GeneralInformation

Hostnames	registration.baa.org www.registration.baa.org
Domains	baa.org
Country	United States
City	Marlborough
Organization	Pristine Infotech
ISP	Iron Mountain Data Center
ASN	AS12025
Operating System	Windows

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2009-4445	6.0Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
CVE-2009-4444	6.0Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.
CVE-2009-2521	5.0Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
CVE-2009-1535	7.5The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
CVE-2008-1446	9.0Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
CVE-2005-2089	4.3Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

OpenPorts

21 80 443

-370734890 | 2024-04-23T14:41:58.938154

21 / tcp

220 Microsoft FTP Service
530 User cannot log in.
214-The following commands are recognized (* ==>'s unimplemented).
    ABOR 
    ACCT 
    ADAT *
    ALLO 
    APPE 
    AUTH 
    CCC 
    CDUP 
    CWD 
    DELE 
    ENC *
    EPRT 
    EPSV 
    FEAT 
    HELP 
    HOST 
    LANG 
    LIST 
    MDTM 
    MIC *
    MKD 
    MODE 
    NLST 
    NOOP 
    OPTS 
    PASS 
    PASV 
    PBSZ 
    PORT 
    PROT 
    PWD 
    QUIT 
    REIN 
    REST 
    RETR 
    RMD 
    RNFR 
    RNTO 
    SITE 
    SIZE 
    SMNT 
    STAT 
    STOR 
    STOU 
    STRU 
    SYST 
    TYPE 
    USER 
    XCUP 
    XCWD 
    XMKD 
    XPWD 
    XRMD 
214 HELP command successful.
211-Extended features supported:
 LANG EN*
 UTF8
 AUTH TLS;TLS-C;SSL;TLS-P;
 PBSZ
 PROT C;P;
 CCC
 HOST
 SIZE
 MDTM
 REST STREAM
211 END

1779021962 | 2024-04-23T08:31:25.319979

80 / tcp

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 23 Apr 2024 08:31:25 GMT
Set-Cookie: BIGipServerBAA_registrationpool=355270922.20480.0000; path=/

1779021962 | 2024-04-23T13:22:44.469796

443 / tcp

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 23 Apr 2024 13:22:44 GMT
Set-Cookie: BIGipServerBAA_registrationpool=355270922.20480.0000; path=/

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ab:3f:0c:63:7e:b4:2c:75:8b:0a:35:6e:93:25:d5:5d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
        Validity
            Not Before: Jul 15 00:00:00 2021 GMT
            Not After : Jul 15 23:59:59 2022 GMT
        Subject: CN=registration.baa.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b4:d7:d5:af:63:5b:6a:a3:99:a1:99:2e:a5:69:
                    ea:fa:95:8b:3c:37:74:fc:0c:d9:81:ec:c5:ba:20:
                    96:39:76:0c:2d:81:ea:e5:e5:c0:f9:8b:36:ce:75:
                    88:b9:a0:c1:aa:ef:c6:f9:61:c6:f0:e3:3a:2b:e8:
                    ac:ef:e3:9f:54:b1:d3:fa:5b:9f:5d:ae:77:ba:26:
                    4a:18:4d:f4:03:26:5c:f9:ff:a8:40:a5:36:d5:ab:
                    7a:57:f1:eb:82:53:04:ac:3a:0b:37:eb:ce:86:90:
                    3f:ee:2c:30:8a:76:21:f5:eb:2d:32:43:03:43:eb:
                    7b:27:c9:40:b5:9e:1e:70:e2:7a:62:ae:ef:e7:80:
                    53:ce:ed:2b:13:d7:4a:21:a7:64:55:24:07:2c:3b:
                    3d:77:f7:e0:b1:99:9e:6d:11:8e:bd:70:4f:b4:ef:
                    d3:af:8d:7d:f0:81:25:41:1b:f5:7f:e5:c9:5a:40:
                    de:e0:f2:b4:7c:b1:18:1f:df:e3:bb:1c:18:a2:f4:
                    94:65:1b:fd:a2:ad:f8:1d:f7:2a:16:c6:85:3c:dd:
                    87:72:29:9d:cd:8b:5d:e3:e8:df:9e:66:bc:6a:95:
                    d8:22:71:80:c4:84:e6:98:de:82:b1:b4:9b:0d:79:
                    42:4a:08:17:33:e8:73:b8:3e:92:f4:ef:b3:75:84:
                    09:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
            X509v3 Subject Key Identifier: 
                CD:8A:84:83:11:61:47:01:47:C3:B1:FB:4A:29:B8:43:9E:49:23:4C
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.2.7
                  CPS: https://sectigo.com/CPS
                Policy: 2.23.140.1.2.1
            Authority Information Access: 
                CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
                OCSP - URI:http://ocsp.sectigo.com
            X509v3 Subject Alternative Name: 
                DNS:registration.baa.org, DNS:www.registration.baa.org
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:
                                11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
                    Timestamp : Jul 15 15:34:37.356 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:9E:48:E8:BE:7E:3A:4C:07:10:8A:C7:
                                AA:CD:59:B6:CD:5A:08:25:CB:97:B4:E6:83:8E:65:32:
                                C4:14:12:F0:C8:02:21:00:E7:B4:8F:81:66:70:82:C5:
                                24:BF:3A:EA:90:22:C5:70:AB:73:45:54:C5:3E:16:13:
                                70:CC:E9:ED:42:07:F7:AC
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
                                4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
                    Timestamp : Jul 15 15:34:37.296 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:82:81:03:FB:9C:90:7A:22:9C:0E:D3:
                                42:54:5C:57:0B:12:22:B3:4A:17:77:D5:C5:06:01:3C:
                                48:9D:CF:CC:DC:02:21:00:B5:7A:6A:3C:45:9B:B0:CB:
                                39:4B:B3:C6:52:09:54:0D:7C:8B:42:EC:44:E7:06:D2:
                                67:D9:2F:77:C6:B4:7A:FE
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
                                BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
                    Timestamp : Jul 15 15:34:37.253 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:C8:F0:92:F3:E9:B8:E0:D6:C8:EC:BC:
                                64:C3:7E:BE:9A:52:2A:4E:6D:FD:44:BC:1F:11:5E:2A:
                                5B:3B:7F:DD:D4:02:20:0D:58:96:5A:A5:4A:BF:DD:C4:
                                74:A9:9D:42:C6:87:85:70:33:D3:7F:BF:2D:29:8B:F4:
                                7E:CA:DB:CE:0C:DB:1B
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        6d:1f:97:5a:f3:cf:5e:58:f6:b8:68:94:3c:ef:e5:ba:cf:91:
        47:69:72:b0:2b:5c:25:fb:76:58:4a:ea:42:a3:fd:37:c8:73:
        9d:a8:99:b2:a5:09:d3:e9:e3:2a:9e:ad:d1:11:64:74:57:e6:
        c8:05:8c:c6:4c:1e:88:bc:96:db:e8:f5:68:36:85:13:60:49:
        d9:21:93:96:35:9e:f9:67:5a:cd:8e:2c:a4:73:1e:ed:e4:73:
        39:5e:4b:59:3e:95:a3:b9:97:30:f6:25:e2:cd:d6:c4:d6:da:
        aa:01:f1:cd:85:d9:d9:39:a8:9d:17:3b:48:2f:ef:fd:1c:4e:
        5e:45:2d:1c:51:f4:f3:60:a6:af:e3:23:9b:9e:63:d6:16:64:
        30:90:98:26:48:7c:1b:d8:43:b1:11:7e:9f:6b:a2:2b:02:14:
        4b:82:ca:12:1b:2a:4d:72:77:63:6c:0d:ad:05:4d:9b:c1:28:
        95:89:83:d9:20:20:aa:f5:2b:a4:6e:df:f9:3a:42:ec:3a:41:
        2e:85:54:7f:66:6b:d4:92:37:06:05:8b:d2:11:db:9f:b0:5c:
        13:7f:23:ec:e5:58:5a:15:98:09:a8:48:e2:08:f8:12:42:cc:
        cb:a6:b2:66:23:f2:7f:d9:9e:fd:f7:cd:b3:20:49:66:a3:cb:
        1f:af:c8:a2

205.235.84.212

Last Seen: 2024-04-23

GeneralInformation

Vulnerabilities

OpenPorts

-370734890 | 2024-04-23T14:41:58.938154
21 / tcp

Microsoft ftpd

1779021962 | 2024-04-23T08:31:25.319979
80 / tcp

Microsoft IIS httpd6.0

1779021962 | 2024-04-23T13:22:44.469796
443 / tcp

Microsoft IIS httpd6.0

Products

Pricing

Contact Us

205.235.84.212

Last Seen: 2024-04-23

GeneralInformation

Vulnerabilities

OpenPorts

-370734890 | 2024-04-23T14:41:58.938154 21 / tcp

Microsoft ftpd

1779021962 | 2024-04-23T08:31:25.319979 80 / tcp

Microsoft IIS httpd6.0

1779021962 | 2024-04-23T13:22:44.469796 443 / tcp

Microsoft IIS httpd6.0

Products

Pricing

Contact Us

-370734890 | 2024-04-23T14:41:58.938154
21 / tcp

1779021962 | 2024-04-23T08:31:25.319979
80 / tcp

1779021962 | 2024-04-23T13:22:44.469796
443 / tcp