{"ip": "67.195.231.19", "scan_reason": "auto", "tags": ["Oath Holdings Inc", "as36647"], "scan_id": "2m5xldgpfpaoa7o8", "agent_version": "0.6.7", "agent": "1edf2088163d1635", "scan_start": "2019-11-22T21:53:41.608300+00:00", "nmap_data": "# Nmap 7.60 scan initiated Fri Nov 22 21:53:42 2019 as: nmap --privileged -oA data/natlas.2m5xldgpfpaoa7o8/nmap.2m5xldgpfpaoa7o8 --servicedb ./natlas-services -sV -O --script=default,ssh-auth-methods,ssl-enum-ciphers --open --script-timeout=60 --host-timeout=600 --osscan-limit 67.195.231.19\nNmap scan report for api-prod-amt.amt.vip.gq1.yahoo.com (67.195.231.19)\nHost is up (0.070s latency).\nNot shown: 1838 filtered ports\nSome closed ports may be reported as filtered due to --defeat-rst-ratelimit\nPORT STATE SERVICE VERSION\n443/tcp open ssl/https amt\n| fingerprint-strings: \n| FourOhFourRequest: \n| HTTP/1.1 404 Not Found\n| Connection: close\n| Server: amt\n| Content-Length: 0\n| Date: Fri, 22 Nov 2019 21:55:25 GMT\n| GenericLines, Help, Kerberos, LDAPSearchReq, LPDString, RTSPRequest, SIPOptions, SMBProgNeg, SSLSessionReq, TLSSessionReq, WMSRequest, oracle-tns: \n| HTTP/1.1 400 Bad Request\n| Content-Length: 0\n| Connection: close\n| GetRequest: \n| HTTP/1.1 404 Not Found\n| Connection: close\n| Server: amt\n| Content-Length: 0\n| Date: Fri, 22 Nov 2019 21:55:24 GMT\n| HTTPOptions: \n| HTTP/1.1 500 Internal Server Error\n| Connection: close\n| Content-Type: text/html;charset=UTF-8\n| Content-Length: 80\n| Date: Fri, 22 Nov 2019 21:55:25 GMT\n|_ ErrorInternal Server Error\n|_http-server-header: amt\n|_http-title: Site doesn't have a title.\n| ssl-cert: Subject: commonName=api.amt.oath.com/organizationName=Oath Inc/stateOrProvinceName=California/countryName=US\n| Subject Alternative Name: DNS:api.amt.oath.com\n| Not valid before: 2019-07-19T00:00:00\n|_Not valid after: 2020-01-15T12:00:00\n|_ssl-date: 2019-11-22T21:56:36+00:00; 0s from scanner time.\n| ssl-enum-ciphers: \n| TLSv1.2: \n| ciphers: \n| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256k1) - A\n| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256k1) - A\n| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256k1) - A\n| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256k1) - A\n| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256k1) - A\n| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256k1) - A\n| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A\n| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A\n| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A\n| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A\n| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A\n| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A\n| compressors: \n| NULL\n| cipher preference: server\n|_ least strength: A\n1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :\nSF-Port443-TCP:V=7.60%T=SSL%I=7%D=11/22%Time=5DD8594C%P=x86_64-pc-linux-gn\nSF:u%r(GetRequest,72,\"HTTP/1\\.1\\x20404\\x20Not\\x20Found\\r\\nConnection:\\x20c\nSF:lose\\r\\nServer:\\x20amt\\r\\nContent-Length:\\x200\\r\\nDate:\\x20Fri,\\x2022\\x\nSF:20Nov\\x202019\\x2021:55:24\\x20GMT\\r\\n\\r\\n\")%r(HTTPOptions,E9,\"HTTP/1\\.1\\\nSF:x20500\\x20Internal\\x20Server\\x20Error\\r\\nConnection:\\x20close\\r\\nConten\nSF:t-Type:\\x20text/html;charset=UTF-8\\r\\nContent-Length:\\x2080\\r\\nDate:\\x2\nSF:0Fri,\\x2022\\x20Nov\\x202019\\x2021:55:25\\x20GMT\\r\\n\\r\\nErrorInternal\\x20Server\\x20Error\")%\nSF:r(FourOhFourRequest,72,\"HTTP/1\\.1\\x20404\\x20Not\\x20Found\\r\\nConnection:\nSF:\\x20close\\r\\nServer:\\x20amt\\r\\nContent-Length:\\x200\\r\\nDate:\\x20Fri,\\x2\nSF:022\\x20Nov\\x202019\\x2021:55:25\\x20GMT\\r\\n\\r\\n\")%r(GenericLines,42,\"HTTP\nSF:/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x\nSF:20close\\r\\n\\r\\n\")%r(RTSPRequest,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\\nSF:r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(Help,42,\"HT\nSF:TP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\nSF:\\x20close\\r\\n\\r\\n\")%r(SSLSessionReq,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Requ\nSF:est\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(TLSSess\nSF:ionReq,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\nSF:\\nConnection:\\x20close\\r\\n\\r\\n\")%r(Kerberos,42,\"HTTP/1\\.1\\x20400\\x20Bad\nSF:\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r\nSF:(SMBProgNeg,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x\nSF:200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(LPDString,42,\"HTTP/1\\.1\\x20400\\\nSF:x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\nSF:\\n\")%r(LDAPSearchReq,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-\nSF:Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(SIPOptions,42,\"HTTP/1\\\nSF:.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20c\nSF:lose\\r\\n\\r\\n\")%r(WMSRequest,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nC\nSF:ontent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(oracle-tns,42,\"\nSF:HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnectio\nSF:n:\\x20close\\r\\n\\r\\n\");\n\nRead from .: natlas-services.\nRead from /usr/bin/../share/nmap: nmap-os-db nmap-payloads nmap-service-probes.\nOS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n# Nmap done at Fri Nov 22 21:56:44 2019 -- 1 IP address (1 host up) scanned in 183.33 seconds\n", "gnmap_data": "# Nmap 7.60 scan initiated Fri Nov 22 21:53:42 2019 as: nmap --privileged -oA data/natlas.2m5xldgpfpaoa7o8/nmap.2m5xldgpfpaoa7o8 --servicedb ./natlas-services -sV -O --script=default,ssh-auth-methods,ssl-enum-ciphers --open --script-timeout=60 --host-timeout=600 --osscan-limit 67.195.231.19\nHost: 67.195.231.19 (api-prod-amt.amt.vip.gq1.yahoo.com)\tStatus: Up\nHost: 67.195.231.19 (api-prod-amt.amt.vip.gq1.yahoo.com)\tPorts: 443/open/tcp//ssl|https//amt/\tIgnored State: filtered (1838)\n# Nmap done at Fri Nov 22 21:56:44 2019 -- 1 IP address (1 host up) scanned in 183.33 seconds\n", "xml_data": "\n\n\n\n\n\n\n\n\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n", "is_up": true, "port_count": 1, "screenshots": [{"host": "67.195.231.19", "port": 443, "service": "HTTPS", "hash": "2a0d0c9b34ab637c87b355d29cb091aec3d36cd7e47d042fbd146edcc567349b", "thumb_hash": "f0294ea4eff59f578a103d7934dc96d5cdb66e493c61322d6583446d2c7a3d1e"}], "scan_stop": "2019-11-22T21:56:46.964688+00:00", "elapsed": 185, "hostname": "api-prod-amt.amt.vip.gq1.yahoo.com", "ctime": "2019-11-22T21:56:47.370918+00:00", "ports": [{"id": "tcp.443", "port": "443", "protocol": "tcp", "banner": "product: amt", "service": {"name": "https", "product": "amt", "servicefp": "SF-Port443-TCP:V=7.60%T=SSL%I=7%D=11/22%Time=5DD8594C%P=x86_64-pc-linux-gnu%r(GetRequest,72,\"HTTP/1\\.1\\x20404\\x20Not\\x20Found\\r\\nConnection:\\x20close\\r\\nServer:\\x20amt\\r\\nContent-Length:\\x200\\r\\nDate:\\x20Fri,\\x2022\\x20Nov\\x202019\\x2021:55:24\\x20GMT\\r\\n\\r\\n\")%r(HTTPOptions,E9,\"HTTP/1\\.1\\x20500\\x20Internal\\x20Server\\x20Error\\r\\nConnection:\\x20close\\r\\nContent-Type:\\x20text/html;charset=UTF-8\\r\\nContent-Length:\\x2080\\r\\nDate:\\x20Fri,\\x2022\\x20Nov\\x202019\\x2021:55:25\\x20GMT\\r\\n\\r\\nErrorInternal\\x20Server\\x20Error\")%r(FourOhFourRequest,72,\"HTTP/1\\.1\\x20404\\x20Not\\x20Found\\r\\nConnection:\\x20close\\r\\nServer:\\x20amt\\r\\nContent-Length:\\x200\\r\\nDate:\\x20Fri,\\x2022\\x20Nov\\x202019\\x2021:55:25\\x20GMT\\r\\n\\r\\n\")%r(GenericLines,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(RTSPRequest,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(Help,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(SSLSessionReq,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(TLSSessionReq,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(Kerberos,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(SMBProgNeg,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(LPDString,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(LDAPSearchReq,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(SIPOptions,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(WMSRequest,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\")%r(oracle-tns,42,\"HTTP/1\\.1\\x20400\\x20Bad\\x20Request\\r\\nContent-Length:\\x200\\r\\nConnection:\\x20close\\r\\n\\r\\n\");", "tunnel": "ssl", "method": "probed", "conf": "10", "cpelist": []}, "state": "open", "reason": "syn-ack", "scripts": [{"id": "fingerprint-strings", "output": "\n FourOhFourRequest: \n HTTP/1.1 404 Not Found\n Connection: close\n Server: amt\n Content-Length: 0\n Date: Fri, 22 Nov 2019 21:55:25 GMT\n GenericLines, Help, Kerberos, LDAPSearchReq, LPDString, RTSPRequest, SIPOptions, SMBProgNeg, SSLSessionReq, TLSSessionReq, WMSRequest, oracle-tns: \n HTTP/1.1 400 Bad Request\n Content-Length: 0\n Connection: close\n GetRequest: \n HTTP/1.1 404 Not Found\n Connection: close\n Server: amt\n Content-Length: 0\n Date: Fri, 22 Nov 2019 21:55:24 GMT\n HTTPOptions: \n HTTP/1.1 500 Internal Server Error\n Connection: close\n Content-Type: text/html;charset=UTF-8\n Content-Length: 80\n Date: Fri, 22 Nov 2019 21:55:25 GMT\n ErrorInternal Server Error"}, {"id": "http-server-header", "output": "amt"}, {"id": "http-title", "output": "Site doesn't have a title."}, {"id": "ssl-cert", "output": "Subject: commonName=api.amt.oath.com/organizationName=Oath Inc/stateOrProvinceName=California/countryName=US\nSubject Alternative Name: DNS:api.amt.oath.com\nNot valid before: 2019-07-19T00:00:00\nNot valid after: 2020-01-15T12:00:00"}, {"id": "ssl-date", "output": "2019-11-22T21:56:36+00:00; 0s from scanner time."}, {"id": "ssl-enum-ciphers", "output": "\n TLSv1.2: \n ciphers: \n TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256k1) - A\n TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256k1) - A\n TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256k1) - A\n TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256k1) - A\n TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256k1) - A\n TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256k1) - A\n TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A\n TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A\n TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A\n TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A\n TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A\n TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A\n compressors: \n NULL\n cipher preference: server\n least strength: A"}], "ssl": {"subject": {"commonName": "api.amt.oath.com", "altNames": ["api.amt.oath.com"]}, "issuer": {"organizationName": "DigiCert Inc", "commonName": "DigiCert SHA2 High Assurance Server CA", "countryName": "US", "organizationalUnitName": "www.digicert.com"}, "pubkey": {"type": "rsa", "bits": 2048}, "sig_alg": "sha256WithRSAEncryption", "notAfter": "2020-01-15T12:00:00", "notBefore": "2019-07-19T00:00:00", "md5": "1f7f9a6580458027ae74c1fe22230932", "sha1": "fba64ceba2bc8484b3c886bd0cac9f088a007a08", "pem": "-----BEGIN CERTIFICATE-----\nMIIGTzCCBTegAwIBAgIQC4rCt4eKkl9lli4JzI9EwTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0xOTA3MTkwMDAwMDBaFw0yMDAxMTUxMjAwMDBa\nMGQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlT\ndW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMRkwFwYDVQQDExBhcGkuYW10Lm9h\ndGguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY1to9K9LuKt\nApGURvSs6+nnO2NVocTvAKtHEIgcYqDtqB+reo4Rpr6O73kIC7KElcIsFPAyY2nl\ntqkAFC5N3HzD8OsszF6gVK0fGgFqt9ECNm83KuHnuq2Wbl9d/WJmpWZ167rYP1wX\ntWBT9GCBjbrpwuLBvyP/TfM0nmxjo3M359W3UebPp4Zk6lWUJr3sszBajBpYEhu7\nNpBqNNebyOfR6LtQE8EGsi4aGT2oa4SRkmZclQ3CZ1jmm/7lMdah1y/q5sK+RaVu\n/tZT9bjGxHUxh7A4HMT4ct5z3hiG/b+Ze02Rs9dN0b49g2XmrtCIOxrV94CtSlIg\n2vtMK2IiXwIDAQABo4IC7zCCAuswHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKi\nErhZcjswHQYDVR0OBBYEFE0Eu6iEfmGtYQV55xoL79kZSFAIMBsGA1UdEQQUMBKC\nEGFwaS5hbXQub2F0aC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG\nAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5k\naWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSgMqAwhi5odHRwOi8v\nY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMEwGA1UdIARF\nMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2lj\nZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUH\nMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDov\nL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VT\nZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA\n7gB0AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABbAsHrvYAAAQD\nAEUwQwIfPftgcnWz5DTDedfkHHUrUmhHjIwNEymr1ASUuISnTQIgWctFaPZq7UeN\ntzKH6UU/r9mRpA6WHZWj4y/jeR2VZT4AdgCHdb/nWXz4jEOZX73zbv9WjUdWNv9K\ntWDBtOr/XqCDDwAAAWwLB6+XAAAEAwBHMEUCIQCi47YtWClTuGQ+PyfYZFLQqyPH\nLFkJCSDgI8C2F4nNzAIgcKe8dYlkhaOWCK7hos+8DDJXlgh6pdEu/0HBOvGT/1gw\nDQYJKoZIhvcNAQELBQADggEBABCwGqqcOGW0TuPEabvO/LsUmEZv1d/naNJyS1Ux\nyIzCdzygcWv0RNNe6DLjK60kAhNm7gWk6LCrRDZClGA0XfCxwalno1hGtfFPmZUF\nTz8JIxqEiGQbQm/LOE6pCcx7xoBZ8rvy0exPaUlyCq7p7qAUZidj3dDHG+1JaVr5\nIi1OMK7noaVUl5gM+wuAg+xzH7jJFHtW/CTnmz4Ng0Wjr/inhwmiq+RdSNsyu1qp\nmXe1DwDiNwJKAdM+ksk/rh/rp4D5u/PmprakynMmsakumhxeo/LIyeUII182sLaf\npEykT7v7cBzbfR0feiMg7yfBr+NUI24QlxYI9O/5o0P9zMI=\n-----END CERTIFICATE-----\n"}}], "port_str": "443", "num_screenshots": 1}