GeneralInformation

Hostnames	wuyengclowlt.hosted.co.za
Domains	hosted.co.za
Country	South Africa
City	Johannesburg
Organization	Afrihost Cloud
ISP	Afrihost (Pty) Ltd
ASN	AS37611
Operating System	Windows

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2010-3972	10.0Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2010-2730	9.3Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."
CVE-2010-1899	4.3Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

OpenPorts

80 135 445 3389 5000

1308444598 | 2024-04-18T12:54:14.400168

80 / tcp

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 18 Apr 2024 12:54:58 GMT
Content-Length: 0

-526403761 | 2024-04-17T05:07:10.397246

135 / tcp

Microsoft RPC Endpoint Mapper

d95afe70-a6d5-4259-822e-2c84da1ddb0d
  version: v1.0
  protocol: [MS-RSP]: Remote Shutdown Protocol
  provider: wininit.exe
  ncacn_ip_tcp: 154.0.175.198:49152
  ncalrpc: WindowsShutdown
  ncacn_np: \\KPASTUDENTACCOM\PIPE\InitShutdown
  ncalrpc: WMsgKRpc09EDE0

76f226c3-ec14-4325-8a99-6a46348418af
  version: v1.0
  provider: winlogon.exe
  ncalrpc: WindowsShutdown
  ncacn_np: \\KPASTUDENTACCOM\PIPE\InitShutdown
  ncalrpc: WMsgKRpc09EDE0
  ncalrpc: WMsgKRpc09EF61
  ncalrpc: WMsgKRpc673ABA5C63

c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
  version: v1.0
  annotation: Impl friendly name
  provider: sysntfy.dll
  ncalrpc: LRPC-49636e7f7a9e63ba77
  ncacn_np: \\KPASTUDENTACCOM\PIPE\srvsvc
  ncacn_ip_tcp: 154.0.175.198:49154
  ncacn_np: \\KPASTUDENTACCOM\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2
  ncalrpc: IUserProfile2

3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
  version: v1.0
  annotation: DHCPv6 Client LRPC Endpoint
  provider: dhcpcsvc6.dll
  ncalrpc: dhcpcsvc6
  ncalrpc: dhcpcsvc
  ncacn_ip_tcp: 154.0.175.198:49153
  ncacn_np: \\KPASTUDENTACCOM\pipe\eventlog
  ncalrpc: eventlog

3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
  version: v1.0
  annotation: DHCP Client LRPC Endpoint
  provider: dhcpcsvc.dll
  ncalrpc: dhcpcsvc
  ncacn_ip_tcp: 154.0.175.198:49153
  ncacn_np: \\KPASTUDENTACCOM\pipe\eventlog
  ncalrpc: eventlog

30adc50c-5cbc-46ce-9a0e-91914789e23c
  version: v1.0
  annotation: NRP server endpoint
  provider: nrpsrv.dll
  ncacn_ip_tcp: 154.0.175.198:49153
  ncacn_np: \\KPASTUDENTACCOM\pipe\eventlog
  ncalrpc: eventlog

f6beaff7-1e19-4fbb-9f8f-b89e2018337c
  version: v1.0
  annotation: Event log TCPIP
  protocol: [MS-EVEN6]: EventLog Remoting Protocol
  provider: wevtsvc.dll
  ncacn_ip_tcp: 154.0.175.198:49153
  ncacn_np: \\KPASTUDENTACCOM\pipe\eventlog
  ncalrpc: eventlog

8c7daf44-b6dc-11d1-9a4c-0020af6e7c57
  version: v1.0
  provider: appmgmts.dll
  ncalrpc: SECLOGON
  ncacn_np: \\KPASTUDENTACCOM\PIPE\srvsvc
  ncacn_ip_tcp: 154.0.175.198:49154
  ncacn_np: \\KPASTUDENTACCOM\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2

30b044a5-a225-43f0-b3a4-e060df91f9c1
  version: v1.0
  provider: certprop.dll
  ncacn_np: \\KPASTUDENTACCOM\PIPE\srvsvc
  ncacn_ip_tcp: 154.0.175.198:49154
  ncacn_np: \\KPASTUDENTACCOM\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2

98716d03-89ac-44c7-bb8c-285824e51c4a
  version: v1.0
  annotation: XactSrv service
  provider: srvsvc.dll
  ncacn_ip_tcp: 154.0.175.198:49154
  ncacn_np: \\KPASTUDENTACCOM\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2

552d076a-cb29-4e44-8b6a-d15e59e2c0af
  version: v1.0
  annotation: IP Transition Configuration endpoint
  provider: iphlpsvc.dll
  ncacn_ip_tcp: 154.0.175.198:49154
  ncacn_np: \\KPASTUDENTACCOM\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2

a398e520-d59a-4bdd-aa7a-3c1e0303a511
  version: v1.0
  annotation: IKE/Authip API
  provider: IKEEXT.DLL
  ncacn_ip_tcp: 154.0.175.198:49154
  ncacn_np: \\KPASTUDENTACCOM\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2

86d35949-83c9-4044-b424-db363231fd0c
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: schedsvc.dll
  ncacn_ip_tcp: 154.0.175.198:49154
  ncacn_np: \\KPASTUDENTACCOM\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2

378e52b0-c0a9-11cf-822d-00aa0051e40f
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: taskcomp.dll
  ncacn_np: \\KPASTUDENTACCOM\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2

1ff70682-0a51-30e8-076d-740be8cee98b
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: taskcomp.dll
  ncacn_np: \\KPASTUDENTACCOM\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2

0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
  version: v1.0
  provider: schedsvc.dll
  ncalrpc: senssvc
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2

2eb08e3e-639f-4fba-97b1-14f878961076
  version: v1.0
  provider: gpsvc.dll
  ncalrpc: OLEB1EB02A4DC5A4339A4EB1465024A
  ncalrpc: IUserProfile2

3473dd4d-2e88-4006-9cba-22570909dd10
  version: v5.256
  annotation: WinHttp Auto-Proxy Service
  ncacn_np: \\KPASTUDENTACCOM\PIPE\W32TIME_ALT
  ncalrpc: W32TIME_ALT
  ncalrpc: LRPC-b41455df7fcc573d4a
  ncalrpc: OLE44191B009D4940D7838F77A9FCBB

7ea70bcf-48af-4f6a-8968-6a440754d5fa
  version: v1.0
  annotation: NSI server endpoint
  provider: nsisvc.dll
  ncalrpc: LRPC-b41455df7fcc573d4a
  ncalrpc: OLE44191B009D4940D7838F77A9FCBB

24019106-a203-4642-b88d-82dae9158929
  version: v1.0
  provider: authui.dll
  ncalrpc: LRPC-4b0004c3ce910bd08c

2fb92682-6599-42dc-ae13-bd2ca89bd11c
  version: v1.0
  annotation: Fw APIs
  provider: MPSSVC.dll
  ncalrpc: LRPC-e80ad67a948aa8cf9e

7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
  version: v1.0
  annotation: Fw APIs
  provider: MPSSVC.dll
  ncalrpc: LRPC-e80ad67a948aa8cf9e

dd490425-5325-4565-b774-7e27d6c09c24
  version: v1.0
  annotation: Base Firewall Engine API
  provider: BFE.DLL
  ncalrpc: LRPC-e80ad67a948aa8cf9e

7f1343fe-50a9-4927-a778-0c5859517bac
  version: v1.0
  annotation: DfsDs service
  ncacn_np: \\KPASTUDENTACCOM\PIPE\wkssvc
  ncalrpc: DNSResolver

76f03f96-cdfd-44fc-a22c-64950a001209
  version: v1.0
  annotation: Spooler function endpoint
  protocol: [MS-PAR]: Print System Asynchronous Remote Protocol
  provider: spoolsv.exe
  ncacn_ip_tcp: 154.0.175.198:49168
  ncacn_np: \\KPASTUDENTACCOM\pipe\spoolss
  ncalrpc: OLE5ED8947A97334390B07983F95D05
  ncalrpc: spoolss

4a452661-8290-4b36-8fbe-7f4093a94978
  version: v1.0
  annotation: Spooler function endpoint
  provider: spoolsv.exe
  ncalrpc: spoolss

ae33069b-a2a8-46ee-a235-ddfd339be281
  version: v1.0
  annotation: Spooler base remote object endpoint
  protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
  provider: spoolsv.exe
  ncacn_ip_tcp: 154.0.175.198:49168
  ncacn_np: \\KPASTUDENTACCOM\pipe\spoolss
  ncalrpc: OLE5ED8947A97334390B07983F95D05
  ncalrpc: spoolss

0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
  version: v1.0
  annotation: Spooler function endpoint
  protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
  provider: spoolsv.exe
  ncacn_ip_tcp: 154.0.175.198:49168
  ncacn_np: \\KPASTUDENTACCOM\pipe\spoolss
  ncalrpc: OLE5ED8947A97334390B07983F95D05
  ncalrpc: spoolss

f763c91c-2ab1-47fa-868f-7de7efd42194
  version: v1.0
  annotation: VM Allow-List Provider RPC
  ncalrpc: RdvVmAllowListRpc
  ncalrpc: OLEA35B911068354D32A0A4D91FC17C

12345778-1234-abcd-ef00-0123456789ac
  version: v1.0
  protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
  provider: samsrv.dll
  ncacn_ip_tcp: 154.0.175.198:49156
  ncalrpc: samss lpc
  ncalrpc: dsrole
  ncacn_np: \\KPASTUDENTACCOM\PIPE\protected_storage
  ncalrpc: protected_storage
  ncalrpc: lsasspirpc
  ncalrpc: lsapolicylookup
  ncalrpc: LSARPC_ENDPOINT
  ncalrpc: securityevent
  ncalrpc: audit
  ncalrpc: LRPC-3dcd0cfd2a00dccfe8
  ncacn_np: \\KPASTUDENTACCOM\pipe\lsass

12d4b7c8-77d5-11d1-8c24-00c04fa3080d
  version: v1.0
  provider: lserver.dll
  ncacn_ip_tcp: 154.0.175.198:49157
  ncacn_np: \\KPASTUDENTACCOM\pipe\HydraLsPipe
  ncalrpc: LRPC-8fb10c2d657ab65fa1

3d267954-eeb7-11d1-b94e-00c04fa3080d
  version: v1.0
  provider: lserver.dll
  ncacn_ip_tcp: 154.0.175.198:49157
  ncacn_np: \\KPASTUDENTACCOM\pipe\HydraLsPipe
  ncalrpc: LRPC-8fb10c2d657ab65fa1

76209fe5-9049-4336-ba84-632d907cb154
  version: v1.0
  annotation: Interprocess Logon Service
  ncalrpc: ReportingServices$MSRS11.SQLEXPRESS2012
  ncalrpc: OLEFD8FAA57505647AF966514F93EF5

367abb81-9844-35f1-ad32-98f038001003
  version: v2.0
  protocol: [MS-SCMR]: Service Control Manager Remote Protocol
  provider: services.exe
  ncacn_ip_tcp: 154.0.175.198:49164

12345678-1234-abcd-ef00-0123456789ab
  version: v1.0
  annotation: IPSec Policy agent endpoint
  protocol: [MS-RPRN]: Print System Remote Protocol
  provider: spoolsv.exe
  ncalrpc: LRPC-4775f3b59cb4bd2c58
  ncacn_ip_tcp: 154.0.175.198:49167

6b5bdd1e-528c-422c-af8c-a4079be4fe48
  version: v1.0
  annotation: Remote Fw APIs
  protocol: [MS-FASP]: Firewall and Advanced Security Protocol
  provider: FwRemoteSvr.dll
  ncacn_ip_tcp: 154.0.175.198:49167

906b0ce0-c70b-1067-b317-00dd010662da
  version: v1.0
  protocol: [MS-CMPO]: MSDTC Connection Manager:
  provider: msdtcprx.dll
  ncalrpc: LRPC-3839941966b88bac8b
  ncalrpc: LRPC-3839941966b88bac8b
  ncalrpc: LRPC-3839941966b88bac8b
  ncalrpc: LRPC-3839941966b88bac8b

12e65dd8-887f-41ef-91bf-8d816c42c2e7
  version: v1.0
  annotation: Secure Desktop LRPC interface
  provider: winlogon.exe
  ncalrpc: WMsgKRpc673ABA5C63

-1416432610 | 2024-04-01T01:05:04.605172

445 / tcp

SMB Status:
  Authentication: disabled
  SMB Version: 1
  OS: Windows Server 2008 R2 Standard 7601 Service Pack 1
  Software: Windows Server 2008 R2 Standard 6.1
  Capabilities: extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, lwio, nt-find, nt-smb, nt-status, rpc-remote-api, unicode

Shares
Name                 Type       Comments
------------------------------------------------------------------------
ADMIN$               Disk       Remote Admin
C$                   Disk       Default share
IPC$                 IPC        Remote IPC
Koop Krag RECONS     Disk
KPA Admin Klientediens & Operations Disk
KPA Dokumente        Disk
Kyocera ECOSYS M3550idn KX Printer    Kyocera ECOSYS M3550idn KX
print$               Disk       Printer Drivers
Users                Disk
WhatsApp             Disk

-1643451135 | 2024-04-16T14:13:11.012829

3389 / tcp

Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
  OS: Windows 7/Windows Server 2008 R2
  OS Build: 6.1.7601
  Target Name: KPASTUDENTACCOM
  NetBIOS Domain Name: KPASTUDENTACCOM
  NetBIOS Computer Name: KPASTUDENTACCOM
  DNS Domain Name: kpastudentaccom
  FQDN: kpastudentaccom

4 Windows Server-2008rz
Standard

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:3d:8b:6a:06:32:be:b9:4f:20:a3:24:01:b8:1b:12
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=kpastudentaccom
        Validity
            Not Before: Feb 19 11:00:07 2024 GMT
            Not After : Aug 20 11:00:07 2024 GMT
        Subject: CN=kpastudentaccom
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:f4:13:8e:f2:2f:be:02:95:29:cc:eb:f2:1b:bd:
                    36:7f:8c:05:57:7e:0a:c6:22:a1:8e:78:5d:42:4d:
                    ea:f2:8f:1d:e9:ec:59:27:86:22:0c:69:c9:41:1c:
                    80:d2:fe:41:3d:5b:fb:d0:9f:e1:75:9d:c1:a3:15:
                    c9:42:11:45:68:74:93:b1:0e:3a:22:31:51:67:d1:
                    f5:64:51:4c:a2:cd:ed:7f:94:67:9b:ad:25:77:b3:
                    ab:ac:d8:f7:5f:6b:3c:d3:b5:17:01:e8:92:c5:ab:
                    1c:d5:43:d9:73:13:e4:2d:6d:c9:bf:22:b8:73:9b:
                    76:0e:b1:31:be:df:04:9e:94:c2:48:16:e0:65:2c:
                    41:4e:4e:7c:5b:05:f7:ea:36:ef:f5:0b:50:5f:30:
                    51:4f:52:fb:4b:d2:9c:5f:a1:97:55:f3:69:2d:69:
                    e3:00:f9:f7:42:50:f7:0d:d3:69:e0:83:27:ed:92:
                    53:ff:78:69:45:a5:c7:67:c7:10:4f:40:11:ad:60:
                    35:eb:6e:7d:98:e7:64:b3:c0:ec:f3:28:b4:d3:38:
                    d1:6d:37:18:3b:96:4a:2e:b3:f8:a6:2e:d0:82:df:
                    cb:f9:65:23:58:20:23:38:2f:e7:cf:62:dc:d7:2c:
                    2a:bc:7f:32:54:ce:5c:7b:f3:e3:08:46:bc:d1:54:
                    bb:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Key Usage: 
                Key Encipherment, Data Encipherment
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        41:e2:9c:25:53:34:a7:15:9a:5c:c4:24:4d:7c:e3:28:51:60:
        a9:29:b6:99:59:3a:b4:a2:c2:0f:31:c3:f0:e4:b4:0a:60:10:
        9d:5a:2c:3c:40:fe:90:b3:e1:c9:18:b7:63:c4:1d:46:78:9a:
        11:fc:bd:ad:da:dd:a0:95:01:50:b4:74:0d:c1:11:f0:cd:84:
        63:d0:45:6f:36:2e:bd:8a:78:9d:70:40:88:2a:21:fc:20:00:
        24:d4:55:50:cf:6d:b2:f9:7c:4f:42:cc:8e:b9:fc:e9:a2:d1:
        a5:6b:e0:18:43:4f:1b:2c:5e:d0:58:da:e6:70:2a:c8:a2:58:
        c3:3d:07:06:2e:9e:8a:b2:85:28:29:f9:45:7d:3a:03:18:f9:
        ef:51:d3:94:6d:34:3a:d8:ea:c7:6b:d3:fc:03:31:97:b0:cc:
        0d:09:e7:34:a5:cb:df:4e:23:6f:b5:23:d4:c5:d3:54:f2:34:
        02:73:77:9f:69:f6:0d:96:b4:3d:7d:ad:06:8a:ab:17:cb:cf:
        c4:df:21:45:83:a2:e8:e8:4d:03:0d:73:17:4a:98:61:64:c1:
        fc:f2:38:ce:42:2a:1e:90:00:7d:3e:db:08:91:4d:9b:12:35:
        64:83:f7:7b:cc:11:98:99:c0:15:3b:87:e4:7b:95:e4:23:73:
        33:f6:68:5a

1489525118 | 2024-04-17T17:37:53.650113

5000 / tcp

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 17 Apr 2024 17:38:23 GMT
Connection: close
Content-Length: 315

154.0.175.198

Last Seen: 2024-04-18

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

1308444598 | 2024-04-18T12:54:14.400168
80 / tcp

Microsoft IIS httpd7.5

-526403761 | 2024-04-17T05:07:10.397246
135 / tcp

Microsoft RPC Endpoint Mapper

-1416432610 | 2024-04-01T01:05:04.605172
445 / tcp

-1643451135 | 2024-04-16T14:13:11.012829
3389 / tcp

Remote Desktop Protocol

1489525118 | 2024-04-17T17:37:53.650113
5000 / tcp

Microsoft HTTPAPI httpd2.0

Products

Pricing

Contact Us

154.0.175.198

Last Seen: 2024-04-18

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

1308444598 | 2024-04-18T12:54:14.400168 80 / tcp

Microsoft IIS httpd7.5

-526403761 | 2024-04-17T05:07:10.397246 135 / tcp

Microsoft RPC Endpoint Mapper

-1416432610 | 2024-04-01T01:05:04.605172 445 / tcp

-1643451135 | 2024-04-16T14:13:11.012829 3389 / tcp

Remote Desktop Protocol

1489525118 | 2024-04-17T17:37:53.650113 5000 / tcp

Microsoft HTTPAPI httpd2.0

Products

Pricing

Contact Us

1308444598 | 2024-04-18T12:54:14.400168
80 / tcp

-526403761 | 2024-04-17T05:07:10.397246
135 / tcp

-1416432610 | 2024-04-01T01:05:04.605172
445 / tcp

-1643451135 | 2024-04-16T14:13:11.012829
3389 / tcp

1489525118 | 2024-04-17T17:37:53.650113
5000 / tcp