GeneralInformation

Country	China
City	Hefei
Organization	CHINANET Anhui PROVINCE NETWORK
ISP	CHINANET-BACKBONE
ASN	AS4134

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2021-3618

5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

OpenPorts

515 631 3306 5060 5353 5357 8000 9000 9001

-571569590 | 2024-05-08T22:20:56.290518

515 / tcp

Unable to get printer printer: successful-ok

-1899370528 | 2024-05-10T23:54:23.638202

631 / tcp

HTTP/1.1 200 OK
Connection: close
Content-Language: en_US
Content-Length: 459
Content-Type: text/html; charset=utf-8
Date: Fri, 10 May 2024 23:54:23 GMT
Accept-Encoding: gzip, deflate, identity
Server: CUPS/2.0 IPP/2.1
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'


CUPS (IPP):
  Printer #1:
    Make And Model: Local Raw Printer
    Name: usbprinter
    Location: BOMEI_NAS
    URI Supported: ipp://114.104.135.238:631/printers/usbprinter
  Printer #2:
    Make And Model: Brother DCP-8045D - CUPS+Gutenprint v5.2.10
    Name: usbprinter1
    Location: BOMEI_NAS
    URI Supported: ipp://114.104.135.238:631/printers/usbprinter1

1513671470 | 2024-05-11T07:45:54.376735

3306 / tcp

MySQL:
  Protocol Version: 10
  Version: 5.7.43
  Capabilities: 65535
  Server Language: 8
  Server Status: 2
  Extended Server Capabilities: 49663
  Authentication Plugin: mysql_native_password

-1667455651 | 2024-06-01T22:52:41.512894

5060 / udp

SIP/2.0 404 Not Found
From: <sip:nm@nm>;tag=root
To: <sip:nm2@nm2>;tag=9f2670-0-13c4-50029-9968f-1f5fe24f-9968f
Call-ID: 50000
CSeq: 42 OPTIONS
Via: SIP/2.0/UDP nm;received=224.90.213.137;rport=26810;branch=foo
Supported: replaces,100rel,timer
Accept: application/sdp
Allow: INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,INFO,NOTIFY,PRACK,MESSAGE
Content-Length: 0

2067574327 | 2024-05-12T15:40:56.559811

5353 / udp

mDNS:
  answers:
    PTR:
      _smb._tcp.local
      _http._tcp.local
      _ipp._tcp.local
      _printer._tcp.local
      _afpovertcp._tcp.local
      _device-info._tcp.local

-171534721 | 2024-05-11T04:34:02.142109

5357 / tcp

HTTP/1.1 502 Bad Gateway
Server: nginx
Date: Sat, 11 May 2024 04:33:40 GMT
Content-Type: text/html
Content-Length: 552
Connection: keep-alive
Keep-Alive: timeout=20

-1539338981 | 2024-05-08T06:47:18.167827

8000 / tcp

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 08 May 2024 06:47:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2986
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 11 Nov 2022 09:34:27 GMT
Cache-Control: max-age=0

-922175566 | 2024-05-08T04:19:18.861137

9000 / tcp

HTTP/1.1 404 Not Found
connection: keep-alive
content-length: 0
date: Wed, 08 May 2024 04:19:17 GMT

-1124175308 | 2024-05-08T09:56:19.597620

9001 / tcp

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Length: 17334
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 25 Oct 2023 15:20:18 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Date: Wed, 08 May 2024 09:56:19 GMT

<!DOCTYPE html>
<html lang="zh-CN" ng-app="portainer" ng-strict-di data-edition="CE">
  <head>
    <meta charset="utf-8" />
    <title>Portainer</title>
    <meta name="description" content="" />
    <meta name="author" content="Portainer.io" />
    <meta http-equiv="cache-control" content="no-cache" />
    <meta http-equiv="expires" content="0" />
    <meta http-equiv="pragma" content="no-cache" />
    <base id="base" />
    <script>
      if (window.origin == 'file://') {
        // we are loading the app

114.104.135.238

Last Seen: 2024-06-01

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-571569590 | 2024-05-08T22:20:56.290518
515 / tcp

-1899370528 | 2024-05-10T23:54:23.638202
631 / tcp

CUPS (IPP)2.0.3

1513671470 | 2024-05-11T07:45:54.376735
3306 / tcp

MySQL5.7.43

-1667455651 | 2024-06-01T22:52:41.512894
5060 / udp

2067574327 | 2024-05-12T15:40:56.559811
5353 / udp

mDNS

-171534721 | 2024-05-11T04:34:02.142109
5357 / tcp

nginx

-1539338981 | 2024-05-08T06:47:18.167827
8000 / tcp

nginx1.20.1

-922175566 | 2024-05-08T04:19:18.861137
9000 / tcp

-1124175308 | 2024-05-08T09:56:19.597620
9001 / tcp

Portainer2.19.1

Products

Pricing

Contact Us

114.104.135.238

Last Seen: 2024-06-01

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-571569590 | 2024-05-08T22:20:56.290518 515 / tcp

-1899370528 | 2024-05-10T23:54:23.638202 631 / tcp

CUPS (IPP)2.0.3

1513671470 | 2024-05-11T07:45:54.376735 3306 / tcp

MySQL5.7.43

-1667455651 | 2024-06-01T22:52:41.512894 5060 / udp

2067574327 | 2024-05-12T15:40:56.559811 5353 / udp

mDNS

-171534721 | 2024-05-11T04:34:02.142109 5357 / tcp

nginx

-1539338981 | 2024-05-08T06:47:18.167827 8000 / tcp

nginx1.20.1

-922175566 | 2024-05-08T04:19:18.861137 9000 / tcp

-1124175308 | 2024-05-08T09:56:19.597620 9001 / tcp

Portainer2.19.1

Products

Pricing

Contact Us

-571569590 | 2024-05-08T22:20:56.290518
515 / tcp

-1899370528 | 2024-05-10T23:54:23.638202
631 / tcp

1513671470 | 2024-05-11T07:45:54.376735
3306 / tcp

-1667455651 | 2024-06-01T22:52:41.512894
5060 / udp

2067574327 | 2024-05-12T15:40:56.559811
5353 / udp

-171534721 | 2024-05-11T04:34:02.142109
5357 / tcp

-1539338981 | 2024-05-08T06:47:18.167827
8000 / tcp

-922175566 | 2024-05-08T04:19:18.861137
9000 / tcp

-1124175308 | 2024-05-08T09:56:19.597620
9001 / tcp