GeneralInformation

Hostnames

shog3509n881244h5.1688.com
laoken.en.alibaba.com

Domains

1688.com alibaba.com

Country

China

City

Beijing

Organization

China Unicom Beijing province network

ISP

China Unicom Beijing Province Network

ASN

AS4808

WebTechnologies

IaaS

Alibaba Cloud Object Storage Service

OpenPorts

13 15 19 20 23 37 70 79 80 102 179 195 443 503 541 548 636 666 811 873 993 995 1080 1099 1200 1400 1414 1443 1515 1604 1800 1981 1989 2000 2008 2080 2081 2083 2087 2121 2154 2222 2332 2376 2404 2628 2761 2762 3001 3062 3076 3083 3256 3260 3269 3310 3389 3551 3790 4000 4022 4063 4150 4157 4282 4321 4369 4433 4500 4899 5001 5006 5010 5172 5201 5235 5269 5432 5435 5858 5938 5986 6001 6379 6561 6633 6667 6697 7415 7434 7548 7634 8200 8333 8505 8545 8554 8575 8598 8865 8889 9002 9042 9063 9160 9184 9203 9209 9306 9333 9376 9418 9633 9734 9761 9876 9943 9999 10051 10134 10250 10443 10554 11000 11300 11481 12164 12260 12318 12345 12410 12443 12539 14147 14344 17000 18080 18245 18443 18553 19200 20000 20087 20547 21259 21307 21379 22067 22222 22705 24245 25001 25565 26656 27015 27016 27017 27036 28015 28017 30009 30222 30301 30303 30522 30722 30922 31022 31222 31622 31722 31822 31922 32400 32422 32722 32764 33338 37777 38333 41794 47808 48899 49152 50000 50050 50070 50100 51106 51235 51443 52869 54444 55350 55442 55553 55554 60129 61616 63257 63260 64738

13 / tcp

-1770051369 | 2025-04-23T18:11:38.907302

421 too many connections

15 / tcp

-358801646 | 2025-03-25T16:46:47.363999

SSH-2.0-OpenSSH_6.6.1

19 / tcp

829384519 | 2025-04-12T15:11:41.476792

 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV

20 / tcp

-345718689 | 2025-04-05T22:00:06.813355

Vty password is not set.

23 / tcp

-23362551 | 2025-04-22T07:09:30.355783

\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18

37 / tcp

-1624690781 | 2025-03-28T17:10:08.018159

\\xe9X6\\xef

70 / tcp

-1385078233 | 2025-03-26T12:47:50.370461

HTTP/1.1 404 
Content-Type: text/html;charset=utf-8
Content-Language: zh-CN

79 / tcp

268196945 | 2025-04-23T16:00:48.699734

AB\x01

80 / tcp

-1523605528 | 2025-04-12T09:35:05.947164

Hashes

hash

-1884535631

http.dom_hash

1799269922

http.html_hash

-1523605528

http.server_hash

-498774968

HTTP/1.1 403 Forbidden
Server: AliyunOSS
Date: Sat, 12 Apr 2025 09:35:05 GMT
Content-Type: application/xml
Content-Length: 347
Connection: keep-alive
x-oss-request-id: 67FA33C9940B69383583C2A1
x-oss-server-time: 1
x-oss-ec: 0003-00001201

102 / tcp

1911457608 | 2025-04-12T22:09:39.591197

\x00[\x00\x00\x00\x00\x00\x00

179 / tcp

-399606100 | 2025-04-14T21:32:22.247514

BGP Message\nType: 3\nMajor error Code: 6\nMinor error Code: 5\n

195 / tcp

1492413928 | 2025-04-01T18:49:26.684119

SSH-2.0-OpenSSH_7.5

Vulnerabilities

443 / tcp

1638645179 | 2025-03-26T08:50:22.843094

Hashes

hash

485652145

http.dom_hash

196608935

http.html_hash

1638645179

http.server_hash

-498774968

http.title_hash

-1391280995

400 The plain HTTP request was sent to HTTPS port

HTTP/1.1 400 Bad Request
Server: AliyunOSS
Date: Wed, 26 Mar 2025 08:50:22 GMT
Content-Type: text/html
Content-Length: 327
Connection: close

503 / tcp

-832380282 | 2025-04-24T12:48:15.646790

lpd [@Boyk]: Print-services are not available to your host (aF2qXkQ2m).\n

541 / tcp

-1299118573 | 2025-04-17T08:46:58.330775

\\x16\\x03\\x01\\x01[\\x01\\x00\\x01W\\x03\\x03\\x89\\xb7a\\xcdh\\xff\\xe7x~\\xc0Z\\x92\\x1f\\xf0\\xd8\xe3\x9f\xb2;\\x92\\x06\\xf9\\xef\\xc7L\\xfa\\x16&#{)` \\xf6k\\x80\\xe6Ylt\\xe8\x0bF\\xa9&?\\xb9!\\xe7\\x93^l\\xb3\\xbe\\x15\\xb1\\xa3n\\x00\\xce\\xde\xcf\x822h\\x002\\x13\\x02\\x13\\x03\\x13\\x01\\x009\\x005\\x00k\\x00=\\xc

548 / tcp

155249582 | 2025-04-03T16:03:50.888829

Fast Copy: Yes\nExtended Sleep: Yes\nUUIDs: Yes\nUTF8 Server Name: Yes\nDirectory Services: Yes\nReconnect: No\nServer Notifications: Yes\nTCP/IP: Yes\nServer Signature: Yes\nServer Message: No\nPassword Saving Prohibited: No\nPassword Changing: No\nCopy File: Yes\nServer Name: NGU\nMachine Type: \rNetatalk3.1.8\nAFP Versions: AFP2.2, AFPX03, AFP3.1, AFP3.2, AFP3.3, AFP3.4\nUAMs: Cleartxt Passwrd\\x04,DHX2\t,DHCAST128\\x00\nServer Signature: 00000000008002000180030002800280

636 / tcp

1650594030 | 2025-04-19T18:47:11.984076

HTTP/1.1 400 Bad Request
Content-Type: text/html
Cache-Control: no-cache, no-store
Connection: close
X-Iinfo: 4-30654152-0 0NNN RT(1705911965960 176) q(-1 -1 -1 -1) r(0 -1) b1

666 / tcp

1300162323 | 2025-04-10T00:20:14.959231

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff

811 / tcp

15018106 | 2025-04-08T20:12:32.660522

\x00\x19\x02\x00\x02\x00\x07\x00Protocol version mismatch\x00

873 / tcp

-976882525 | 2025-04-21T16:57:22.877211

HTTP/1.1 400 Bad Request
Server: nginx/1.23.1
Content-Type: text/html
Connection: close

993 / tcp

-2096652808 | 2025-04-16T19:11:08.107225

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

995 / tcp

934210070 | 2025-04-12T14:46:55.719854

+OK mail.dupre.idv.tw IceWarp 11.2.1.2 x64 POP3 Mon, 22 Jan 2024 12:43:35 +0800 <20240122124334@mail.dupre.idv.tw>\r\n

1080 / tcp

1362344524 | 2025-04-06T13:36:49.538459

SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.7

1099 / tcp

-1399940268 | 2025-04-06T05:58:24.290898

kjnkjabhbanc283ubcsbhdc72\x00\x00\x00\x02

1200 / tcp

-1399940268 | 2025-04-15T08:32:36.791747

kjnkjabhbanc283ubcsbhdc72\x00\x00\x00\x02

1400 / tcp

0 | 2025-03-29T02:22:55.844370

Hashes

hash

-119996482

http.dom_hash

http.html_hash

HTTP/1.1 408 Request Timeout
Content-Length: 0

1414 / tcp

575925250 | 2025-04-22T16:34:39.984652

AMQP:\ncluster_name:rabbit@rabbitmq-0.rabbitmq-headless.rabbitmq.svc.cluster.local\ncopyright:Copyright (c) 2007-2021 VMware, Inc. or its affiliates.\ninformation:Licensed under the MPL 2.0. Website: https://rabbitmq.com\nplatform:Erlang/OTP 24.1\nproduct:RabbitMQ\nversion:3.9.7\nCapabilities:\npublisher_confirms:true\nexchange_exchange_bindings:true\nbasic.nack:true\nconsumer_cancel_notify:true\nconnection.blocked:true\nconsumer_priorities:true\nauthentication_failure_close:true\nper_consumer_qos:true\ndirect_reply_to:tru

1443 / tcp

-1715152554 | 2025-03-26T08:50:19.965623

Hashes

hash

-2023587190

http.dom_hash

1239617585

http.html_hash

-1715152554

http.server_hash

1727046647

http.title_hash

-1828380909

302 Found

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.22.1
Date: Wed, 26 Mar 2025 08:50:19 GMT
Content-Type: text/html
Content-Length: 145
Connection: close
Location: https://123.125.18.101:443/

1515 / tcp

-1733645023 | 2025-04-16T11:37:22.653821

SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10

1604 / tcp

2087396567 | 2025-04-09T11:19:31.361728

kjnkjabhbanc283ubcsbhdc72

1800 / tcp

321971019 | 2025-04-18T14:48:02.396314

-ERR client ip is not in whitelist\r

1981 / tcp

1911457608 | 2025-04-05T08:17:51.729219

\x00[\x00\x00\x00\x00\x00\x00

1989 / tcp

-1399940268 | 2025-03-27T23:20:40.084016

kjnkjabhbanc283ubcsbhdc72\x00\x00\x00\x02

2000 / tcp

-1032713145 | 2025-03-28T07:55:17.375688

\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x04\x08\x00\x00\x00\n0\x00\x00\x00\x0e\xc3\xbf\xc3\xb1

2008 / tcp

2087396567 | 2025-04-16T09:29:00.453673

kjnkjabhbanc283ubcsbhdc72

2080 / tcp

410249975 | 2025-04-11T18:44:17.858431

LNS READY<>

2081 / tcp

-136006866 | 2025-04-11T14:27:44.118845

STAT pid 1660\nSTAT uptime 28884\nSTAT time 1641290377\nSTAT version 1.2.1\nSTAT pointer_size 32\nSTAT curr_items 14\nSTAT total_items 3533\nSTAT bytes 30524\nSTAT curr_connections 1\nSTAT total_connections 3542\nSTAT connection_structures 3\nSTAT cmd_get 3533\nSTAT cmd_set 3533\nSTAT get_hits 3519\nSTAT get_misses 14\nSTAT bytes_read 7927780\nSTAT bytes_written 7848552\nSTAT limit_maxbytes 67108864\nEND

2083 / tcp

-1990350878 | 2025-03-29T09:59:37.476755

 
04 \...

2087 / tcp

1463575827 | 2025-04-19T21:40:42.244237

[ÈÝS

2121 / tcp

141730637 | 2025-04-16T21:20:43.094300

HTTP/1.0 200 OK
Server: Proxy

2154 / tcp

398077695 | 2025-04-24T07:50:00.477613

2222 / tcp

372433470 | 2025-04-15T00:04:11.893666

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm=""

2332 / tcp

-1839934832 | 2025-04-01T04:31:20.571208

HTTP/1.0 408 Request Time-out
Cache-Control: no-cache
D
Connection: close
Content-Type: text/html

...

2376 / tcp

2087396567 | 2025-04-02T11:33:40.907017

kjnkjabhbanc283ubcsbhdc72

2404 / tcp

-1888448627 | 2025-04-16T20:44:32.366904

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

2628 / tcp

819727972 | 2025-04-16T02:45:08.536316

SSH-2.0-OpenSSH_7.4

Vulnerabilities

2761 / tcp

-2096652808 | 2025-04-12T06:31:30.221950

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

2762 / tcp

-1279886438 | 2025-03-26T17:25:20.695362

GET / HTTP/1.0 : USERID : UNIX : TKUXZmP\r\n : USERID : UNIX : Cr8\r\n

3001 / tcp

-138733098 | 2025-04-19T23:35:10.339055

roku: ready

3062 / tcp

-358801646 | 2025-04-15T03:29:02.869575

SSH-2.0-OpenSSH_6.6.1

3076 / tcp

-1733645023 | 2025-04-06T07:22:09.306266

SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10

3083 / tcp

-1733645023 | 2025-03-29T20:48:49.480096

SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10

3256 / tcp

819727972 | 2025-04-06T10:46:58.300587

SSH-2.0-OpenSSH_7.4

Vulnerabilities

3260 / tcp

-271466677 | 2025-04-15T05:39:46.074646

RIFA\\x00\\x00\\x00\\x00\\x10\\x88\\x81\\x00\\x00\\x00\\x00\\x00\\x00\x0b\\x00\\x05\\x00\\x00\\x00:\\x00HD316\\x00\\x01\\x00

3269 / tcp

-358801646 | 2025-04-18T19:56:41.123837

SSH-2.0-OpenSSH_6.6.1

3310 / tcp

580340387 | 2025-04-12T08:02:33.797148

220 Microsoft FTP Service\n530 User cannot log in.\n214-The following commands are recognized (* ==>\'s unimplemented).\n    ABOR \n    ACCT \n    ADAT *\n    ALLO \n    APPE \n    AUTH \n    CCC \n    CDUP \n    CWD \n    DELE \n    ENC *\n    EPRT \n    EPSV \n    FEAT \n    HELP \n    HOST \n    LANG \n    LIST ...

3389 / tcp

623170236 | 2025-03-26T19:17:16.778476

Remote Desktop Protocol\n\\x03\\x00\\x00\\x13\\x0e\\xd0\\x00\\x00\\x124\\x00\\x02\\x1f\\x08\\x00\\x08\\x00\\x00\\x00\n\nFlag: PROTOCOL_HYBRID_EX\nTarget_Name: PC82139\nProduct_Version: 10.0.19041 Ntlm 15\nOS: Windows 10, Version 2004/Windows Server, Version 2004\nNetBIOS_Domain_Name: PC82139\nNetBIOS_Computer_Name: PC82139\nDNS_Domain_Name: PC82139\nDNS_Computer_Name: PC82139\nSystem_Time: 2024-01-19 08:39:46 +0000 UTC\n\n

3551 / tcp

198844676 | 2025-04-21T04:18:42.463838

HTTP/1.1 404 Not Found
Server: Jetty/9.4.31.v20200723
Content-Type: text/plain; charset=utf-8
Connection: close

3790 / tcp

-407828767 | 2025-04-18T23:17:06.534940

\x00[\xc2\xbc/\xc2\x9f\x7f\x00\x00

4000 / tcp

1123187653 | 2025-04-18T07:53:35.963207

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN

4022 / tcp

819727972 | 2025-04-10T06:44:17.057323

SSH-2.0-OpenSSH_7.4

Vulnerabilities

4063 / tcp

-1990350878 | 2025-04-19T05:25:07.156413

 
04 \...

4150 / tcp

1911457608 | 2025-03-26T13:42:04.018503

\x00[\x00\x00\x00\x00\x00\x00

4157 / tcp

585675468 | 2025-04-22T13:51:58.872458

@
05@ þ...

4282 / tcp

-375604792 | 2025-04-15T18:12:14.345164

220 Microsoft FTP Service

4321 / tcp

-1250504565 | 2025-04-10T03:38:09.003756

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x04\x00\x01\x00\x00\x00\x05\x00\xff\xff\xff\x00\x00\x04\x08\x00\x00\x00\x00\x00\x7f\xff\x00\x00\x00\x00\x08\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01

4369 / tcp

165188539 | 2025-04-24T00:20:01.150992

\x00\x00\x06\x04\x00\x00\x00\x00\x00\x00\x05\x00\x00@\x00

4433 / tcp

2087396567 | 2025-04-16T21:07:48.178230

kjnkjabhbanc283ubcsbhdc72

4500 / tcp

937756010 | 2025-04-05T09:14:39.480314

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x01\x00\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

4899 / tcp

398077695 | 2025-04-22T04:06:32.853929

5001 / tcp

-441419608 | 2025-04-08T09:41:46.404658

SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3

5006 / tcp

2087396567 | 2025-03-25T16:36:53.326070

kjnkjabhbanc283ubcsbhdc72

5010 / tcp

819727972 | 2025-04-23T14:56:57.983301

SSH-2.0-OpenSSH_7.4

Vulnerabilities

5172 / tcp

-1013082686 | 2025-04-02T23:37:13.407427

HTTP/1.1 408 Request Timeout
Content-Length: 0
Co
ntent-Type: text/plain

5201 / tcp

-2089734047 | 2025-04-23T20:29:33.335331

\x02\t\x00\x01\x00\x00\x00\x00\x00\x00

5235 / tcp

-1399940268 | 2025-04-03T16:39:29.258490

kjnkjabhbanc283ubcsbhdc72\x00\x00\x00\x02

5269 / tcp

756886313 | 2025-03-28T11:04:46.449518

HTTP/1.0 200 OK
Connection: close
X-Powered-By: Undertow/1
Server: JBoss-EAP/7
Content-Type: text/html

5432 / tcp

-2096652808 | 2025-04-06T05:06:33.195517

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

5435 / tcp

-2089734047 | 2025-04-02T22:46:24.606638

\x02\t\x00\x01\x00\x00\x00\x00\x00\x00

5858 / tcp

1741579575 | 2025-04-08T20:38:33.985526

5938 / tcp

-2096652808 | 2025-04-24T12:06:31.291524

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

5986 / tcp

-1013082686 | 2025-04-04T15:00:59.864192

HTTP/1.1 408 Request Timeout
Content-Length: 0
Co
ntent-Type: text/plain

6001 / tcp

-1019343788 | 2025-04-08T12:59:13.464534

W!\x00\x00\x00\x00

6379 / tcp

321971019 | 2025-04-16T02:37:38.092487

-ERR client ip is not in whitelist\r

6561 / tcp

1948301213 | 2025-04-04T05:22:51.557061

RFB 003.003
VNC:
  Protocol Version: 3.3

6633 / tcp

639175818 | 2025-04-19T21:28:32.599158

\r\nSurnom.\r\nSorry, that nickname format is invalid.\r\n

6667 / tcp

539065883 | 2025-03-28T17:04:54.074618

6697 / tcp

1911457608 | 2025-04-07T09:30:56.804813

\x00[\x00\x00\x00\x00\x00\x00

7415 / tcp

-1733106930 | 2025-04-21T16:09:47.339509

Mysql Version: 5.6.50-log\nN\n5.6.50-log\x14(\nG5se"tGE\xc3\xbf\xc3\xb7-\x02\x7f\xc2\x80\x15cB^3$Zwh$wM[mysql_native_password

7434 / tcp

-971970408 | 2025-04-10T23:27:02.501811

7548 / tcp

2087396567 | 2025-03-28T23:23:41.400056

kjnkjabhbanc283ubcsbhdc72

7634 / tcp

-971970408 | 2025-04-07T20:12:33.249593

8200 / tcp

1320285193 | 2025-03-29T22:28:45.916680

HTTP/1.1 404 Not Found
Server: CloudWAF
Content-Type: text/html
Connection: keep-alive

8333 / tcp

134472555 | 2025-04-09T12:29:40.058550

K\x02%~)J/\tHjU(IAGENT = (AGENT_VERSION = 2388790170)(RPC_VERSION = 5..722))

8505 / tcp

-1538260461 | 2025-04-17T00:11:26.103233

\x01\x00\x00\x00

8545 / tcp

-971970408 | 2025-04-09T04:54:04.176696

8554 / tcp

1286504516 | 2025-04-22T00:51:48.679383

CP2E Control Console
Connected to Host: gZI

8575 / tcp

745343730 | 2025-04-05T06:06:06.597951

220 smtp.qq.com Esmtp QQ Mail Server

8598 / tcp

1911457608 | 2025-03-31T19:44:25.224033

\x00[\x00\x00\x00\x00\x00\x00

8865 / tcp

-1399940268 | 2025-04-08T22:29:42.593042

kjnkjabhbanc283ubcsbhdc72\x00\x00\x00\x02

8889 / tcp

2087396567 | 2025-04-20T16:07:28.105437

kjnkjabhbanc283ubcsbhdc72

9002 / tcp

819727972 | 2025-04-17T16:17:10.914504

SSH-2.0-OpenSSH_7.4

Vulnerabilities

9042 / tcp

-1681927087 | 2025-04-17T04:06:44.834764

kjnkjabhbanc283ubcsbhdc72

9063 / tcp

-2031152423 | 2025-04-12T19:08:50.565154

SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3

9160 / tcp

307999478 | 2025-03-25T18:39:39.622041

unknown command \r\nunknown command \r\n

9184 / tcp

-1399940268 | 2025-04-18T21:58:44.388564

kjnkjabhbanc283ubcsbhdc72\x00\x00\x00\x02

9203 / tcp

-1399940268 | 2025-04-09T23:21:38.915433

kjnkjabhbanc283ubcsbhdc72\x00\x00\x00\x02

9209 / tcp

1830697416 | 2025-04-15T07:13:04.615304

HTTP/1.0 200 OK
Cache-Control: must-revalidate
Content-Length: 243
Content-Type: application/json
Server: CouchDB/3.2.0 (Erlang OTP/20)
X-Cloudant-Action: cloudantnosqldb.account-meta-info.read
X-Couch-Request-ID: a2da79eef6
X-Content-Type-Options: nosniff
X-Cloudant-Request-Class: unlimited
X-Cloudant-Backend: bm-cc-uk-01
Via: 1.0 lb1.bm-cc-uk-01 (Glum/1.101.1)

9306 / tcp

819727972 | 2025-04-16T23:13:36.634672

SSH-2.0-OpenSSH_7.4

Vulnerabilities

9333 / tcp

-2096652808 | 2025-04-21T14:16:46.778645

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

9376 / tcp

307999478 | 2025-03-29T17:11:03.864377

unknown command \r\nunknown command \r\n

9418 / tcp

1529351907 | 2025-04-21T03:10:08.211582

HTTP/1.1 407 OK
Content-Type: text/plain; charset=utf-8
Connection: keep-alive

please add white ip *.*.*.*

9633 / tcp

1741579575 | 2025-04-18T21:17:49.221110

9734 / tcp

-1099385124 | 2025-04-02T18:12:23.442395

"Magic:ActiveMQ\nVersion:12\n\x00\x00\x01<\x01ActiveMQ\x00\x00\x00\x0c\x01\x00\x00\x01*\x00\x00\x00\x0c\x00\x11TcpNoDelayEnabled\x01\x01\x00\x12SizePrefixDisabled\x01\x00\x00 CacheSize\x05\x00\x00\x04\x00\x00\x0cProviderName \x00\x08ActiveMQ\x00\x11StackTraceEnabled\x01\x01\x00\x0fPlatformDetails \x00\x04Java\x00\x0cCacheEnabled\x01\x01\x00\x14TightEncodingEnabled\x01\x01\x00\x0cMaxFrameSize\x06\x00\x00\x00\x00\x06@\x00\x00\x00\x15MaxInac

9761 / tcp

-2089734047 | 2025-04-22T01:00:56.042052

\x02\t\x00\x01\x00\x00\x00\x00\x00\x00

9876 / tcp

-255236012 | 2025-04-17T02:34:36.182749

HTTP/1.1 302
X-Frame-Options: SAMEORIGIN

9943 / tcp

1712606111 | 2025-03-26T16:10:53.709863

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: text/html
Connection: close
x-ws-request-id: 65ae1282_PSzqstdxyw34_8689-21922

9999 / tcp

1161309183 | 2025-04-05T11:53:15.227949

ProxyServer is ready

10051 / tcp

-653033013 | 2025-04-06T11:11:52.081489

\xc3\xbf\x00\x00\x00\x00\x00\x00\x00\x01\x7f

10134 / tcp

1332894250 | 2025-04-21T03:59:12.831987

\xc3\xbf\xc3\xbb\x01SOYO_SIP VBNQyQSKc settings\r\nPassword:

10250 / tcp

1741579575 | 2025-04-20T02:49:02.705386

10443 / tcp

0 | 2025-04-18T22:15:34.422582

Hashes

hash

233277299

http.dom_hash

http.html_hash

http.server_hash

1673621694

HTTP/1.1 200 OK
Date: Fri, 18 Apr 2025 22:15:34 GMT
Content-Type: application/json
Content-Length: 2092
Connection: keep-alive
Ali-Swift-Global-Savetime: 1745014534
Eagleeye-Traceid: eb25b569495cd98651fb16e15a
Eagleid: eb25b569495cd98651fb16e15a
S_group: tao-session
S_ip: e30b06355263c9b7d2e9b7b6fa16af47
S_status: STATUS_SYS_ERR
S_tag: 554470591776508|661113311^|^^
S_tid: eb25b569495cd98651fb16e15a
S_ucode: CN:CENTER
S_v: 2.1.3.2
Server: Tengine
Strict-Transport-Security: max-age=0
Timing-Allow-Origin: *, *
Location: https://ecs-buy-cn-zhangjiakou.aliyun.com
Ufe-Result: A8
Via: kunlun58.98kunlun8[073,803,646-0,M], kunlun38.kunlun07[068,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-Cachetime: 0
X-Swift-Savetime: Fri, 18 Apr 2025 22:15:34 GMT

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:35:2e:4a:35:dc:34:ed:3b:e8:9c:38
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3
        Validity
            Not Before: Apr 12 23:17:04 2023 GMT
            Not After : May 13 23:11:02 2024 GMT
        Subject: C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alibabacorp.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:5a:d8:7b:d4:f1:dd:49:12:82:ec:77:5d:7c:e4:
                    76:9c:4c:04:23:44:89:ec:ef:cd:4a:8b:15:72:f5:
                    2d:58:86:84:41:2d:47:54:06:ec:40:f1:3d:42:e4:
                    03:7c:49:55:ac:29:9a:db:3d:30:29:ba:93:23:24:
                    18:3e:3e:e2:ea
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                EB:3E:07:A3:E1:1B:8B:BD:B5:1C:00:D6:2C:14:E5:3E:32:B8:48:18
            X509v3 Authority Key Identifier: 
                68:86:B8:7D:7A:D9:6D:49:6B:87:2F:18:8B:15:34:6C:D7:B4:7A:0E
            Authority Information Access: 
                OCSP - URI:http://ocsp2.globalsign.com/gsorganizationvalsha2g3
                CA Issuers - URI:http://secure.globalsign.com/cacert/gsorganizationvalsha2g3.crt
            X509v3 Subject Alternative Name: 
                DNS:*.alibabacorp.com, DNS:*.56.cainiao-inc.com, DNS:*.56.cainiao.com, DNS:*.9game.cn, DNS:*.a.alibaba-inc.com, DNS:*.abs.alibaba-inc.com, DNS:*.acc.alibaba-inc.com, DNS:*.acds.taobao.org, DNS:*.acp.alibaba-inc.com, DNS:*.acs.alibabaplanet.com, DNS:*.addr.cainiao-inc.com, DNS:*.admin.alibaba-inc.com, DNS:*.admin.alitrip.com, DNS:*.admin.cainiao-inc.com, DNS:*.admin.fliggy.com, DNS:shog3509n881244h5.1688.com, DNS:laoken.en.alibaba.com
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.4146.1.20
                Policy: 2.23.140.1.2.2
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.globalsign.com/gsorganizationvalsha2g3.crl
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        1e:89:75:04:69:5a:cc:5f:a0:87:6b:5a:21:a3:3a:e0:ad:5e:
        0f:e6:17:1d:f2:27:19:61:5b:8b:2a:c6:49:99:b8:ad:d5:90:
        ad:ab:c7:5f:08:93:d3:6b:5a:79:be:22:d6:45:94:91:65:96:
        6d:d5:cb:5c:50:42:aa:2e:13:70:19:81:1e:86:36:d9:18:40:
        51:bb:89:12:c7:8e:a0:bf:3a:76:5d:61:39:ba:be:74:38:7b:
        4b:a0:d5:f3:4c:4d:9a:68:1b:40:2f:ee:11:e7:2a:c3:4e:c2:
        10:bd:f1:34:c1:10:16:d8:d7:80:70:77:53:e6:5f:ff:07:ef:
        b3:48:07:ec:df:5b:78:cf:dc:47:f0:a5:94:69:6f:9c:ac:3e:
        18:db:15:b3:96:9d:84:96:70:09:4d:34:82:37:63:53:4a:2c:
        9e:c9:c7:e4:52:02:c8:a3:db:33:a3:36:a4:00:14:32:72:a0:
        4e:00:38:3c:43:99:d9:e7:74:82:1c:cf:99:a6:c2:ac:e9:bf:
        51:86:3e:4f:ba:60:82:4f:29:a1:0f:bd:48:74:a1:7c:2e:d7:
        fc:a5:c0:33:3f:b1:41:00:94:34:13:14:94:29:56:70:b5:85:
        2d:df:02:25:92:69:e0:1b:13:d2:44:b2:78:e7:d1:20:a2:1f:
        a6:51:23:2c

10554 / tcp

2087396567 | 2025-04-17T15:53:29.269511

kjnkjabhbanc283ubcsbhdc72

11000 / tcp

-980525298 | 2025-03-31T07:38:32.440049

\x01\x00\x00\x00\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

11300 / tcp

1723769361 | 2025-04-12T08:12:38.648426

ELM Enterprise Manager _l\r\nCopyright \xc2\xa9 18668511-928641920 TNT Software, Inc.\r\n

11481 / tcp

-1013082686 | 2025-04-12T20:31:33.628918

HTTP/1.1 408 Request Timeout
Content-Length: 0
Co
ntent-Type: text/plain

12164 / tcp

1911457608 | 2025-03-31T11:37:03.002803

\x00[\x00\x00\x00\x00\x00\x00

12260 / tcp

321971019 | 2025-04-21T17:25:29.810933

-ERR client ip is not in whitelist\r

12318 / tcp

-1399940268 | 2025-04-17T19:07:49.894004

kjnkjabhbanc283ubcsbhdc72\x00\x00\x00\x02

12345 / tcp

296364507 | 2025-04-19T04:42:27.264396

HTTP/1.1 500 Internal Server Error
SERVER: Trend Chip UPnP/1.0 DMS
CONNECTION: close
CONTENT-LENGTH: 60
CONTENT-TYPE: text/html

12410 / tcp

819727972 | 2025-04-09T19:45:19.510845

SSH-2.0-OpenSSH_7.4

Vulnerabilities

12443 / tcp

-1399940268 | 2025-04-12T21:33:09.312053

kjnkjabhbanc283ubcsbhdc72\x00\x00\x00\x02

12539 / tcp

921225407 | 2025-04-20T07:27:04.731940

\x00\x00\x00\x04\x00\x00\x00\x00\x00

14147 / tcp

-1327660293 | 2025-04-02T04:01:38.171798

ceph v2\n\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x00\x00\x00\x00

14344 / tcp

-1737707071 | 2025-04-23T00:14:24.412701

\x00b\x00\x01\x00\x00\x00\x00x\x0b\x00\x00\x00\x00z\x00437

17000 / tcp

-1810987450 | 2025-04-03T18:31:19.588803

\xc3\xbf

18080 / tcp

1741579575 | 2025-03-29T01:56:34.180219

18245 / tcp

-2089734047 | 2025-04-15T05:32:28.639863

\x02\t\x00\x01\x00\x00\x00\x00\x00\x00

18443 / tcp

-222277909 | 2025-03-28T20:41:01.342035

0@@

18553 / tcp

-1810987450 | 2025-04-06T21:57:05.316164

\xc3\xbf

19200 / tcp

-2031152423 | 2025-04-04T03:06:51.961849

SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3

20000 / tcp

1900503736 | 2025-03-28T20:44:31.086069

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-HTTPAPI/2.0

20087 / tcp

171352214 | 2025-04-13T00:54:49.671817

-ERR client ip is not in whitelist

20547 / tcp

1975288991 | 2025-04-12T21:11:16.556284

OPTI

21259 / tcp

-2096652808 | 2025-04-23T03:45:12.675529

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

21307 / tcp

-2096652808 | 2025-04-04T21:19:32.680669

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

21379 / tcp

-971970408 | 2025-04-03T11:48:26.177625

22067 / tcp

-1059554316 | 2025-03-27T17:48:11.420148

\xc2\xa5A\x00\x01\x00\x00\x00,\x00\x00\x00\x02\x00\x00\x00L\x00\x00\x00\x08Connect\x00\x00\x00\x00x\x00\x00\x00\x0857222\x00\x00\x00

22222 / tcp

-358801646 | 2025-04-03T09:52:26.861836

SSH-2.0-OpenSSH_6.6.1

22705 / tcp

-358801646 | 2025-04-20T08:34:48.226455

SSH-2.0-OpenSSH_6.6.1

24245 / tcp

2103111368 | 2025-03-26T04:52:21.278699

HTTP/1.0 403 Access denied
Server: tinyproxy/1.8.3
0AContent-Type: text/html
Connection: close

<?...

25001 / tcp

-1399940268 | 2025-04-17T21:50:17.545530

kjnkjabhbanc283ubcsbhdc72\x00\x00\x00\x02

25565 / tcp

-288825733 | 2025-04-12T15:41:43.735082

HTTP/1.1 200 OK
Connection: close
Content-Length: 2619
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
Content-Type: text/html
Server: Jetty(9.4.14.v20181114)
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1

26656 / tcp

539065883 | 2025-03-29T00:03:21.868378

27015 / tcp

1850902677 | 2025-04-12T14:19:11.682056

W!

27016 / tcp

171352214 | 2025-03-29T09:44:40.442849

-ERR client ip is not in whitelist

27017 / tcp

422524323 | 2025-04-12T06:50:48.927310

{
"Version": "3.4.18",
"VersionArray": [
3,
4,
18,
0
],
"GitVersion": "4410706bef6463369ea2f42399e9843903b31923",
"OpenSSLVersion": "",
"SysInfo": "",
"Bits": 64,
"Debug": false,
"MaxObjectSize": 16777216
}

27036 / tcp

2087396567 | 2025-04-03T02:07:23.692104

kjnkjabhbanc283ubcsbhdc72

28015 / tcp

117101543 | 2025-04-09T15:11:00.357409

\x18\x01\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\n0\x0c\x00\x04\x00\x00\x00\x08\x00\n\x00\x00\x00d\x04\x00\x00\xc3\xb8\x00...\n

28017 / tcp

-79865617 | 2025-04-12T02:13:06.807366

( success ( 2 2 ( ) ( edit-pipeline svndiff1 absent-entries com
mit-revprops depth log-revprops partial-replay ) ) )

30009 / tcp

401555314 | 2025-04-01T20:52:35.826380

NB[GFXjA^R

30222 / tcp

-1032713145 | 2025-03-25T15:55:26.063304

\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x04\x08\x00\x00\x00\n0\x00\x00\x00\x0e\xc3\xbf\xc3\xb1

30301 / tcp

1308377066 | 2025-04-09T06:44:26.594267

ncacn_http/1.0

30303 / tcp

2087396567 | 2025-03-31T22:57:15.210172

kjnkjabhbanc283ubcsbhdc72

30522 / tcp

1642597142 | 2025-04-06T05:30:29.208127

\x00y\xc3\x90\x02\xc3\xbf\xc3\xbf\x00s\x12L\x00\x06\x11I\x00\x08\x00N\x11S\x00\xc3\x93

30722 / tcp

398077695 | 2025-04-05T05:26:36.434179

30922 / tcp

291723434 | 2025-04-05T23:05:32.204292

Lantronix MSS100 Version V118/523(045538937)

Type HELP at the 'Local_61349> ' prompt for assistance.



Username>

31022 / tcp

-2096652808 | 2025-04-05T17:38:15.439574

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

31222 / tcp

819727972 | 2025-04-05T08:50:12.852336

SSH-2.0-OpenSSH_7.4

Vulnerabilities

31622 / tcp

-1839934832 | 2025-04-04T15:06:42.114428

HTTP/1.0 408 Request Time-out
Cache-Control: no-cache
D
Connection: close
Content-Type: text/html

...

31722 / tcp

-1626979812 | 2025-04-04T23:51:36.400994

220 Service ready for new user.

31822 / tcp

2087396567 | 2025-04-04T13:23:58.636981

kjnkjabhbanc283ubcsbhdc72

31922 / tcp

410249975 | 2025-04-05T02:17:36.238928

LNS READY<>

32400 / tcp

-2096652808 | 2025-04-12T04:22:46.125689

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

32422 / tcp

104385780 | 2025-04-04T19:58:29.142415

ceph v2

32722 / tcp

-2096652808 | 2025-04-04T10:04:51.585391

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

32764 / tcp

-314039103 | 2025-04-18T11:30:21.764710

Surnom.
Sorry, that nickname format is invalid.

33338 / tcp

722711397 | 2025-04-02T18:08:07.528682

\x00[M\xc3\xba\xc3\x9a\x7f\x00\x00

37777 / tcp

2087396567 | 2025-04-11T09:03:13.341033

kjnkjabhbanc283ubcsbhdc72

38333 / tcp

-358801646 | 2025-04-07T14:21:03.491106

SSH-2.0-OpenSSH_6.6.1

41794 / tcp

819727972 | 2025-04-11T11:47:56.130317

SSH-2.0-OpenSSH_7.4

Vulnerabilities

47808 / tcp

-2096652808 | 2025-03-31T10:46:32.715179

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

48899 / tcp

660175493 | 2025-04-11T06:41:18.828362

49152 / tcp

179092512 | 2025-03-31T20:22:07.380774

HTTP/1.1 500 Internal Server Error
CONTENT-LENGTH: 411
CONTENT-TYPE: text/xml; charset="utf-8"
DATE: Mon, 22 Jan 2024 14:56:01 GMT
EXT:
SERVER: Linux/3.10.0, UPnP/1.0, Portable SDK for UPnP devices/1.6.18
X-User-Agent: redsonic

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<s:Fault>
<faultcode>s:Client</faultcode>
<faultstring>UPnPError</faultstring>
<detail>
<UPnPError xmlns="urn:schemas-upnp-org:control-1-0">

50000 / tcp

671605376 | 2025-04-11T01:31:35.048203

SSH-2.0-OpenSSH_X.X

50050 / tcp

2087396567 | 2025-04-10T23:42:29.346584

kjnkjabhbanc283ubcsbhdc72

50070 / tcp

1492413928 | 2025-04-10T15:48:43.163105

SSH-2.0-OpenSSH_7.5

Vulnerabilities

50100 / tcp

-2031152423 | 2025-04-24T00:40:46.972755

SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3

51106 / tcp

819727972 | 2025-03-29T20:27:28.469225

SSH-2.0-OpenSSH_7.4

Vulnerabilities

51235 / tcp

-1311598826 | 2025-04-01T20:10:17.297548

AMQP:
cluster_name:rabbit@rabbitmq-0.rabbitmq-headless.rabbitmq.svc.cluster.local
copyright:Copyright (c) 2007-2021 VMware, Inc. or its affiliates.
information:Licensed under the MPL 2.0. Website: https://rabbitmq.com
platform:Erlang/OTP 24.1
product:RabbitMQ
version:3.9.7
Capabilities:
publisher_confirms:true
exchange_exchange_bindings:true
basic.nack:true
consumer_cancel_notify:true
connection.blocked:true
consumer_priorities:true
authentication_failure_close:true
per_consumer_qos:true
direct_reply_to:tru

51443 / tcp

1975288991 | 2025-04-07T02:06:12.930703

OPTI

52869 / tcp

-949565575 | 2025-04-10T14:26:53.534600

\x19\x02\x02\x07Protocol version mismatch

54444 / tcp

165188539 | 2025-04-07T23:29:33.157472

\x00\x00\x06\x04\x00\x00\x00\x00\x00\x00\x05\x00\x00@\x00

55350 / tcp

1189133115 | 2025-03-29T16:32:56.978055

SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8

55442 / tcp

-2096652808 | 2025-04-10T01:18:54.173527

\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x7f\xc3\xbf\xc3\xbf\xc3\xbf\x00\n0\x04\x00\x10\x00\x00\x00\x06\x00\x00 \x00\x00\x00\x04\x08\x00\x00\x00...\n

55553 / tcp

1741579575 | 2025-04-10T03:03:43.581911

55554 / tcp

1282941221 | 2025-04-01T10:30:42.089568

HTTP/1.0 500 Internal Server Error
Content-Length: 20
D
Connection: close

Command server error

60129 / tcp

472902042 | 2025-04-07T19:24:16.812678

"Magic:ActiveMQ
Version:12
<ActiveMQ*TcpNoDelayEnabledSizePrefixDisabled CacheSizeProviderName ActiveMQStackTraceEnabledPlatformDetails JavaCacheEnabledTightEncodingEnabledMaxFrameSize@MaxInac

61616 / tcp

1212921144 | 2025-04-07T21:44:14.423668

0@

63257 / tcp

-1428621233 | 2025-04-06T22:12:39.715833

\x00\x00\x18\x04\x00\x00\x00\x00\x00\x00\x04\x00@\x00\x00\x00\x00\n05\x00@\x00\x00\x00\x06\x00\x00 \x00\xc3\xbe\x03\x00\x00\x00\x01\x00\x00...\n

63260 / tcp

2033888749 | 2025-03-28T08:02:56.586959

Content-Type: text/rude-rejection
Content-Length: 24


Access Denied, go away.
Content-Type: text/disconnect-notice
C...

64738 / tcp

2087396567 | 2025-04-09T21:49:49.608678

kjnkjabhbanc283ubcsbhdc72

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2025(1)

CVE-2025-26465

6.8A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

2023(4)

CVE-2023-51767

7.0OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

CVE-2023-51385

6.5In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

CVE-2023-48795

5.9The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

CVE-2023-38408

9.8The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

2021(2)

CVE-2021-41617

7.0sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

CVE-2021-36368

3.7An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed.

2020(2)

CVE-2020-15778

7.8scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

CVE-2020-14145

5.9The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

2019(3)

CVE-2019-6111

5.9An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

CVE-2019-6110

6.8In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

CVE-2019-6109

6.8An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

2018(3)

CVE-2018-20685

5.3In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVE-2018-15919

5.3Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

CVE-2018-15473

5.3OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

2017(1)

CVE-2017-15906

5.3The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

2016(1)

CVE-2016-20012

5.3OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

2008(1)

CVE-2008-3844

9.3Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.

2007(1)

CVE-2007-2768

4.3OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

123.125.18.101

Last Seen: 2025-04-24

Tags:

GeneralInformation

WebTechnologies

OpenPorts

13 / tcp -1770051369 | 2025-04-23T18:11:38.907302

15 / tcp -358801646 | 2025-03-25T16:46:47.363999

19 / tcp 829384519 | 2025-04-12T15:11:41.476792

20 / tcp -345718689 | 2025-04-05T22:00:06.813355

23 / tcp -23362551 | 2025-04-22T07:09:30.355783

37 / tcp -1624690781 | 2025-03-28T17:10:08.018159

70 / tcp -1385078233 | 2025-03-26T12:47:50.370461

79 / tcp 268196945 | 2025-04-23T16:00:48.699734

80 / tcp -1523605528 | 2025-04-12T09:35:05.947164

Hashes

102 / tcp 1911457608 | 2025-04-12T22:09:39.591197

179 / tcp -399606100 | 2025-04-14T21:32:22.247514

195 / tcp 1492413928 | 2025-04-01T18:49:26.684119

443 / tcp 1638645179 | 2025-03-26T08:50:22.843094

Hashes

503 / tcp -832380282 | 2025-04-24T12:48:15.646790

541 / tcp -1299118573 | 2025-04-17T08:46:58.330775

548 / tcp 155249582 | 2025-04-03T16:03:50.888829

636 / tcp 1650594030 | 2025-04-19T18:47:11.984076

666 / tcp 1300162323 | 2025-04-10T00:20:14.959231

811 / tcp 15018106 | 2025-04-08T20:12:32.660522

873 / tcp -976882525 | 2025-04-21T16:57:22.877211

993 / tcp -2096652808 | 2025-04-16T19:11:08.107225

995 / tcp 934210070 | 2025-04-12T14:46:55.719854

1080 / tcp 1362344524 | 2025-04-06T13:36:49.538459

1099 / tcp -1399940268 | 2025-04-06T05:58:24.290898

1200 / tcp -1399940268 | 2025-04-15T08:32:36.791747

1400 / tcp 0 | 2025-03-29T02:22:55.844370

Hashes

1414 / tcp 575925250 | 2025-04-22T16:34:39.984652

1443 / tcp -1715152554 | 2025-03-26T08:50:19.965623

Hashes

1515 / tcp -1733645023 | 2025-04-16T11:37:22.653821

1604 / tcp 2087396567 | 2025-04-09T11:19:31.361728

1800 / tcp 321971019 | 2025-04-18T14:48:02.396314

1981 / tcp 1911457608 | 2025-04-05T08:17:51.729219

1989 / tcp -1399940268 | 2025-03-27T23:20:40.084016

2000 / tcp -1032713145 | 2025-03-28T07:55:17.375688

2008 / tcp 2087396567 | 2025-04-16T09:29:00.453673

2080 / tcp 410249975 | 2025-04-11T18:44:17.858431

2081 / tcp -136006866 | 2025-04-11T14:27:44.118845

2083 / tcp -1990350878 | 2025-03-29T09:59:37.476755

2087 / tcp 1463575827 | 2025-04-19T21:40:42.244237

2121 / tcp 141730637 | 2025-04-16T21:20:43.094300

2154 / tcp 398077695 | 2025-04-24T07:50:00.477613

2222 / tcp 372433470 | 2025-04-15T00:04:11.893666

2332 / tcp -1839934832 | 2025-04-01T04:31:20.571208

2376 / tcp 2087396567 | 2025-04-02T11:33:40.907017

2404 / tcp -1888448627 | 2025-04-16T20:44:32.366904

2628 / tcp 819727972 | 2025-04-16T02:45:08.536316

2761 / tcp -2096652808 | 2025-04-12T06:31:30.221950

2762 / tcp -1279886438 | 2025-03-26T17:25:20.695362

3001 / tcp -138733098 | 2025-04-19T23:35:10.339055

3062 / tcp -358801646 | 2025-04-15T03:29:02.869575

3076 / tcp -1733645023 | 2025-04-06T07:22:09.306266

3083 / tcp -1733645023 | 2025-03-29T20:48:49.480096

3256 / tcp 819727972 | 2025-04-06T10:46:58.300587

3260 / tcp -271466677 | 2025-04-15T05:39:46.074646

3269 / tcp -358801646 | 2025-04-18T19:56:41.123837

3310 / tcp 580340387 | 2025-04-12T08:02:33.797148

3389 / tcp 623170236 | 2025-03-26T19:17:16.778476

3551 / tcp 198844676 | 2025-04-21T04:18:42.463838

3790 / tcp -407828767 | 2025-04-18T23:17:06.534940

4000 / tcp 1123187653 | 2025-04-18T07:53:35.963207

4022 / tcp 819727972 | 2025-04-10T06:44:17.057323

4063 / tcp -1990350878 | 2025-04-19T05:25:07.156413

4150 / tcp 1911457608 | 2025-03-26T13:42:04.018503

4157 / tcp 585675468 | 2025-04-22T13:51:58.872458

4282 / tcp -375604792 | 2025-04-15T18:12:14.345164

4321 / tcp -1250504565 | 2025-04-10T03:38:09.003756

4369 / tcp 165188539 | 2025-04-24T00:20:01.150992

4433 / tcp 2087396567 | 2025-04-16T21:07:48.178230

4500 / tcp 937756010 | 2025-04-05T09:14:39.480314

4899 / tcp 398077695 | 2025-04-22T04:06:32.853929

13 / tcp

-1770051369 | 2025-04-23T18:11:38.907302

15 / tcp

-358801646 | 2025-03-25T16:46:47.363999

19 / tcp

829384519 | 2025-04-12T15:11:41.476792

20 / tcp

-345718689 | 2025-04-05T22:00:06.813355

23 / tcp

-23362551 | 2025-04-22T07:09:30.355783

37 / tcp

-1624690781 | 2025-03-28T17:10:08.018159

70 / tcp

-1385078233 | 2025-03-26T12:47:50.370461

79 / tcp

268196945 | 2025-04-23T16:00:48.699734

80 / tcp

-1523605528 | 2025-04-12T09:35:05.947164

102 / tcp

1911457608 | 2025-04-12T22:09:39.591197

179 / tcp

-399606100 | 2025-04-14T21:32:22.247514

195 / tcp

1492413928 | 2025-04-01T18:49:26.684119

443 / tcp

1638645179 | 2025-03-26T08:50:22.843094

503 / tcp

-832380282 | 2025-04-24T12:48:15.646790

541 / tcp

-1299118573 | 2025-04-17T08:46:58.330775

548 / tcp

155249582 | 2025-04-03T16:03:50.888829

636 / tcp

1650594030 | 2025-04-19T18:47:11.984076

666 / tcp

1300162323 | 2025-04-10T00:20:14.959231

811 / tcp

15018106 | 2025-04-08T20:12:32.660522

873 / tcp

-976882525 | 2025-04-21T16:57:22.877211

993 / tcp

-2096652808 | 2025-04-16T19:11:08.107225

995 / tcp

934210070 | 2025-04-12T14:46:55.719854

1080 / tcp

1362344524 | 2025-04-06T13:36:49.538459

1099 / tcp

-1399940268 | 2025-04-06T05:58:24.290898

1200 / tcp

-1399940268 | 2025-04-15T08:32:36.791747

1400 / tcp

0 | 2025-03-29T02:22:55.844370

1414 / tcp

575925250 | 2025-04-22T16:34:39.984652

1443 / tcp

-1715152554 | 2025-03-26T08:50:19.965623

1515 / tcp

-1733645023 | 2025-04-16T11:37:22.653821

1604 / tcp

2087396567 | 2025-04-09T11:19:31.361728

1800 / tcp

321971019 | 2025-04-18T14:48:02.396314

1981 / tcp

1911457608 | 2025-04-05T08:17:51.729219

1989 / tcp

-1399940268 | 2025-03-27T23:20:40.084016

2000 / tcp

-1032713145 | 2025-03-28T07:55:17.375688

2008 / tcp

2087396567 | 2025-04-16T09:29:00.453673

2080 / tcp

410249975 | 2025-04-11T18:44:17.858431

2081 / tcp

-136006866 | 2025-04-11T14:27:44.118845

2083 / tcp

-1990350878 | 2025-03-29T09:59:37.476755

2087 / tcp

1463575827 | 2025-04-19T21:40:42.244237

2121 / tcp

141730637 | 2025-04-16T21:20:43.094300

2154 / tcp

398077695 | 2025-04-24T07:50:00.477613

2222 / tcp

372433470 | 2025-04-15T00:04:11.893666

2332 / tcp

-1839934832 | 2025-04-01T04:31:20.571208

2376 / tcp

2087396567 | 2025-04-02T11:33:40.907017

2404 / tcp

-1888448627 | 2025-04-16T20:44:32.366904

2628 / tcp

819727972 | 2025-04-16T02:45:08.536316

2761 / tcp

-2096652808 | 2025-04-12T06:31:30.221950

2762 / tcp

-1279886438 | 2025-03-26T17:25:20.695362

3001 / tcp

-138733098 | 2025-04-19T23:35:10.339055

3062 / tcp

-358801646 | 2025-04-15T03:29:02.869575

3076 / tcp

-1733645023 | 2025-04-06T07:22:09.306266

3083 / tcp

-1733645023 | 2025-03-29T20:48:49.480096

3256 / tcp

819727972 | 2025-04-06T10:46:58.300587

3260 / tcp

-271466677 | 2025-04-15T05:39:46.074646

3269 / tcp

-358801646 | 2025-04-18T19:56:41.123837

3310 / tcp

580340387 | 2025-04-12T08:02:33.797148

3389 / tcp

623170236 | 2025-03-26T19:17:16.778476

3551 / tcp

198844676 | 2025-04-21T04:18:42.463838

3790 / tcp

-407828767 | 2025-04-18T23:17:06.534940

4000 / tcp

1123187653 | 2025-04-18T07:53:35.963207

4022 / tcp

819727972 | 2025-04-10T06:44:17.057323

4063 / tcp

-1990350878 | 2025-04-19T05:25:07.156413

4150 / tcp

1911457608 | 2025-03-26T13:42:04.018503

4157 / tcp

585675468 | 2025-04-22T13:51:58.872458

4282 / tcp

-375604792 | 2025-04-15T18:12:14.345164

4321 / tcp

-1250504565 | 2025-04-10T03:38:09.003756

4369 / tcp

165188539 | 2025-04-24T00:20:01.150992

4433 / tcp

2087396567 | 2025-04-16T21:07:48.178230

4500 / tcp

937756010 | 2025-04-05T09:14:39.480314

4899 / tcp

398077695 | 2025-04-22T04:06:32.853929

5001 / tcp

-441419608 | 2025-04-08T09:41:46.404658

5006 / tcp

2087396567 | 2025-03-25T16:36:53.326070

5010 / tcp

819727972 | 2025-04-23T14:56:57.983301

5172 / tcp

-1013082686 | 2025-04-02T23:37:13.407427

5201 / tcp

-2089734047 | 2025-04-23T20:29:33.335331

5235 / tcp

-1399940268 | 2025-04-03T16:39:29.258490

5269 / tcp

756886313 | 2025-03-28T11:04:46.449518

5432 / tcp

-2096652808 | 2025-04-06T05:06:33.195517

5435 / tcp

-2089734047 | 2025-04-02T22:46:24.606638

5858 / tcp

1741579575 | 2025-04-08T20:38:33.985526