52.96.166.210
As of: Dec 06, 2023 4:29pm UTC |
Latest
{
"ip": "52.96.166.210",
"services": [
{
"_decoded": "smtp",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "220 SJ0PR05CA0129.outlook.office365.com Microsoft ESMTP MAIL Service ready at Mon, 4 Dec 2023 22:20:11 +0000\r\n",
"banner_hashes": [
"sha256:58f2546b30fde9db40b7602e405cb5581be3151a08bf9cfb641e647f46844ee4"
],
"banner_hex": "32323020534a30505230354341303132392e6f75746c6f6f6b2e6f66666963653336352e636f6d204d6963726f736f66742045534d5450204d41494c2053657276696365207265616479206174204d6f6e2c20342044656320323032332032323a32303a3131202b303030300d0a",
"certificate": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "SMTP-STARTTLS",
"labels": [
"email"
],
"observed_at": "2023-12-04T22:20:11.505207580Z",
"perspective_id": "PERSPECTIVE_ORANGE",
"port": 25,
"service_name": "SMTP",
"smtp": {
"_encoding": {
"banner": "DISPLAY_UTF8",
"ehlo": "DISPLAY_UTF8",
"start_tls": "DISPLAY_UTF8"
},
"banner": "220 SJ0PR05CA0129.outlook.office365.com Microsoft ESMTP MAIL Service ready at Mon, 4 Dec 2023 22:20:11 +0000\r\n",
"ehlo": "250-SJ0PR05CA0129.outlook.office365.com Hello [167.94.145.60]\r\n250-SIZE 157286400\r\n250-PIPELINING\r\n250-DSN\r\n250-ENHANCEDSTATUSCODES\r\n250-STARTTLS\r\n250-8BITMIME\r\n250-BINARYMIME\r\n250-CHUNKING\r\n250 SMTPUTF8\r\n",
"start_tls": "220 2.0.0 SMTP server ready\r\n"
},
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Microsoft",
"product": "Exchange Server",
"other": {
"family": "Exchange Server"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "Microsoft",
"product": "Windows",
"other": {
"family": "Windows"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.145.60",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"chain_fps_sha_256": [
"5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44"
],
"leaf_data": {
"names": [
"*.clo.footprintdns.com",
"*.hotmail.com",
"*.internal.outlook.com",
"*.live.com",
"*.nrb.footprintdns.com",
"*.office.com",
"*.office365.com",
"*.outlook.com",
"*.outlook.office365.com",
"attachment.outlook.live.net",
"attachment.outlook.office.net",
"attachment.outlook.officeppe.net",
"attachments-sdf.office.net",
"attachments.office.net",
"ccs-sdf.login.microsoftonline.com",
"ccs.login.microsoftonline.com",
"hotmail.com",
"mail.services.live.com",
"office365.com",
"outlook.com",
"outlook.office.com",
"substrate-sdf.office.com",
"substrate.office.com"
],
"subject_dn": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com",
"issuer_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "d17ed86c3911a8c877b46a391d762751244e583b5664e6e0215ec90841b4b22f",
"fingerprint": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"issuer": {
"common_name": [
"DigiCert Cloud Services CA-1"
],
"organization": [
"DigiCert Inc"
],
"country": [
"US"
]
},
"subject": {
"common_name": [
"outlook.com"
],
"locality": [
"Redmond"
],
"organization": [
"Microsoft Corporation"
],
"province": [
"Washington"
],
"country": [
"US"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "witpKrZCSbKrec6RpLeKyukPZr4JjumAljR0qWwwM+0kWg/yIB/89kPepezm4g8d0xHUUozUkId0ZnrWLHembmQ9LWBI5RUhIk+JwNsH+mXXVOhuvJAPCzdfHzZelsApYXqEYy/9ssXZVGDc8KJXMrdKL4YnAymrrAzQAZelN79WH4S9Gduh5yDLkxvkL/B3lhlfiOnORykg5V/lHs3HH5ugk27FS7r0aGYvAr7xqX0QKMwUQ/C9X51vvSGNRMsZstWDdDKdTFmox8PmkAmR07hExQvMlpLBtnLsJbKJxH9/t0NYbpnPmurpsvJLw2/A4gP5lrDl7yo2UBzj6TRpbQ==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "bc2aa4fa6651dfe90a4fffc71412b2ec02ce64bc01cc48190de141e5a7c61722"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44",
"subject_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"issuer_dn": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
}
]
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036"
},
"transport_fingerprint": {
"raw": "65535,255,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 301 Moved Permanently\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nLocation: https://52.96.166.210/owa/\r\nServer: Microsoft-IIS/10.0\r\nrequest-id: a4194854-75a2-d75e-acd7-4b5d6eab896e\r\nX-FEServer: SJ0PR05CA0148\r\nX-RequestId: 7ca7b620-eddd-41e3-a18f-afa86b86b988\r\nX-FEProxyInfo: SJ0PR05CA0148.NAMPRD05.PROD.OUTLOOK.COM\r\nX-FEEFZInfo: SJC\r\nMS-CV: VEgZpKJ1Xtes10tdbquJbg.0\r\nX-Powered-By: ASP.NET\r\nX-FEServer: SJ0PR05CA0148\r\nDate: <REDACTED>\r\nConnection: close\r\nContent-Length: 0\r\n",
"banner_hashes": [
"sha256:1af369afc94bcac4903494d09a4ab8f2bc8e547e5b6204d3264eb1a74fca142b"
],
"banner_hex": "485454502f312e3120333031204d6f766564205065726d616e656e746c790d0a43616368652d436f6e74726f6c3a206e6f2d63616368650d0a507261676d613a206e6f2d63616368650d0a4c6f636174696f6e3a2068747470733a2f2f35322e39362e3136362e3231302f6f77612f0d0a5365727665723a204d6963726f736f66742d4949532f31302e300d0a726571756573742d69643a2061343139343835342d373561322d643735652d616364372d3462356436656162383936650d0a582d46455365727665723a20534a30505230354341303134380d0a582d5265717565737449643a2037636137623632302d656464642d343165332d613138662d6166613836623836623938380d0a582d464550726f7879496e666f3a20534a30505230354341303134382e4e414d50524430352e50524f442e4f55544c4f4f4b2e434f4d0d0a582d464545465a496e666f3a20534a430d0a4d532d43563a205645675a704b4a3158746573313074646271754a62672e300d0a582d506f77657265642d42793a204153502e4e45540d0a582d46455365727665723a20534a30505230354341303134380d0a446174653a20203c52454441435445443e0d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d4c656e6774683a20300d0a",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "HTTP",
"http": {
"request": {
"method": "GET",
"uri": "http://52.96.166.210/",
"headers": {
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
],
"_encoding": {
"User_Agent": "DISPLAY_UTF8",
"Accept": "DISPLAY_UTF8"
},
"Accept": [
"*/*"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 301,
"status_reason": "Moved Permanently",
"headers": {
"Date": [
"<REDACTED>"
],
"_encoding": {
"Date": "DISPLAY_UTF8",
"MS_CV": "DISPLAY_UTF8",
"X_FEEFZInfo": "DISPLAY_UTF8",
"Pragma": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8",
"X_RequestId": "DISPLAY_UTF8",
"request_id": "DISPLAY_UTF8",
"X_FEServer": "DISPLAY_UTF8",
"X_FEProxyInfo": "DISPLAY_UTF8",
"Location": "DISPLAY_UTF8",
"X_Powered_By": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Cache_Control": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8"
},
"MS_CV": [
"VEgZpKJ1Xtes10tdbquJbg.0"
],
"X_FEEFZInfo": [
"SJC"
],
"Pragma": [
"no-cache"
],
"Connection": [
"close"
],
"X_RequestId": [
"7ca7b620-eddd-41e3-a18f-afa86b86b988"
],
"request_id": [
"a4194854-75a2-d75e-acd7-4b5d6eab896e"
],
"X_FEServer": [
"SJ0PR05CA0148",
"SJ0PR05CA0148"
],
"X_FEProxyInfo": [
"SJ0PR05CA0148.NAMPRD05.PROD.OUTLOOK.COM"
],
"Location": [
"https://52.96.166.210/owa/"
],
"X_Powered_By": [
"ASP.NET"
],
"Server": [
"Microsoft-IIS/10.0"
],
"Cache_Control": [
"no-cache"
],
"Content_Length": [
"0"
]
},
"body_size": 0
},
"supports_http2": false
},
"observed_at": "2023-12-06T06:09:24.023074382Z",
"perspective_id": "PERSPECTIVE_HE",
"port": 80,
"service_name": "HTTP",
"software": [
{
"part": "o",
"vendor": "Microsoft",
"other": {
"family": "Windows"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:microsoft:internet_information_services:10.0:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Microsoft",
"product": "IIS",
"version": "10.0",
"other": {
"family": "IIS"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Microsoft",
"product": "ASP.NET",
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "162.142.125.226",
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "pop3",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "+OK The Microsoft Exchange POP3 service is ready. [UwBKADAAUABSADAANQBDAEEAMAAxADIANgAuAG4AYQBtAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]\r\n",
"banner_hashes": [
"sha256:deab6db304b43fff417aa3f0445b33bf722bae13f2497183fb1f4fa44702e546"
],
"banner_hex": "2b4f4b20546865204d6963726f736f66742045786368616e676520504f503320736572766963652069732072656164792e205b5577424b4144414155414253414441414e514244414545414d414178414449414e6741754147344159514274414841416367426b414441414e5141754148414163674276414751414c674276414855416441427341473841627742724143344159774276414730415d0d0a",
"certificate": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "POP3S",
"labels": [
"email"
],
"observed_at": "2023-12-05T15:41:41.642766984Z",
"perspective_id": "PERSPECTIVE_TATA",
"pop3": {
"_encoding": {
"banner": "DISPLAY_UTF8",
"start_tls": "DISPLAY_UTF8"
},
"banner": "+OK The Microsoft Exchange POP3 service is ready. [UwBKADAAUABSADAANQBDAEEAMAAxADIANgAuAG4AYQBtAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]\r\n",
"start_tls": "+OK Begin TLS negotiation.\r\n"
},
"port": 110,
"service_name": "POP3",
"source_ip": "167.94.138.127",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"chain_fps_sha_256": [
"5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44"
],
"leaf_data": {
"names": [
"*.clo.footprintdns.com",
"*.hotmail.com",
"*.internal.outlook.com",
"*.live.com",
"*.nrb.footprintdns.com",
"*.office.com",
"*.office365.com",
"*.outlook.com",
"*.outlook.office365.com",
"attachment.outlook.live.net",
"attachment.outlook.office.net",
"attachment.outlook.officeppe.net",
"attachments-sdf.office.net",
"attachments.office.net",
"ccs-sdf.login.microsoftonline.com",
"ccs.login.microsoftonline.com",
"hotmail.com",
"mail.services.live.com",
"office365.com",
"outlook.com",
"outlook.office.com",
"substrate-sdf.office.com",
"substrate.office.com"
],
"subject_dn": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com",
"issuer_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "d17ed86c3911a8c877b46a391d762751244e583b5664e6e0215ec90841b4b22f",
"fingerprint": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"issuer": {
"common_name": [
"DigiCert Cloud Services CA-1"
],
"organization": [
"DigiCert Inc"
],
"country": [
"US"
]
},
"subject": {
"common_name": [
"outlook.com"
],
"locality": [
"Redmond"
],
"organization": [
"Microsoft Corporation"
],
"province": [
"Washington"
],
"country": [
"US"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "witpKrZCSbKrec6RpLeKyukPZr4JjumAljR0qWwwM+0kWg/yIB/89kPepezm4g8d0xHUUozUkId0ZnrWLHembmQ9LWBI5RUhIk+JwNsH+mXXVOhuvJAPCzdfHzZelsApYXqEYy/9ssXZVGDc8KJXMrdKL4YnAymrrAzQAZelN79WH4S9Gduh5yDLkxvkL/B3lhlfiOnORykg5V/lHs3HH5ugk27FS7r0aGYvAr7xqX0QKMwUQ/C9X51vvSGNRMsZstWDdDKdTFmox8PmkAmR07hExQvMlpLBtnLsJbKJxH9/t0NYbpnPmurpsvJLw2/A4gP5lrDl7yo2UBzj6TRpbQ==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "bc2aa4fa6651dfe90a4fffc71412b2ec02ce64bc01cc48190de141e5a7c61722"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44",
"subject_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"issuer_dn": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 24
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "1d9c3e8c45ab7a2112263449a3ad9ece"
},
"transport_fingerprint": {
"raw": "8190,255,true,MNWNNS,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "imap",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "* OK The Microsoft Exchange IMAP4 service is ready. [UwBKADAAUABSADAANQBDAEEAMAAxADIANAAuAG4AYQBtAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]\r\n",
"banner_hashes": [
"sha256:364478d5a3c0da308b01b22b2bd24ef7a5309cd6a042a84f87bb44ad530630fc"
],
"banner_hex": "2a204f4b20546865204d6963726f736f66742045786368616e676520494d41503420736572766963652069732072656164792e205b5577424b4144414155414253414441414e514244414545414d414178414449414e4141754147344159514274414841416367426b414441414e5141754148414163674276414751414c674276414855416441427341473841627742724143344159774276414730415d0d0a",
"certificate": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "IMAPS",
"imap": {
"_encoding": {
"banner": "DISPLAY_UTF8"
},
"banner": "* OK The Microsoft Exchange IMAP4 service is ready. [UwBKADAAUABSADAANQBDAEEAMAAxADIANAAuAG4AYQBtAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]\r\n",
"start_tls": "a001 OK Begin TLS negotiation now.\r\n"
},
"labels": [
"email"
],
"observed_at": "2023-12-06T08:54:15.251891280Z",
"perspective_id": "PERSPECTIVE_TELIA",
"port": 143,
"service_name": "IMAP",
"source_ip": "167.94.146.51",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"chain_fps_sha_256": [
"5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44"
],
"leaf_data": {
"names": [
"*.clo.footprintdns.com",
"*.hotmail.com",
"*.internal.outlook.com",
"*.live.com",
"*.nrb.footprintdns.com",
"*.office.com",
"*.office365.com",
"*.outlook.com",
"*.outlook.office365.com",
"attachment.outlook.live.net",
"attachment.outlook.office.net",
"attachment.outlook.officeppe.net",
"attachments-sdf.office.net",
"attachments.office.net",
"ccs-sdf.login.microsoftonline.com",
"ccs.login.microsoftonline.com",
"hotmail.com",
"mail.services.live.com",
"office365.com",
"outlook.com",
"outlook.office.com",
"substrate-sdf.office.com",
"substrate.office.com"
],
"subject_dn": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com",
"issuer_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "d17ed86c3911a8c877b46a391d762751244e583b5664e6e0215ec90841b4b22f",
"fingerprint": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"issuer": {
"common_name": [
"DigiCert Cloud Services CA-1"
],
"organization": [
"DigiCert Inc"
],
"country": [
"US"
]
},
"subject": {
"common_name": [
"outlook.com"
],
"locality": [
"Redmond"
],
"organization": [
"Microsoft Corporation"
],
"province": [
"Washington"
],
"country": [
"US"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "witpKrZCSbKrec6RpLeKyukPZr4JjumAljR0qWwwM+0kWg/yIB/89kPepezm4g8d0xHUUozUkId0ZnrWLHembmQ9LWBI5RUhIk+JwNsH+mXXVOhuvJAPCzdfHzZelsApYXqEYy/9ssXZVGDc8KJXMrdKL4YnAymrrAzQAZelN79WH4S9Gduh5yDLkxvkL/B3lhlfiOnORykg5V/lHs3HH5ugk27FS7r0aGYvAr7xqX0QKMwUQ/C9X51vvSGNRMsZstWDdDKdTFmox8PmkAmR07hExQvMlpLBtnLsJbKJxH9/t0NYbpnPmurpsvJLw2/A4gP5lrDl7yo2UBzj6TRpbQ==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "bc2aa4fa6651dfe90a4fffc71412b2ec02ce64bc01cc48190de141e5a7c61722"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44",
"subject_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"issuer_dn": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 24
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "1d9c3e8c45ab7a2112263449a3ad9ece"
},
"transport_fingerprint": {
"raw": "8190,255,true,MNWNNS,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "http",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "HTTP/1.1 301 Moved Permanently\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nLocation: https://52.96.166.210/owa/\r\nServer: Microsoft-IIS/10.0\r\nrequest-id: 30b8af5d-bf64-9767-d344-b5512910a1d1\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-FEServer: SJ0PR05CA0130\r\nX-RequestId: 244ec389-4e97-48c1-9213-9216db4b87c0\r\nX-FEProxyInfo: SJ0PR05CA0130.NAMPRD05.PROD.OUTLOOK.COM\r\nX-FEEFZInfo: SJC\r\nX-FEServer: SJ0PR05CA0130\r\nDate: <REDACTED>\r\nConnection: close\r\nContent-Length: 0\r\n",
"banner_hashes": [
"sha256:db2a47b750023fe4be5d418cde09578a32a193ab923d0d3aa557bcfbfae4f459"
],
"banner_hex": "485454502f312e3120333031204d6f766564205065726d616e656e746c790d0a43616368652d436f6e74726f6c3a206e6f2d63616368650d0a507261676d613a206e6f2d63616368650d0a4c6f636174696f6e3a2068747470733a2f2f35322e39362e3136362e3231302f6f77612f0d0a5365727665723a204d6963726f736f66742d4949532f31302e300d0a726571756573742d69643a2033306238616635642d626636342d393736372d643334342d6235353132393130613164310d0a5374726963742d5472616e73706f72742d53656375726974793a206d61782d6167653d33313533363030303b20696e636c756465537562446f6d61696e733b207072656c6f61640d0a582d46455365727665723a20534a30505230354341303133300d0a582d5265717565737449643a2032343465633338392d346539372d343863312d393231332d3932313664623462383763300d0a582d464550726f7879496e666f3a20534a30505230354341303133302e4e414d50524430352e50524f442e4f55544c4f4f4b2e434f4d0d0a582d464545465a496e666f3a20534a430d0a582d46455365727665723a20534a30505230354341303133300d0a446174653a20203c52454441435445443e0d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d4c656e6774683a20300d0a",
"certificate": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "HTTPS",
"http": {
"request": {
"method": "GET",
"uri": "https://52.96.166.210/owa",
"headers": {
"Accept": [
"*/*"
],
"_encoding": {
"Accept": "DISPLAY_UTF8",
"User_Agent": "DISPLAY_UTF8"
},
"User_Agent": [
"Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
]
}
},
"response": {
"protocol": "HTTP/1.1",
"status_code": 301,
"status_reason": "Moved Permanently",
"headers": {
"Strict_Transport_Security": [
"max-age=31536000; includeSubDomains; preload"
],
"_encoding": {
"Strict_Transport_Security": "DISPLAY_UTF8",
"request_id": "DISPLAY_UTF8",
"Server": "DISPLAY_UTF8",
"Content_Length": "DISPLAY_UTF8",
"Cache_Control": "DISPLAY_UTF8",
"X_FEProxyInfo": "DISPLAY_UTF8",
"Pragma": "DISPLAY_UTF8",
"Date": "DISPLAY_UTF8",
"X_RequestId": "DISPLAY_UTF8",
"Location": "DISPLAY_UTF8",
"Connection": "DISPLAY_UTF8",
"X_FEServer": "DISPLAY_UTF8",
"X_FEEFZInfo": "DISPLAY_UTF8"
},
"request_id": [
"30b8af5d-bf64-9767-d344-b5512910a1d1"
],
"Server": [
"Microsoft-IIS/10.0"
],
"Content_Length": [
"0"
],
"Cache_Control": [
"no-cache"
],
"X_FEProxyInfo": [
"SJ0PR05CA0130.NAMPRD05.PROD.OUTLOOK.COM"
],
"Pragma": [
"no-cache"
],
"Date": [
"<REDACTED>"
],
"X_RequestId": [
"244ec389-4e97-48c1-9213-9216db4b87c0"
],
"Location": [
"https://52.96.166.210/owa/"
],
"Connection": [
"close"
],
"X_FEServer": [
"SJ0PR05CA0130",
"SJ0PR05CA0130"
],
"X_FEEFZInfo": [
"SJC"
]
},
"body_size": 0
},
"supports_http2": true
},
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "2ad2ad0000000000002ad2ad2ad2ad2ac545cec8e993a8ea0344adfbc55d4f",
"cipher_and_version_fingerprint": "2ad2ad0000000000002ad2ad2ad2ad",
"tls_extensions_sha256": "2ac545cec8e993a8ea0344adfbc55d4f",
"observed_at": "2023-12-06T06:38:53.113440494Z"
},
"observed_at": "2023-12-06T16:29:45.982647822Z",
"perspective_id": "PERSPECTIVE_TELIA",
"port": 443,
"service_name": "HTTP",
"software": [
{
"part": "o",
"vendor": "Microsoft",
"other": {
"family": "Windows"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:a:microsoft:internet_information_services:10.0:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Microsoft",
"product": "IIS",
"version": "10.0",
"other": {
"family": "IIS"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.146.60",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"chain_fps_sha_256": [
"5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44"
],
"leaf_data": {
"names": [
"*.clo.footprintdns.com",
"*.hotmail.com",
"*.internal.outlook.com",
"*.live.com",
"*.nrb.footprintdns.com",
"*.office.com",
"*.office365.com",
"*.outlook.com",
"*.outlook.office365.com",
"attachment.outlook.live.net",
"attachment.outlook.office.net",
"attachment.outlook.officeppe.net",
"attachments-sdf.office.net",
"attachments.office.net",
"ccs-sdf.login.microsoftonline.com",
"ccs.login.microsoftonline.com",
"hotmail.com",
"mail.services.live.com",
"office365.com",
"outlook.com",
"outlook.office.com",
"substrate-sdf.office.com",
"substrate.office.com"
],
"subject_dn": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com",
"issuer_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "d17ed86c3911a8c877b46a391d762751244e583b5664e6e0215ec90841b4b22f",
"fingerprint": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"issuer": {
"common_name": [
"DigiCert Cloud Services CA-1"
],
"organization": [
"DigiCert Inc"
],
"country": [
"US"
]
},
"subject": {
"common_name": [
"outlook.com"
],
"locality": [
"Redmond"
],
"organization": [
"Microsoft Corporation"
],
"province": [
"Washington"
],
"country": [
"US"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "witpKrZCSbKrec6RpLeKyukPZr4JjumAljR0qWwwM+0kWg/yIB/89kPepezm4g8d0xHUUozUkId0ZnrWLHembmQ9LWBI5RUhIk+JwNsH+mXXVOhuvJAPCzdfHzZelsApYXqEYy/9ssXZVGDc8KJXMrdKL4YnAymrrAzQAZelN79WH4S9Gduh5yDLkxvkL/B3lhlfiOnORykg5V/lHs3HH5ugk27FS7r0aGYvAr7xqX0QKMwUQ/C9X51vvSGNRMsZstWDdDKdTFmox8PmkAmR07hExQvMlpLBtnLsJbKJxH9/t0NYbpnPmurpsvJLw2/A4gP5lrDl7yo2UBzj6TRpbQ==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "bc2aa4fa6651dfe90a4fffc71412b2ec02ce64bc01cc48190de141e5a7c61722"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44",
"subject_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"issuer_dn": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 24
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "1d9c3e8c45ab7a2112263449a3ad9ece"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "smtp",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "220 SJ0PR05CA0145.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 5 Dec 2023 19:24:48 +0000\r\n",
"banner_hashes": [
"sha256:47dc080db414eba69994c3ee8ad7160bf82eb885965fae35994d6666353469d1"
],
"banner_hex": "32323020534a30505230354341303134352e6f75746c6f6f6b2e6f66666963653336352e636f6d204d6963726f736f66742045534d5450204d41494c2053657276696365207265616479206174205475652c20352044656320323032332031393a32343a3438202b303030300d0a",
"certificate": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "SMTP-STARTTLS",
"labels": [
"email"
],
"observed_at": "2023-12-05T19:24:49.030802252Z",
"perspective_id": "PERSPECTIVE_TELIA",
"port": 587,
"service_name": "SMTP",
"smtp": {
"_encoding": {
"banner": "DISPLAY_UTF8",
"ehlo": "DISPLAY_UTF8",
"start_tls": "DISPLAY_UTF8"
},
"banner": "220 SJ0PR05CA0145.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 5 Dec 2023 19:24:48 +0000\r\n",
"ehlo": "250-SJ0PR05CA0145.outlook.office365.com Hello [167.94.146.57]\r\n250-SIZE 157286400\r\n250-PIPELINING\r\n250-DSN\r\n250-ENHANCEDSTATUSCODES\r\n250-STARTTLS\r\n250-8BITMIME\r\n250-BINARYMIME\r\n250-CHUNKING\r\n250 SMTPUTF8\r\n",
"start_tls": "220 2.0.0 SMTP server ready\r\n"
},
"software": [
{
"uniform_resource_identifier": "cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*",
"part": "a",
"vendor": "Microsoft",
"product": "Exchange Server",
"other": {
"family": "Exchange Server"
},
"source": "OSI_APPLICATION_LAYER"
},
{
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "Microsoft",
"product": "Windows",
"other": {
"family": "Windows"
},
"source": "OSI_APPLICATION_LAYER"
}
],
"source_ip": "167.94.146.57",
"tls": {
"version_selected": "TLSv1_3",
"cipher_selected": "TLS_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"chain_fps_sha_256": [
"5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44"
],
"leaf_data": {
"names": [
"*.clo.footprintdns.com",
"*.hotmail.com",
"*.internal.outlook.com",
"*.live.com",
"*.nrb.footprintdns.com",
"*.office.com",
"*.office365.com",
"*.outlook.com",
"*.outlook.office365.com",
"attachment.outlook.live.net",
"attachment.outlook.office.net",
"attachment.outlook.officeppe.net",
"attachments-sdf.office.net",
"attachments.office.net",
"ccs-sdf.login.microsoftonline.com",
"ccs.login.microsoftonline.com",
"hotmail.com",
"mail.services.live.com",
"office365.com",
"outlook.com",
"outlook.office.com",
"substrate-sdf.office.com",
"substrate.office.com"
],
"subject_dn": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com",
"issuer_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "d17ed86c3911a8c877b46a391d762751244e583b5664e6e0215ec90841b4b22f",
"fingerprint": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"issuer": {
"common_name": [
"DigiCert Cloud Services CA-1"
],
"organization": [
"DigiCert Inc"
],
"country": [
"US"
]
},
"subject": {
"common_name": [
"outlook.com"
],
"locality": [
"Redmond"
],
"organization": [
"Microsoft Corporation"
],
"province": [
"Washington"
],
"country": [
"US"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "witpKrZCSbKrec6RpLeKyukPZr4JjumAljR0qWwwM+0kWg/yIB/89kPepezm4g8d0xHUUozUkId0ZnrWLHembmQ9LWBI5RUhIk+JwNsH+mXXVOhuvJAPCzdfHzZelsApYXqEYy/9ssXZVGDc8KJXMrdKL4YnAymrrAzQAZelN79WH4S9Gduh5yDLkxvkL/B3lhlfiOnORykg5V/lHs3HH5ugk27FS7r0aGYvAr7xqX0QKMwUQ/C9X51vvSGNRMsZstWDdDKdTFmox8PmkAmR07hExQvMlpLBtnLsJbKJxH9/t0NYbpnPmurpsvJLw2/A4gP5lrDl7yo2UBzj6TRpbQ==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "bc2aa4fa6651dfe90a4fffc71412b2ec02ce64bc01cc48190de141e5a7c61722"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44",
"subject_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"issuer_dn": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
}
]
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "15af977ce25de452b96affa2addb1036"
},
"transport_fingerprint": {
"raw": "65535,255,true,MNWST,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "imap",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "* OK The Microsoft Exchange IMAP4 service is ready. [UwBKADAAUABSADAANQBDAEEAMAAxADIANwAuAG4AYQBtAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]\r\n",
"banner_hashes": [
"sha256:2b3315097d2cb1ed0a89ab4b2eba04689ed8e184350264761d63d0c83b2c4488"
],
"banner_hex": "2a204f4b20546865204d6963726f736f66742045786368616e676520494d41503420736572766963652069732072656164792e205b5577424b4144414155414253414441414e514244414545414d414178414449414e7741754147344159514274414841416367426b414441414e5141754148414163674276414751414c674276414855416441427341473841627742724143344159774276414730415d0d0a",
"certificate": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "IMAPS",
"imap": {
"_encoding": {
"banner": "DISPLAY_UTF8"
},
"banner": "* OK The Microsoft Exchange IMAP4 service is ready. [UwBKADAAUABSADAANQBDAEEAMAAxADIANwAuAG4AYQBtAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]\r\n"
},
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "2ad2ad0002ad2ad0002ad2ad2ad2adf9fdf4eeac344e8b5003264da73585be",
"cipher_and_version_fingerprint": "2ad2ad0002ad2ad0002ad2ad2ad2ad",
"tls_extensions_sha256": "f9fdf4eeac344e8b5003264da73585be",
"observed_at": "2023-11-24T21:34:48.597630935Z"
},
"labels": [
"email"
],
"observed_at": "2023-12-06T06:07:29.150906871Z",
"perspective_id": "PERSPECTIVE_HE",
"port": 993,
"service_name": "IMAP",
"source_ip": "162.142.125.225",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"chain_fps_sha_256": [
"5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44"
],
"leaf_data": {
"names": [
"*.clo.footprintdns.com",
"*.hotmail.com",
"*.internal.outlook.com",
"*.live.com",
"*.nrb.footprintdns.com",
"*.office.com",
"*.office365.com",
"*.outlook.com",
"*.outlook.office365.com",
"attachment.outlook.live.net",
"attachment.outlook.office.net",
"attachment.outlook.officeppe.net",
"attachments-sdf.office.net",
"attachments.office.net",
"ccs-sdf.login.microsoftonline.com",
"ccs.login.microsoftonline.com",
"hotmail.com",
"mail.services.live.com",
"office365.com",
"outlook.com",
"outlook.office.com",
"substrate-sdf.office.com",
"substrate.office.com"
],
"subject_dn": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com",
"issuer_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "d17ed86c3911a8c877b46a391d762751244e583b5664e6e0215ec90841b4b22f",
"fingerprint": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"issuer": {
"common_name": [
"DigiCert Cloud Services CA-1"
],
"organization": [
"DigiCert Inc"
],
"country": [
"US"
]
},
"subject": {
"common_name": [
"outlook.com"
],
"locality": [
"Redmond"
],
"organization": [
"Microsoft Corporation"
],
"province": [
"Washington"
],
"country": [
"US"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "witpKrZCSbKrec6RpLeKyukPZr4JjumAljR0qWwwM+0kWg/yIB/89kPepezm4g8d0xHUUozUkId0ZnrWLHembmQ9LWBI5RUhIk+JwNsH+mXXVOhuvJAPCzdfHzZelsApYXqEYy/9ssXZVGDc8KJXMrdKL4YnAymrrAzQAZelN79WH4S9Gduh5yDLkxvkL/B3lhlfiOnORykg5V/lHs3HH5ugk27FS7r0aGYvAr7xqX0QKMwUQ/C9X51vvSGNRMsZstWDdDKdTFmox8PmkAmR07hExQvMlpLBtnLsJbKJxH9/t0NYbpnPmurpsvJLw2/A4gP5lrDl7yo2UBzj6TRpbQ==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "bc2aa4fa6651dfe90a4fffc71412b2ec02ce64bc01cc48190de141e5a7c61722"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44",
"subject_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"issuer_dn": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 24
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "1d9c3e8c45ab7a2112263449a3ad9ece"
},
"transport_fingerprint": {
"raw": "8190,255,true,MNWNNS,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
},
{
"_decoded": "pop3",
"_encoding": {
"banner": "DISPLAY_UTF8",
"certificate": "DISPLAY_HEX",
"banner_hex": "DISPLAY_HEX"
},
"banner": "+OK The Microsoft Exchange POP3 service is ready. [UwBKADAAUABSADAANQBDAEEAMAAxADIAOQAuAG4AYQBtAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]\r\n",
"banner_hashes": [
"sha256:712698a5083976cabd594af68ed056091df452c98e91f08f33a0e04a4d4cb017"
],
"banner_hex": "2b4f4b20546865204d6963726f736f66742045786368616e676520504f503320736572766963652069732072656164792e205b5577424b4144414155414253414441414e514244414545414d414178414449414f5141754147344159514274414841416367426b414441414e5141754148414163674276414751414c674276414855416441427341473841627742724143344159774276414730415d0d0a",
"certificate": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"discovery_method": "IPV4_WALK_FULL_PRIORITY_1",
"extended_service_name": "POP3S",
"jarm": {
"_encoding": {
"fingerprint": "DISPLAY_HEX",
"cipher_and_version_fingerprint": "DISPLAY_HEX",
"tls_extensions_sha256": "DISPLAY_HEX"
},
"fingerprint": "2ad2ad0002ad2ad0002ad2ad2ad2adf9fdf4eeac344e8b5003264da73585be",
"cipher_and_version_fingerprint": "2ad2ad0002ad2ad0002ad2ad2ad2ad",
"tls_extensions_sha256": "f9fdf4eeac344e8b5003264da73585be",
"observed_at": "2023-12-03T01:44:18.680467731Z"
},
"labels": [
"email"
],
"observed_at": "2023-12-06T16:08:27.024313153Z",
"perspective_id": "PERSPECTIVE_NTT",
"pop3": {
"_encoding": {
"banner": "DISPLAY_UTF8"
},
"banner": "+OK The Microsoft Exchange POP3 service is ready. [UwBKADAAUABSADAANQBDAEEAMAAxADIAOQAuAG4AYQBtAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]\r\n"
},
"port": 995,
"service_name": "POP3",
"source_ip": "167.248.133.126",
"tls": {
"version_selected": "TLSv1_2",
"cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"certificates": {
"_encoding": {
"leaf_fp_sha_256": "DISPLAY_HEX",
"chain_fps_sha_256": "DISPLAY_HEX"
},
"leaf_fp_sha_256": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"chain_fps_sha_256": [
"5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44"
],
"leaf_data": {
"names": [
"*.clo.footprintdns.com",
"*.hotmail.com",
"*.internal.outlook.com",
"*.live.com",
"*.nrb.footprintdns.com",
"*.office.com",
"*.office365.com",
"*.outlook.com",
"*.outlook.office365.com",
"attachment.outlook.live.net",
"attachment.outlook.office.net",
"attachment.outlook.officeppe.net",
"attachments-sdf.office.net",
"attachments.office.net",
"ccs-sdf.login.microsoftonline.com",
"ccs.login.microsoftonline.com",
"hotmail.com",
"mail.services.live.com",
"office365.com",
"outlook.com",
"outlook.office.com",
"substrate-sdf.office.com",
"substrate.office.com"
],
"subject_dn": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com",
"issuer_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"pubkey_bit_size": 2048,
"pubkey_algorithm": "RSA",
"tbs_fingerprint": "d17ed86c3911a8c877b46a391d762751244e583b5664e6e0215ec90841b4b22f",
"fingerprint": "ddaf32b93b471fb1e20cd54344ecc50d7122f1a58c09055db95577ebd9b4c7d3",
"issuer": {
"common_name": [
"DigiCert Cloud Services CA-1"
],
"organization": [
"DigiCert Inc"
],
"country": [
"US"
]
},
"subject": {
"common_name": [
"outlook.com"
],
"locality": [
"Redmond"
],
"organization": [
"Microsoft Corporation"
],
"province": [
"Washington"
],
"country": [
"US"
]
},
"public_key": {
"key_algorithm": "RSA",
"rsa": {
"_encoding": {
"modulus": "DISPLAY_BASE64",
"exponent": "DISPLAY_BASE64"
},
"modulus": "witpKrZCSbKrec6RpLeKyukPZr4JjumAljR0qWwwM+0kWg/yIB/89kPepezm4g8d0xHUUozUkId0ZnrWLHembmQ9LWBI5RUhIk+JwNsH+mXXVOhuvJAPCzdfHzZelsApYXqEYy/9ssXZVGDc8KJXMrdKL4YnAymrrAzQAZelN79WH4S9Gduh5yDLkxvkL/B3lhlfiOnORykg5V/lHs3HH5ugk27FS7r0aGYvAr7xqX0QKMwUQ/C9X51vvSGNRMsZstWDdDKdTFmox8PmkAmR07hExQvMlpLBtnLsJbKJxH9/t0NYbpnPmurpsvJLw2/A4gP5lrDl7yo2UBzj6TRpbQ==",
"exponent": "AAEAAQ==",
"length": 256
},
"fingerprint": "bc2aa4fa6651dfe90a4fffc71412b2ec02ce64bc01cc48190de141e5a7c61722"
},
"signature": {
"signature_algorithm": "SHA256-RSA",
"self_signed": false
}
},
"chain": [
{
"fingerprint": "5f88694615e4c61686e106b84c3338c6720c535f60d36f61282ed15e1977dd44",
"subject_dn": "C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1",
"issuer_dn": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
}
]
},
"server_key_exchange": {
"ec_params": {
"named_curve": 24
}
},
"_encoding": {
"ja3s": "DISPLAY_HEX"
},
"ja3s": "1d9c3e8c45ab7a2112263449a3ad9ece"
},
"transport_fingerprint": {
"raw": "8190,255,true,MNWNNS,1460,false,false"
},
"transport_protocol": "TCP",
"truncated": false
}
],
"location": {
"continent": "North America",
"country": "United States",
"country_code": "US",
"city": "San Jose",
"postal_code": "95103",
"timezone": "America/Los_Angeles",
"province": "California",
"coordinates": {
"latitude": 37.33939,
"longitude": -121.89496
}
},
"location_updated_at": "2023-11-22T23:14:16.781380Z",
"autonomous_system": {
"asn": 8075,
"description": "MICROSOFT-CORP-MSN-AS-BLOCK",
"bgp_prefix": "52.96.0.0/14",
"name": "MICROSOFT-CORP-MSN-AS-BLOCK",
"country_code": "US"
},
"autonomous_system_updated_at": "2023-11-22T23:14:16.781391Z",
"operating_system": {
"uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"part": "o",
"vendor": "Microsoft",
"product": "Windows",
"other": {
"family": "Windows"
}
},
"dns": {
"names": [
"webmail.augustini.hr",
"mail.correanayak.eu",
"mdw-efz.ms-acdc.office.com"
],
"records": {
"mdw-efz.ms-acdc.office.com": {
"record_type": "CNAME",
"resolved_at": "2023-11-29T16:17:20.950288991Z"
},
"mail.correanayak.eu": {
"record_type": "CNAME",
"resolved_at": "2023-11-28T19:03:56.912627103Z"
},
"webmail.augustini.hr": {
"record_type": "CNAME",
"resolved_at": "2023-11-09T19:21:40.679931936Z"
}
}
},
"last_updated_at": "2023-12-06T16:29:47.207Z",
"labels": [
"email"
]
}