Cyber Defense Search Engine

IP
121.229.40.188

Network
121.229.0.0/18

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

ASN
AS4134

Organization
Chinanet

Protocol
winrm Cert not expired winrm

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
Cloudbase-Init WinRM

Subject Common Name
Cloudbase-Init WinRM

SHA256 Fingerprint
50a749c071571d495c29e372ffbcccf6d2800bcd91f44053cddda35ad0eb3623

Validity Not Before
2024-10-29T19:31:34Z

Validity Not After
2034-10-28T19:31:34Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
71245e327d5ad66e82c432786b173f71

HTTP Header MD5
3a383fe2669d8e9c9234fe672975029c

HTTP Body MD5
d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 401 
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="WSMAN"
Date: Thu, 07 Nov 2024 05:50:59 GMT
Connection: close
Content-Length: 0

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:51:00.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "3a383fe2669d8e9c9234fe672975029c",
         "headermmh3" : -81123689,
         "realm" : "WSMAN"
      },
      "length" : 191
   },
   "asn" : "AS4134",
   "city" : "Shanghai",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 \r\nServer: Microsoft-HTTPAPI/2.0\r\nWWW-Authenticate: Negotiate\r\nWWW-Authenticate: Basic realm=\"WSMAN\"\r\nDate: Thu, 07 Nov 2024 05:50:59 GMT\r\nConnection: close\r\nContent-Length: 0\r\n\r\n",
   "datamd5" : "71245e327d5ad66e82c432786b173f71",
   "datammh3" : 278103319,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "fingerprint" : {
      "md5" : "e1f88e15615335c0f49fe7c42551570c",
      "sha1" : "a1c57785e37b19e83f3526bdbba571d4f40ad9de",
      "sha256" : "50a749c071571d495c29e372ffbcccf6d2800bcd91f44053cddda35ad0eb3623"
   },
   "geolocus" : {
      "asn" : "AS4134",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "163.com",
         "chinatelecom.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "CHINANET-JS",
      "organization" : "CHINANET jiangsu province network",
      "subnet" : "121.229.0.0/18"
   },
   "ip" : "121.229.40.188",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Cloudbase-Init WinRM"
   },
   "latitude" : "31.2222",
   "location" : "31.2222,121.4581",
   "longitude" : "121.4581",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Chinanet",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 5986,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "winrm",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "seen_date" : "2024-11-07",
   "serial" : "52:65:f2:17:e9:d7:69:ba:48:fb:90:e3:3e:41:67:76",
   "signature" : {
      "algorithm" : "sha1WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 401,
   "subject" : {
      "commonname" : "Cloudbase-Init WinRM"
   },
   "subnet" : "121.229.0.0/18",
   "tag" : "<enterprise field>: tag",
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2034-10-28T19:31:34Z",
      "notbefore" : "2024-10-29T19:31:34Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
107.154.76.55

Alternative IP(s)
45.60.109.225 45.60.73.225

Network
107.154.72.0/21

Domain(s)
imperva.com incapdns.net

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

https://107.154.76.55:5986/wsman 503

Reverse DNS
107.154.76.55.ip.incapdns.net

ASN
AS19551

Organization
INCAPSULA

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel
Issuer Common Name
GlobalSign Atlas R3 DV TLS CA 2024 Q3

Issuer Organization
GlobalSign nv-sa

Subject Common Name
imperva.com

Subject Alt Name
imperva.com

SHA256 Fingerprint
d151e4933e4a261cf12084d9b47afbf86e7b4f68792fb03fe94dabc7d326b63f

Validity Not Before
2024-09-10T11:46:00Z

Validity Not After
2025-03-09T11:45:41Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
d1a0f70fa5ec7df993ecc7af5937860f

HTTP Header MD5
62fd76b8c050732f384979e6bf83cab3

HTTP Body MD5
ef4e9d05bd428cdf87f624983a75dfa1

HTTP/1.1 503 Service Unavailable
Content-Type: text/html
Cache-Control: no-cache, no-store
Connection: close
Content-Length: 693
X-Iinfo: 11-52394389-0 0NNN RT(1730958657096 2190) q(0 -1 -1 -1) r(0 -1)

<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=27&xinfo=11-52394389-0%200NNN%20RT%281730958657096%202190%29%20q%280%20-1%20-1%20-1%29%20r%280%20-1%29&incident_id=0-241784733056173067&edet=22&cinfo=ffffffff&rpinfo=0&mth=POST" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-241784733056173067</iframe></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:50:59.000Z",
   "alternativeip" : [
      "45.60.109.225",
      "45.60.73.225"
   ],
   "app" : {
      "http" : {
         "bodymd5" : "ef4e9d05bd428cdf87f624983a75dfa1",
         "bodymmh3" : -1849798763,
         "headermd5" : "62fd76b8c050732f384979e6bf83cab3",
         "headermmh3" : 701809117
      },
      "length" : 903
   },
   "asn" : "AS19551",
   "basicconstraints" : "critical",
   "ca" : "false",
   "country" : "US",
   "data" : "HTTP/1.1 503 Service Unavailable\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store\r\nConnection: close\r\nContent-Length: 693\r\nX-Iinfo: 11-52394389-0 0NNN RT(1730958657096 2190) q(0 -1 -1 -1) r(0 -1)\r\n\r\n<html style=\"height:100%\"><head><META NAME=\"ROBOTS\" CONTENT=\"NOINDEX, NOFOLLOW\"><meta name=\"format-detection\" content=\"telephone=no\"><meta name=\"viewport\" content=\"initial-scale=1.0\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"></head><body style=\"margin:0px;height:100%\"><iframe id=\"main-iframe\" src=\"/_Incapsula_Resource?CWUDNSAI=27&xinfo=11-52394389-0%200NNN%20RT%281730958657096%202190%29%20q%280%20-1%20-1%20-1%29%20r%280%20-1%29&incident_id=0-241784733056173067&edet=22&cinfo=ffffffff&rpinfo=0&mth=POST\" frameborder=0 width=\"100%\" height=\"100%\" marginheight=\"0px\" marginwidth=\"0px\">Request unsuccessful. Incapsula incident ID: 0-241784733056173067</iframe></body></html>",
   "datamd5" : "d1a0f70fa5ec7df993ecc7af5937860f",
   "datammh3" : 293817006,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "imperva.com",
      "incapdns.net"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "18fa8a91ae8f850e82566d34d2706f59",
      "sha1" : "7799d3726343248e3e10dca037bd541c934b6b71",
      "sha256" : "d151e4933e4a261cf12084d9b47afbf86e7b4f68792fb03fe94dabc7d326b63f"
   },
   "geolocus" : {
      "asn" : "AS19551",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "imperva.com",
         "incapdns.net",
         "incapsula.com",
         "thalesgroup.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "INCAPSULA-NETWORK",
      "organization" : "Incapsula Inc",
      "subnet" : "107.154.76.0/23"
   },
   "host" : [
      107
   ],
   "hostname" : [
      "107.154.76.55.ip.incapdns.net",
      "imperva.com"
   ],
   "ip" : "107.154.76.55",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign Atlas R3 DV TLS CA 2024 Q3",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "INCAPSULA",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5986,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Service Unavailable",
   "reverse" : [
      "107.154.76.55.ip.incapdns.net"
   ],
   "seen_date" : "2024-11-07",
   "serial" : "01:17:7a:f9:ab:f1:4e:d2:83:65:39:7e:1d:c7:b5:a8",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 503,
   "subdomains" : [
      "154.76.55.ip.incapdns.net",
      "55.ip.incapdns.net",
      "76.55.ip.incapdns.net",
      "ip.incapdns.net"
   ],
   "subject" : {
      "altname" : [
         "imperva.com"
      ],
      "commonname" : "imperva.com"
   },
   "subnet" : "107.154.72.0/21",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com",
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/wsman",
   "validity" : {
      "notafter" : "2025-03-09T11:45:41Z",
      "notbefore" : "2024-09-10T11:46:00Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
45.223.174.226

Alternative IP(s)
45.223.162.226 45.60.109.225 45.60.73.225

Network
45.223.160.0/20

Domain(s)
aaasubastas.com acueductospr.com imperva.com pr.gov

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

https://45.223.174.226:5986/wsman 503

ASN
AS19551

Organization
INCAPSULA

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel
Issuer Common Name
GlobalSign Atlas R3 DV TLS CA 2024 Q4

Issuer Organization
GlobalSign nv-sa

Subject Common Name
imperva.com

Subject Alt Name
*.acueductospr.com aaasubastas.com *.acueductos.pr.gov *.aaasubastas.com imperva.com

SHA256 Fingerprint
5ef18c7a46cabeed9a11fa619c039afc14d6701ffbfd3816a157b2acdf09d1ef

Validity Not Before
2024-11-04T14:45:52Z

Validity Not After
2025-05-03T14:45:52Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
82b60dd6f8ad3eae5dc03cad29d7d167

HTTP Header MD5
499c89bc250e0facf69d1cc7d6524f1a

HTTP Body MD5
2f4472363eb46cbdf862881f186c7dc8

HTTP/1.1 503 Service Unavailable
Content-Type: text/html
Cache-Control: no-cache, no-store
Connection: close
Content-Length: 693
X-Iinfo: 62-64750361-0 0NNN RT(1730958606444 1131) q(0 -1 -1 -1) r(0 -1)

<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=27&xinfo=62-64750361-0%200NNN%20RT%281730958606444%201131%29%20q%280%20-1%20-1%20-1%29%20r%280%20-1%29&incident_id=0-295534951704430142&edet=22&cinfo=ffffffff&rpinfo=0&mth=POST" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-295534951704430142</iframe></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:50:08.000Z",
   "alternativeip" : [
      "45.223.162.226",
      "45.60.109.225",
      "45.60.73.225"
   ],
   "app" : {
      "http" : {
         "bodymd5" : "2f4472363eb46cbdf862881f186c7dc8",
         "bodymmh3" : -1647833776,
         "headermd5" : "499c89bc250e0facf69d1cc7d6524f1a",
         "headermmh3" : 553539419
      },
      "length" : 903
   },
   "asn" : "AS19551",
   "basicconstraints" : "critical",
   "ca" : "false",
   "country" : "US",
   "data" : "HTTP/1.1 503 Service Unavailable\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store\r\nConnection: close\r\nContent-Length: 693\r\nX-Iinfo: 62-64750361-0 0NNN RT(1730958606444 1131) q(0 -1 -1 -1) r(0 -1)\r\n\r\n<html style=\"height:100%\"><head><META NAME=\"ROBOTS\" CONTENT=\"NOINDEX, NOFOLLOW\"><meta name=\"format-detection\" content=\"telephone=no\"><meta name=\"viewport\" content=\"initial-scale=1.0\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"></head><body style=\"margin:0px;height:100%\"><iframe id=\"main-iframe\" src=\"/_Incapsula_Resource?CWUDNSAI=27&xinfo=62-64750361-0%200NNN%20RT%281730958606444%201131%29%20q%280%20-1%20-1%20-1%29%20r%280%20-1%29&incident_id=0-295534951704430142&edet=22&cinfo=ffffffff&rpinfo=0&mth=POST\" frameborder=0 width=\"100%\" height=\"100%\" marginheight=\"0px\" marginwidth=\"0px\">Request unsuccessful. Incapsula incident ID: 0-295534951704430142</iframe></body></html>",
   "datamd5" : "82b60dd6f8ad3eae5dc03cad29d7d167",
   "datammh3" : -2091024980,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "aaasubastas.com",
      "acueductospr.com",
      "imperva.com",
      "pr.gov"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "a8b35f84dab44d2a7fbf0ba3313978ac",
      "sha1" : "efe48db8f8c4ed2ab324679f6f0ccca8c39c41f2",
      "sha256" : "5ef18c7a46cabeed9a11fa619c039afc14d6701ffbfd3816a157b2acdf09d1ef"
   },
   "geolocus" : {
      "asn" : "AS19551",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "imperva.com",
         "incapsula.com",
         "thalesgroup.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "INCAPSULA-NET",
      "organization" : "Incapsula Inc",
      "subnet" : "45.223.174.0/24"
   },
   "hostname" : [
      "aaasubastas.com",
      "imperva.com"
   ],
   "ip" : "45.223.174.226",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign Atlas R3 DV TLS CA 2024 Q4",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "INCAPSULA",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5986,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Service Unavailable",
   "seen_date" : "2024-11-07",
   "serial" : "01:62:9d:2e:04:77:1c:ea:56:34:76:07:17:85:b7:d2",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 503,
   "subdomains" : [
      "acueductos.pr.gov"
   ],
   "subject" : {
      "altname" : [
         "*.acueductospr.com",
         "aaasubastas.com",
         "*.acueductos.pr.gov",
         "*.aaasubastas.com",
         "imperva.com"
      ],
      "commonname" : "imperva.com"
   },
   "subnet" : "45.223.160.0/20",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com",
      "gov"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/wsman",
   "validity" : {
      "notafter" : "2025-05-03T14:45:52Z",
      "notbefore" : "2024-11-04T14:45:52Z"
   },
   "version" : "v3",
   "wildcard" : "true"
}

IP
135.225.28.253

Network
135.224.0.0/15

Domain(s)
azure.com

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

ASN
AS8075

Organization
MICROSOFT-CORP-MSN-AS-BLOCK

Protocol
winrm Cert not expired winrm

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
g-sw-c-21.swedencentral.cloudapp.azure.com

Subject Common Name
g-sw-c-21.swedencentral.cloudapp.azure.com

Subject Alt Name
g-sw-c-21.swedencentral.cloudapp.azure.com

SHA256 Fingerprint
3f34253c0463a70ce9e33a7f0f644cafe42be152e2bbabc4c954646860d897b7

Validity Not Before
2024-07-11T23:36:28Z

Validity Not After
2025-07-11T23:56:28Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
e899186f574741b96aebc4929f015b0b

HTTP Header MD5
eb8dfa5136702f42e29b01a5ef58d026

HTTP Body MD5
d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 401 
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate
Date: Thu, 07 Nov 2024 05:50:07 GMT
Connection: close
Content-Length: 0

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:50:08.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "eb8dfa5136702f42e29b01a5ef58d026",
         "headermmh3" : 1737610150
      },
      "length" : 152
   },
   "asn" : "AS8075",
   "ca" : "false",
   "country" : "SE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 \r\nServer: Microsoft-HTTPAPI/2.0\r\nWWW-Authenticate: Negotiate\r\nDate: Thu, 07 Nov 2024 05:50:07 GMT\r\nConnection: close\r\nContent-Length: 0\r\n\r\n",
   "datamd5" : "e899186f574741b96aebc4929f015b0b",
   "datammh3" : 1821300650,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "azure.com"
   ],
   "extkeyusage" : [
      "clientAuth",
      "serverAuth"
   ],
   "fingerprint" : {
      "md5" : "a1790960373523cd49f0dc71a2034c85",
      "sha1" : "394416db5a058451a21c63a0f0a4ccedd5588b45",
      "sha256" : "3f34253c0463a70ce9e33a7f0f644cafe42be152e2bbabc4c954646860d897b7"
   },
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "GB",
      "countryname" : "United Kingdom",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "55.378051",
      "location" : "55.378051,-3.435973",
      "longitude" : "-3.435973",
      "netname" : "UK-MICROSOFT-960430",
      "organization" : "Microsoft Limited",
      "subnet" : "135.224.0.0/14"
   },
   "host" : [
      "g-sw-c-21"
   ],
   "hostname" : [
      "g-sw-c-21.swedencentral.cloudapp.azure.com"
   ],
   "ip" : "135.225.28.253",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "g-sw-c-21.swedencentral.cloudapp.azure.com"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "59.3247",
   "location" : "59.3247,18.0560",
   "longitude" : "18.0560",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 5986,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "winrm",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "seen_date" : "2024-11-07",
   "serial" : "22:65:b0:57:e6:59:fe:ae:40:0b:58:3e:b8:b1:48:35",
   "signature" : {
      "algorithm" : "sha1WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 401,
   "subdomains" : [
      "cloudapp.azure.com",
      "swedencentral.cloudapp.azure.com"
   ],
   "subject" : {
      "altname" : [
         "g-sw-c-21.swedencentral.cloudapp.azure.com"
      ],
      "commonname" : "g-sw-c-21.swedencentral.cloudapp.azure.com"
   },
   "subnet" : "135.224.0.0/15",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-07-11T23:56:28Z",
      "notbefore" : "2024-07-11T23:36:28Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
103.179.188.189

Network
103.179.188.0/23

Domain(s)
cloudfly.vn

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

Reverse DNS
103.179.188.189.cloudfly.vn

ASN
AS135905

Organization
VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Protocol
winrm Cert not expired winrm

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
Cloudbase-Init WinRM

Subject Common Name
Cloudbase-Init WinRM

SHA256 Fingerprint
23e7d9afc28f5b09c4655f97742aaae54d0144e912d26342100465b01f8d62f4

Validity Not Before
2024-11-04T03:20:43Z

Validity Not After
2034-11-03T03:20:43Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
71245e327d5ad66e82c432786b173f71

HTTP Header MD5
3a383fe2669d8e9c9234fe672975029c

HTTP Body MD5
d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 401 
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="WSMAN"
Date: Thu, 07 Nov 2024 05:50:07 GMT
Connection: close
Content-Length: 0

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:50:08.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "3a383fe2669d8e9c9234fe672975029c",
         "headermmh3" : -1370665419,
         "realm" : "WSMAN"
      },
      "length" : 191
   },
   "asn" : "AS135905",
   "city" : "Hanoi",
   "country" : "VN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 \r\nServer: Microsoft-HTTPAPI/2.0\r\nWWW-Authenticate: Negotiate\r\nWWW-Authenticate: Basic realm=\"WSMAN\"\r\nDate: Thu, 07 Nov 2024 05:50:07 GMT\r\nConnection: close\r\nContent-Length: 0\r\n\r\n",
   "datamd5" : "71245e327d5ad66e82c432786b173f71",
   "datammh3" : 278103319,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cloudfly.vn"
   ],
   "fingerprint" : {
      "md5" : "e99fe321ebd8e48c99364bdcc46059a8",
      "sha1" : "8e40e98b436577203bb2c8a9dd78c5f125c7cee6",
      "sha256" : "23e7d9afc28f5b09c4655f97742aaae54d0144e912d26342100465b01f8d62f4"
   },
   "geolocus" : {
      "asn" : "AS135905",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "VN",
      "countryname" : "Vietnam",
      "domain" : [
         "cloudfly.vn",
         "inet.name.vn",
         "vnnic.vn"
      ],
      "isineu" : "false",
      "latitude" : "14.058324",
      "location" : "14.058324,108.277199",
      "longitude" : "108.277199",
      "netname" : "INETSOLUTION-VN",
      "organization" : "INETSOLUTION-VN",
      "subnet" : "103.179.188.0/23"
   },
   "host" : [
      103
   ],
   "hostname" : [
      "103.179.188.189.cloudfly.vn"
   ],
   "ip" : "103.179.188.189",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Cloudbase-Init WinRM"
   },
   "latitude" : "21.0292",
   "location" : "21.0292,105.8526",
   "longitude" : "105.8526",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "VIETNAM POSTS AND TELECOMMUNICATIONS GROUP",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 5986,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "winrm",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reverse" : [
      "103.179.188.189.cloudfly.vn"
   ],
   "seen_date" : "2024-11-07",
   "serial" : "47:8b:62:84:bc:23:c1:ac:4b:05:f0:29:6c:04:48:64",
   "signature" : {
      "algorithm" : "sha1WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 401,
   "subdomains" : [
      "189.cloudfly.vn",
      "179.188.189.cloudfly.vn",
      "188.189.cloudfly.vn"
   ],
   "subject" : {
      "commonname" : "Cloudbase-Init WinRM"
   },
   "subnet" : "103.179.188.0/23",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "vn"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2034-11-03T03:20:43Z",
      "notbefore" : "2024-11-04T03:20:43Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
194.165.59.164

Network
194.165.59.0/24

Domain(s)
stark-industries.solutions

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

Reverse DNS
vm1195123.stark-industries.solutions

ASN
AS44477

Organization
Stark Industries Solutions Ltd

Protocol
winrm Cert not expired winrm

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
WIN-344VU98D3RU

Subject Common Name
WIN-344VU98D3RU

Subject Alt Name
WIN-344VU98D3RU WIN-344VU98D3RU

SHA256 Fingerprint
f6df35e54a76067aa671a342a22fed86390ed41f665dddee753f0c3fd3e27275

Validity Not Before
2023-04-10T07:28:20Z

Validity Not After
2026-04-09T07:28:20Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
71245e327d5ad66e82c432786b173f71

HTTP Header MD5
3a383fe2669d8e9c9234fe672975029c

HTTP Body MD5
d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 401 
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="WSMAN"
Date: Thu, 07 Nov 2024 12:47:04 GMT
Connection: close
Content-Length: 0

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:47:05.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "3a383fe2669d8e9c9234fe672975029c",
         "headermmh3" : 8527377,
         "realm" : "WSMAN"
      },
      "length" : 191
   },
   "asn" : "AS44477",
   "ca" : "false",
   "city" : "Rome",
   "country" : "IT",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 \r\nServer: Microsoft-HTTPAPI/2.0\r\nWWW-Authenticate: Negotiate\r\nWWW-Authenticate: Basic realm=\"WSMAN\"\r\nDate: Thu, 07 Nov 2024 12:47:04 GMT\r\nConnection: close\r\nContent-Length: 0\r\n\r\n",
   "datamd5" : "71245e327d5ad66e82c432786b173f71",
   "datammh3" : 278103319,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "stark-industries.solutions"
   ],
   "extkeyusage" : [
      "serverAuth"
   ],
   "fingerprint" : {
      "md5" : "2a6ad15bdfe3da7c35ec6543f9067056",
      "sha1" : "56bb164d92d88029a5a54a3ff89cbe24b8c59fd2",
      "sha256" : "f6df35e54a76067aa671a342a22fed86390ed41f665dddee753f0c3fd3e27275"
   },
   "host" : [
      "vm1195123"
   ],
   "hostname" : [
      "vm1195123.stark-industries.solutions"
   ],
   "ip" : "194.165.59.164",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "WIN-344VU98D3RU"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "41.8904",
   "location" : "41.8904,12.5126",
   "longitude" : "12.5126",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Stark Industries Solutions Ltd",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 5986,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "winrm",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 4096
   },
   "reverse" : [
      "vm1195123.stark-industries.solutions"
   ],
   "seen_date" : "2024-11-07",
   "serial" : "28:6d:f0:a6:fe:02:2d:90:47:16:9d:7d:2c:0b:c3:01",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 401,
   "subject" : {
      "altname" : [
         "WIN-344VU98D3RU",
         "WIN-344VU98D3RU"
      ],
      "commonname" : "WIN-344VU98D3RU"
   },
   "subnet" : "194.165.59.0/24",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "solutions"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2026-04-09T07:28:20Z",
      "notbefore" : "2023-04-10T07:28:20Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
45.60.99.198

Alternative IP(s)
45.60.109.225 45.60.73.225

Network
45.60.64.0/18

Domain(s)
imperva.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

https://45.60.99.198:5986/wsman 503

ASN
AS19551

Organization
INCAPSULA

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel
Issuer Common Name
GlobalSign Atlas R3 DV TLS CA 2024 Q3

Issuer Organization
GlobalSign nv-sa

Subject Common Name
imperva.com

Subject Alt Name
imperva.com

SHA256 Fingerprint
162ee56b8b14985b153dd93de5920bb61226e53a866b1345327dca129ee0eefb

Validity Not Before
2024-09-10T10:40:32Z

Validity Not After
2025-03-09T10:40:32Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
49684066acde61fc22faf5e5c03735de

HTTP Header MD5
e35df7c03aa9754d3e751142335b9498

HTTP Body MD5
7c09c77e8cdba101677fc638308dbe7b

HTTP/1.1 503 Service Unavailable
Content-Type: text/html
Cache-Control: no-cache, no-store
Connection: close
Content-Length: 692
X-Iinfo: 14-93136990-0 0NNN RT(1730958423615 880) q(0 -1 -1 -1) r(0 -1)

<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=27&xinfo=14-93136990-0%200NNN%20RT%281730958423615%20880%29%20q%280%20-1%20-1%20-1%29%20r%280%20-1%29&incident_id=0-458752586611885262&edet=22&cinfo=ffffffff&rpinfo=0&mth=POST" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-458752586611885262</iframe></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:47:04.000Z",
   "alternativeip" : [
      "45.60.109.225",
      "45.60.73.225"
   ],
   "app" : {
      "http" : {
         "bodymd5" : "7c09c77e8cdba101677fc638308dbe7b",
         "bodymmh3" : 1399705389,
         "headermd5" : "e35df7c03aa9754d3e751142335b9498",
         "headermmh3" : 86198818
      },
      "length" : 901
   },
   "asn" : "AS19551",
   "basicconstraints" : "critical",
   "ca" : "false",
   "country" : "US",
   "data" : "HTTP/1.1 503 Service Unavailable\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store\r\nConnection: close\r\nContent-Length: 692\r\nX-Iinfo: 14-93136990-0 0NNN RT(1730958423615 880) q(0 -1 -1 -1) r(0 -1)\r\n\r\n<html style=\"height:100%\"><head><META NAME=\"ROBOTS\" CONTENT=\"NOINDEX, NOFOLLOW\"><meta name=\"format-detection\" content=\"telephone=no\"><meta name=\"viewport\" content=\"initial-scale=1.0\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"></head><body style=\"margin:0px;height:100%\"><iframe id=\"main-iframe\" src=\"/_Incapsula_Resource?CWUDNSAI=27&xinfo=14-93136990-0%200NNN%20RT%281730958423615%20880%29%20q%280%20-1%20-1%20-1%29%20r%280%20-1%29&incident_id=0-458752586611885262&edet=22&cinfo=ffffffff&rpinfo=0&mth=POST\" frameborder=0 width=\"100%\" height=\"100%\" marginheight=\"0px\" marginwidth=\"0px\">Request unsuccessful. Incapsula incident ID: 0-458752586611885262</iframe></body></html>",
   "datamd5" : "49684066acde61fc22faf5e5c03735de",
   "datammh3" : -1056294119,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "imperva.com"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "eb2d559cc63d0a60202adb0c87ab4350",
      "sha1" : "a3fa3b7fed9e299d8ac6e1c0425ff1dedad73f97",
      "sha256" : "162ee56b8b14985b153dd93de5920bb61226e53a866b1345327dca129ee0eefb"
   },
   "geolocus" : {
      "asn" : "AS19551",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "imperva.com",
         "incapsula.com",
         "thalesgroup.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "INCAPSULA-NET",
      "organization" : "Incapsula Inc",
      "subnet" : "45.60.99.0/24"
   },
   "hostname" : [
      "imperva.com"
   ],
   "ip" : "45.60.99.198",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign Atlas R3 DV TLS CA 2024 Q3",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "INCAPSULA",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5986,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Service Unavailable",
   "seen_date" : "2024-11-07",
   "serial" : "01:03:b2:ab:20:b2:45:1b:db:e7:c1:42:86:6b:bc:c1",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 503,
   "subject" : {
      "altname" : [
         "imperva.com"
      ],
      "commonname" : "imperva.com"
   },
   "subnet" : "45.60.64.0/18",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/wsman",
   "validity" : {
      "notafter" : "2025-03-09T10:40:32Z",
      "notbefore" : "2024-09-10T10:40:32Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
103.75.198.252

Network
103.75.196.0/22

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

ASN
AS212552

Organization
BitCommand LLC

Protocol
winrm Cert not expired winrm

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
Cloudbase-Init WinRM

Subject Common Name
Cloudbase-Init WinRM

SHA256 Fingerprint
34943d2390acfa0695580b09a1152ae6b3f886d606ceb5047bd809a542cf9759

Validity Not Before
2024-10-09T07:51:52Z

Validity Not After
2034-10-08T07:51:52Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
71245e327d5ad66e82c432786b173f71

HTTP Header MD5
3a383fe2669d8e9c9234fe672975029c

HTTP Body MD5
d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 401 
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="WSMAN"
Date: Thu, 07 Nov 2024 05:47:04 GMT
Connection: close
Content-Length: 0

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:47:04.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "3a383fe2669d8e9c9234fe672975029c",
         "headermmh3" : -1447811292,
         "realm" : "WSMAN"
      },
      "length" : 191
   },
   "asn" : "AS212552",
   "city" : "Frankfurt am Main",
   "country" : "DE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 \r\nServer: Microsoft-HTTPAPI/2.0\r\nWWW-Authenticate: Negotiate\r\nWWW-Authenticate: Basic realm=\"WSMAN\"\r\nDate: Thu, 07 Nov 2024 05:47:04 GMT\r\nConnection: close\r\nContent-Length: 0\r\n\r\n",
   "datamd5" : "71245e327d5ad66e82c432786b173f71",
   "datammh3" : 278103319,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "fingerprint" : {
      "md5" : "d3337b10b8df149f2410d0dbba514545",
      "sha1" : "caa12d98ef2e3db91be72d9aa73a52854a861b49",
      "sha256" : "34943d2390acfa0695580b09a1152ae6b3f886d606ceb5047bd809a542cf9759"
   },
   "geolocus" : {
      "asn" : "AS212552",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "DE",
      "countryname" : "Germany",
      "domain" : [
         "bitcommand.com"
      ],
      "isineu" : "true",
      "latitude" : "51.165691",
      "location" : "51.165691,10.451526",
      "longitude" : "10.451526",
      "netname" : "BitCommand",
      "organization" : "Parsun Network Solutions PTY LTD",
      "subnet" : "103.75.196.0/22"
   },
   "ip" : "103.75.198.252",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Cloudbase-Init WinRM"
   },
   "latitude" : "50.1187",
   "location" : "50.1187,8.6842",
   "longitude" : "8.6842",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "BitCommand LLC",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 5986,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "winrm",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "seen_date" : "2024-11-07",
   "serial" : "61:22:27:94:5e:2c:d4:aa:48:f2:fd:9b:4f:9b:60:fb",
   "signature" : {
      "algorithm" : "sha1WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 401,
   "subject" : {
      "commonname" : "Cloudbase-Init WinRM"
   },
   "subnet" : "103.75.196.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2034-10-08T07:51:52Z",
      "notbefore" : "2024-10-09T07:51:52Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
199.83.134.6

Alternative IP(s)
45.60.109.225 45.60.73.225

Network
199.83.128.0/21

Domain(s)
imperva.com incapdns.net

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

https://199.83.134.6:5986/wsman 503

Reverse DNS
199.83.134.6.ip.incapdns.net

ASN
AS19551

Organization
INCAPSULA

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel
Issuer Common Name
GlobalSign Atlas R3 DV TLS CA 2024 Q3

Issuer Organization
GlobalSign nv-sa

Subject Common Name
imperva.com

Subject Alt Name
imperva.com

SHA256 Fingerprint
39ab4e6c95e99d1be4a02be453d26adceaa40e01109377bb1b6aece73ec589ec

Validity Not Before
2024-09-08T14:40:32Z

Validity Not After
2025-03-07T14:40:32Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
f010252984d4c445dbc099f7cd6e03a0

HTTP Header MD5
8da876f7562715af329e54a0d39253d5

HTTP Body MD5
98b41322095d51aab23e5a6e4ce91f39

HTTP/1.1 503 Service Unavailable
Content-Type: text/html
Cache-Control: no-cache, no-store
Connection: close
Content-Length: 693
X-Iinfo: 7-109833993-0 0NNN RT(1730958331617 1927) q(0 -1 -1 -1) r(0 -1)

<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=27&xinfo=7-109833993-0%200NNN%20RT%281730958331617%201927%29%20q%280%20-1%20-1%20-1%29%20r%280%20-1%29&incident_id=0-738978853098489223&edet=22&cinfo=ffffffff&rpinfo=0&mth=POST" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-738978853098489223</iframe></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:45:34.000Z",
   "alternativeip" : [
      "45.60.109.225",
      "45.60.73.225"
   ],
   "app" : {
      "http" : {
         "bodymd5" : "98b41322095d51aab23e5a6e4ce91f39",
         "bodymmh3" : 1989751718,
         "headermd5" : "8da876f7562715af329e54a0d39253d5",
         "headermmh3" : 810090700
      },
      "length" : 903
   },
   "asn" : "AS19551",
   "basicconstraints" : "critical",
   "ca" : "false",
   "city" : "Chicago",
   "country" : "US",
   "data" : "HTTP/1.1 503 Service Unavailable\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store\r\nConnection: close\r\nContent-Length: 693\r\nX-Iinfo: 7-109833993-0 0NNN RT(1730958331617 1927) q(0 -1 -1 -1) r(0 -1)\r\n\r\n<html style=\"height:100%\"><head><META NAME=\"ROBOTS\" CONTENT=\"NOINDEX, NOFOLLOW\"><meta name=\"format-detection\" content=\"telephone=no\"><meta name=\"viewport\" content=\"initial-scale=1.0\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"></head><body style=\"margin:0px;height:100%\"><iframe id=\"main-iframe\" src=\"/_Incapsula_Resource?CWUDNSAI=27&xinfo=7-109833993-0%200NNN%20RT%281730958331617%201927%29%20q%280%20-1%20-1%20-1%29%20r%280%20-1%29&incident_id=0-738978853098489223&edet=22&cinfo=ffffffff&rpinfo=0&mth=POST\" frameborder=0 width=\"100%\" height=\"100%\" marginheight=\"0px\" marginwidth=\"0px\">Request unsuccessful. Incapsula incident ID: 0-738978853098489223</iframe></body></html>",
   "datamd5" : "f010252984d4c445dbc099f7cd6e03a0",
   "datammh3" : -925772021,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "imperva.com",
      "incapdns.net"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "8a52838b9c4089c5c30064659988bfd5",
      "sha1" : "412c6251cdd5c1ff1ed56e5f7624e34290b8b0ba",
      "sha256" : "39ab4e6c95e99d1be4a02be453d26adceaa40e01109377bb1b6aece73ec589ec"
   },
   "geolocus" : {
      "asn" : "AS19551",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "imperva.com",
         "incapdns.net",
         "incapsula.com",
         "thalesgroup.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "INCAPSULA",
      "organization" : "Incapsula Inc",
      "subnet" : "199.83.132.0/22"
   },
   "host" : [
      199
   ],
   "hostname" : [
      "199.83.134.6.ip.incapdns.net",
      "imperva.com"
   ],
   "ip" : "199.83.134.6",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign Atlas R3 DV TLS CA 2024 Q3",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "41.8874",
   "location" : "41.8874,-87.6318",
   "longitude" : "-87.6318",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "INCAPSULA",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5986,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Service Unavailable",
   "reverse" : [
      "199.83.134.6.ip.incapdns.net"
   ],
   "seen_date" : "2024-11-07",
   "serial" : "01:a2:0a:f1:c2:69:82:0e:cd:26:b9:30:7b:40:31:8c",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 503,
   "subdomains" : [
      "134.6.ip.incapdns.net",
      "6.ip.incapdns.net",
      "83.134.6.ip.incapdns.net",
      "ip.incapdns.net"
   ],
   "subject" : {
      "altname" : [
         "imperva.com"
      ],
      "commonname" : "imperva.com"
   },
   "subnet" : "199.83.128.0/21",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com",
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/wsman",
   "validity" : {
      "notafter" : "2025-03-07T14:40:32Z",
      "notbefore" : "2024-09-08T14:40:32Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
185.235.128.96

Network
185.235.128.0/24

Domain(s)
vps.ac

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

Reverse DNS
185-235-128-96.netherlands-2.vps.ac

ASN
AS211381

Organization
Podaon SIA

Protocol
winrm Cert not expired winrm

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
Cloudbase-Init WinRM

Subject Common Name
Cloudbase-Init WinRM

SHA256 Fingerprint
fef82771f6e8dc352b1653cae8f1b41448a926c7cd12e6c05d04d460d2b4470a

Validity Not Before
2024-09-20T04:37:30Z

Validity Not After
2034-09-19T04:37:30Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
71245e327d5ad66e82c432786b173f71

HTTP Header MD5
3a383fe2669d8e9c9234fe672975029c

HTTP Body MD5
d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 401 
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="WSMAN"
Date: Thu, 07 Nov 2024 05:45:29 GMT
Connection: close
Content-Length: 0

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:45:29.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "3a383fe2669d8e9c9234fe672975029c",
         "headermmh3" : -230920794,
         "realm" : "WSMAN"
      },
      "length" : 191
   },
   "asn" : "AS211381",
   "city" : "Oude Meer",
   "country" : "NL",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 \r\nServer: Microsoft-HTTPAPI/2.0\r\nWWW-Authenticate: Negotiate\r\nWWW-Authenticate: Basic realm=\"WSMAN\"\r\nDate: Thu, 07 Nov 2024 05:45:29 GMT\r\nConnection: close\r\nContent-Length: 0\r\n\r\n",
   "datamd5" : "71245e327d5ad66e82c432786b173f71",
   "datammh3" : 278103319,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "vps.ac"
   ],
   "fingerprint" : {
      "md5" : "dd17724de5ff9867f71d32fba26a38f5",
      "sha1" : "b545f73f4b64f142e2f49db39b7520e298f307eb",
      "sha256" : "fef82771f6e8dc352b1653cae8f1b41448a926c7cd12e6c05d04d460d2b4470a"
   },
   "host" : [
      "185-235-128-96"
   ],
   "hostname" : [
      "185-235-128-96.netherlands-2.vps.ac"
   ],
   "ip" : "185.235.128.96",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Cloudbase-Init WinRM"
   },
   "latitude" : "52.2862",
   "location" : "52.2862,4.7845",
   "longitude" : "4.7845",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Podaon SIA",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 5986,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "winrm",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reverse" : [
      "185-235-128-96.netherlands-2.vps.ac"
   ],
   "seen_date" : "2024-11-07",
   "serial" : "43:eb:2d:de:f4:59:03:a3:41:ba:66:51:d2:b5:41:29",
   "signature" : {
      "algorithm" : "sha1WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 401,
   "subdomains" : [
      "netherlands-2.vps.ac"
   ],
   "subject" : {
      "commonname" : "Cloudbase-Init WinRM"
   },
   "subnet" : "185.235.128.0/24",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "ac"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2034-09-19T04:37:30Z",
      "notbefore" : "2024-09-20T04:37:30Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

Returning 10 result(s) out of 291,742 in 0.161 second(s)

121.229.40.188:5986 (tcp/winrm/tls) - last seen on 2024-11-07 at 05:51:00 UTC

107.154.76.55:5986 (tcp/http/tls) - last seen on 2024-11-07 at 05:50:59 UTC

45.223.174.226:5986 (tcp/http/tls) - last seen on 2024-11-07 at 05:50:08 UTC

135.225.28.253:5986 (tcp/winrm/tls) - last seen on 2024-11-07 at 05:50:08 UTC

103.179.188.189:5986 (tcp/winrm/tls) - last seen on 2024-11-07 at 05:50:08 UTC

194.165.59.164:5986 (tcp/winrm/tls) - last seen on 2024-11-07 at 05:47:05 UTC

45.60.99.198:5986 (tcp/http/tls) - last seen on 2024-11-07 at 05:47:04 UTC

103.75.198.252:5986 (tcp/winrm/tls) - last seen on 2024-11-07 at 05:47:04 UTC

199.83.134.6:5986 (tcp/http/tls) - last seen on 2024-11-07 at 05:45:34 UTC

185.235.128.96:5986 (tcp/winrm/tls) - last seen on 2024-11-07 at 05:45:29 UTC