfc4b10bc6967fa9",
            "fingerprint": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
            "issuer": {
              "common_name": [
                "Sectigo RSA Domain Validation Secure Server CA"
              ],
              "locality": [
                "Salford"
              ],
              "organization": [
                "Sectigo Limited"
              ],
              "province": [
                "Greater Manchester"
              ],
              "country": [
                "GB"
              ]
            },
            "subject": {
              "common_name": [
                "*.goserver.host"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "qZ+61vCRZT1XoYRKpHZEn/tkZrTOrO6fdjb1n2bkyD9WSDg1+wyD6hJDT6FZ496gCzJLCMu1b1ibydW53oLGeeSVsXGMccR3btJfStjeX92/NflD+L/1X/JXk3I516tUGx/Vs/fbDe/Umcrrfbk/GeKJjHTRxtAmCW9X4RpRRi9d7vjdACNif9wCpqmPogBB9QtgqjzVYtSH9UP/eeg9ki1NQuc9rW2b3fv29AKsmc8RbpzcMwNilffugq+nmVr75p9kJfUQ9vG7k6qeQVRLC6jGjV31ae4QKHojzIibJb14+piZnqD0A45a7ndj/M7Q6vrRZ44QyScffcTtOMKKG5z1ibS/CDKZO8T+s3hqPS1U4WGB4JbwCfhSnqs4nZx5PjobRYErmM3kRiZCJt4UwW3OtnyDo/BGlJmBxhUroK8dhfydIm04jSYTbFpatlwbIRO4wXWnAYUGoMjoS1bcDpBHNPw9ABu03Op+NWKooO78+mw1Af9As+pq1IrpV9rrgLP+Rw/hfPM92mFWpnZwQssvlPywEKf974IuReLFI0nOXGCv6zIik85EblvXY8omXEdlM+5UM9k3lItn/Tju9GZSbOKaLX22H5LB3w9rh1MMZIo7Kg5+ulCEeoXjdIf825xp3KeIwlh4EhE+N0JVoFUXvptmmwQ7Dmxlq9Powhc=",
                "exponent": "AAEAAQ==",
                "length": 512
              },
              "fingerprint": "2cdd066c4d4a65499c5e0f967d14dad6d0abe870ef9c459d49264585e9f39768"
            },
            "signature": {
              "signature_algorithm": "SHA256-RSA",
              "self_signed": false
            }
          },
          "chain": [
            {
              "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
              "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
              "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
            },
            {
              "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
              "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
              "issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
            }
          ]
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "475c9302dc42b2751db9edcac3b74891",
        "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15",
        "versions": [
          {
            "tls_version": "TLSv1_3",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "475c9302dc42b2751db9edcac3b74891",
            "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15"
          },
          {
            "tls_version": "TLSv1_2",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "d25619cb77d3219fc9fc14cb6b35eacc",
            "ja4s": "t120200_544c535f45434448455f5253415f574954485f43484143484132305f504f4c59313330355f534841323536_8b3ccbb12ea0"
          },
          {
            "tls_version": "TLSv1_1",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "b8d8f22562475aebf44ad54175c1d9c7",
            "ja4s": "t110200_544c535f45434448455f5253415f574954485f4145535f3132385f4342435f534841_8b3ccbb12ea0"
          },
          {
            "tls_version": "TLSv1_0",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "184d532a16876b78846ae6a03f654890",
            "ja4s": "t100200_544c535f45434448455f5253415f574954485f4145535f3132385f4342435f534841_8b3ccbb12ea0"
          }
        ]
      },
      "transport_fingerprint": {
        "id": 262,
        "os": "CentOS",
        "raw": "65160,64,true,MSTNW,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "pop3",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "+OK Dovecot (Debian) ready.\r\n",
      "banner_hashes": [
        "sha256:d23f942eab9de1c939a3dcab0aefadf6c86ebc2b99ba56b2b364c14c7c2b8dad"
      ],
      "banner_hex": "2b4f4b20446f7665636f74202844656269616e292072656164792e0d0a",
      "certificate": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
      "discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
      "extended_service_name": "POP3S",
      "jarm": {
        "_encoding": {
          "fingerprint": "DISPLAY_HEX",
          "cipher_and_version_fingerprint": "DISPLAY_HEX",
          "tls_extensions_sha256": "DISPLAY_HEX"
        },
        "fingerprint": "07d0cd1ad21d21d07c42d43d000000b90dd73924a70e89e21f5ed1b8fb5131",
        "cipher_and_version_fingerprint": "07d0cd1ad21d21d07c42d43d000000",
        "tls_extensions_sha256": "b90dd73924a70e89e21f5ed1b8fb5131",
        "observed_at": "2024-04-15T17:47:11.943631344Z"
      },
      "labels": [
        "email"
      ],
      "observed_at": "2024-04-15T20:47:32.326789393Z",
      "perspective_id": "PERSPECTIVE_TELIA",
      "pop3": {
        "_encoding": {
          "banner": "DISPLAY_UTF8"
        },
        "banner": "+OK Dovecot (Debian) ready.\r\n"
      },
      "port": 995,
      "service_name": "POP3",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "product": "linux",
          "source": "OSI_TRANSPORT_LAYER"
        },
        {
          "uniform_resource_identifier": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*",
          "part": "a",
          "vendor": "Dovecot",
          "product": "Dovecot",
          "other": {
            "family": "Dovecot"
          },
          "source": "OSI_APPLICATION_LAYER"
        },
        {
          "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "vendor": "Debian",
          "product": "Linux",
          "other": {
            "family": "Linux"
          },
          "source": "OSI_APPLICATION_LAYER"
        }
      ],
      "source_ip": "167.94.146.52",
      "tls": {
        "version_selected": "TLSv1_3",
        "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX",
            "chain_fps_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
          "chain_fps_sha_256": [
            "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
            "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"
          ],
          "leaf_data": {
            "names": [
              "*.goserver.host",
              "goserver.host"
            ],
            "subject_dn": "CN=*.goserver.host",
            "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
            "pubkey_bit_size": 4096,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "aeeb175ab87e742e9a9d7b966934357430eab9a4b02d3183cfc4b10bc6967fa9",
            "fingerprint": "28048f524ba54b5cdeaf5366748ac986a922498258d4010b6930fa76b2dc8efa",
            "issuer": {
              "common_name": [
                "Sectigo RSA Domain Validation Secure Server CA"
              ],
              "locality": [
                "Salford"
              ],
              "organization": [
                "Sectigo Limited"
              ],
              "province": [
                "Greater Manchester"
              ],
              "country": [
                "GB"
              ]
            },
            "subject": {
              "common_name": [
                "*.goserver.host"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "qZ+61vCRZT1XoYRKpHZEn/tkZrTOrO6fdjb1n2bkyD9WSDg1+wyD6hJDT6FZ496gCzJLCMu1b1ibydW53oLGeeSVsXGMccR3btJfStjeX92/NflD+L/1X/JXk3I516tUGx/Vs/fbDe/Umcrrfbk/GeKJjHTRxtAmCW9X4RpRRi9d7vjdACNif9wCpqmPogBB9QtgqjzVYtSH9UP/eeg9ki1NQuc9rW2b3fv29AKsmc8RbpzcMwNilffugq+nmVr75p9kJfUQ9vG7k6qeQVRLC6jGjV31ae4QKHojzIibJb14+piZnqD0A45a7ndj/M7Q6vrRZ44QyScffcTtOMKKG5z1ibS/CDKZO8T+s3hqPS1U4WGB4JbwCfhSnqs4nZx5PjobRYErmM3kRiZCJt4UwW3OtnyDo/BGlJmBxhUroK8dhfydIm04jSYTbFpatlwbIRO4wXWnAYUGoMjoS1bcDpBHNPw9ABu03Op+NWKooO78+mw1Af9As+pq1IrpV9rrgLP+Rw/hfPM92mFWpnZwQssvlPywEKf974IuReLFI0nOXGCv6zIik85EblvXY8omXEdlM+5UM9k3lItn/Tju9GZSbOKaLX22H5LB3w9rh1MMZIo7Kg5+ulCEeoXjdIf825xp3KeIwlh4EhE+N0JVoFUXvptmmwQ7Dmxlq9Powhc=",
                "exponent": "AAEAAQ==",
                "length": 512
              },
              "fingerprint": "2cdd066c4d4a65499c5e0f967d14dad6d0abe870ef9c459d49264585e9f39768"
            },
            "signature": {
              "signature_algorithm": "SHA256-RSA",
              "self_signed": false
            }
          },
          "chain": [
            {
              "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b",
              "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority",
              "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
            },
            {
              "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676",
              "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA",
              "issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
            }
          ]
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "475c9302dc42b2751db9edcac3b74891",
        "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15",
        "versions": [
          {
            "tls_version": "TLSv1_3",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "475c9302dc42b2751db9edcac3b74891",
            "ja4s": "t120200_544c535f43484143484132305f504f4c59313330355f534841323536_9f090db0cf15"
          },
          {
            "tls_version": "TLSv1_2",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "d25619cb77d3219fc9fc14cb6b35eacc",
            "ja4s": "t120200_544c535f45434448455f5253415f574954485f43484143484132305f504f4c59313330355f534841323536_8b3ccbb12ea0"
          },
          {
            "tls_version": "TLSv1_1",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "b8d8f22562475aebf44ad54175c1d9c7",
            "ja4s": "t110200_544c535f45434448455f5253415f574954485f4145535f3132385f4342435f534841_8b3ccbb12ea0"
          },
          {
            "tls_version": "TLSv1_0",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "184d532a16876b78846ae6a03f654890",
            "ja4s": "t100200_544c535f45434448455f5253415f574954485f4145535f3132385f4342435f534841_8b3ccbb12ea0"
          }
        ]
      },
      "transport_fingerprint": {
        "id": 262,
        "os": "CentOS",
        "raw": "65160,64,true,MSTNW,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "banner_grab",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "\"IMPLEMENTATION\" \"Dovecot (Debian) Pigeonhole\"\r\n\"SIEVE\" \"fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational re",
      "banner_hashes": [
        "sha256:b5a094162546bd162624951f97e9e30238fd1dfe0e8ffca53da185832dc03096"
      ],
      "banner_hex": "22494d504c454d454e544154494f4e222022446f7665636f74202844656269616e2920506967656f6e686f6c65220d0a22534945564522202266696c65696e746f2072656a65637420656e76656c6f706520656e636f6465642d636861726163746572207661636174696f6e207375626164647265737320636f6d70617261746f722d693b61736369692d6e756d657269632072656c6174696f6e616c207265",
      "extended_service_name": "PIGEONHOLE",
      "labels": [
        "email"
      ],
      "observed_at": "2024-04-14T17:21:22.115886342Z",
      "perspective_id": "PERSPECTIVE_TATA",
      "port": 4190,
      "service_name": "PIGEONHOLE",
      "software": [
        {
          "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*",
          "part": "o",
          "product": "linux",
          "source": "OSI_TRANSPORT_LAYER"
        }
      ],
      "source_ip": "167.94.138.126",
      "transport_fingerprint": {
        "id": 262,
        "os": "CentOS",
        "raw": "65160,64,true,MSTNW,1460,false,false"
      },
      "transport_protocol": "TCP",
      "truncated": false
    },
    {
      "_decoded": "http",
      "_encoding": {
        "banner": "DISPLAY_UTF8",
        "certificate": "DISPLAY_HEX",
        "banner_hex": "DISPLAY_HEX"
      },
      "banner": "HTTP/1.1 401 Unauthorized\r\nServer: Icinga/r2.14.0-1\r\nWWW-Authenticate: Basic realm=\"Icinga 2\"\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 58\r\n",
      "banner_hashes": [
        "sha256:2e292befb5fb68ad8319c891a40ce43ee956d20f427836d7541eefe20d53a3a9"
      ],
      "banner_hex": "485454502f312e312034303120556e617574686f72697a65640d0a5365727665723a204963696e67612f72322e31342e302d310d0a5757572d41757468656e7469636174653a204261736963207265616c6d3d224963696e67612032220d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a2035380d0a",
      "certificate": "3093cfa85615cec841107be4d0f3a08e1a60d47d61bbbed7b802235b28a9bd1d",
      "discovery_method": "PREDICTIVE_METHOD_2",
      "extended_service_name": "HTTPS",
      "http": {
        "request": {
          "method": "GET",
          "uri": "https://37.17.225.253:5665/",
          "headers": {
            "Accept": [
              "*/*"
            ],
            "_encoding": {
              "Accept": "DISPLAY_UTF8",
              "User_Agent": "DISPLAY_UTF8"
            },
            "User_Agent": [
              "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
            ]
          }
        },
        "response": {
          "protocol": "HTTP/1.1",
          "status_code": 401,
          "status_reason": "Unauthorized",
          "headers": {
            "Content_Type": [
              "text/html"
            ],
            "_encoding": {
              "Content_Type": "DISPLAY_UTF8",
              "Server": "DISPLAY_UTF8",
              "Connection": "DISPLAY_UTF8",
              "Content_Length": "DISPLAY_UTF8",
              "WWW_Authenticate": "DISPLAY_UTF8"
            },
            "Server": [
              "Icinga/r2.14.0-1"
            ],
            "Connection": [
              "close"
            ],
            "Content_Length": [
              "58"
            ],
            "WWW_Authenticate": [
              "Basic realm=\"Icinga 2\""
            ]
          },
          "body_size": 58,
          "_encoding": {
            "body": "DISPLAY_UTF8",
            "body_hash": "DISPLAY_UTF8"
          },
          "body": "<h1>Unauthorized. Please check your user credentials.</h1>",
          "body_hashes": [
            "sha256:96e9cf9119d9b1a4488e42969dd86cca39f90986c100149e0e10e367262e7781",
            "sha1:0781b2ef0edae3f86ab5f8ef7aaa4e8dae54208a"
          ],
          "body_hash": "sha1:0781b2ef0edae3f86ab5f8ef7aaa4e8dae54208a"
        },
        "supports_http2": false
      },
      "jarm": {
        "_encoding": {
          "fingerprint": "DISPLAY_HEX",
          "cipher_and_version_fingerprint": "DISPLAY_HEX",
          "tls_extensions_sha256": "DISPLAY_HEX"
        },
        "fingerprint": "2ad2ad16d2ad2ad00042d42d0000000b7957bea5dccaf2976e02aac6e2963a",
        "cipher_and_version_fingerprint": "2ad2ad16d2ad2ad00042d42d000000",
        "tls_extensions_sha256": "0b7957bea5dccaf2976e02aac6e2963a",
        "observed_at": "2024-04-08T02:13:22.289130574Z"
      },
      "observed_at": "2024-04-15T17:22:18.960693390Z",
      "perspective_id": "PERSPECTIVE_NTT",
      "port": 5665,
      "service_name": "HTTP",
      "source_ip": "206.168.34.191",
      "tls": {
        "version_selected": "TLSv1_3",
        "cipher_selected": "TLS_AES_256_GCM_SHA384",
        "certificates": {
          "_encoding": {
            "leaf_fp_sha_256": "DISPLAY_HEX",
            "chain_fps_sha_256": "DISPLAY_HEX"
          },
          "leaf_fp_sha_256": "3093cfa85615cec841107be4d0f3a08e1a60d47d61bbbed7b802235b28a9bd1d",
          "chain_fps_sha_256": [
            "e7892aa47949cb3b328caab424c8fd58869b1bb8f2b12b0ea5052b3c901e809d"
          ],
          "leaf_data": {
            "names": [
              "v171530.goserver.host"
            ],
            "subject_dn": "CN=v171530.goserver.host",
            "issuer_dn": "CN=Icinga CA",
            "pubkey_bit_size": 4096,
            "pubkey_algorithm": "RSA",
            "tbs_fingerprint": "17d2cf34d14b1988109a302cbc8d43db0b7c886bc746088ea59b962289542ebb",
            "fingerprint": "3093cfa85615cec841107be4d0f3a08e1a60d47d61bbbed7b802235b28a9bd1d",
            "issuer": {
              "common_name": [
                "Icinga CA"
              ]
            },
            "subject": {
              "common_name": [
                "v171530.goserver.host"
              ]
            },
            "public_key": {
              "key_algorithm": "RSA",
              "rsa": {
                "_encoding": {
                  "modulus": "DISPLAY_BASE64",
                  "exponent": "DISPLAY_BASE64"
                },
                "modulus": "wmju/XyAYI6tkcWHk67cKwNUg2iwiksCkJH8W84RHkWwNz7R7lZ82ybuFv8QPcTpcYDMMIPToJt8OQMKcHUxn1T51dUcZY9nhwJ5BoIwhgLQeVCGvZssk6BwD0Z+7WCXfztQRsdR0JpG+Ow83VeXqd6ICYwultlQ+zZAzc+DmPAinAvcjG+Q1vdajOSV7SEq7Abxhqb2nlOUnU+ELcn13kgDoKBwY37MqEOdmHoxHLOBer4zgJsl8qHEjEXj1vpzRWBw8pvn6qgZ0MIMFLWUlJDdjV8MFYqlsoDVlu10haD8MEA0EkiOSx/by6ho85rqa4cLhXgqLtOejLUXQ9xvbpDynDytqPskpGi8JL9fb5GqOdIgfG74uebbu4PmCxWYHdvJbIUl5d7OBdA4F5P193pF4NICkW+nDWmuet5IaiR36xmLUKPLqh2mIlSY5xnIaVjEEvoB6FxiHJjvO7vWiy5lC/adAJaI8CvOJcLgIAYGRuGg+00xxQpevgAcWb5k4wq9dmAV7gT/hO06RP49PJyBJV+vTnjCR6QE81uaA1x3VLyVc/30uHIeNm+4A1GwtYjHfxenA3QRuOlSDOlF9vsKDQE6jNj/hP7wLJy9n9bpnp8IWR+mT8sk4qEpDYBNIJ3pzWvL5FoPU/Yx7iNmt3+q1kpXE9qqZCzGiLeQOwE=",
                "exponent": "AAEAAQ==",
                "length": 512
              },
              "fingerprint": "d92b7657b126ddb95a859104c1ee83ab320ba0d4a28e871bf1173b944b4a3c5e"
            },
            "signature": {
              "signature_algorithm": "SHA256-RSA",
              "self_signed": false
            }
          },
          "chain": [
            {
              "fingerprint": "e7892aa47949cb3b328caab424c8fd58869b1bb8f2b12b0ea5052b3c901e809d",
              "subject_dn": "CN=Icinga CA",
              "issuer_dn": "CN=Icinga CA"
            }
          ]
        },
        "_encoding": {
          "ja3s": "DISPLAY_HEX"
        },
        "ja3s": "15af977ce25de452b96affa2addb1036",
        "ja4s": "t120200_544c535f4145535f3235365f47434d5f534841333834_9f090db0cf15",
        "versions": [
          {
            "tls_version": "TLSv1_3",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "15af977ce25de452b96affa2addb1036",
            "ja4s": "t120200_544c535f4145535f3235365f47434d5f534841333834_9f090db0cf15"
          },
          {
            "tls_version": "TLSv1_2",
            "_encoding": {
              "ja3s": "DISPLAY_HEX"
            },
            "ja3s": "0debd3853f330c574b05e0b6d882dc27",
            "ja4s": "t120200_544c535f45434448455f5253415f574954485f4145535f3235365f47434d5f534841333834_8b3ccbb12ea0"
          }
        ]
      },
      "transport_protocol": "TCP",
      "truncated": false
    }
  ],
  "location": {
    "continent": "Europe",
    "country": "Germany",
    "country_code": "DE",
    "city": "Hamburg",
    "postal_code": "20038",
    "timezone": "Europe/Berlin",
    "province": "Hamburg",
    "coordinates": {
      "latitude": 53.55073,
      "longitude": 9.99302
    }
  },
  "location_updated_at": "2024-04-02T21:45:22.486572926Z",
  "autonomous_system": {
    "asn": 48324,
    "description": "DE-WEBGO www.webgo.de",
    "bgp_prefix": "37.17.224.0/21",
    "name": "DE-WEBGO www.webgo.de",
    "country_code": "DE"
  },
  "autonomous_system_updated_at": "2024-04-02T21:45:22.486704442Z",
  "whois": {
    "network": {
      "handle": "WEBGO_NET1",
      "name": "webgo GmbH",
      "cidrs": [
        "37.17.224.0/23"
      ]
    },
    "organization": {
      "handle": "ORG-WE2-RIPE",
      "name": "webgo GmbH",
      "address": "Heidenkampsweg 81\\n20097\\nHamburg\\nGERMANY",
      "abuse_contacts": [
        {
          "handle": "WRC4-RIPE",
          "name": "webgo Ripe Coordination",
          "email": "[email protected]"
        }
      ],
      "admin_contacts": [
        {
          "handle": "SA8363-RIPE",
          "name": "Sebastian Angermeyer",
          "email": "[email protected]"
        }
      ]
    }
  },
  "operating_system": {
    "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
    "part": "o",
    "vendor": "Debian",
    "product": "Linux",
    "other": {
      "family": "Linux"
    }
  },
  "dns": {
    "names": [
      "v171530.goserver.host",
      "www.derkryptoinformant.com",
      "www.5keys.biz",
      "katjakampmann.de",
      "admin5keysme.v171530.goserver.host",
      "www.kerstinmersich.com",
      "5keys.me",
      "www.thewitches.de",
      "selfmadequeen.de",
      "www.katjakampmann.de",
      "thewitches.de",
      "malu-mode.com",
      "mail.future-key-group.net",
      "www.selfmadequeen.de",
      "www.admin5keysme.v171530.goserver.host",
      "ninetoes.de",
      "derkryptoinformant.com",
      "kerstinmersich.com",
      "www.5keys.me",
      "future-key-group.net",
      "www.lifesuccesscenter.com",
      "www.ninetoes.de",
      "lifesuccesscenter.com",
      "www.future-key-group.net",
      "www.malu-mode.com",
      "mail.ninetoes.de",
      "5keys.biz"
    ],
    "records": {
      "5keys.biz": {
        "record_type": "A",
        "resolved_at": "2024-04-13T12:45:10.475202471Z"
      },
      "www.5keys.biz": {
        "record_type": "A",
        "resolved_at": "2024-04-10T12:41:05.216669047Z"
      },
      "v171530.goserver.host": {
        "record_type": "A",
        "resolved_at": "2024-03-23T20:23:17.184929938Z"
      },
      "www.5keys.me": {
        "record_type": "A",
        "resolved_at": "2024-04-12T21:57:22.824594520Z"
      },
      "www.lifesuccesscenter.com": {
        "record_type": "A",
        "resolved_at": "2024-04-13T16:26:54.873637422Z"
      },
      "www.thewitches.de": {
        "record_type": "A",
        "resolved_at": "2024-04-15T18:24:52.713871986Z"
      },
      "selfmadequeen.de": {
        "record_type": "A",
        "resolved_at": "2024-04-03T18:40:16.006583399Z"
      },
      "thewitches.de": {
        "record_type": "A",
        "resolved_at": "2024-03-30T18:28:32.362342082Z"
      },
      "katjakampmann.de": {
        "record_type": "A",
        "resolved_at": "2024-03-17T17:50:00.543329362Z"
      },
      "ninetoes.de": {
        "record_type": "A",
        "resolved_at": "2023-04-07T02:19:54.572521884Z"
      },
      "www.kerstinmersich.com": {
        "record_type": "A",
        "resolved_at": "2024-04-15T16:13:21.093933704Z"
      },
      "www.katjakampmann.de": {
        "record_type": "A",
        "resolved_at": "2024-04-08T18:45:42.655224346Z"
      },
      "5keys.me": {
        "record_type": "A",
        "resolved_at": "2024-04-01T21:01:58.881063702Z"
      },
      "www.malu-mode.com": {
        "record_type": "A",
        "resolved_at": "2024-04-13T16:30:06.934473401Z"
      },
      "derkryptoinformant.com": {
        "record_type": "A",
        "resolved_at": "2023-12-03T15:17:08.391551850Z"
      },
      "www.ninetoes.de": {
        "record_type": "CNAME",
        "resolved_at": "2023-04-14T20:46:43.499422926Z"
      },
      "admin5keysme.v171530.goserver.host": {
        "record_type": "A",
        "resolved_at": "2024-04-03T19:57:17.856549660Z"
      },
      "www.selfmadequeen.de": {
        "record_type": "A",
        "resolved_at": "2024-03-18T18:32:30.216137946Z"
      },
      "future-key-group.net": {
        "record_type": "A",
        "resolved_at": "2024-04-07T21:05:42.301045219Z"
      },
      "lifesuccesscenter.com": {
        "record_type": "A",
        "resolved_at": "2024-04-08T16:47:24.860001642Z"
      },
      "mail.future-key-group.net": {
        "record_type": "A",
        "resolved_at": "2024-03-23T22:46:50.665174626Z"
      },
      "www.derkryptoinformant.com": {
        "record_type": "A",
        "resolved_at": "2023-12-21T15:01:46.855747503Z"
      },
      "kerstinmersich.com": {
        "record_type": "A",
        "resolved_at": "2024-04-08T16:42:47.332454266Z"
      },
      "malu-mode.com": {
        "record_type": "A",
        "resolved_at": "2024-04-15T16:21:07.214280679Z"
      },
      "www.admin5keysme.v171530.goserver.host": {
        "record_type": "A",
        "resolved_at": "2024-03-27T19:12:09.793382416Z"
      },
      "www.future-key-group.net": {
        "record_type": "A",
        "resolved_at": "2024-04-09T21:36:39.567080458Z"
      },
      "mail.ninetoes.de": {
        "record_type": "A",
        "resolved_at": "2023-03-24T16:30:10.779478449Z"
      }
    },
    "reverse_dns": {
      "names": [
        "v171530.goserver.host"
      ],
      "resolved_at": "2024-04-14T02:42:30.668973055Z"
    }
  },
  "last_updated_at": "2024-04-16T02:16:02.300Z",
  "labels": [
    "email",
    "file-sharing",
    "login-page",
    "remote-access"
  ]
}