GeneralInformation

Country	Hong Kong
City	Kwai Chung
Organization	Asia Pacific Network Information Center, Pty. Ltd.
ISP	High Family Technology Co., Limited
ASN	AS142032
Operating System	Windows Server 2008 R2 Standard 7601 Service Pack 1

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2010(3)

CVE-2010-3972

10Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

CVE-2010-2730

9.3Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

CVE-2010-1899

4.3Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

OpenPorts

80 135 445 999 1433

80 / tcp

-119375469 | 2025-03-25T04:12:08.547996

Hashes

hash

-104955408

http.dom_hash

-1389411298

http.html_hash

-119375469

http.server_hash

-1390970405

http.title_hash

-444403470

IIS7

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sat, 26 Nov 2022 03:10:03 GMT
Accept-Ranges: bytes
ETag: "b2dbe093441d91:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Mar 2025 04:12:10 GMT
Content-Length: 689

Vulnerabilities

135 / tcp

-2040784671 | 2025-03-24T13:21:46.956915

Microsoft RPC Endpoint Mapper

d95afe70-a6d5-4259-822e-2c84da1ddb0d
  version: v1.0
  protocol: [MS-RSP]: Remote Shutdown Protocol
  provider: wininit.exe
  ncacn_ip_tcp: 10.4.87.2:49152
  ncalrpc: WindowsShutdown
  ncacn_np: \\CXYUFZXZY\PIPE\InitShutdown
  ncalrpc: WMsgKRpc0454E0

76f226c3-ec14-4325-8a99-6a46348418af
  version: v1.0
  provider: winlogon.exe
  ncalrpc: WindowsShutdown
  ncacn_np: \\CXYUFZXZY\PIPE\InitShutdown
  ncalrpc: WMsgKRpc0454E0
  ncalrpc: WMsgKRpc048311
  ncalrpc: WMsgKRpc02C42C2

c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
  version: v1.0
  annotation: Impl friendly name
  provider: sysntfy.dll
  ncalrpc: LRPC-abbbaed2f5b840012b
  ncacn_np: \\CXYUFZXZY\PIPE\srvsvc
  ncacn_ip_tcp: 10.4.87.2:49154
  ncacn_np: \\CXYUFZXZY\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE8EC7FB2C9C7546CEB1A38A048E1B
  ncalrpc: IUserProfile2
  ncalrpc: senssvc
  ncalrpc: OLE8EC7FB2C9C7546CEB1A38A048E1B
  ncalrpc: IUserProfile2
  ncalrpc: IUserProfile2
  ncalrpc: IUserProfile2

3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
  version: v1.0
  annotation: DHCPv6 Client LRPC Endpoint
  provider: dhcpcsvc6.dll
  ncalrpc: dhcpcsvc6
  ncalrpc: dhcpcsvc
  ncacn_ip_tcp: 10.4.87.2:49153
  ncacn_np: \\CXYUFZXZY\pipe\eventlog
  ncalrpc: eventlog

3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
  version: v1.0
  annotation: DHCP Client LRPC Endpoint
  provider: dhcpcsvc.dll
  ncalrpc: dhcpcsvc
  ncacn_ip_tcp: 10.4.87.2:49153
  ncacn_np: \\CXYUFZXZY\pipe\eventlog
  ncalrpc: eventlog

30adc50c-5cbc-46ce-9a0e-91914789e23c
  version: v1.0
  annotation: NRP server endpoint
  provider: nrpsrv.dll
  ncacn_ip_tcp: 10.4.87.2:49153
  ncacn_np: \\CXYUFZXZY\pipe\eventlog
  ncalrpc: eventlog

f6beaff7-1e19-4fbb-9f8f-b89e2018337c
  version: v1.0
  annotation: Event log TCPIP
  protocol: [MS-EVEN6]: EventLog Remoting Protocol
  provider: wevtsvc.dll
  ncacn_ip_tcp: 10.4.87.2:49153
  ncacn_np: \\CXYUFZXZY\pipe\eventlog
  ncalrpc: eventlog

30b044a5-a225-43f0-b3a4-e060df91f9c1
  version: v1.0
  provider: certprop.dll
  ncacn_np: \\CXYUFZXZY\PIPE\srvsvc
  ncacn_ip_tcp: 10.4.87.2:49154
  ncacn_np: \\CXYUFZXZY\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE8EC7FB2C9C7546CEB1A38A048E1B
  ncalrpc: IUserProfile2

98716d03-89ac-44c7-bb8c-285824e51c4a
  version: v1.0
  annotation: XactSrv service
  provider: srvsvc.dll
  ncacn_ip_tcp: 10.4.87.2:49154
  ncacn_np: \\CXYUFZXZY\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE8EC7FB2C9C7546CEB1A38A048E1B
  ncalrpc: IUserProfile2

552d076a-cb29-4e44-8b6a-d15e59e2c0af
  version: v1.0
  annotation: IP Transition Configuration endpoint
  provider: iphlpsvc.dll
  ncacn_ip_tcp: 10.4.87.2:49154
  ncacn_np: \\CXYUFZXZY\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE8EC7FB2C9C7546CEB1A38A048E1B
  ncalrpc: IUserProfile2

a398e520-d59a-4bdd-aa7a-3c1e0303a511
  version: v1.0
  annotation: IKE/Authip API
  provider: IKEEXT.DLL
  ncacn_ip_tcp: 10.4.87.2:49154
  ncacn_np: \\CXYUFZXZY\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE8EC7FB2C9C7546CEB1A38A048E1B
  ncalrpc: IUserProfile2

86d35949-83c9-4044-b424-db363231fd0c
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: schedsvc.dll
  ncacn_ip_tcp: 10.4.87.2:49154
  ncacn_np: \\CXYUFZXZY\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE8EC7FB2C9C7546CEB1A38A048E1B
  ncalrpc: IUserProfile2

378e52b0-c0a9-11cf-822d-00aa0051e40f
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: taskcomp.dll
  ncacn_np: \\CXYUFZXZY\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE8EC7FB2C9C7546CEB1A38A048E1B
  ncalrpc: IUserProfile2

1ff70682-0a51-30e8-076d-740be8cee98b
  version: v1.0
  protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
  provider: taskcomp.dll
  ncacn_np: \\CXYUFZXZY\PIPE\atsvc
  ncalrpc: senssvc
  ncalrpc: OLE8EC7FB2C9C7546CEB1A38A048E1B
  ncalrpc: IUserProfile2

0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
  version: v1.0
  provider: schedsvc.dll
  ncalrpc: senssvc
  ncalrpc: OLE8EC7FB2C9C7546CEB1A38A048E1B
  ncalrpc: IUserProfile2

2eb08e3e-639f-4fba-97b1-14f878961076
  version: v1.0
  provider: gpsvc.dll
  ncalrpc: IUserProfile2

3473dd4d-2e88-4006-9cba-22570909dd10
  version: v5.256
  annotation: WinHttp Auto-Proxy Service
  ncacn_np: \\CXYUFZXZY\PIPE\W32TIME_ALT
  ncalrpc: W32TIME_ALT
  ncalrpc: LRPC-36d547b81b668e5e5d
  ncalrpc: OLEE4CB6111E08443AC93ACCAE921EF

7ea70bcf-48af-4f6a-8968-6a440754d5fa
  version: v1.0
  annotation: NSI server endpoint
  provider: nsisvc.dll
  ncalrpc: LRPC-36d547b81b668e5e5d
  ncalrpc: OLEE4CB6111E08443AC93ACCAE921EF

24019106-a203-4642-b88d-82dae9158929
  version: v1.0
  provider: authui.dll
  ncalrpc: LRPC-f919c7b777e4edfd3d

2fb92682-6599-42dc-ae13-bd2ca89bd11c
  version: v1.0
  annotation: Fw APIs
  provider: MPSSVC.dll
  ncalrpc: LRPC-89eb4adb2ac99787a4

7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
  version: v1.0
  annotation: Fw APIs
  provider: MPSSVC.dll
  ncalrpc: LRPC-89eb4adb2ac99787a4

dd490425-5325-4565-b774-7e27d6c09c24
  version: v1.0
  annotation: Base Firewall Engine API
  provider: BFE.DLL
  ncalrpc: LRPC-89eb4adb2ac99787a4

7f1343fe-50a9-4927-a778-0c5859517bac
  version: v1.0
  annotation: DfsDs service
  ncacn_np: \\CXYUFZXZY\PIPE\wkssvc
  ncalrpc: DNSResolver

4a452661-8290-4b36-8fbe-7f4093a94978
  version: v1.0
  annotation: Spooler function endpoint
  provider: spoolsv.exe
  ncalrpc: spoolss

ae33069b-a2a8-46ee-a235-ddfd339be281
  version: v1.0
  annotation: Spooler base remote object endpoint
  protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
  provider: spoolsv.exe
  ncalrpc: spoolss

0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
  version: v1.0
  annotation: Spooler function endpoint
  protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
  provider: spoolsv.exe
  ncalrpc: spoolss

12345778-1234-abcd-ef00-0123456789ac
  version: v1.0
  protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
  provider: samsrv.dll
  ncacn_ip_tcp: 10.4.87.2:49155
  ncalrpc: samss lpc
  ncalrpc: dsrole
  ncacn_np: \\CXYUFZXZY\PIPE\protected_storage
  ncalrpc: protected_storage
  ncalrpc: lsasspirpc
  ncalrpc: lsapolicylookup
  ncalrpc: LSARPC_ENDPOINT
  ncalrpc: securityevent
  ncalrpc: audit
  ncalrpc: LRPC-fa0be4ed4c9fbff8b3
  ncacn_np: \\CXYUFZXZY\pipe\lsass

367abb81-9844-35f1-ad32-98f038001003
  version: v2.0
  protocol: [MS-SCMR]: Service Control Manager Remote Protocol
  provider: services.exe
  ncacn_ip_tcp: 10.4.87.2:49156

12345678-1234-abcd-ef00-0123456789ab
  version: v1.0
  annotation: IPSec Policy agent endpoint
  protocol: [MS-RPRN]: Print System Remote Protocol
  provider: spoolsv.exe
  ncalrpc: LRPC-7d370cff29e4484d34
  ncacn_ip_tcp: 10.4.87.2:49157

6b5bdd1e-528c-422c-af8c-a4079be4fe48
  version: v1.0
  annotation: Remote Fw APIs
  protocol: [MS-FASP]: Firewall and Advanced Security Protocol
  provider: FwRemoteSvr.dll
  ncacn_ip_tcp: 10.4.87.2:49157

76209fe5-9049-4336-ba84-632d907cb154
  version: v1.0
  annotation: Interprocess Logon Service
  ncalrpc: ReportingServices$MSRS10_50.MSSQLSERVER
  ncalrpc: OLEC59CA18D82AE40C69820636734F5

12e65dd8-887f-41ef-91bf-8d816c42c2e7
  version: v1.0
  annotation: Secure Desktop LRPC interface
  provider: winlogon.exe
  ncalrpc: WMsgKRpc02C42C2

906b0ce0-c70b-1067-b317-00dd010662da
  version: v1.0
  protocol: [MS-CMPO]: MSDTC Connection Manager:
  provider: msdtcprx.dll
  ncalrpc: LRPC-5447097125d9823ad8
  ncalrpc: LRPC-5447097125d9823ad8
  ncalrpc: LRPC-5447097125d9823ad8
  ncalrpc: LRPC-5447097125d9823ad8

445 / tcp

1641389631 | 2025-03-31T05:57:02.414094

SMB Status:
  Authentication: enabled
  SMB Version: 1
  OS: Windows Server 2008 R2 Standard 7601 Service Pack 1
  Software: Windows Server 2008 R2 Standard 6.1
  Capabilities: extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, lwio, nt-find, nt-smb, nt-status, rpc-remote-api, unicode

999 / tcp

1298793639 | 2025-03-24T04:18:32.631294

Hashes

hash

-1738046554

http.dom_hash

1386055181

http.html_hash

1298793639

http.server_hash

-761617706

http.title_hash

18302101

Bad Request

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 24 Mar 2025 04:18:34 GMT
Connection: close
Content-Length: 334

1433 / tcp

203011732 | 2025-03-28T04:05:43.729352

MS-SQL NTLM Info:
  OS: Windows 7/Windows Server 2008 R2
  OS Build: 6.1.7601
  Target Name: CXYUFZXZY
  NetBIOS Domain Name: CXYUFZXZY
  NetBIOS Computer Name: CXYUFZXZY
  DNS Domain Name: cxyufzxzy
  FQDN: cxyufzxzy

43.242.202.181

Last Seen: 2025-03-31

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

80 / tcp

-119375469 | 2025-03-25T04:12:08.547996

Hashes

Microsoft IIS httpd7.5

135 / tcp

-2040784671 | 2025-03-24T13:21:46.956915

Microsoft RPC Endpoint Mapper

445 / tcp

1641389631 | 2025-03-31T05:57:02.414094

999 / tcp

1298793639 | 2025-03-24T04:18:32.631294

Hashes

1433 / tcp

203011732 | 2025-03-28T04:05:43.729352

MS-SQL Server 2008 R2 RTM10.50.1600.0

Products

Pricing

Contact Us

43.242.202.181

Last Seen: 2025-03-31

Tags:

GeneralInformation

Vulnerabilities All ports Port 80 Latest CVSS

OpenPorts

80 / tcp -119375469 | 2025-03-25T04:12:08.547996

Hashes

Microsoft IIS httpd7.5

135 / tcp -2040784671 | 2025-03-24T13:21:46.956915

Microsoft RPC Endpoint Mapper

445 / tcp 1641389631 | 2025-03-31T05:57:02.414094

999 / tcp 1298793639 | 2025-03-24T04:18:32.631294

Hashes

1433 / tcp 203011732 | 2025-03-28T04:05:43.729352

MS-SQL Server 2008 R2 RTM10.50.1600.0

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

-119375469 | 2025-03-25T04:12:08.547996

135 / tcp

-2040784671 | 2025-03-24T13:21:46.956915

445 / tcp

1641389631 | 2025-03-31T05:57:02.414094

999 / tcp

1298793639 | 2025-03-24T04:18:32.631294

1433 / tcp

203011732 | 2025-03-28T04:05:43.729352