GeneralInformation

Country	China
City	Wenzhou
Organization	CHINANET-ZJ Wenzhou node network
ISP	WENZHOU, ZHEJIANG Province, P.R.China.
ASN	AS134771
Operating System	Ubuntu

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

22 80 2181 3306 8545 9090 9092 9100 30303

924603578 | 2024-05-14T18:57:01.136413

22 / tcp

SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQCsUvuQLwJ+NgeNWm4LrZgWcPeP1LAPYTkk7yNhufHKvqnj
ZVpjE3v/dEF6I41JAklf+yOawokfk6B5tqpWtdcmJ0mQoe8THs2H2GxeofiDgpgwBcGn8IOoCDTY
g28RjgKolEUM5b3fm+k9DlkKR56WcIFhe4e27BHuCtWgxHdSu121B1VVvvyqThgbrjtGcaqv0cH1
iW3ldtFds/3sN+HvnODL9YbcC8VFQ8xx9FImaJDcNQ8ZGD9q3WXItrz05HjgGNCNJKtB+gsYFTYI
lf1lMHcsXsRdSNRCwDFBp85PiUjFC7FjOcSu17qpr2iBkT5WBugG1h4IymN0uzZMI99vPt5R0m9s
85f+N3YmxjyfwbNdHKpxsSr33OnkrfEUY0/4qzwxiYUj/sq1qwdQXP4FIywwHUjzf6j+QbdB4BC3
/z1hjuEncwd+jqHaCRK6oTDg0ura+qTvQu0lR3z4lnorCcfZlIOd1H3XoBxICeZ1GmpsHOiNZxPw
3Pi6Opbdv20=
Fingerprint: 3c:2e:03:9c:8f:86:7a:c2:a6:92:68:9b:c4:29:dc:a5

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

1651973090 | 2024-05-20T17:46:17.083242

80 / tcp

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 20 May 2024 17:46:16 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 17 Nov 2023 06:24:19 GMT
Connection: keep-alive
ETag: "65570713-264"
Accept-Ranges: bytes

-696559577 | 2024-05-19T12:29:13.148106

2181 / tcp

stat is not executed because it is not in the whitelist.

748751232 | 2024-05-10T14:18:47.297214

3306 / tcp

MySQL:
  Protocol Version: 10
  Version: 8.0.36-0ubuntu0.20.04.1
  Capabilities: 65535
  Server Language: 255
  Server Status: 2
  Extended Server Capabilities: 57343
  Authentication Plugin: caching_sha2_password

-722758501 | 2024-05-15T01:39:54.404219

8545 / tcp

Ethereum RPC:
  Client: Nethermind
  Version: v1.25.4+20b10b35
  Platform: linux-x64
  Compiler: dotnet8.0.2
  Accounts:
    0xf5ede731dee1303af97ff4fdb22e5fe2e2ca1a64
  Chain Id: 0x64

-405692887 | 2024-05-08T09:34:35.655491

9090 / tcp

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 09:34:15 GMT
Content-Length: 734
Content-Type: text/html; charset=utf-8

-1256536974 | 2024-05-10T18:09:08.128259

9092 / tcp

Kafka Broker

Topics:
    ilibr_tmh
    __consumer_offsets
    istp
    test
    deviceControlTopic
    test-topic

Hosts:
    115.223.19.188:9092

2078402322 | 2024-05-13T10:07:54.332016

9100 / tcp

HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close

400 Bad Request
Prometheus Node Exporter:
  node_exporter_build_info:
    branch: HEAD
    goarch: amd64
    goos: linux
    goversion: go1.21.4
    revision: 7333465abf9efba81876303bb57e6fadb946041b
    tags: netgo osusergo static_build
    version: 1.7.0
  node_os_info:
    id: ubuntu
    id_like: debian
    name: Ubuntu
    pretty_name: Ubuntu 20.04.6 LTS
    version: 20.04.6 LTS (Focal Fossa)
    version_codename: focal
    version_id: 20.04
  node_uname_info:
    domainname: (none)
    machine: x86_64
    nodename: wdyzx-PowerEdge-R630
    release: 5.15.0-67-generic
    sysname: Linux
    version: #74~20.04.1-Ubuntu SMP Wed Feb 22 14:52:34 UTC 2023
  node_dmi_info:
    bios_date: 03/15/2023
    bios_release: 2.17
    bios_vendor: Dell Inc.
    bios_version: 2.17.0
    board_name: 02C2CP
    board_serial: .52H6TD2.CN7475168Q0321.
    board_vendor: Dell Inc.
    board_version: A02
    chassis_serial: 52H6TD2
    chassis_vendor: Dell Inc.
    product_name: PowerEdge R630
    product_serial: 52H6TD2
    product_sku: SKU=NotProvided;ModelName=PowerEdge R630
    product_uuid: 4c4c4544-0032-4810-8036-b5c04f544432
    system_vendor: Dell Inc.
  node_network_info:
    docker0:
      address: 02:42:94:09:55:5f
      adminstate: up
      broadcast: ff:ff:ff:ff:ff:ff
      device: docker0
      duplex: unknown
      operstate: down
    lo:
      address: 00:00:00:00:00:00
      adminstate: up
      broadcast: 00:00:00:00:00:00
      device: lo
      operstate: unknown
    enp129s0:
      address: 90:e2:ba:8c:87:40
      adminstate: up
      broadcast: ff:ff:ff:ff:ff:ff
      device: enp129s0
      duplex: full
      operstate: up
    eno1:
      address: c8:1f:66:d8:37:bc
      adminstate: up
      broadcast: ff:ff:ff:ff:ff:ff
      device: eno1
      duplex: unknown
      operstate: down
    eno2:
      address: c8:1f:66:d8:37:bd
      adminstate: up
      broadcast: ff:ff:ff:ff:ff:ff
      device: eno2
      duplex: unknown
      operstate: down
    eno3:
      address: c8:1f:66:d8:37:be
      adminstate: up
      broadcast: ff:ff:ff:ff:ff:ff
      device: eno3
      duplex: unknown
      operstate: down
    eno4:
      address: c8:1f:66:d8:37:bf
      adminstate: up
      broadcast: ff:ff:ff:ff:ff:ff
      device: eno4
      duplex: unknown
      operstate: down
    br-01b4fc13dae5:
      address: 02:42:2a:7e:61:68
      adminstate: up
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-01b4fc13dae5
      duplex: unknown
      operstate: down

MAC Addresses

C8:1F:66:D8:37:BC
    OUI: C8:1F:66
    Organization: Dell Inc.
    Assignment: MA-L
    Registration Date: 2013-04-24
C8:1F:66:D8:37:BD
    OUI: C8:1F:66
    Organization: Dell Inc.
    Assignment: MA-L
    Registration Date: 2013-04-24
C8:1F:66:D8:37:BE
    OUI: C8:1F:66
    Organization: Dell Inc.
    Assignment: MA-L
    Registration Date: 2013-04-24
C8:1F:66:D8:37:BF
    OUI: C8:1F:66
    Organization: Dell Inc.
    Assignment: MA-L
    Registration Date: 2013-04-24

67803950 | 2024-05-04T03:47:24.189257

30303 / udp

Ethereum Discovery Protocol:
  Version: 4
  Enode: enode://f88ee3dcd7ff0fd1999b549e860c1f076315a02c562c3be08e8d007fd28b1e1855f930429f6a85a163ec3bf045698e16c3d8f256b8c7590384eece8338339da9@115.223.19.188:30303

115.223.19.188

Last Seen: 2024-05-20

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

924603578 | 2024-05-14T18:57:01.136413
22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.11

1651973090 | 2024-05-20T17:46:17.083242
80 / tcp

nginx1.18.0

-696559577 | 2024-05-19T12:29:13.148106
2181 / tcp

748751232 | 2024-05-10T14:18:47.297214
3306 / tcp

MySQL8.0.36-0ubuntu0.20.04.1

-722758501 | 2024-05-15T01:39:54.404219
8545 / tcp

Nethermindv1.25.4+20b10b35

-405692887 | 2024-05-08T09:34:35.655491
9090 / tcp

-1256536974 | 2024-05-10T18:09:08.128259
9092 / tcp

Kafka

2078402322 | 2024-05-13T10:07:54.332016
9100 / tcp

Prometheus Node Exporter1.7.0

67803950 | 2024-05-04T03:47:24.189257
30303 / udp

Ethereum Discovery Protocol4

Products

Pricing

Contact Us

115.223.19.188

Last Seen: 2024-05-20

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

924603578 | 2024-05-14T18:57:01.136413 22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.11

1651973090 | 2024-05-20T17:46:17.083242 80 / tcp

nginx1.18.0

-696559577 | 2024-05-19T12:29:13.148106 2181 / tcp

748751232 | 2024-05-10T14:18:47.297214 3306 / tcp

MySQL8.0.36-0ubuntu0.20.04.1

-722758501 | 2024-05-15T01:39:54.404219 8545 / tcp

Nethermindv1.25.4+20b10b35

-405692887 | 2024-05-08T09:34:35.655491 9090 / tcp

-1256536974 | 2024-05-10T18:09:08.128259 9092 / tcp

Kafka

2078402322 | 2024-05-13T10:07:54.332016 9100 / tcp

Prometheus Node Exporter1.7.0

67803950 | 2024-05-04T03:47:24.189257 30303 / udp

Ethereum Discovery Protocol4

Products

Pricing

Contact Us

924603578 | 2024-05-14T18:57:01.136413
22 / tcp

1651973090 | 2024-05-20T17:46:17.083242
80 / tcp

-696559577 | 2024-05-19T12:29:13.148106
2181 / tcp

748751232 | 2024-05-10T14:18:47.297214
3306 / tcp

-722758501 | 2024-05-15T01:39:54.404219
8545 / tcp

-405692887 | 2024-05-08T09:34:35.655491
9090 / tcp

-1256536974 | 2024-05-10T18:09:08.128259
9092 / tcp

2078402322 | 2024-05-13T10:07:54.332016
9100 / tcp

67803950 | 2024-05-04T03:47:24.189257
30303 / udp