GeneralInformation

Country	China
City	Beijing
Organization	Shanghai UCloud Information Technology Company Limited
ISP	China Unicom Beijing Province Network
ASN	AS4808

WebTechnologies

JavaScript libraries

jQuery2.0.0

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2010-3972	10.0Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2010-2730	9.3Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."
CVE-2010-1899	4.3Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

OpenPorts

21 80 135 3306 3389 5432 8080 8081

1090329081 | 2024-05-02T15:11:15.857141

21 / tcp

220-FileZilla Server 0.9.60 beta
220-written by Tim Kosse (tim.kosse@filezilla-project.org)
220 Please visit https://filezilla-project.org/
530 Login or password incorrect!
214-The following commands are recognized:
   ABOR   ADAT   ALLO   APPE   AUTH   CDUP   CLNT   CWD 
   DELE   EPRT   EPSV   FEAT   HASH   HELP   LIST   MDTM
   MFMT   MKD    MLSD   MLST   MODE   NLST   NOOP   NOP 
   OPTS   PASS   PASV   PBSZ   PORT   PROT   PWD    QUIT
   REST   RETR   RMD    RNFR   RNTO   SITE   SIZE   STOR
   STRU   SYST   TYPE   USER   XCUP   XCWD   XMKD   XPWD
   XRMD
214 Have a nice day.
211-Features:
 MDTM
 REST STREAM
 SIZE
 MLST type*;size*;modify*;
 MLSD
 UTF8
 CLNT
 MFMT
 EPSV
 EPRT
211 End

-714588714 | 2024-05-07T21:27:38.978321

80 / tcp

HTTP/1.1 200 OK
Server: nginx/1.19.8
Date: Tue, 07 May 2024 21:27:38 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 28578
Connection: keep-alive
Cache-Control: private
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=op96527nkqi7dcioo2pj8orn03; path=/
X-Powered-By: ThinkPHP

1337780608 | 2024-04-27T07:12:28.550473

135 / tcp

Microsoft RPC Endpoint Mapper

d95afe70-a6d5-4259-822e-2c84da1ddb0d
  version: v1.0
  protocol: [MS-RSP]: Remote Shutdown Protocol
  provider: wininit.exe
  ncacn_ip_tcp: 10.61.229.62:49152
  ncalrpc: WindowsShutdown
  ncacn_np: \\5KO9O\PIPE\InitShutdown
  ncalrpc: WMsgKRpc0496E0

76f226c3-ec14-4325-8a99-6a46348418af
  version: v1.0
  provider: winlogon.exe
  ncalrpc: WindowsShutdown
  ncacn_np: \\5KO9O\PIPE\InitShutdown
  ncalrpc: WMsgKRpc0496E0
  ncalrpc: WMsgKRpc04BF51
  ncalrpc: WMsgKRpc0255F42

c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
  version: v1.0
  annotation: Impl friendly name
  provider: sysntfy.dll
  ncalrpc: LRPC-aaa348c7754833753b
  ncacn_np: \\5KO9O\PIPE\srvsvc
  ncacn_ip_tcp: 10.61.229.62:49154
  ncacn_np: \\5KO9O\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE9F23610733864DF89637FBCB7835
  ncalrpc: IUserProfile2
  ncalrpc: senssvc
  ncalrpc: OLE9F23610733864DF89637FBCB7835
  ncalrpc: IUserProfile2
  ncalrpc: IUserProfile2
  ncalrpc: IUserProfile2

30adc50c-5cbc-46ce-9a0e-91914789e23c
  version: v1.0
  annotation: NRP server endpoint
  provider: nrpsrv.dll
  ncacn_ip_tcp: 10.61.229.62:49153
  ncacn_np: \\5KO9O\pipe\eventlog
  ncalrpc: eventlog

f6beaff7-1e19-4fbb-9f8f-b89e2018337c
  version: v1.0
  annotation: Event log TCPIP
  protocol: [MS-EVEN6]: EventLog Remoting Protocol
  provider: wevtsvc.dll
  ncacn_ip_tcp: 10.61.229.62:49153
  ncacn_np: \\5KO9O\pipe\eventlog
  ncalrpc: eventlog

30b044a5-a225-43f0-b3a4-e060df91f9c1
  version: v1.0
  provider: certprop.dll
  ncacn_np: \\5KO9O\PIPE\srvsvc
  ncacn_ip_tcp: 10.61.229.62:49154
  ncacn_np: \\5KO9O\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE9F23610733864DF89637FBCB7835
  ncalrpc: IUserProfile2

98716d03-89ac-44c7-bb8c-285824e51c4a
  version: v1.0
  annotation: XactSrv service
  provider: srvsvc.dll
  ncacn_ip_tcp: 10.61.229.62:49154
  ncacn_np: \\5KO9O\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE9F23610733864DF89637FBCB7835
  ncalrpc: IUserProfile2

552d076a-cb29-4e44-8b6a-d15e59e2c0af
  version: v1.0
  annotation: IP Transition Configuration endpoint
  provider: iphlpsvc.dll
  ncacn_ip_tcp: 10.61.229.62:49154
  ncacn_np: \\5KO9O\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE9F23610733864DF89637FBCB7835
  ncalrpc: IUserProfile2

a398e520-d59a-4bdd-aa7a-3c1e0303a511
  version: v1.0
  annotation: IKE/Authip API
  provider: IKEEXT.DLL
  ncacn_ip_tcp: 10.61.229.62:49154
  ncacn_np: \\5KO9O\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE9F23610733864DF89637FBCB7835
  ncalrpc: IUserProfile2

86d35949-83c9-4044-b424-db363231fd0c
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: schedsvc.dll
  ncacn_ip_tcp: 10.61.229.62:49154
  ncacn_np: \\5KO9O\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE9F23610733864DF89637FBCB7835
  ncalrpc: IUserProfile2

378e52b0-c0a9-11cf-822d-00aa0051e40f
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: taskcomp.dll
  ncacn_np: \\5KO9O\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE9F23610733864DF89637FBCB7835
  ncalrpc: IUserProfile2

1ff70682-0a51-30e8-076d-740be8cee98b
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: taskcomp.dll
  ncacn_np: \\5KO9O\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE9F23610733864DF89637FBCB7835
  ncalrpc: IUserProfile2

0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
  version: v1.0
  provider: schedsvc.dll
  ncalrpc: senssvc
  ncalrpc: OLE9F23610733864DF89637FBCB7835
  ncalrpc: IUserProfile2

2eb08e3e-639f-4fba-97b1-14f878961076
  version: v1.0
  provider: gpsvc.dll
  ncalrpc: IUserProfile2

24019106-a203-4642-b88d-82dae9158929
  version: v1.0
  provider: authui.dll
  ncalrpc: LRPC-e28daf43bdad3f138a

7ea70bcf-48af-4f6a-8968-6a440754d5fa
  version: v1.0
  annotation: NSI server endpoint
  provider: nsisvc.dll
  ncalrpc: LRPC-6df241f7e290bbb6f6
  ncalrpc: OLE75CE82064EB94BE4AE6B260F6043

2fb92682-6599-42dc-ae13-bd2ca89bd11c
  version: v1.0
  annotation: Fw APIs
  provider: MPSSVC.dll
  ncalrpc: LRPC-b5059493f304ec0703

7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
  version: v1.0
  annotation: Fw APIs
  provider: MPSSVC.dll
  ncalrpc: LRPC-b5059493f304ec0703

dd490425-5325-4565-b774-7e27d6c09c24
  version: v1.0
  annotation: Base Firewall Engine API
  provider: BFE.DLL
  ncalrpc: LRPC-b5059493f304ec0703

7f1343fe-50a9-4927-a778-0c5859517bac
  version: v1.0
  annotation: DfsDs service
  ncacn_np: \\5KO9O\PIPE\wkssvc
  ncalrpc: DNSResolver

4a452661-8290-4b36-8fbe-7f4093a94978
  version: v1.0
  annotation: Spooler function endpoint
  provider: spoolsv.exe
  ncalrpc: spoolss

ae33069b-a2a8-46ee-a235-ddfd339be281
  version: v1.0
  annotation: Spooler base remote object endpoint
  protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
  provider: spoolsv.exe
  ncalrpc: spoolss

0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
  version: v1.0
  annotation: Spooler function endpoint
  protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
  provider: spoolsv.exe
  ncalrpc: spoolss

367abb81-9844-35f1-ad32-98f038001003
  version: v2.0
  protocol: [MS-SCMR]: Service Control Manager Remote Protocol
  provider: services.exe
  ncacn_ip_tcp: 10.61.229.62:49158

12345678-1234-abcd-ef00-0123456789ab
  version: v1.0
  annotation: IPSec Policy agent endpoint
  protocol: [MS-RPRN]: Print System Remote Protocol
  provider: spoolsv.exe
  ncalrpc: LRPC-f2dd58a2803d9ffea7
  ncacn_ip_tcp: 10.61.229.62:49160

6b5bdd1e-528c-422c-af8c-a4079be4fe48
  version: v1.0
  annotation: Remote Fw APIs
  protocol: [MS-FASP]: Firewall and Advanced Security Protocol
  provider: FwRemoteSvr.dll
  ncacn_ip_tcp: 10.61.229.62:49160

12345778-1234-abcd-ef00-0123456789ac
  version: v1.0
  protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
  provider: samsrv.dll
  ncacn_ip_tcp: 10.61.229.62:49164
  ncalrpc: samss lpc
  ncalrpc: dsrole
  ncacn_np: \\5KO9O\PIPE\protected_storage
  ncalrpc: protected_storage
  ncalrpc: lsasspirpc
  ncalrpc: lsapolicylookup
  ncalrpc: LSARPC_ENDPOINT
  ncalrpc: securityevent
  ncalrpc: audit
  ncalrpc: LRPC-511fe57d75faa8fa0a
  ncacn_np: \\5KO9O\pipe\lsass

12e65dd8-887f-41ef-91bf-8d816c42c2e7
  version: v1.0
  annotation: Secure Desktop LRPC interface
  provider: winlogon.exe
  ncalrpc: WMsgKRpc0255F42

906b0ce0-c70b-1067-b317-00dd010662da
  version: v1.0
  protocol: [MS-CMPO]: MSDTC Connection Manager:
  provider: msdtcprx.dll
  ncalrpc: LRPC-a5384c92f5a53d1f55
  ncalrpc: LRPC-a5384c92f5a53d1f55
  ncalrpc: LRPC-a5384c92f5a53d1f55
  ncalrpc: LRPC-a5384c92f5a53d1f55

815199224 | 2024-05-01T00:38:04.074486

3306 / tcp

MySQL:
  Error Message: Host '224.10.98.4' is not allowed to connect to this MySQL server
  Error Code: 1130

1394459393 | 2024-04-27T12:05:50.202989

3389 / tcp

Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
  OS: Windows 7/Windows Server 2008 R2
  OS Build: 6.1.7601
  Target Name: 5KO9O
  NetBIOS Domain Name: 5KO9O
  NetBIOS Computer Name: 5KO9O
  DNS Domain Name: 10-61-229-62
  FQDN: 10-61-229-62

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:1f:2b:f2:80:5d:e4:86:49:69:a4:c2:70:a1:2f:fe
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=10-61-229-62
        Validity
            Not Before: Apr  5 10:23:21 2024 GMT
            Not After : Oct  5 10:23:21 2024 GMT
        Subject: CN=10-61-229-62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b7:a3:f1:1c:a9:02:b8:7a:44:0a:3c:36:6c:c1:
                    1c:fc:07:ae:be:0c:fe:5a:3b:20:34:89:d1:ed:7e:
                    15:1c:65:ec:03:0c:16:ec:aa:cb:bf:7a:58:d4:4e:
                    f6:c3:bc:be:35:48:06:61:f9:ad:41:18:aa:c8:5b:
                    c5:69:66:4e:ed:ff:ec:90:6f:99:ec:19:24:dc:7c:
                    5e:0c:a6:1f:fd:f4:51:5c:73:02:d2:e5:fa:a0:ff:
                    ad:3a:36:0d:6c:16:06:12:94:2a:63:a0:e3:e6:29:
                    8a:20:eb:c7:10:27:2a:c2:32:b3:6d:df:06:ec:e9:
                    9f:a4:6e:67:8b:31:65:24:00:10:05:c9:b0:8d:f1:
                    ea:0c:e1:ff:3c:e9:82:31:4a:2a:64:9f:cd:e6:f7:
                    78:4c:95:8d:ba:03:8b:0f:88:9f:ee:6d:4b:25:4c:
                    1f:e4:94:23:5d:6d:cb:9d:02:40:70:1f:5f:46:03:
                    22:27:2d:61:d8:06:fb:26:cb:17:58:91:d5:31:13:
                    da:09:a4:eb:84:b2:da:60:c2:89:49:58:fa:c7:17:
                    02:0e:a2:12:e7:07:67:d4:4a:7a:89:ce:d3:b2:60:
                    4a:b0:df:91:45:e6:af:2f:f7:a2:49:dc:69:e8:62:
                    c9:86:66:7c:bb:b1:ae:2c:1e:e0:8c:e0:83:4f:58:
                    68:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Key Usage: 
                Key Encipherment, Data Encipherment
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        4d:e7:26:5a:0a:ad:b4:5d:1f:c5:82:e8:99:40:cc:b3:28:37:
        ca:d0:7e:e7:76:57:bb:98:68:25:2a:56:80:cd:c6:be:29:03:
        ef:b2:91:52:c8:60:ad:07:0c:9f:f3:e2:dd:f5:7f:99:78:1c:
        ae:53:43:ab:72:2a:16:b6:08:a9:87:17:1f:96:d4:74:dd:08:
        fd:a4:d9:04:5f:42:9f:56:95:9a:2b:b3:1c:2c:6b:2d:39:2f:
        8d:fb:6c:d7:74:8c:93:be:f1:b9:c5:b5:d3:0c:34:94:01:aa:
        c1:f0:a7:24:fc:b8:5e:ff:fb:b6:c4:50:a2:a4:b3:ba:07:5a:
        80:71:66:7b:90:c7:1c:46:a5:59:e1:44:c0:9c:70:85:c1:7f:
        6c:aa:0a:86:75:95:04:fd:c5:b5:42:bc:33:8e:4e:96:39:60:
        3b:0d:1a:1a:e0:45:3d:1f:89:c1:89:7a:4c:1c:56:a9:73:de:
        43:2c:23:75:0b:75:2c:15:34:f8:59:30:fc:6f:23:c4:44:88:
        39:ad:ec:33:da:95:8c:94:56:ed:bc:dd:14:5a:2a:75:dc:55:
        ac:1d:93:a3:b6:56:f7:11:b0:48:0f:d4:fd:81:1f:c7:31:d4:
        e7:3b:8c:44:55:e1:b5:02:dd:38:8f:52:cf:9a:34:c9:7e:ca:
        8c:66:60:af

-726790289 | 2024-04-24T21:52:20.488206

5432 / tcp

PostgreSQL
fe_sendauth: no password supplied

-714588714 | 2024-04-24T19:38:04.442991

8080 / tcp

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: PHPSESSID=kp31osqi464vvrolnlk0q5lro5; path=/
X-Powered-By: ThinkPHP
Date: Wed, 24 Apr 2024 19:38:03 GMT
Content-Length: 28578

337723093 | 2024-05-02T14:45:14.087084

8081 / tcp

HTTP/1.1 404 
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
Transfer-Encoding: chunked
Date: Thu, 02 May 2024 14:45:13 GMT

5c
{"timestamp":"2024-05-02 22:45:13","status":404,"error":"Not Found","message":"","path":"/"}
0

117.50.69.133

Last Seen: 2024-05-07

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1090329081 | 2024-05-02T15:11:15.857141
21 / tcp

-714588714 | 2024-05-07T21:27:38.978321
80 / tcp

nginx1.19.8

1337780608 | 2024-04-27T07:12:28.550473
135 / tcp

Microsoft RPC Endpoint Mapper

815199224 | 2024-05-01T00:38:04.074486
3306 / tcp

MySQL

1394459393 | 2024-04-27T12:05:50.202989
3389 / tcp

Remote Desktop Protocol

-726790289 | 2024-04-24T21:52:20.488206
5432 / tcp

PostgreSQL9.6.20 - 9.6.23 or 11.14 - 11.18

-714588714 | 2024-04-24T19:38:04.442991
8080 / tcp

Microsoft IIS httpd7.5

337723093 | 2024-05-02T14:45:14.087084
8081 / tcp

Products

Pricing

Contact Us

117.50.69.133

Last Seen: 2024-05-07

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1090329081 | 2024-05-02T15:11:15.857141 21 / tcp

-714588714 | 2024-05-07T21:27:38.978321 80 / tcp

nginx1.19.8

1337780608 | 2024-04-27T07:12:28.550473 135 / tcp

Microsoft RPC Endpoint Mapper

815199224 | 2024-05-01T00:38:04.074486 3306 / tcp

MySQL

1394459393 | 2024-04-27T12:05:50.202989 3389 / tcp

Remote Desktop Protocol

-726790289 | 2024-04-24T21:52:20.488206 5432 / tcp

PostgreSQL9.6.20 - 9.6.23 or 11.14 - 11.18

-714588714 | 2024-04-24T19:38:04.442991 8080 / tcp

Microsoft IIS httpd7.5

337723093 | 2024-05-02T14:45:14.087084 8081 / tcp

Products

Pricing

Contact Us

1090329081 | 2024-05-02T15:11:15.857141
21 / tcp

-714588714 | 2024-05-07T21:27:38.978321
80 / tcp

1337780608 | 2024-04-27T07:12:28.550473
135 / tcp

815199224 | 2024-05-01T00:38:04.074486
3306 / tcp

1394459393 | 2024-04-27T12:05:50.202989
3389 / tcp

-726790289 | 2024-04-24T21:52:20.488206
5432 / tcp

-714588714 | 2024-04-24T19:38:04.442991
8080 / tcp

337723093 | 2024-05-02T14:45:14.087084
8081 / tcp