www.shodan.io
Open in
urlscan Pro
104.18.13.238
Public Scan
URL:
https://www.shodan.io/host/163.5.215.125
Submission: On May 29 via api from LU — Scanned from DE
Submission: On May 29 via api from LU — Scanned from DE
Form analysis
1 forms found in the DOMGET /search
<form action="/search" method="GET">
<div class="searchbox">
<div class="input-wrapper">
<label for="search-query" value="Enter search query" class="visually-hidden"></label>
<input type="text" name="query" placeholder="Search..." autofocus="autofocus" autocapitalize="none" spellcheck="false" id="search-query">
</div>
<button type="submit" aria-label="Submit search querxy" data-balloon-disable="data-balloon-disable" class="button-red"><svg class="svg-inline--fa fa-search fa-w-16 fa-fw" aria-hidden="true" focusable="false" data-prefix="fas" data-icon="search"
role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" data-fa-i2svg="">
<path fill="currentColor"
d="M505 442.7L405.3 343c-4.5-4.5-10.6-7-17-7H372c27.6-35.3 44-79.7 44-128C416 93.1 322.9 0 208 0S0 93.1 0 208s93.1 208 208 208c48.3 0 92.7-16.4 128-44v16.3c0 6.4 2.5 12.5 7 17l99.7 99.7c9.4 9.4 24.6 9.4 33.9 0l28.3-28.3c9.4-9.4 9.4-24.6.1-34zM208 336c-70.7 0-128-57.2-128-128 0-70.7 57.2-128 128-128 70.7 0 128 57.2 128 128 0 70.7-57.2 128-128 128z">
</path>
</svg><!-- <i class="fas fa-search fa-fw "></i> Font Awesome fontawesome.com -->
</button>
</div>
</form>
Text Content
* Shodan * Maps * Images * Monitor * Developer * More... © OpenMapTiles Satellite | © MapTiler © OpenStreetMap contributors * Explore * Pricing * Login 163.5.215.125 Regular View Raw Data LAST SEEN: 2024-05-05 TAGS: self-signed GENERALINFORMATION Country France City Paris Organization Association Rocket-Host.FR ISP Dyjix SAS ASN AS212815 Operating System Windows Server 2019 (version 1809) (build 10.0.17763) VULNERABILITIES Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version. CVE-2024-0727 Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. CVE-2023-6129 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. CVE-2023-5678 Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. CVE-2023-5363 Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue. CVE-2019-0190 5.0A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts. CVE-2009-3767 4.3libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVE-2009-3766 6.8mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVE-2009-3765 6.8mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVE-2009-1390 6.8Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. OPENPORTS 8013544533895985 1089219958 | 2024-05-04T17:27:43.316435 80 / TCP APACHE HTTPD2.4.58 HTTP/1.1 200 OK Date: Sat, 04 May 2024 17:27:43 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Mon, 18 Mar 2024 10:54:02 GMT ETag: "0-613ed2cf6f1d1" Accept-Ranges: bytes Content-Length: 0 Content-Type: text/html -873988807 | 2024-04-30T16:58:01.186446 135 / TCP MICROSOFT RPC ENDPOINT MAPPER Microsoft RPC Endpoint Mapper d95afe70-a6d5-4259-822e-2c84da1ddb0d version: v1.0 protocol: [MS-RSP]: Remote Shutdown Protocol provider: wininit.exe ncacn_ip_tcp: 163.5.215.125:49664 ncalrpc: WindowsShutdown ncacn_np: \\WIN-JG1E0O7FSBS\PIPE\InitShutdown ncalrpc: WMsgKRpc04A410 76f226c3-ec14-4325-8a99-6a46348418af version: v1.0 provider: winlogon.exe ncalrpc: WindowsShutdown ncacn_np: \\WIN-JG1E0O7FSBS\PIPE\InitShutdown ncalrpc: WMsgKRpc04A410 ncalrpc: WMsgKRpc04CDB1 ncalrpc: WMsgKRpc0785832 fc48cd89-98d6-4628-9839-86f7a3e4161a version: v1.0 ncalrpc: dabrpc ncalrpc: csebpub ncalrpc: LRPC-a0fcbaeb96125737dc ncalrpc: LRPC-5007dc7cac066e53af ncalrpc: LRPC-592ff31565203c8338 ncalrpc: LRPC-546094001dff4c1e78 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo d09bdeb5-6171-4a34-bfe2-06fa82652568 version: v1.0 ncalrpc: csebpub ncalrpc: LRPC-a0fcbaeb96125737dc ncalrpc: LRPC-5007dc7cac066e53af ncalrpc: LRPC-592ff31565203c8338 ncalrpc: LRPC-546094001dff4c1e78 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo ncalrpc: LRPC-5007dc7cac066e53af ncalrpc: LRPC-592ff31565203c8338 ncalrpc: LRPC-546094001dff4c1e78 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo ncalrpc: LRPC-592ff31565203c8338 ncalrpc: LRPC-546094001dff4c1e78 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo ncalrpc: LRPC-95274949d93fc9fa91 ncalrpc: LRPC-85c5f5e5cbf8e2bde4 697dcda9-3ba9-4eb2-9247-e11f1901b0d2 version: v1.0 ncalrpc: LRPC-a0fcbaeb96125737dc ncalrpc: LRPC-5007dc7cac066e53af ncalrpc: LRPC-592ff31565203c8338 ncalrpc: LRPC-546094001dff4c1e78 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 9b008953-f195-4bf9-bde0-4471971e58ed version: v1.0 ncalrpc: LRPC-5007dc7cac066e53af ncalrpc: LRPC-592ff31565203c8338 ncalrpc: LRPC-546094001dff4c1e78 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo dd59071b-3215-4c59-8481-972edadc0f6a version: v1.0 ncalrpc: umpo 0d47017b-b33b-46ad-9e18-fe96456c5078 version: v1.0 ncalrpc: umpo 95406f0b-b239-4318-91bb-cea3a46ff0dc version: v1.0 ncalrpc: umpo 4ed8abcc-f1e2-438b-981f-bb0e8abc010c version: v1.0 ncalrpc: umpo 0ff1f646-13bb-400a-ab50-9a78f2b7a85a version: v1.0 ncalrpc: umpo 6982a06e-5fe2-46b1-b39c-a2c545bfa069 version: v1.0 ncalrpc: umpo 082a3471-31b6-422a-b931-a54401960c62 version: v1.0 ncalrpc: umpo fae436b0-b864-4a87-9eda-298547cd82f2 version: v1.0 ncalrpc: umpo e53d94ca-7464-4839-b044-09a2fb8b3ae5 version: v1.0 ncalrpc: umpo 178d84be-9291-4994-82c6-3f909aca5a03 version: v1.0 ncalrpc: umpo 4dace966-a243-4450-ae3f-9b7bcb5315b8 version: v2.0 ncalrpc: umpo 1832bcf6-cab8-41d4-85d2-c9410764f75a version: v1.0 ncalrpc: umpo c521facf-09a9-42c5-b155-72388595cbf0 version: v0.0 ncalrpc: umpo 2c7fd9ce-e706-4b40-b412-953107ef9bb0 version: v0.0 ncalrpc: umpo 88abcbc3-34ea-76ae-8215-767520655a23 version: v0.0 ncalrpc: LRPC-546094001dff4c1e78 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 76c217bc-c8b4-4201-a745-373ad9032b1a version: v1.0 ncalrpc: LRPC-546094001dff4c1e78 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 55e6b932-1979-45d6-90c5-7f6270724112 version: v1.0 ncalrpc: LRPC-546094001dff4c1e78 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf version: v1.0 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo b8cadbaf-e84b-46b9-84f2-6f71c03f9e55 version: v1.0 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 20c40295-8dba-48e6-aebf-3e78ef3bb144 version: v1.0 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 2513bcbe-6cd4-4348-855e-7efb3c336dd3 version: v1.0 ncalrpc: LRPC-c2f13d82cd0e537500 ncalrpc: OLE53BFFB6FC7263935FEA3EB7513B9 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e version: v1.0 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo c605f9fb-f0a3-4e2a-a073-73560f8d9e3e version: v1.0 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0 version: v1.0 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a version: v1.0 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 2d98a740-581d-41b9-aa0d-a88b9d5ce938 version: v1.0 ncalrpc: LRPC-fd18bed658ca4dfd8a ncalrpc: actkernel ncalrpc: umpo 0361ae94-0316-4c6c-8ad8-c594375800e2 version: v1.0 ncalrpc: umpo 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2 version: v1.0 ncalrpc: umpo bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760 version: v1.0 ncalrpc: umpo 3b338d89-6cfa-44b8-847e-531531bc9992 version: v1.0 ncalrpc: umpo 8782d3b9-ebbd-4644-a3d8-e8725381919b version: v1.0 ncalrpc: umpo 085b0334-e454-4d91-9b8c-4134f9e793f3 version: v1.0 ncalrpc: umpo 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9 version: v1.0 ncalrpc: umpo c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 version: v1.0 annotation: Impl friendly name provider: sysntfy.dll ncalrpc: LRPC-595371d32ac02d5993 ncalrpc: IUserProfile2 ncalrpc: LRPC-20495e5bf1697a140e ncalrpc: LRPC-455ce52f6b71662218 ncalrpc: senssvc ncalrpc: LRPC-49a2abc4bf7c040490 f3f09ffd-fbcf-4291-944d-70ad6e0e73bb version: v1.0 ncalrpc: LRPC-a41742a6932fc5b13c e40f7b57-7a25-4cd3-a135-7f7d3df9d16b version: v1.0 annotation: Network Connection Broker server endpoint ncalrpc: LRPC-7814fb7bbeaf74ea90 ncalrpc: OLE50723508576B7E14812266BA5A4A ncalrpc: LRPC-9f01e0546b50339053 ncalrpc: LRPC-95274949d93fc9fa91 880fd55e-43b9-11e0-b1a8-cf4edfd72085 version: v1.0 annotation: KAPI Service endpoint ncalrpc: LRPC-7814fb7bbeaf74ea90 ncalrpc: OLE50723508576B7E14812266BA5A4A ncalrpc: LRPC-9f01e0546b50339053 ncalrpc: LRPC-95274949d93fc9fa91 5222821f-d5e2-4885-84f1-5f6185a0ec41 version: v1.0 annotation: Network Connection Broker server endpoint for NCB Reset module ncalrpc: LRPC-9f01e0546b50339053 ncalrpc: LRPC-95274949d93fc9fa91 30adc50c-5cbc-46ce-9a0e-91914789e23c version: v1.0 annotation: NRP server endpoint provider: nrpsrv.dll ncalrpc: LRPC-c47655b974fca5eebe a500d4c6-0dd1-4543-bc0c-d5f93486eaf8 version: v1.0 ncalrpc: LRPC-b2c2e415583ae97f6f ncalrpc: LRPC-85c5f5e5cbf8e2bde4 df4df73a-c52d-4e3a-8003-8437fdf8302a version: v0.0 annotation: WM_WindowManagerRPC\Server ncalrpc: LRPC-234813992568c02f36 f6beaff7-1e19-4fbb-9f8f-b89e2018337c version: v1.0 annotation: Event log TCPIP protocol: [MS-EVEN6]: EventLog Remoting Protocol provider: wevtsvc.dll ncacn_ip_tcp: 163.5.215.125:49665 ncacn_np: \\WIN-JG1E0O7FSBS\pipe\eventlog ncalrpc: eventlog 7ea70bcf-48af-4f6a-8968-6a440754d5fa version: v1.0 annotation: NSI server endpoint provider: nsisvc.dll ncalrpc: LRPC-aadb9710524f4f3596 2eb08e3e-639f-4fba-97b1-14f878961076 version: v1.0 annotation: Group Policy RPC Interface provider: gpsvc.dll ncalrpc: LRPC-177202a056198747e1 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 version: v1.0 annotation: DHCP Client LRPC Endpoint provider: dhcpcsvc.dll ncalrpc: dhcpcsvc ncalrpc: dhcpcsvc6 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 version: v1.0 annotation: DHCPv6 Client LRPC Endpoint provider: dhcpcsvc6.dll ncalrpc: dhcpcsvc6 3a9ef155-691d-4449-8d05-09ad57031823 version: v1.0 ncacn_ip_tcp: 163.5.215.125:49666 ncalrpc: LRPC-40c6454a5b67a0d386 ncalrpc: ubpmtaskhostchannel ncacn_np: \\WIN-JG1E0O7FSBS\PIPE\atsvc ncalrpc: LRPC-baa9fdaab0880531a1 86d35949-83c9-4044-b424-db363231fd0c version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: schedsvc.dll ncacn_ip_tcp: 163.5.215.125:49666 ncalrpc: LRPC-40c6454a5b67a0d386 ncalrpc: ubpmtaskhostchannel ncacn_np: \\WIN-JG1E0O7FSBS\PIPE\atsvc ncalrpc: LRPC-baa9fdaab0880531a1 33d84484-3626-47ee-8c6f-e7e98b113be1 version: v2.0 ncalrpc: LRPC-40c6454a5b67a0d386 ncalrpc: ubpmtaskhostchannel ncacn_np: \\WIN-JG1E0O7FSBS\PIPE\atsvc ncalrpc: LRPC-baa9fdaab0880531a1 378e52b0-c0a9-11cf-822d-00aa0051e40f version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: taskcomp.dll ncacn_np: \\WIN-JG1E0O7FSBS\PIPE\atsvc ncalrpc: LRPC-baa9fdaab0880531a1 1ff70682-0a51-30e8-076d-740be8cee98b version: v1.0 protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol provider: taskcomp.dll ncacn_np: \\WIN-JG1E0O7FSBS\PIPE\atsvc ncalrpc: LRPC-baa9fdaab0880531a1 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53 version: v1.0 provider: schedsvc.dll ncalrpc: LRPC-baa9fdaab0880531a1 30b044a5-a225-43f0-b3a4-e060df91f9c1 version: v1.0 provider: certprop.dll ncalrpc: LRPC-c2c3bb1e8683004a5c 7f1343fe-50a9-4927-a778-0c5859517bac version: v1.0 annotation: DfsDs service ncacn_np: \\WIN-JG1E0O7FSBS\PIPE\wkssvc ncalrpc: LRPC-908028c60293293f14 eb081a0d-10ee-478a-a1dd-50995283e7a8 version: v3.0 annotation: Witness Client Test Interface ncalrpc: LRPC-908028c60293293f14 f2c9b409-c1c9-4100-8639-d8ab1486694a version: v1.0 annotation: Witness Client Upcall Server ncalrpc: LRPC-908028c60293293f14 29770a8f-829b-4158-90a2-78cd488501f7 version: v1.0 ncacn_ip_tcp: 163.5.215.125:49667 ncacn_np: \\WIN-JG1E0O7FSBS\pipe\SessEnvPublicRpc ncalrpc: SessEnvPrivateRpc ncalrpc: LRPC-49a2abc4bf7c040490 c2d1b5dd-fa81-4460-9dd6-e7658b85454b version: v1.0 ncalrpc: LRPC-61c9a97b4aa8485327 ncalrpc: OLEBC393914BDE0AF6EFEEEC644D991 f44e62af-dab1-44c2-8013-049a9de417d6 version: v1.0 ncalrpc: LRPC-61c9a97b4aa8485327 ncalrpc: OLEBC393914BDE0AF6EFEEEC644D991 7aeb6705-3ae6-471a-882d-f39c109edc12 version: v1.0 ncalrpc: LRPC-61c9a97b4aa8485327 ncalrpc: OLEBC393914BDE0AF6EFEEEC644D991 e7f76134-9ef5-4949-a2d6-3368cc0988f3 version: v1.0 ncalrpc: LRPC-61c9a97b4aa8485327 ncalrpc: OLEBC393914BDE0AF6EFEEEC644D991 b37f900a-eae4-4304-a2ab-12bb668c0188 version: v1.0 ncalrpc: LRPC-61c9a97b4aa8485327 ncalrpc: OLEBC393914BDE0AF6EFEEEC644D991 abfb6ca3-0c5e-4734-9285-0aee72fe8d1c version: v1.0 ncalrpc: LRPC-61c9a97b4aa8485327 ncalrpc: OLEBC393914BDE0AF6EFEEEC644D991 0d3c7f20-1c8d-4654-a1b3-51563b298bda version: v1.0 annotation: UserMgrCli ncalrpc: LRPC-de16e15010409d3c1d ncalrpc: OLE45FC2205BD400B1FABB0870F19A8 b18fbab6-56f8-4702-84e0-41053293a869 version: v1.0 annotation: UserMgrCli ncalrpc: LRPC-de16e15010409d3c1d ncalrpc: OLE45FC2205BD400B1FABB0870F19A8 2fb92682-6599-42dc-ae13-bd2ca89bd11c version: v1.0 annotation: Fw APIs provider: MPSSVC.dll ncalrpc: LRPC-421e8ee028f51f6fc7 ncalrpc: LRPC-c5ea128298165bdc26 ncalrpc: LRPC-199c3157ae935d085c ncalrpc: LRPC-eff5e82eb656fd7dfa f47433c3-3e9d-4157-aad4-83aa1f5c2d4c version: v1.0 annotation: Fw APIs ncalrpc: LRPC-c5ea128298165bdc26 ncalrpc: LRPC-199c3157ae935d085c ncalrpc: LRPC-eff5e82eb656fd7dfa 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03 version: v1.0 annotation: Fw APIs provider: MPSSVC.dll ncalrpc: LRPC-199c3157ae935d085c ncalrpc: LRPC-eff5e82eb656fd7dfa dd490425-5325-4565-b774-7e27d6c09c24 version: v1.0 annotation: Base Firewall Engine API provider: BFE.DLL ncalrpc: LRPC-eff5e82eb656fd7dfa a398e520-d59a-4bdd-aa7a-3c1e0303a511 version: v1.0 annotation: IKE/Authip API provider: IKEEXT.DLL ncalrpc: LRPC-af899952acc1fb0fba 76f03f96-cdfd-44fc-a22c-64950a001209 version: v1.0 protocol: [MS-PAR]: Print System Asynchronous Remote Protocol provider: spoolsv.exe ncacn_ip_tcp: 163.5.215.125:49668 ncalrpc: LRPC-92b831e93bb526aced 4a452661-8290-4b36-8fbe-7f4093a94978 version: v1.0 provider: spoolsv.exe ncacn_ip_tcp: 163.5.215.125:49668 ncalrpc: LRPC-92b831e93bb526aced ae33069b-a2a8-46ee-a235-ddfd339be281 version: v1.0 protocol: [MS-PAN]: Print System Asynchronous Notification Protocol provider: spoolsv.exe ncacn_ip_tcp: 163.5.215.125:49668 ncalrpc: LRPC-92b831e93bb526aced 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1 version: v1.0 protocol: [MS-PAN]: Print System Asynchronous Notification Protocol provider: spoolsv.exe ncacn_ip_tcp: 163.5.215.125:49668 ncalrpc: LRPC-92b831e93bb526aced 12345678-1234-abcd-ef00-0123456789ab version: v1.0 protocol: [MS-RPRN]: Print System Remote Protocol provider: spoolsv.exe ncacn_ip_tcp: 163.5.215.125:49668 ncalrpc: LRPC-92b831e93bb526aced b58aa02e-2884-4e97-8176-4ee06d794184 version: v1.0 provider: sysmain.dll ncalrpc: LRPC-80733c2e25e25f0063 1a0d010f-1c33-432c-b0f5-8cf4e8053099 version: v1.0 annotation: IdSegSrv service ncalrpc: LRPC-a2528ce0cdb6c6d170 98716d03-89ac-44c7-bb8c-285824e51c4a version: v1.0 annotation: XactSrv service provider: srvsvc.dll ncalrpc: LRPC-a2528ce0cdb6c6d170 c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 version: v1.0 annotation: Adh APIs ncalrpc: OLEAF283BEB97446D5A9DBA81ADBB36 ncalrpc: TeredoControl ncalrpc: TeredoDiagnostics ncalrpc: LRPC-d3ed8636b793c1a5b9 c36be077-e14b-4fe9-8abc-e856ef4f048b version: v1.0 annotation: Proxy Manager client server endpoint ncalrpc: TeredoControl ncalrpc: TeredoDiagnostics ncalrpc: LRPC-d3ed8636b793c1a5b9 2e6035b2-e8f1-41a7-a044-656b439c4c34 version: v1.0 annotation: Proxy Manager provider server endpoint ncalrpc: TeredoControl ncalrpc: TeredoDiagnostics ncalrpc: LRPC-d3ed8636b793c1a5b9 552d076a-cb29-4e44-8b6a-d15e59e2c0af version: v1.0 annotation: IP Transition Configuration endpoint provider: iphlpsvc.dll ncalrpc: LRPC-d3ed8636b793c1a5b9 6b5bdd1e-528c-422c-af8c-a4079be4fe48 version: v1.0 annotation: Remote Fw APIs protocol: [MS-FASP]: Firewall and Advanced Security Protocol provider: FwRemoteSvr.dll ncacn_ip_tcp: 163.5.215.125:49669 ncalrpc: ipsec 98cd761e-e77d-41c8-a3c0-0fb756d90ec2 version: v1.0 ncalrpc: LRPC-edc927b22f3cc9bd1c d22895ef-aff4-42c5-a5b2-b14466d34ab4 version: v1.0 ncalrpc: LRPC-edc927b22f3cc9bd1c e38f5360-8572-473e-b696-1b46873beeab version: v1.0 ncalrpc: LRPC-edc927b22f3cc9bd1c 95095ec8-32ea-4eb0-a3e2-041f97b36168 version: v1.0 ncalrpc: LRPC-edc927b22f3cc9bd1c fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d version: v1.0 ncalrpc: LRPC-edc927b22f3cc9bd1c 4c9dbf19-d39e-4bb9-90ee-8f7179b20283 version: v1.0 ncalrpc: LRPC-edc927b22f3cc9bd1c 367abb81-9844-35f1-ad32-98f038001003 version: v2.0 protocol: [MS-SCMR]: Service Control Manager Remote Protocol provider: services.exe ncacn_ip_tcp: 163.5.215.125:49670 c503f532-443a-4c69-8300-ccd1fbdb3839 version: v2.0 ncalrpc: LRPC-d224bb039d19d5b643 ncalrpc: OLE8C8D6AAE40377B43FCCD19129564 51a227ae-825b-41f2-b4a9-1ac9557a1018 version: v1.0 annotation: Ngc Pop Key Service ncacn_ip_tcp: 163.5.215.125:49671 ncalrpc: samss lpc ncalrpc: SidKey Local End Point ncalrpc: protected_storage ncalrpc: lsasspirpc ncalrpc: lsapolicylookup ncalrpc: LSA_EAS_ENDPOINT ncalrpc: LSA_IDPEXT_ENDPOINT ncalrpc: lsacap ncalrpc: LSARPC_ENDPOINT ncalrpc: securityevent ncalrpc: audit ncacn_np: \\WIN-JG1E0O7FSBS\pipe\lsass 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b version: v1.0 annotation: Ngc Pop Key Service ncacn_ip_tcp: 163.5.215.125:49671 ncalrpc: samss lpc ncalrpc: SidKey Local End Point ncalrpc: protected_storage ncalrpc: lsasspirpc ncalrpc: lsapolicylookup ncalrpc: LSA_EAS_ENDPOINT ncalrpc: LSA_IDPEXT_ENDPOINT ncalrpc: lsacap ncalrpc: LSARPC_ENDPOINT ncalrpc: securityevent ncalrpc: audit ncacn_np: \\WIN-JG1E0O7FSBS\pipe\lsass b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 version: v2.0 annotation: KeyIso ncacn_ip_tcp: 163.5.215.125:49671 ncalrpc: samss lpc ncalrpc: SidKey Local End Point ncalrpc: protected_storage ncalrpc: lsasspirpc ncalrpc: lsapolicylookup ncalrpc: LSA_EAS_ENDPOINT ncalrpc: LSA_IDPEXT_ENDPOINT ncalrpc: lsacap ncalrpc: LSARPC_ENDPOINT ncalrpc: securityevent ncalrpc: audit ncacn_np: \\WIN-JG1E0O7FSBS\pipe\lsass 12345778-1234-abcd-ef00-0123456789ac version: v1.0 protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol provider: samsrv.dll ncacn_ip_tcp: 163.5.215.125:49671 ncalrpc: samss lpc ncalrpc: SidKey Local End Point ncalrpc: protected_storage ncalrpc: lsasspirpc ncalrpc: lsapolicylookup ncalrpc: LSA_EAS_ENDPOINT ncalrpc: LSA_IDPEXT_ENDPOINT ncalrpc: lsacap ncalrpc: LSARPC_ENDPOINT ncalrpc: securityevent ncalrpc: audit ncacn_np: \\WIN-JG1E0O7FSBS\pipe\lsass 906b0ce0-c70b-1067-b317-00dd010662da version: v1.0 protocol: [MS-CMPO]: MSDTC Connection Manager: provider: msdtcprx.dll ncalrpc: LRPC-db94e52e46178563a4 ncalrpc: LRPC-db94e52e46178563a4 ncalrpc: LRPC-db94e52e46178563a4 54b4c689-969a-476f-8dc2-990885e9f562 version: v0.0 ncalrpc: LRPC-478dfdccafb7709229 be7f785e-0e3a-4ab7-91de-7e46e443be29 version: v0.0 ncalrpc: LRPC-478dfdccafb7709229 12e65dd8-887f-41ef-91bf-8d816c42c2e7 version: v1.0 annotation: Secure Desktop LRPC interface provider: winlogon.exe ncalrpc: WMsgKRpc0785832 b1ef227e-dfa5-421e-82bb-67a6a129c496 version: v0.0 ncalrpc: LRPC-efdc93da7658ca1b6b ncalrpc: OLE197966634EC4E0414BEBA8A939AF 0fc77b1a-95d8-4a2e-a0c0-cff54237462b version: v0.0 ncalrpc: LRPC-efdc93da7658ca1b6b ncalrpc: OLE197966634EC4E0414BEBA8A939AF 8ec21e98-b5ce-4916-a3d6-449fa428a007 version: v0.0 ncalrpc: LRPC-efdc93da7658ca1b6b ncalrpc: OLE197966634EC4E0414BEBA8A939AF 58e604e8-9adb-4d2e-a464-3b0683fb1480 version: v1.0 annotation: AppInfo provider: appinfo.dll ncalrpc: LRPC-e2a59f7bc8e0b21315 fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 version: v1.0 annotation: AppInfo provider: appinfo.dll ncalrpc: LRPC-e2a59f7bc8e0b21315 5f54ce7d-5b79-4175-8584-cb65313a0e98 version: v1.0 annotation: AppInfo provider: appinfo.dll ncalrpc: LRPC-e2a59f7bc8e0b21315 201ef99a-7fa0-444c-9399-19ba84f12a1a version: v1.0 annotation: AppInfo provider: appinfo.dll ncalrpc: LRPC-e2a59f7bc8e0b21315 0497b57d-2e66-424f-a0c6-157cd5d41700 version: v1.0 annotation: AppInfo ncalrpc: LRPC-e2a59f7bc8e0b21315 572e35b4-1344-4565-96a1-f5df3bfa89bb version: v1.0 annotation: LiveIdSvcNotify RPC Interface ncalrpc: liveidsvcnotify faf2447b-b348-4feb-8dbe-beee5b7f7778 version: v1.0 annotation: OnlineProviderCert RPC Interface ncalrpc: LRPC-3cfe884f3850ef1ac4 cc105610-da03-467e-bc73-5b9e2937458d version: v1.0 annotation: LiveIdSvc RPC Interface ncalrpc: LRPC-3cfe884f3850ef1ac4 0767a036-0d22-48aa-ba69-b619480f38cb version: v1.0 annotation: PcaSvc provider: pcasvc.dll ncalrpc: LRPC-68c2add54078b3cab2 a4b8d482-80ce-40d6-934d-b22a01a44fe7 version: v1.0 annotation: LicenseManager ncalrpc: LicenseServiceEndpoint bf4dc912-e52f-4904-8ebe-9317c1bdd497 version: v1.0 ncalrpc: LRPC-cd974e24990c9cea02 ncalrpc: OLEABFAD482FF6335C87879A937972F 3473dd4d-2e88-4006-9cba-22570909dd10 version: v5.256 annotation: WinHttp Auto-Proxy Service ncalrpc: 72522a2c-c531-4655-9842-4223fe2646c3 ncalrpc: LRPC-1734124b2b3247106a -1166656618 | 2024-05-01T11:09:35.718875 445 / TCP SMB Status: Authentication: enabled SMB Version: 2 Capabilities: raw-mode -1179660036 | 2024-05-05T00:11:11.675784 3389 / TCP REMOTE DESKTOP PROTOCOL Remote Desktop Protocol \x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x1f\x08\x00\x02\x00\x00\x00 Remote Desktop Protocol NTLM Info: OS: Windows 10 (version 1809)/Windows Server 2019 (version 1809) OS Build: 10.0.17763 Target Name: WIN-JG1E0O7FSBS NetBIOS Domain Name: WIN-JG1E0O7FSBS NetBIOS Computer Name: WIN-JG1E0O7FSBS DNS Domain Name: WIN-JG1E0O7FSBS FQDN: WIN-JG1E0O7FSBS SSL Certificate Certificate: Data: Version: 3 (0x2) Serial Number: 66:63:35:1e:dd:39:fd:80:49:32:ba:39:1c:c7:d3:55 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=WIN-JG1E0O7FSBS Validity Not Before: Jan 1 04:08:57 2024 GMT Not After : Jul 2 04:08:57 2024 GMT Subject: CN=WIN-JG1E0O7FSBS Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:be:f8:15:db:1e:08:d9:3e:fb:2c:3b:33:78:58: a3:9e:23:af:a3:e8:f1:34:cb:1c:19:df:f0:64:1f: bc:76:88:eb:7b:80:5a:ae:26:6b:c2:3a:93:37:be: cb:0e:3c:99:e4:76:8d:f0:13:d1:a7:d1:51:74:6c: cb:c7:3c:ee:70:13:6c:75:b0:c8:cf:94:fc:f8:63: f2:ab:36:1d:9b:f3:dd:b1:9c:ce:95:22:da:cb:a4: d6:ee:2a:85:d7:50:8f:54:b6:29:5e:de:2f:aa:57: 74:7a:13:14:ab:da:15:fd:be:66:b9:e6:07:8f:8c: f0:5c:97:76:00:e4:83:b0:16:64:49:cd:aa:e1:47: c8:1d:7a:77:28:74:57:a0:ed:e0:0f:a3:ba:4c:b4: 9c:9f:71:f5:46:fe:36:02:80:40:cf:08:78:03:7f: 53:92:ac:e3:34:25:97:6c:75:04:95:f5:99:30:c0: de:e4:16:49:59:f1:a6:93:60:5f:f3:4f:f1:3a:42: ff:22:18:75:a2:8c:ca:f0:3c:0a:42:a8:14:7b:ed: 94:05:45:8f:55:62:a3:25:05:38:2a:6b:6d:a0:38: f9:31:46:7c:48:ea:8c:48:38:02:9e:44:60:39:18: f5:2d:42:bd:a1:55:84:51:90:da:bd:70:cb:c8:f3: 90:2d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Key Usage: Key Encipherment, Data Encipherment Signature Algorithm: sha256WithRSAEncryption Signature Value: 38:3e:7d:cc:84:93:fb:4a:5c:ef:4e:43:9a:8c:ff:eb:21:4d: b3:48:5a:52:21:e1:a6:ee:8b:52:24:c3:e2:db:56:29:a5:24: 2b:09:2b:83:99:96:fb:f8:22:ee:9d:8e:fe:b6:73:ca:a0:bb: a4:e9:20:bd:e1:b9:87:f8:c2:da:15:5b:ea:cd:fd:b5:ea:7d: 52:44:7c:da:99:d5:e6:68:84:1f:70:5f:1e:92:1f:7b:c0:e3: 04:3d:32:a4:5c:14:24:a0:87:1f:be:7e:55:67:45:46:d6:d8: 94:6e:a5:b6:11:f2:24:4d:b2:e3:d3:eb:45:08:69:53:b1:f4: aa:8d:f4:d3:01:26:9d:5d:43:e0:2c:5f:3f:5e:6e:0a:0b:6f: ca:ef:ea:e9:f0:5b:94:2f:14:0a:e9:17:cb:4d:28:26:e1:35: f2:76:6d:38:fe:cc:ee:21:65:76:84:bd:4d:5c:0b:bf:74:74: 8a:81:ea:af:df:ec:82:10:6b:2a:dd:e6:69:c2:28:fa:1c:9a: 4f:2b:45:84:4c:62:a6:78:ea:c5:9b:50:b5:e1:a1:a0:19:50: d0:e4:70:1e:ca:f2:ad:e8:d3:39:9a:57:cd:9e:b4:a9:b7:a5: ec:dc:80:2b:28:1d:e1:bb:f8:1e:40:ff:1a:fe:1e:55:c0:54: e7:b6:99:1e 1489525118 | 2024-05-05T16:48:40.725845 5985 / TCP WINRM HTTP/1.1 404 Not Found Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 05 May 2024 16:48:40 GMT Connection: close Content-Length: 315 WinRM NTLM Info: OS: Windows Server 2019 (version 1809) OS Build: 10.0.17763 Target Name: WIN-JG1E0O7FSBS NetBIOS Domain Name: WIN-JG1E0O7FSBS NetBIOS Computer Name: WIN-JG1E0O7FSBS DNS Domain Name: WIN-JG1E0O7FSBS FQDN: WIN-JG1E0O7FSBS PRODUCTS * Monitor * Search Engine * Developer API * Maps * Bulk Data * Images * Snippets PRICING * Membership * API Subscriptions * Enterprise CONTACT US * support@shodan.io * Shodan ® - All rights reserved