GeneralInformation

Country	Kazakhstan
City	Almaty
Organization	Jusan Mobile JSC
ISP	Jusan Mobile JSC
ASN	AS35104

Vulnerabilities

CVE-2019-0708

10.0A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

OpenPorts

25 53 80 110 137 3389 5357 8080 13579

-2020420470 | 2024-05-02T11:13:17.655431

25 / tcp

220 UserGate: SMTP service ready
250 UserGate: pleased to meet you

-553166942 | 2024-05-02T13:20:12.939136

53 / udp

Recursion: enabled

126394932 | 2024-04-30T23:17:30.065246

80 / tcp

HTTP/1.0 200 OK
Pragma: no-cach

-1921257633 | 2024-04-25T16:25:57.358132

110 / tcp

+OK UserGate: forward ready
-ERR UserGate: Mistake of the protocol

-884867281 | 2024-04-16T23:11:03.687741

137 / udp

NetBIOS Response:
  MAC Address: 44:87:FC:82:7A:30

MAC Addresses

44:87:FC:82:7A:30
    OUI: 44:87:FC
    Organization: Elitegroup Computer Systems Co.,Ltd.
    Assignment: MA-L
    Registration Date: 2009-11-21

-1164159508 | 2024-04-24T23:57:49.872638

3389 / tcp

Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x00\x08\x00\x02\x00\x00\x00

Does the morning starts with coffee
All your files are encrypted ele Cp ua cord tt kad
Windows Server2008
Standard

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:b8:6c:90:26:2c:78:8d:4c:93:3e:7a:c6:1c:cf:0f
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=Net
        Validity
            Not Before: Apr 17 16:51:46 2024 GMT
            Not After : Oct 17 16:51:46 2024 GMT
        Subject: CN=Net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:97:8d:4b:2b:a8:67:0d:40:1b:5e:cf:f2:d9:62:
                    0f:37:26:f6:98:6e:a9:a8:18:12:58:14:95:78:bb:
                    58:9f:7f:d8:c3:bf:71:31:d1:65:f9:78:6a:52:9f:
                    ef:b0:51:bd:71:6a:73:37:4f:7b:d4:08:1f:7f:0c:
                    22:06:ac:5b:c0:15:9d:e6:1a:b8:92:cb:3d:4e:80:
                    93:15:02:19:7a:83:44:d2:8e:07:f6:a8:d1:24:f3:
                    1e:a5:62:c7:06:f8:cd:14:26:44:a9:8c:5b:fc:40:
                    54:a4:7f:55:02:4e:27:e1:5e:6b:7c:87:a2:62:03:
                    bf:9f:79:6d:b6:59:55:78:4b:79:82:ec:d5:44:68:
                    99:4b:45:b4:b4:39:d0:94:7a:c2:ce:ac:b6:9e:d3:
                    6e:ec:88:ac:72:66:b8:9c:51:b5:40:07:29:94:80:
                    53:78:08:6a:ca:ac:e7:95:9e:ac:90:cd:ce:4d:e0:
                    5a:aa:f4:a1:27:04:d2:f0:2f:f1:53:3b:37:3c:68:
                    b3:73:3d:25:40:7e:bf:64:d2:da:1b:02:c0:18:ef:
                    cd:f5:f0:3c:cb:d6:c8:0c:5b:50:64:38:3e:44:75:
                    f0:54:25:76:1f:a1:69:88:ed:96:be:75:91:20:af:
                    10:c5:88:5f:16:3f:11:73:15:99:08:08:ad:2b:80:
                    9c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Key Usage: 
                Key Encipherment, Data Encipherment
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        8c:ec:20:1b:e4:21:42:87:81:80:34:43:15:ec:30:53:57:91:
        54:59:6c:2d:f9:f3:14:fd:b0:63:b3:8f:e7:15:76:93:9f:b0:
        b8:36:cf:9f:dd:de:b1:8c:a3:fc:5d:d0:2f:5a:cb:e1:16:c4:
        40:5f:27:e5:0f:75:44:dd:fd:a0:02:1e:9a:4f:79:f3:5c:f0:
        43:25:0d:fc:35:03:83:77:2e:14:d6:85:32:16:3b:c2:d8:b6:
        0e:c9:74:e2:f2:e3:c9:9f:e5:a4:87:04:ee:98:89:67:c9:22:
        26:ea:cd:94:6a:a9:a8:03:26:2f:71:e0:eb:ef:de:9b:7e:73:
        93:df:92:6a:66:96:8c:6a:d4:8e:7d:59:1d:2c:6b:e2:fd:c1:
        be:07:ce:da:2e:4f:3e:5c:32:fc:d7:ee:8b:6b:dd:5b:75:cd:
        fb:43:c2:28:69:46:68:85:08:ab:73:30:ff:91:cd:f6:c3:a7:
        73:42:c1:96:02:29:88:26:69:bc:b9:70:1b:ea:3a:0f:f5:b6:
        c9:e5:77:28:fd:01:b2:31:4e:3a:7a:57:5b:6e:17:6a:62:9a:
        af:b7:fe:80:8d:a7:de:c9:d1:a9:28:4e:ed:93:48:af:9f:0a:
        1c:e6:6f:4c:39:76:c0:ea:54:ed:ae:47:1c:75:b6:23:d7:75:
        09:78:c1:5c

-1684583448 | 2024-04-27T12:29:00.131697

5357 / tcp

HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 27 Apr 2024 12:29:00 GMT
Connection: close
Content-Length: 326

126394932 | 2024-05-02T17:07:21.224756

8080 / tcp

HTTP/1.0 200 OK
Pragma: no-cach

80.242.208.91

Last Seen: 2024-05-04

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-2020420470 | 2024-05-02T11:13:17.655431
25 / tcp

UserGate smtp proxy

-553166942 | 2024-05-02T13:20:12.939136
53 / udp

126394932 | 2024-04-30T23:17:30.065246
80 / tcp

-1921257633 | 2024-04-25T16:25:57.358132
110 / tcp

-884867281 | 2024-04-16T23:11:03.687741
137 / udp

-1164159508 | 2024-04-24T23:57:49.872638
3389 / tcp

Remote Desktop Protocol

-1684583448 | 2024-04-27T12:29:00.131697
5357 / tcp

126394932 | 2024-05-02T17:07:21.224756
8080 / tcp

Products

Pricing

Contact Us

80.242.208.91

Last Seen: 2024-05-04

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-2020420470 | 2024-05-02T11:13:17.655431 25 / tcp

UserGate smtp proxy

-553166942 | 2024-05-02T13:20:12.939136 53 / udp

126394932 | 2024-04-30T23:17:30.065246 80 / tcp

-1921257633 | 2024-04-25T16:25:57.358132 110 / tcp

-884867281 | 2024-04-16T23:11:03.687741 137 / udp

-1164159508 | 2024-04-24T23:57:49.872638 3389 / tcp

Remote Desktop Protocol

-1684583448 | 2024-04-27T12:29:00.131697 5357 / tcp

126394932 | 2024-05-02T17:07:21.224756 8080 / tcp

Products

Pricing

Contact Us

-2020420470 | 2024-05-02T11:13:17.655431
25 / tcp

-553166942 | 2024-05-02T13:20:12.939136
53 / udp

126394932 | 2024-04-30T23:17:30.065246
80 / tcp

-1921257633 | 2024-04-25T16:25:57.358132
110 / tcp

-884867281 | 2024-04-16T23:11:03.687741
137 / udp

-1164159508 | 2024-04-24T23:57:49.872638
3389 / tcp

-1684583448 | 2024-04-27T12:29:00.131697
5357 / tcp

126394932 | 2024-05-02T17:07:21.224756
8080 / tcp