GeneralInformation

Country	United States
City	Atlanta
Organization	Cox Communications Inc.
ISP	Cox Communications Inc.
ASN	AS22773
Operating System	Windows 5.1

Vulnerabilities

MS17-010

8.1This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server. This security update is rated Critical for all supported releases of Microsoft Windows.

OpenPorts

21 80 135 443 445 1433 1883 3306 5060 9100 11211

-1157250322 | 2024-04-24T11:20:36.115437

21 / tcp

220 DiskStation FTP server ready.
230 Anonymous login ok, access restrictions apply.
502 Command 'HELP' not implemented
211-Features:
 PASV
 PORT
211 End

-1451451174 | 2024-04-24T11:34:24.805091

80 / tcp

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=ascii
Content-Length: 204
Connection: close

2030592451 | 2024-04-24T02:09:22.960043

135 / tcp

\x05\x00\x0c\x03\x10\x00\x00\x00D\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\xf7N\x00\x00\x0e\x00\\PIPE\\browser\x00\x01\x00\x00\x00\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00

-1451451174 | 2024-04-24T08:01:10.520557

443 / tcp

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=ascii
Content-Length: 204
Connection: close

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1713877537 (0x6627b221)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=DE, CN=Nepenthes Development Team, O=dionaea.carnivore.it, OU=anv
        Validity
            Not Before: Apr 23 13:05:37 2024 GMT
            Not After : Apr 23 13:05:37 2025 GMT
        Subject: C=DE, CN=Nepenthes Development Team, O=dionaea.carnivore.it, OU=anv
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a6:1b:21:c9:26:de:bb:76:17:33:50:11:ad:50:
                    58:30:e2:8b:c2:60:4b:98:74:a4:70:00:7b:f9:11:
                    ba:1c:42:e7:18:1d:0a:32:45:da:d7:c0:61:20:e7:
                    94:a7:78:3c:05:c1:99:ec:df:40:8d:ea:d0:65:96:
                    d6:5a:3c:ab:0e:93:b9:26:99:d4:cb:2b:32:db:ef:
                    9e:47:09:4c:7d:73:18:b2:94:7f:79:4a:96:29:dd:
                    4b:39:9f:94:33:c4:a3:a3:2a:75:33:b0:04:e3:f6:
                    12:09:b2:ad:6c:78:50:95:4e:c3:dd:88:af:7a:37:
                    4c:46:86:a9:9a:92:6b:07:f1:5e:5c:a2:62:9e:08:
                    26:e6:93:0a:ba:42:78:09:40:11:95:af:a5:3c:13:
                    4e:b8:b6:b2:06:7f:ef:9b:c9:4b:61:bb:80:43:3d:
                    2c:51:be:1b:67:14:a0:f5:6d:3f:ed:30:1b:46:ba:
                    19:bc:b4:a6:ed:26:7f:a5:2b:37:02:72:2f:ef:1f:
                    53:05:7e:8e:52:75:b8:80:1f:1c:02:13:76:43:ed:
                    04:0c:a4:d2:fb:5a:a8:d3:8d:1d:18:8b:9e:e0:91:
                    3f:64:63:3a:ad:16:b1:b2:21:be:98:c5:8e:bf:19:
                    be:19:6d:33:df:72:b4:88:15:a5:5c:e5:22:0f:b0:
                    75:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Cert Type: 
                SSL Server
            Netscape SSL Server Name: 
                localhost
    Signature Algorithm: md5WithRSAEncryption
    Signature Value:
        0b:fb:d6:22:61:5d:bc:76:12:58:20:28:c5:1a:d9:60:d3:98:
        86:6b:bb:a9:32:c6:79:69:c1:c1:4c:c5:75:63:2f:47:f8:8d:
        43:f6:c0:f6:8c:68:26:3b:33:d6:b5:0d:0c:53:7b:22:ed:fa:
        a5:20:96:46:73:76:d8:13:8e:0a:58:c3:18:f4:1a:c2:e4:03:
        61:4d:f6:e8:7c:a9:85:78:a3:6f:a3:e4:f1:4f:4c:8e:96:f0:
        a5:9d:6c:e1:91:d6:60:8c:70:9f:0c:ca:09:d3:ad:44:f5:66:
        7c:8a:74:f6:ce:ef:c5:96:1e:be:51:2f:a3:a7:a6:c5:a6:80:
        6a:83:85:4d:8b:82:8d:79:a7:a1:fc:d7:e1:bf:76:e3:31:5e:
        2c:b8:74:48:2e:c4:4d:df:a9:2d:fb:cd:86:5b:2b:df:23:83:
        80:45:42:c3:7c:98:b1:91:22:b8:0f:6a:45:7e:38:0f:a4:fd:
        3a:8c:b8:cf:28:f1:b2:d0:25:62:97:72:88:6d:19:76:3f:72:
        5f:50:5b:c7:c3:33:2e:98:6c:56:a7:97:e4:52:fa:50:a7:ba:
        0b:ec:29:a3:ef:0d:74:aa:61:55:61:3b:ab:cd:b1:77:24:c0:
        3a:49:3c:27:a1:a6:a8:2c:9f:07:95:cb:5c:e5:af:d4:12:59:
        39:ee:f3:d6

-825987803 | 2024-04-24T12:44:13.234998

445 / tcp

SMB Status:
  Authentication: disabled
  SMB Version: 1
  OS: Windows 5.1
  Software: Windows 2000 LAN Manager
  Capabilities: extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, nt-find, nt-smb, nt-status, raw-mode, rpc-remote-api, unicode

Shares
Name                 Type       Comments
------------------------------------------------------------------------
ADMIN$               Disk       Remote Admin
C$                   Disk       Default Share
IPC$                 IPC        Remote IPC
Printer              Printer    Microsoft XPS Document Writer

1866007652 | 2024-04-24T00:08:56.716670

1433 / tcp

\x04\x01\x00J\x00\x00\x01\x00\xad6\x00\x01\x04\x02\x00\x00\x16M\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00 \x00S\x00Q\x00L\x00 \x00S\x00e\x00r\x00v\x00e\x00r\x00\x00\x00\x00\x00\t\x00\x05w\xfd\x00\x00\x00\x00\x00\x00\x00\x00

-1351362334 | 2024-04-24T07:05:37.897670

1883 / tcp

MQTT Connection Code: 0

Topics:

-1344782857 | 2024-04-24T00:23:52.628034

3306 / tcp

4\x00\x00\x00\n5.7.16\x00\x00\x00\x12gaaaaaaaa\x00,\xa2!\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00            \x00

-1758742036 | 2024-04-24T09:16:52.356636

5060 / udp

SIP/2.0 200 OK
CSeq: 42 OPTIONS
Call-ID: 50000
Via: SIP/2.0/UDP nm;branch=foo;rport
From: sip:nm@nm;tag=root
To: sip:nm2@nm2
Contact: sip:nm2@nm2
Allow: REGISTER, OPTIONS, INVITE, CANCEL, BYE, ACK
Content-Length: 0
Accept: application/sdp
Accept-Language: en

-852964902 | 2024-04-24T01:21:57.878776

9100 / tcp

CODE=10001\r\nDISPLAY="Non HP supply in use"\r\nONLINE=TRUE\r\n

-1440470547 | 2024-04-24T06:05:48.137305

11211 / tcp

ERROR

72.223.149.4

Last Seen: 2024-04-24

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1157250322 | 2024-04-24T11:20:36.115437
21 / tcp

Synology DiskStation NAS ftpd

-1451451174 | 2024-04-24T11:34:24.805091
80 / tcp

nginx

2030592451 | 2024-04-24T02:09:22.960043
135 / tcp

Microsoft RPC

-1451451174 | 2024-04-24T08:01:10.520557
443 / tcp

nginx

-825987803 | 2024-04-24T12:44:13.234998
445 / tcp

1866007652 | 2024-04-24T00:08:56.716670
1433 / tcp

MS-SQL Server 2000 SP1+8.0.528.0

-1351362334 | 2024-04-24T07:05:37.897670
1883 / tcp

MQTT

-1344782857 | 2024-04-24T00:23:52.628034
3306 / tcp

Dionaea Honeypot

-1758742036 | 2024-04-24T09:16:52.356636
5060 / udp

-852964902 | 2024-04-24T01:21:57.878776
9100 / tcp

-1440470547 | 2024-04-24T06:05:48.137305
11211 / tcp

Products

Pricing

Contact Us

72.223.149.4

Last Seen: 2024-04-24

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1157250322 | 2024-04-24T11:20:36.115437 21 / tcp

Synology DiskStation NAS ftpd

-1451451174 | 2024-04-24T11:34:24.805091 80 / tcp

nginx

2030592451 | 2024-04-24T02:09:22.960043 135 / tcp

Microsoft RPC

-1451451174 | 2024-04-24T08:01:10.520557 443 / tcp

nginx

-825987803 | 2024-04-24T12:44:13.234998 445 / tcp

1866007652 | 2024-04-24T00:08:56.716670 1433 / tcp

MS-SQL Server 2000 SP1+8.0.528.0

-1351362334 | 2024-04-24T07:05:37.897670 1883 / tcp

MQTT

-1344782857 | 2024-04-24T00:23:52.628034 3306 / tcp

Dionaea Honeypot

-1758742036 | 2024-04-24T09:16:52.356636 5060 / udp

-852964902 | 2024-04-24T01:21:57.878776 9100 / tcp

-1440470547 | 2024-04-24T06:05:48.137305 11211 / tcp

Products

Pricing

Contact Us

-1157250322 | 2024-04-24T11:20:36.115437
21 / tcp

-1451451174 | 2024-04-24T11:34:24.805091
80 / tcp

2030592451 | 2024-04-24T02:09:22.960043
135 / tcp

-1451451174 | 2024-04-24T08:01:10.520557
443 / tcp

-825987803 | 2024-04-24T12:44:13.234998
445 / tcp

1866007652 | 2024-04-24T00:08:56.716670
1433 / tcp

-1351362334 | 2024-04-24T07:05:37.897670
1883 / tcp

-1344782857 | 2024-04-24T00:23:52.628034
3306 / tcp

-1758742036 | 2024-04-24T09:16:52.356636
5060 / udp

-852964902 | 2024-04-24T01:21:57.878776
9100 / tcp

-1440470547 | 2024-04-24T06:05:48.137305
11211 / tcp