GeneralInformation

Hostnames	51hiwork.honasoft.com
Domains	honasoft.com
Cloud Provider	Tencent Cloud
Country	China
City	Shenzhen
Organization	Tencent cloud computing (Beijing) Co., Ltd.
ISP	Shenzhen Tencent Computer Systems Company Limited
ASN	AS45090

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2021-3618

5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

OpenPorts

80 135 443 3306 3389

772258679 | 2024-04-27T22:21:44.033520

80 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Sat, 27 Apr 2024 22:21:42 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://119.29.38.124/

-664455378 | 2024-04-08T07:05:30.270770

135 / tcp

Microsoft RPC Endpoint Mapper

d95afe70-a6d5-4259-822e-2c84da1ddb0d
  version: v1.0
  protocol: [MS-RSP]: Remote Shutdown Protocol
  provider: wininit.exe
  ncacn_ip_tcp: 10.104.140.63:49152
  ncalrpc: WindowsShutdown
  ncacn_np: \\10_104_140_63\PIPE\InitShutdown
  ncalrpc: WMsgKRpc0492E0

76f226c3-ec14-4325-8a99-6a46348418af
  version: v1.0
  provider: winlogon.exe
  ncalrpc: WindowsShutdown
  ncacn_np: \\10_104_140_63\PIPE\InitShutdown
  ncalrpc: WMsgKRpc0492E0
  ncalrpc: WMsgKRpc04BBF1
  ncalrpc: WMsgKRpc058BE72
  ncalrpc: WMsgKRpc0A496437114

c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
  version: v1.0
  annotation: Impl friendly name
  provider: sysntfy.dll
  ncalrpc: LRPC-1980823b2d694046a2
  ncacn_np: \\10_104_140_63\PIPE\srvsvc
  ncacn_ip_tcp: 10.104.140.63:49154
  ncacn_np: \\10_104_140_63\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE56BFE95B551C4D528715606E7FC0
  ncalrpc: IUserProfile2
  ncalrpc: senssvc
  ncalrpc: OLE56BFE95B551C4D528715606E7FC0
  ncalrpc: IUserProfile2
  ncalrpc: IUserProfile2
  ncalrpc: IUserProfile2

3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
  version: v1.0
  annotation: DHCPv6 Client LRPC Endpoint
  provider: dhcpcsvc6.dll
  ncalrpc: dhcpcsvc6
  ncalrpc: dhcpcsvc
  ncacn_ip_tcp: 10.104.140.63:49153
  ncacn_np: \\10_104_140_63\pipe\eventlog
  ncalrpc: eventlog

3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
  version: v1.0
  annotation: DHCP Client LRPC Endpoint
  provider: dhcpcsvc.dll
  ncalrpc: dhcpcsvc
  ncacn_ip_tcp: 10.104.140.63:49153
  ncacn_np: \\10_104_140_63\pipe\eventlog
  ncalrpc: eventlog

30adc50c-5cbc-46ce-9a0e-91914789e23c
  version: v1.0
  annotation: NRP server endpoint
  provider: nrpsrv.dll
  ncacn_ip_tcp: 10.104.140.63:49153
  ncacn_np: \\10_104_140_63\pipe\eventlog
  ncalrpc: eventlog

f6beaff7-1e19-4fbb-9f8f-b89e2018337c
  version: v1.0
  annotation: Event log TCPIP
  protocol: [MS-EVEN6]: EventLog Remoting Protocol
  provider: wevtsvc.dll
  ncacn_ip_tcp: 10.104.140.63:49153
  ncacn_np: \\10_104_140_63\pipe\eventlog
  ncalrpc: eventlog

30b044a5-a225-43f0-b3a4-e060df91f9c1
  version: v1.0
  provider: certprop.dll
  ncacn_np: \\10_104_140_63\PIPE\srvsvc
  ncacn_ip_tcp: 10.104.140.63:49154
  ncacn_np: \\10_104_140_63\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE56BFE95B551C4D528715606E7FC0
  ncalrpc: IUserProfile2

98716d03-89ac-44c7-bb8c-285824e51c4a
  version: v1.0
  annotation: XactSrv service
  provider: srvsvc.dll
  ncacn_ip_tcp: 10.104.140.63:49154
  ncacn_np: \\10_104_140_63\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE56BFE95B551C4D528715606E7FC0
  ncalrpc: IUserProfile2

552d076a-cb29-4e44-8b6a-d15e59e2c0af
  version: v1.0
  annotation: IP Transition Configuration endpoint
  provider: iphlpsvc.dll
  ncacn_ip_tcp: 10.104.140.63:49154
  ncacn_np: \\10_104_140_63\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE56BFE95B551C4D528715606E7FC0
  ncalrpc: IUserProfile2

a398e520-d59a-4bdd-aa7a-3c1e0303a511
  version: v1.0
  annotation: IKE/Authip API
  provider: IKEEXT.DLL
  ncacn_ip_tcp: 10.104.140.63:49154
  ncacn_np: \\10_104_140_63\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE56BFE95B551C4D528715606E7FC0
  ncalrpc: IUserProfile2

86d35949-83c9-4044-b424-db363231fd0c
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: schedsvc.dll
  ncacn_ip_tcp: 10.104.140.63:49154
  ncacn_np: \\10_104_140_63\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE56BFE95B551C4D528715606E7FC0
  ncalrpc: IUserProfile2

378e52b0-c0a9-11cf-822d-00aa0051e40f
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: taskcomp.dll
  ncacn_np: \\10_104_140_63\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE56BFE95B551C4D528715606E7FC0
  ncalrpc: IUserProfile2

1ff70682-0a51-30e8-076d-740be8cee98b
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: taskcomp.dll
  ncacn_np: \\10_104_140_63\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE56BFE95B551C4D528715606E7FC0
  ncalrpc: IUserProfile2

0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
  version: v1.0
  provider: schedsvc.dll
  ncalrpc: senssvc
  ncalrpc: OLE56BFE95B551C4D528715606E7FC0
  ncalrpc: IUserProfile2

2eb08e3e-639f-4fba-97b1-14f878961076
  version: v1.0
  provider: gpsvc.dll
  ncalrpc: IUserProfile2

24019106-a203-4642-b88d-82dae9158929
  version: v1.0
  provider: authui.dll
  ncalrpc: LRPC-2ffc7d746e06fe6534

3473dd4d-2e88-4006-9cba-22570909dd10
  version: v5.256
  annotation: WinHttp Auto-Proxy Service
  ncacn_np: \\10_104_140_63\PIPE\W32TIME_ALT
  ncalrpc: W32TIME_ALT
  ncalrpc: LRPC-01936ecb494dcb30d4
  ncalrpc: OLEF04CB7870143433FA2E43444937E

7ea70bcf-48af-4f6a-8968-6a440754d5fa
  version: v1.0
  annotation: NSI server endpoint
  provider: nsisvc.dll
  ncalrpc: LRPC-01936ecb494dcb30d4
  ncalrpc: OLEF04CB7870143433FA2E43444937E

2fb92682-6599-42dc-ae13-bd2ca89bd11c
  version: v1.0
  annotation: Fw APIs
  provider: MPSSVC.dll
  ncalrpc: LRPC-9ebb690f0b31a32f36

7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
  version: v1.0
  annotation: Fw APIs
  provider: MPSSVC.dll
  ncalrpc: LRPC-9ebb690f0b31a32f36

dd490425-5325-4565-b774-7e27d6c09c24
  version: v1.0
  annotation: Base Firewall Engine API
  provider: BFE.DLL
  ncalrpc: LRPC-9ebb690f0b31a32f36

7f1343fe-50a9-4927-a778-0c5859517bac
  version: v1.0
  annotation: DfsDs service
  ncacn_np: \\10_104_140_63\PIPE\wkssvc
  ncalrpc: DNSResolver

b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86
  version: v1.0
  annotation: KeyIso
  provider: keyiso.dll
  ncacn_ip_tcp: 10.104.140.63:49156
  ncalrpc: samss lpc
  ncalrpc: dsrole
  ncacn_np: \\10_104_140_63\PIPE\protected_storage
  ncalrpc: protected_storage
  ncalrpc: lsasspirpc
  ncalrpc: lsapolicylookup
  ncalrpc: LSARPC_ENDPOINT
  ncalrpc: securityevent
  ncalrpc: audit
  ncalrpc: LRPC-5604fd17af9e9e5f68
  ncacn_np: \\10_104_140_63\pipe\lsass

12345778-1234-abcd-ef00-0123456789ac
  version: v1.0
  protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
  provider: samsrv.dll
  ncacn_ip_tcp: 10.104.140.63:49156
  ncalrpc: samss lpc
  ncalrpc: dsrole
  ncacn_np: \\10_104_140_63\PIPE\protected_storage
  ncalrpc: protected_storage
  ncalrpc: lsasspirpc
  ncalrpc: lsapolicylookup
  ncalrpc: LSARPC_ENDPOINT
  ncalrpc: securityevent
  ncalrpc: audit
  ncalrpc: LRPC-5604fd17af9e9e5f68
  ncacn_np: \\10_104_140_63\pipe\lsass

12345678-1234-abcd-ef00-0123456789ab
  version: v1.0
  annotation: IPSec Policy agent endpoint
  protocol: [MS-RPRN]: Print System Remote Protocol
  provider: spoolsv.exe
  ncalrpc: LRPC-e29bd0ed96ab5b4bff

367abb81-9844-35f1-ad32-98f038001003
  version: v2.0
  protocol: [MS-SCMR]: Service Control Manager Remote Protocol
  provider: services.exe
  ncacn_ip_tcp: 10.104.140.63:49166

906b0ce0-c70b-1067-b317-00dd010662da
  version: v1.0
  protocol: [MS-CMPO]: MSDTC Connection Manager:
  provider: msdtcprx.dll
  ncalrpc: LRPC-653e583d97137ae9c7
  ncalrpc: LRPC-653e583d97137ae9c7
  ncalrpc: LRPC-653e583d97137ae9c7
  ncalrpc: LRPC-653e583d97137ae9c7

12e65dd8-887f-41ef-91bf-8d816c42c2e7
  version: v1.0
  annotation: Secure Desktop LRPC interface
  provider: winlogon.exe
  ncalrpc: WMsgKRpc058BE72
  ncalrpc: WMsgKRpc0A496437114

699746161 | 2024-04-26T02:39:05.273524

443 / tcp

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 26 Apr 2024 02:39:05 GMT
Content-Type: text/html
Content-Length: 1527
Last-Modified: Fri, 22 Mar 2024 09:57:40 GMT
Connection: keep-alive
ETag: "65fd5614-5f7"
Accept-Ranges: bytes

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            9c:12:15:5b:af:11:eb:c8:9a:68:b0:d0:05:98:b5:a4
        Signature Algorithm: sha384WithRSAEncryption
        Issuer: C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia RSA DV TLS CA G2
        Validity
            Not Before: Mar 12 00:00:00 2024 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=51hiwork.honasoft.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e4:86:3e:72:da:14:fa:ad:64:bb:90:3c:98:cf:
                    60:0b:94:49:59:36:59:18:2b:13:86:0e:88:93:df:
                    a3:f7:1c:f3:56:b1:e0:f7:fc:36:45:9b:6a:a7:a4:
                    de:dd:41:ea:fb:3d:a9:7f:aa:a1:80:5d:82:6f:e9:
                    c9:4c:89:29:c8:4e:b5:89:5c:ab:50:9c:49:d4:d2:
                    01:09:24:d5:25:15:79:c0:6f:ed:b5:48:f8:fe:f1:
                    25:a2:34:fb:61:2a:56:d9:45:90:6a:56:b7:65:52:
                    a3:74:73:34:6a:74:47:09:63:93:6b:b1:f6:3c:1a:
                    af:7c:25:9b:f4:92:ca:d5:64:75:20:55:54:1d:c6:
                    76:f0:43:7e:4a:4e:8c:2f:8b:30:be:57:67:1f:87:
                    95:f3:51:a8:3d:58:ed:9f:b8:82:5d:29:fe:e7:7b:
                    5e:cb:43:ab:0e:b7:68:cc:a5:0d:58:4f:0f:04:0f:
                    0a:11:ef:e2:05:ad:5c:e5:c7:ae:51:86:73:33:0e:
                    44:1a:e6:54:b1:fe:dd:ef:8e:2d:14:29:4e:84:ab:
                    63:f9:4e:f7:10:3f:7d:ea:11:9f:00:aa:77:7c:ee:
                    0c:01:18:4a:07:fc:50:52:49:4f:d5:45:d9:3e:eb:
                    61:42:10:82:bc:3b:75:c5:17:08:9d:0a:fd:60:57:
                    b1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                5F:3A:7C:11:10:7E:0C:67:71:61:DC:8B:A3:B5:00:03:67:F5:57:1C
            X509v3 Subject Key Identifier: 
                A9:35:B4:51:1E:9D:31:64:95:A6:E6:C3:1F:27:AF:8E:A3:35:E6:3B
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.2.49
                  CPS: https://sectigo.com/CPS
                Policy: 2.23.140.1.2.1
            Authority Information Access: 
                CA Issuers - URI:http://crt.trust-provider.cn/TrustAsiaRSADVTLSCAG2.crt
                OCSP - URI:http://ocsp.trust-provider.cn
            X509v3 Subject Alternative Name: 
                DNS:51hiwork.honasoft.com
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
                                1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
                    Timestamp : Mar 12 06:41:55.885 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:FA:35:03:61:BE:B7:E6:A1:C3:4B:CF:
                                5C:4B:79:0B:3A:50:32:B0:EB:9C:1E:71:17:58:32:68:
                                80:E0:EF:C6:60:02:20:23:8E:D2:CF:19:4F:FC:90:7A:
                                6A:7B:E5:C4:6E:61:3D:06:7D:54:CF:5D:13:B9:20:D7:
                                B7:DF:C3:5C:31:87:9F
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
                                D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
                    Timestamp : Mar 12 06:41:55.822 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:A4:DB:70:77:67:3F:33:F5:08:25:34:
                                73:BB:43:48:22:1F:E0:DA:C8:DB:72:55:73:ED:B7:75:
                                AA:5D:14:43:39:02:21:00:FF:EA:F0:25:B1:4F:C9:EA:
                                35:67:29:C9:03:12:22:F6:EF:07:1D:B4:8C:12:B6:32:
                                1E:B2:10:9F:14:34:7A:51
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
                                1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
                    Timestamp : Mar 12 06:41:55.792 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:03:40:74:7D:32:A0:F7:1C:CC:A5:5D:94:
                                71:AD:11:8D:C3:D8:43:2E:AA:78:5B:6C:B1:99:30:41:
                                47:A8:C3:01:02:20:53:38:A9:19:4C:F3:BD:1B:18:4E:
                                E2:97:B3:48:E8:E3:0E:6C:2F:72:4C:CC:A0:FC:32:A2:
                                EF:9F:C1:9A:0C:25
    Signature Algorithm: sha384WithRSAEncryption
    Signature Value:
        86:ec:3a:da:36:38:d0:18:7d:b8:0d:34:05:d5:7c:01:86:7f:
        ed:5c:12:75:38:af:56:3c:c9:6f:b9:f8:7d:41:b4:cd:6f:91:
        9d:33:f1:78:c4:ca:7d:cf:46:b0:8f:e8:aa:8b:66:83:8a:d6:
        17:34:73:9c:90:d9:03:14:9a:b7:6b:3b:3b:56:d5:bb:2a:10:
        e6:7e:bb:f4:71:9c:58:7d:ba:94:af:b5:0e:d4:2f:8b:d8:0f:
        08:31:f9:98:94:f2:2d:b5:54:b4:ec:c6:7f:ae:11:91:e9:43:
        05:45:8b:0d:97:48:e6:02:6c:10:fd:4a:72:b8:04:32:a0:cf:
        6c:ca:a7:f0:32:a6:15:78:ad:22:35:00:6e:b6:bd:35:09:55:
        ec:b5:27:39:d7:b1:94:77:a2:5a:10:24:4c:c6:91:44:3d:2d:
        e5:81:43:8b:b9:81:7e:b2:17:f5:6f:a6:70:70:1b:91:41:45:
        43:7c:b9:c4:4e:78:00:37:6c:e4:d5:fd:ea:83:32:27:49:11:
        ac:f3:0f:0f:db:74:1e:ac:d3:37:12:90:b8:e8:a6:2a:bf:bd:
        a8:71:20:f9:0b:43:7e:5c:8a:09:0d:e6:fa:b0:8b:c5:03:c2:
        28:7f:be:a0:78:e3:1c:7a:e7:9d:b9:b4:3a:9e:59:fe:76:d4:
        ea:9e:ba:b3:e6:fb:a5:43:8c:71:e2:d3:ac:38:8b:a7:e0:3f:
        06:49:dd:32:03:33:91:78:f9:fd:75:e5:0a:ff:ee:6f:ad:00:
        e4:0c:38:96:5b:27:e1:28:20:f6:a0:d0:d7:77:27:37:ac:2e:
        69:e9:40:2c:df:fa:63:1e:09:d5:8c:43:e5:97:ce:57:f6:db:
        2d:fc:12:3c:da:1f:6b:f2:4c:cb:e9:4b:ab:6f:f0:d6:a5:bc:
        67:71:a6:6e:89:d8:32:8a:e5:4f:04:ab:94:fd:c1:8a:99:70:
        95:f2:15:46:f5:20:1a:2d:d3:03:1c:08:10:80:74:6b:c4:46:
        36:31:71:a4:04:34

209134657 | 2024-04-28T18:16:55.736163

3306 / tcp

MySQL:
  Protocol Version: 10
  Version: 5.6.39
  Capabilities: 63487
  Server Language: 45
  Server Status: 2
  Extended Server Capabilities: 32895
  Authentication Plugin: mysql_native_password

1304021496 | 2024-04-27T12:09:42.540118

3389 / tcp

Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00

119.29.38.124

Last Seen: 2024-04-28

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

772258679 | 2024-04-27T22:21:44.033520
80 / tcp

nginx1.20.1

-664455378 | 2024-04-08T07:05:30.270770
135 / tcp

Microsoft RPC Endpoint Mapper

699746161 | 2024-04-26T02:39:05.273524
443 / tcp

nginx1.20.1

209134657 | 2024-04-28T18:16:55.736163
3306 / tcp

MySQL5.6.39

1304021496 | 2024-04-27T12:09:42.540118
3389 / tcp

Remote Desktop Protocol

Products

Pricing

Contact Us

119.29.38.124

Last Seen: 2024-04-28

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

772258679 | 2024-04-27T22:21:44.033520 80 / tcp

nginx1.20.1

-664455378 | 2024-04-08T07:05:30.270770 135 / tcp

Microsoft RPC Endpoint Mapper

699746161 | 2024-04-26T02:39:05.273524 443 / tcp

nginx1.20.1

209134657 | 2024-04-28T18:16:55.736163 3306 / tcp

MySQL5.6.39

1304021496 | 2024-04-27T12:09:42.540118 3389 / tcp

Remote Desktop Protocol

Products

Pricing

Contact Us

772258679 | 2024-04-27T22:21:44.033520
80 / tcp

-664455378 | 2024-04-08T07:05:30.270770
135 / tcp

699746161 | 2024-04-26T02:39:05.273524
443 / tcp

209134657 | 2024-04-28T18:16:55.736163
3306 / tcp

1304021496 | 2024-04-27T12:09:42.540118
3389 / tcp