GeneralInformation

Hostnames	m1cr0s0ft.xyz
Domains	m1cr0s0ft.xyz
Country	Hong Kong
City	Hong Kong
Organization	XNNET LIMITED
ISP	XNNET LLC
ASN	AS6134

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

OpenPorts

22 80 1200 2087 5000 8443 9001

-1297269476 | 2025-01-10T20:57:41.337951

22 / tcp

SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQC3BLPJYWeAVT9JpfKYoI7db9wJkBk2lTEGHCb8CkAe/ylE
voRhTLqFXDd/28Dg6jWU0pbD/+O8FW8tEon3RJcw7uw+IKloORCn5klkbh5J1tJVR4p7fmY7SsIV
heNVRm5WLbmxYRHciOdh/lNrZwulc7hO9p1wzQpKho3E/Z7G2rAGdV4Zxl989oXwYpp9V8OGT+Oy
WE2/yloZM2m7KTCV4iLGYp7vgxgCIY/WeGQ2TKEpgHy/Z9eSBt/3147SFZdkWVe2qVB7MS8cMrz3
qB+WwGvGPMmEQVikJRJjE8kOjunTVzbwpK+9PhYZ51O1wvi26vvWHWN5bYHSG80C8H4t
Fingerprint: 0f:69:3a:7a:85:70:e6:f4:34:b0:8c:db:3b:b5:92:ac

Kex Algorithms:
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group14-sha1

Server Host Key Algorithms:
	ssh-rsa
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

1705439802 | 2025-01-10T20:46:49.883246

80 / tcp

404 Not Found

HTTP/1.1 404 Not Found
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 10 Jan 2025 20:46:49 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive

CVE-2017-20005 CVE-2023-44487 CVE-2021-23017 CVE-2021-3618 CVE-2019-9516 7 moreCVE-2019-9513 CVE-2019-9511 CVE-2018-16845 CVE-2017-7529 CVE-2019-20372 CVE-2018-16844 CVE-2018-16843

805239389 | 2025-01-11T00:14:54.056567

2087 / tcp

HTTP/1.1 404 Not Found
Date: Sat, 11 Jan 2025 00:14:53 GMT
Server: Apache
Content-Length: 0
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/plain


Cobalt Strike Beacon:
  x86:
    beacon_type: HTTPS
    dns-beacon.strategy_fail_seconds: -1
    dns-beacon.strategy_fail_x: -1
    dns-beacon.strategy_rotate_seconds: -1
    http-get.client:
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      Referer: http://code.jquery.com/
      Accept-Encoding: gzip, deflate
      __cfduid=
      Cookie
    http-get.uri: ms.quens.top,/jquery-3.3.1.min.js
    http-get.verb: GET
    http-post.client:
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      Referer: http://code.jquery.com/
      Accept-Encoding: gzip, deflate
      __cfduid
    http-post.uri: /jquery-3.3.2.min.js
    http-post.verb: POST
    jitter: 37
    maxgetsize: 1403644
    port: 8443
    post-ex.spawnto_x64: %windir%\sysnative\dllhost.exe
    post-ex.spawnto_x86: %windir%\syswow64\dllhost.exe
    process-inject.allocator: 1
    process-inject.execute:
      ntdll:RtlUserThreadStart
      CreateThread
      NtQueueApcThread-s
      CreateRemoteThread
      RtlCreateUserThread
    process-inject.min_alloc: 17500
    process-inject.startrwx: 4
    process-inject.stub: e781a4479f7c5a03b2dcfe4bd436366f
    process-inject.userwx: 32
    proxy.behavior: 2 (Use IE settings)
    server.publickey_md5: ca1c5ee4c6f4451759972387cacad5ac
    sleeptime: 10000
    stage.cleanup: 1
    useragent_header: Mozilla/5.0 (Windows NT 6.3; Trident/8.0; rv:11.0) like Gecko
    uses_cookies: 1
    watermark: 666666666
  x64:
    beacon_type: HTTPS
    dns-beacon.strategy_fail_seconds: -1
    dns-beacon.strategy_fail_x: -1
    dns-beacon.strategy_rotate_seconds: -1
    http-get.client:
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      Referer: http://code.jquery.com/
      Accept-Encoding: gzip, deflate
      __cfduid=
      Cookie
    http-get.uri: ms.quens.top,/jquery-3.3.1.min.js
    http-get.verb: GET
    http-post.client:
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      Referer: http://code.jquery.com/
      Accept-Encoding: gzip, deflate
      __cfduid
    http-post.uri: /jquery-3.3.2.min.js
    http-post.verb: POST
    jitter: 37
    maxgetsize: 1403644
    port: 8443
    post-ex.spawnto_x64: %windir%\sysnative\dllhost.exe
    post-ex.spawnto_x86: %windir%\syswow64\dllhost.exe
    process-inject.allocator: 1
    process-inject.execute:
      ntdll:RtlUserThreadStart
      CreateThread
      NtQueueApcThread-s
      CreateRemoteThread
      RtlCreateUserThread
    process-inject.min_alloc: 17500
    process-inject.startrwx: 4
    process-inject.stub: e781a4479f7c5a03b2dcfe4bd436366f
    process-inject.userwx: 32
    proxy.behavior: 2 (Use IE settings)
    server.publickey_md5: ca1c5ee4c6f4451759972387cacad5ac
    sleeptime: 10000
    stage.cleanup: 1
    useragent_header: Mozilla/5.0 (Windows NT 6.3; Trident/8.0; rv:11.0) like Gecko
    uses_cookies: 1
    watermark: 666666666

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2115044612 (0x7e110504)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=HU, O=jQuery, OU=Certificate Authority, CN=jquery.com
        Validity
            Not Before: Dec 14 04:13:19 2023 GMT
            Not After : Mar 13 04:13:19 2024 GMT
        Subject: C=HU, O=jQuery, OU=Certificate Authority, CN=jquery.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:82:bc:d3:a2:1b:42:06:37:34:7d:cf:c3:dd:88:
                    a9:28:5e:6c:c4:b0:a7:03:b3:f3:b4:5a:03:cc:2a:
                    5c:a2:47:24:60:67:55:8d:6c:14:83:f8:eb:62:81:
                    f6:a4:80:67:b8:89:e8:5b:40:6e:90:94:8c:19:70:
                    09:b8:a8:4b:cb:9b:f7:81:d2:96:36:2f:f8:5a:1e:
                    18:38:c9:05:b6:89:ab:ea:bc:a8:bf:37:39:20:08:
                    88:49:db:d2:48:e9:f6:10:56:f8:7b:4d:30:e3:90:
                    79:d4:29:27:fd:f1:12:e0:e7:7b:7e:97:81:9b:c7:
                    b8:9d:87:f0:68:f3:ac:00:a4:c4:3a:99:8b:26:ec:
                    02:0a:88:ff:1f:9a:c7:47:92:cb:ba:a8:47:34:ac:
                    31:cb:6d:c7:75:b8:6a:d5:88:59:6e:0a:68:03:00:
                    d7:c5:b6:27:f4:4e:47:70:d1:10:98:3e:b3:ce:6b:
                    d0:2b:32:da:75:ee:97:a5:69:d9:b5:0f:1e:2c:ae:
                    c8:da:64:7c:05:4b:82:80:b8:9c:23:15:f8:ed:38:
                    ab:d1:0f:bb:35:a8:69:54:de:09:ff:63:c9:9f:d4:
                    ff:f2:bb:02:ab:7e:06:a3:96:3a:8b:ba:cd:3e:ca:
                    a4:84:94:a8:80:5b:f1:00:46:ec:99:7f:e4:38:ab:
                    06:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                A2:26:22:85:C9:49:F0:2D:8E:CA:96:5F:B1:AB:98:7F:B9:A9:09:C6
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        2a:86:fb:d6:b2:f7:bc:bd:4b:0d:10:8a:a4:23:de:b8:25:5a:
        91:c8:37:ee:0e:1b:2d:4c:69:9e:03:92:b9:17:c8:7c:a7:bf:
        71:be:a9:5c:29:e9:70:1f:81:03:b3:15:42:3c:d4:05:a5:ab:
        0b:eb:5a:c6:6d:f2:ad:13:f4:ad:64:cf:1d:0c:48:4b:1a:82:
        89:91:f0:3d:bb:a7:a3:ee:5d:0d:cf:78:04:52:18:6f:a8:0d:
        0a:0d:36:29:ba:2e:5d:62:51:ea:cb:43:6a:b8:c7:a3:6d:f3:
        61:87:bb:a7:03:bf:b8:e7:72:15:9f:b6:04:39:81:ec:f4:5d:
        6d:2c:1b:07:d1:d2:49:44:87:57:41:64:9f:59:27:96:0c:dc:
        3e:ad:cf:b1:7c:98:3d:26:21:94:86:92:48:75:9e:de:3b:03:
        5e:3b:de:7e:30:22:83:69:98:da:a1:f7:98:bf:83:b1:9e:5c:
        2a:f9:31:99:b2:68:37:37:97:9b:51:db:e9:c0:35:ae:01:68:
        f4:f6:7f:72:d2:ad:96:22:68:f7:40:d4:7a:f8:49:f5:a5:d3:
        db:c4:2b:69:78:5f:e1:f3:61:33:35:35:f7:ab:17:c1:32:b6:
        b6:e1:40:83:b7:ec:e0:41:cc:43:a4:4e:44:b6:d6:39:3e:61:
        d3:21:99:0d

355843685 | 2025-01-10T23:45:26.631974

8443 / tcp

403 Forbidden

HTTP/1.1 403 Forbidden
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 10 Jan 2025 23:45:26 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:bc:e0:7b:36:00:20:03:f4:d1:4d:20:bf:b2:79:52:ed:77:ee:c1
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=CloudFlare, Inc., OU=CloudFlare Origin SSL Certificate Authority, L=San Francisco, ST=California
        Validity
            Not Before: May  9 06:20:00 2023 GMT
            Not After : May  5 06:20:00 2038 GMT
        Subject: O=CloudFlare, Inc., OU=CloudFlare Origin CA, CN=CloudFlare Origin Certificate
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:8d:f3:ec:c6:5a:33:46:e8:bf:bf:be:08:76:06:
                    6d:8b:9c:f5:8d:ee:26:27:86:e7:8a:ad:ae:cd:2b:
                    fc:da:fd:9a:cc:92:f5:b3:90:d3:22:db:10:9b:ff:
                    8f:6c:be:81:af:e7:89:97:bb:7b:c2:b7:21:25:3a:
                    75:3c:f0:a4:6a:9f:33:fd:6a:85:75:86:7d:c6:e6:
                    b1:e6:f7:31:20:05:25:f3:f8:71:74:b1:44:ad:79:
                    7d:70:cb:ad:ba:da:66:1a:38:22:b2:04:6d:8d:dc:
                    bb:cd:59:31:04:76:32:e1:3e:d6:fd:93:86:c9:ae:
                    a6:de:de:a4:10:1f:18:02:e5:78:0d:55:e3:20:60:
                    ea:8b:92:3f:69:31:aa:84:81:86:a5:7e:7a:19:04:
                    8b:e5:ea:a0:74:f8:84:74:7a:b5:ae:dd:fe:74:d5:
                    30:05:ae:3d:6b:cb:73:b3:2d:be:c9:63:95:55:fe:
                    de:7c:ec:19:17:c2:8a:68:4e:df:04:9d:1c:76:de:
                    ee:c2:70:08:94:4b:bf:90:33:7f:f0:dd:f7:6d:b7:
                    8f:29:fe:a5:c9:21:e2:ac:80:19:a0:53:8d:6f:8e:
                    57:9e:c1:8f:37:5b:80:e9:3f:22:92:e4:ea:99:90:
                    d7:27:da:3d:1f:02:a7:04:22:f0:09:a8:e2:9c:84:
                    fc:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                15:67:C0:C7:3E:AA:A4:42:37:00:A7:15:32:36:3F:13:20:9C:66:7E
            X509v3 Authority Key Identifier: 
                24:E8:53:57:5D:7C:34:40:87:A9:EB:94:DB:BA:E1:16:78:FC:29:A4
            Authority Information Access: 
                OCSP - URI:http://ocsp.cloudflare.com/origin_ca
            X509v3 Subject Alternative Name: 
                DNS:*.m1cr0s0ft.xyz, DNS:m1cr0s0ft.xyz
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.cloudflare.com/origin_ca.crl
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        0c:3c:6a:de:5c:35:ce:2c:b9:63:cd:69:3a:e1:54:55:d2:7a:
        66:3f:e1:34:b1:02:f6:28:22:13:69:6a:89:74:16:d2:12:d9:
        60:59:a8:1f:6e:c2:05:5a:c5:3d:2d:96:8b:c5:73:7a:41:53:
        87:63:e4:e9:fc:50:95:cc:c9:76:f5:58:1b:59:be:76:12:00:
        2e:7e:5a:e2:9d:f7:89:29:46:ae:66:cc:1c:f0:05:2c:d6:d9:
        05:81:7b:f5:1d:dc:ce:99:01:c3:f2:d3:24:3a:1c:e0:6f:ef:
        26:44:ca:ff:66:31:cb:ee:f4:42:ff:17:cd:23:ae:88:68:ec:
        a9:f7:85:25:29:34:e4:90:f2:69:0b:d9:14:f7:cb:59:93:19:
        f2:4f:af:32:93:87:66:77:a4:3b:51:2c:53:95:ae:1e:04:79:
        55:a5:11:87:dc:70:65:88:a0:57:bb:e6:83:51:31:d9:ec:51:
        8c:1b:81:6c:41:1b:5a:74:95:22:bc:66:c1:73:13:a8:8a:47:
        a7:29:d4:f4:02:2f:53:a1:20:43:c4:fa:48:f5:44:13:62:9a:
        ee:90:11:9e:7c:73:62:3f:97:7c:76:1d:5f:ba:f7:e2:b2:bb:
        4b:ae:42:0d:1b:53:b9:38:82:0f:28:e4:b5:45:73:51:6c:5b:
        85:e8:6e:de

CVE-2017-20005 CVE-2023-44487 CVE-2021-23017 CVE-2021-3618 CVE-2019-9516 7 moreCVE-2019-9513 CVE-2019-9511 CVE-2018-16845 CVE-2017-7529 CVE-2019-20372 CVE-2018-16844 CVE-2018-16843

45.128.146.227

Last Seen: 2025-01-11

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1297269476 | 2025-01-10T20:57:41.337951
22 / tcp

OpenSSH7.2p2 Ubuntu 4ubuntu2.8

1705439802 | 2025-01-10T20:46:49.883246
80 / tcp

nginx1.10.3

805239389 | 2025-01-11T00:14:54.056567
2087 / tcp

Cobalt Strike Beacon

355843685 | 2025-01-10T23:45:26.631974
8443 / tcp

nginx1.10.3

Products

Pricing

Contact Us

45.128.146.227

Last Seen: 2025-01-11

Tags:

GeneralInformation

Vulnerabilities All ports Port 80 Port 8443 Latest CVSS

OpenPorts

-1297269476 | 2025-01-10T20:57:41.337951 22 / tcp

OpenSSH7.2p2 Ubuntu 4ubuntu2.8

1705439802 | 2025-01-10T20:46:49.883246 80 / tcp

nginx1.10.3

805239389 | 2025-01-11T00:14:54.056567 2087 / tcp

Cobalt Strike Beacon

355843685 | 2025-01-10T23:45:26.631974 8443 / tcp

nginx1.10.3

Products

Pricing

Contact Us

Vulnerabilities

-1297269476 | 2025-01-10T20:57:41.337951
22 / tcp

1705439802 | 2025-01-10T20:46:49.883246
80 / tcp

805239389 | 2025-01-11T00:14:54.056567
2087 / tcp

355843685 | 2025-01-10T23:45:26.631974
8443 / tcp