GeneralInformation

Country	China
City	Nanjing
Organization	CHINANET jiangsu province network
ISP	CHINANET-BACKBONE
ASN	AS4134
Operating System	Windows Server 2008 R2 (build 6.1.7601)

OpenPorts

135 3389 5986

164556415 | 2024-05-11T09:04:12.875767

135 / tcp

Microsoft RPC Endpoint Mapper

d95afe70-a6d5-4259-822e-2c84da1ddb0d
  version: v1.0
  protocol: [MS-RSP]: Remote Shutdown Protocol
  provider: wininit.exe
  ncacn_ip_tcp: 172.16.100.26:49152
  ncalrpc: WindowsShutdown
  ncacn_np: \\ECS-8140\PIPE\InitShutdown
  ncalrpc: WMsgKRpc04B020

76f226c3-ec14-4325-8a99-6a46348418af
  version: v1.0
  provider: winlogon.exe
  ncalrpc: WindowsShutdown
  ncacn_np: \\ECS-8140\PIPE\InitShutdown
  ncalrpc: WMsgKRpc04B020
  ncalrpc: WMsgKRpc022C892
  ncalrpc: WMsgKRpc0443463

c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
  version: v1.0
  annotation: Impl friendly name
  provider: sysntfy.dll
  ncalrpc: LRPC-0303df9e661f8d1803
  ncacn_np: \\ECS-8140\PIPE\srvsvc
  ncalrpc: senssvc
  ncalrpc: OLE370BEEB985014BB8928F54D23B5E
  ncalrpc: IUserProfile2
  ncalrpc: senssvc
  ncalrpc: OLE370BEEB985014BB8928F54D23B5E
  ncalrpc: IUserProfile2
  ncalrpc: OLE370BEEB985014BB8928F54D23B5E
  ncalrpc: IUserProfile2
  ncalrpc: IUserProfile2

3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
  version: v1.0
  annotation: DHCPv6 Client LRPC Endpoint
  provider: dhcpcsvc6.dll
  ncalrpc: dhcpcsvc6
  ncalrpc: dhcpcsvc
  ncacn_ip_tcp: 172.16.100.26:49153
  ncacn_np: \\ECS-8140\pipe\eventlog
  ncalrpc: eventlog

3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
  version: v1.0
  annotation: DHCP Client LRPC Endpoint
  provider: dhcpcsvc.dll
  ncalrpc: dhcpcsvc
  ncacn_ip_tcp: 172.16.100.26:49153
  ncacn_np: \\ECS-8140\pipe\eventlog
  ncalrpc: eventlog

30adc50c-5cbc-46ce-9a0e-91914789e23c
  version: v1.0
  annotation: NRP server endpoint
  provider: nrpsrv.dll
  ncacn_ip_tcp: 172.16.100.26:49153
  ncacn_np: \\ECS-8140\pipe\eventlog
  ncalrpc: eventlog

f6beaff7-1e19-4fbb-9f8f-b89e2018337c
  version: v1.0
  annotation: Event log TCPIP
  protocol: [MS-EVEN6]: EventLog Remoting Protocol
  provider: wevtsvc.dll
  ncacn_ip_tcp: 172.16.100.26:49153
  ncacn_np: \\ECS-8140\pipe\eventlog
  ncalrpc: eventlog

30b044a5-a225-43f0-b3a4-e060df91f9c1
  version: v1.0
  provider: certprop.dll
  ncacn_np: \\ECS-8140\PIPE\srvsvc
  ncalrpc: senssvc
  ncalrpc: OLE370BEEB985014BB8928F54D23B5E
  ncalrpc: IUserProfile2

98716d03-89ac-44c7-bb8c-285824e51c4a
  version: v1.0
  annotation: XactSrv service
  provider: srvsvc.dll
  ncalrpc: senssvc
  ncalrpc: OLE370BEEB985014BB8928F54D23B5E
  ncalrpc: IUserProfile2

552d076a-cb29-4e44-8b6a-d15e59e2c0af
  version: v1.0
  annotation: IP Transition Configuration endpoint
  provider: iphlpsvc.dll
  ncalrpc: senssvc
  ncalrpc: OLE370BEEB985014BB8928F54D23B5E
  ncalrpc: IUserProfile2

a398e520-d59a-4bdd-aa7a-3c1e0303a511
  version: v1.0
  annotation: IKE/Authip API
  provider: IKEEXT.DLL
  ncalrpc: senssvc
  ncalrpc: OLE370BEEB985014BB8928F54D23B5E
  ncalrpc: IUserProfile2

2eb08e3e-639f-4fba-97b1-14f878961076
  version: v1.0
  provider: gpsvc.dll
  ncalrpc: OLE370BEEB985014BB8928F54D23B5E
  ncalrpc: IUserProfile2

3473dd4d-2e88-4006-9cba-22570909dd10
  version: v5.256
  annotation: WinHttp Auto-Proxy Service
  ncacn_np: \\ECS-8140\PIPE\W32TIME_ALT
  ncalrpc: W32TIME_ALT
  ncalrpc: LRPC-db75e9eab951041585
  ncalrpc: OLEBD4C517AACF9454D82512FFCE315

7ea70bcf-48af-4f6a-8968-6a440754d5fa
  version: v1.0
  annotation: NSI server endpoint
  provider: nsisvc.dll
  ncalrpc: LRPC-db75e9eab951041585
  ncalrpc: OLEBD4C517AACF9454D82512FFCE315

2fb92682-6599-42dc-ae13-bd2ca89bd11c
  version: v1.0
  annotation: Fw APIs
  provider: MPSSVC.dll
  ncalrpc: LRPC-55412434612e2d3cbd

7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
  version: v1.0
  annotation: Fw APIs
  provider: MPSSVC.dll
  ncalrpc: LRPC-55412434612e2d3cbd

dd490425-5325-4565-b774-7e27d6c09c24
  version: v1.0
  annotation: Base Firewall Engine API
  provider: BFE.DLL
  ncalrpc: LRPC-55412434612e2d3cbd

7f1343fe-50a9-4927-a778-0c5859517bac
  version: v1.0
  annotation: DfsDs service
  ncacn_np: \\ECS-8140\PIPE\wkssvc
  ncalrpc: DNSResolver

4a452661-8290-4b36-8fbe-7f4093a94978
  version: v1.0
  annotation: Spooler function endpoint
  provider: spoolsv.exe
  ncalrpc: spoolss

ae33069b-a2a8-46ee-a235-ddfd339be281
  version: v1.0
  annotation: Spooler base remote object endpoint
  protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
  provider: spoolsv.exe
  ncalrpc: spoolss

0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
  version: v1.0
  annotation: Spooler function endpoint
  protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
  provider: spoolsv.exe
  ncalrpc: spoolss

12345678-1234-abcd-ef00-0123456789ab
  version: v1.0
  annotation: IPSec Policy agent endpoint
  protocol: [MS-RPRN]: Print System Remote Protocol
  provider: spoolsv.exe
  ncalrpc: LRPC-721fbaa0ab784fd07c
  ncacn_ip_tcp: 172.16.100.26:49154

6b5bdd1e-528c-422c-af8c-a4079be4fe48
  version: v1.0
  annotation: Remote Fw APIs
  protocol: [MS-FASP]: Firewall and Advanced Security Protocol
  provider: FwRemoteSvr.dll
  ncacn_ip_tcp: 172.16.100.26:49154

12345778-1234-abcd-ef00-0123456789ac
  version: v1.0
  protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
  provider: samsrv.dll
  ncacn_ip_tcp: 172.16.100.26:49174
  ncalrpc: samss lpc
  ncalrpc: dsrole
  ncacn_np: \\ECS-8140\PIPE\protected_storage
  ncalrpc: protected_storage
  ncalrpc: lsasspirpc
  ncalrpc: lsapolicylookup
  ncalrpc: LSARPC_ENDPOINT
  ncalrpc: securityevent
  ncalrpc: audit
  ncalrpc: LRPC-4b8efcf22e7d6b367b
  ncacn_np: \\ECS-8140\pipe\lsass

12e65dd8-887f-41ef-91bf-8d816c42c2e7
  version: v1.0
  annotation: Secure Desktop LRPC interface
  provider: winlogon.exe
  ncalrpc: WMsgKRpc022C892

367abb81-9844-35f1-ad32-98f038001003
  version: v2.0
  protocol: [MS-SCMR]: Service Control Manager Remote Protocol
  provider: services.exe
  ncacn_ip_tcp: 172.16.100.26:49201

906b0ce0-c70b-1067-b317-00dd010662da
  version: v1.0
  protocol: [MS-CMPO]: MSDTC Connection Manager:
  provider: msdtcprx.dll
  ncalrpc: LRPC-76fe486945f0ded71d
  ncalrpc: OLE132E1BD62A3741A4A75C6C6D433E
  ncalrpc: LRPC-c6fb3e4ebcb3ac2561
  ncalrpc: LRPC-c6fb3e4ebcb3ac2561
  ncalrpc: LRPC-c6fb3e4ebcb3ac2561
  ncalrpc: LRPC-c6fb3e4ebcb3ac2561

24019106-a203-4642-b88d-82dae9158929
  version: v1.0
  provider: authui.dll
  ncalrpc: LRPC-14ef57d47737414cff

1783930335 | 2024-04-24T16:50:48.444224

3389 / tcp

Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
  OS: Windows 7/Windows Server 2008 R2
  OS Build: 6.1.7601
  Target Name: ECS-8140
  NetBIOS Domain Name: ECS-8140
  NetBIOS Computer Name: ECS-8140
  DNS Domain Name: ecs-8140
  FQDN: ecs-8140

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:95:07:e9:40:1a:b3:b8:48:2e:e5:41:80:24:f0:9a
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=ecs-8140
        Validity
            Not Before: Jan 27 06:42:12 2024 GMT
            Not After : Jul 28 06:42:12 2024 GMT
        Subject: CN=ecs-8140
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d0:84:ad:5b:42:10:c9:97:31:a7:04:6a:66:50:
                    30:d0:44:7e:3e:67:3e:45:b8:99:d5:5a:4b:b5:b2:
                    54:d4:fb:3a:47:4c:39:3b:9b:9e:20:9f:2c:2d:8d:
                    7f:d4:ab:d4:66:9a:9f:67:31:c7:4b:b4:1b:75:27:
                    b3:ab:d2:48:aa:80:05:7d:3b:cd:8c:eb:bc:86:a8:
                    2a:1b:15:57:c1:1a:14:2d:22:ce:c8:90:3f:b2:bd:
                    8d:ef:84:b7:76:c8:68:97:31:2a:c2:88:58:ca:0e:
                    53:04:80:7f:00:8e:3e:c6:51:d8:f5:58:01:82:71:
                    f5:18:25:fe:e8:16:8d:60:87:25:6d:ce:85:a7:bc:
                    cb:ed:de:bc:61:bf:1d:0c:70:82:db:09:57:5b:cf:
                    ef:4e:5a:a9:f7:9c:58:28:60:47:cf:5c:0e:0a:c9:
                    8c:3c:9f:3e:09:67:d4:ad:30:b3:85:c3:33:66:6e:
                    83:53:35:77:49:dc:cc:86:a5:0f:98:df:6f:de:2b:
                    a0:df:a4:76:4a:e4:e1:54:ee:09:91:03:a4:4e:6a:
                    69:11:89:1b:f0:95:07:e9:31:44:6c:ab:97:a8:b0:
                    78:74:08:3e:55:7b:43:03:d9:1d:49:d6:12:46:3f:
                    ba:1b:b6:a5:3d:82:03:4a:0e:a6:d5:5e:c7:5d:6f:
                    4e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Key Usage: 
                Key Encipherment, Data Encipherment
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        0d:80:48:3a:b9:01:dc:7f:da:68:55:f7:f2:71:55:ff:dd:95:
        c1:c3:be:e8:bb:6d:42:8a:4d:74:03:76:79:15:2e:b2:ca:1f:
        7c:ee:40:6b:ec:d0:df:f9:67:4b:21:1a:63:20:32:cc:68:ca:
        9d:59:bd:3c:93:a1:60:ab:c2:4a:10:57:0c:dc:11:c7:6a:35:
        8f:61:51:bd:d4:3c:48:29:c7:99:f4:1a:28:1e:d6:13:b8:6e:
        1e:45:82:92:c5:ff:1e:e9:37:7e:57:04:df:98:5e:6f:a3:6a:
        6c:a1:5d:37:6e:34:db:f3:2c:2d:9a:30:d8:fb:db:48:20:22:
        e1:b0:59:22:5f:9b:c4:a9:b5:8e:4d:e7:74:94:1b:05:98:61:
        b6:4e:ff:a2:cb:f9:83:c8:e3:79:c1:be:05:52:91:cb:cf:19:
        4a:0b:60:fe:da:bf:05:9c:c3:06:b6:0e:59:10:54:38:a5:39:
        8d:3e:cf:e9:78:76:0e:aa:0e:03:84:14:6c:cd:47:cb:ba:1a:
        04:a1:ce:21:4e:df:44:6e:7e:46:6f:a2:4a:9c:35:3a:62:60:
        1b:c3:55:ae:30:87:db:62:80:8a:3e:0e:a9:0f:76:a5:13:00:
        e0:1f:6a:87:b1:d3:5c:33:74:36:8e:81:f3:a2:8b:50:4a:aa:
        3e:ee:4a:56

1489525118 | 2024-05-13T01:51:29.347320

5986 / tcp

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 13 May 2024 01:50:59 GMT
Connection: close
Content-Length: 315


WinRM NTLM Info:
  OS: Windows Server 2008 R2
  OS Build: 6.1.7601
  Target Name: ECS-8140
  NetBIOS Domain Name: ECS-8140
  NetBIOS Computer Name: ECS-8140
  DNS Domain Name: ecs-8140
  FQDN: ecs-8140

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:ec:64:c8:dd:0d:39:a5:46:d8:b3:a8:ff:ac:ca:50
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=Cloudbase-Init WinRM
        Validity
            Not Before: Nov  4 14:00:51 2019 GMT
            Not After : Nov  2 14:00:51 2029 GMT
        Subject: CN=Cloudbase-Init WinRM
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ae:15:aa:af:54:e4:a7:fa:88:e5:e2:ff:cb:47:
                    95:ab:5a:a0:d3:1d:e2:37:68:ba:7f:95:41:83:eb:
                    88:74:e7:e7:3a:0e:f2:50:15:6d:93:c8:b1:41:5d:
                    6b:66:65:c3:c9:5b:26:b4:1b:a3:7d:28:26:db:f5:
                    64:8e:22:19:be:33:00:49:aa:2b:bb:8c:36:fb:b9:
                    8b:58:89:70:05:96:c5:5e:1a:99:aa:fc:b9:16:33:
                    fc:81:b2:06:f7:52:f8:a7:40:36:3a:e1:60:a2:fe:
                    41:a0:b0:b0:29:5d:3c:de:f2:4a:2b:db:01:40:e5:
                    f4:64:f3:07:49:10:bf:1e:6e:9a:b3:68:6b:0d:65:
                    69:2f:1a:91:36:43:a1:48:94:9e:a9:2d:eb:3d:f5:
                    91:d3:63:5c:55:66:6e:00:4f:5e:ef:4b:9e:17:6b:
                    e6:6c:9c:48:aa:b6:c2:7f:21:92:fc:80:8c:b5:59:
                    c1:2c:11:76:9a:40:81:1d:c7:63:b4:e7:97:c0:f2:
                    86:8e:8a:f6:c7:a3:2e:80:cd:29:19:b0:18:ee:f9:
                    17:47:55:21:80:c6:58:e8:60:44:9c:a3:13:6a:55:
                    d2:af:ac:42:07:c1:f3:4e:6b:05:be:9f:72:5a:54:
                    9b:ef:73:86:8b:a2:07:5d:cf:7f:59:29:fa:e6:da:
                    eb:ab
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        87:fa:71:70:ee:45:0a:e1:c7:cf:70:c9:af:0e:41:ce:52:57:
        f1:e8:d5:9f:1b:de:60:fc:ea:23:cd:32:20:d4:9c:84:90:2b:
        26:c3:fa:ad:eb:86:4e:21:cc:cd:01:4a:b1:74:de:7e:71:2d:
        eb:b4:f7:e6:93:10:b8:41:90:09:f7:c1:68:da:d7:00:bb:3e:
        4d:ee:5d:51:0d:53:7c:58:e7:d4:b0:bf:c0:78:a9:9f:6a:d6:
        94:09:73:08:48:23:1b:50:07:06:32:f3:68:20:06:d8:a5:81:
        e5:25:c7:bb:14:ff:b8:33:9d:4c:e8:1b:59:88:c6:ad:f4:ac:
        2d:1e:1f:ec:d5:91:97:22:8d:2f:b8:09:fc:e9:c5:8f:08:54:
        3f:e6:c3:2a:42:6e:44:63:bf:cb:45:e4:a7:a5:5a:99:76:ae:
        6e:8f:c0:d3:a1:2c:d4:c9:7f:43:ea:64:43:49:30:c4:cf:d1:
        79:c7:ff:38:e1:23:e3:cf:91:bd:eb:84:0f:01:2e:d9:d7:21:
        53:c9:81:45:3a:7e:c5:a1:bc:d8:d1:ad:73:fd:c6:4f:46:00:
        fe:f3:74:31:45:6e:dc:f9:e3:07:38:2e:ec:d0:59:66:37:90:
        79:12:e1:97:ad:39:d3:e9:a1:8c:4c:57:c8:bb:7f:26:66:cb:
        73:ff:35:08

222.93.104.67

Last Seen: 2024-05-13

Tags:

GeneralInformation

OpenPorts

164556415 | 2024-05-11T09:04:12.875767
135 / tcp

Microsoft RPC Endpoint Mapper

1783930335 | 2024-04-24T16:50:48.444224
3389 / tcp

Remote Desktop Protocol

1489525118 | 2024-05-13T01:51:29.347320
5986 / tcp

WinRM

Products

Pricing

Contact Us

222.93.104.67

Last Seen: 2024-05-13

Tags:

GeneralInformation

OpenPorts

164556415 | 2024-05-11T09:04:12.875767 135 / tcp

Microsoft RPC Endpoint Mapper

1783930335 | 2024-04-24T16:50:48.444224 3389 / tcp

Remote Desktop Protocol

1489525118 | 2024-05-13T01:51:29.347320 5986 / tcp

WinRM

Products

Pricing

Contact Us

164556415 | 2024-05-11T09:04:12.875767
135 / tcp

1783930335 | 2024-04-24T16:50:48.444224
3389 / tcp

1489525118 | 2024-05-13T01:51:29.347320
5986 / tcp