π
Original date posted:2015-08-17
π Original message:I'm sure that most people here were skeptical, but FWIW, the server that
hosts vistomail.com is a mess, it's a Plesk box with more than a couple of
services with dubious security histories. MailEnable smtpd, MSRPC, RDP, see
for yourself:
Most likely someone popped the box and is entertaining themselves.
Nmap scan report for vistomail.com (190.97.163.93)
Host is up (0.10s latency).
Not shown: 65521 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after: 2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.
25/tcp open smtp MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
53/tcp open domain Microsoft DNS 6.1.7601
| dns-nsid:
|_ bind.version: Microsoft DNS 6.1.7601 (1DB14556)
80/tcp open http Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-ntlm-info:
| Target_Name: DS04
| NetBIOS_Domain_Name: DS04
| NetBIOS_Computer_Name: DS04
| DNS_Domain_Name: DS04
| DNS_Computer_Name: DS04
|_ Product_Version: 6.1 (Build 7601)
|_http-title: Domain Default page
110/tcp open pop3 MailEnable POP3 Server
|_pop3-capabilities: USER TOP UIDL
135/tcp open msrpc Microsoft Windows RPC
143/tcp open imap MailEnable imapd
|_imap-capabilities: completed CAPABILITY AUTH=CRAM-MD5 CHILDREN
UIDPLUSA0001 AUTH=LOGIN IMAP4rev1 OK IDLE IMAP4
443/tcp open ssl/http Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Domain Default page
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after: 2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
587/tcp open smtp MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
3389/tcp open ms-wbt-server Microsoft Terminal Service
8443/tcp open https-alt?
| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels,
Inc./stateOrProvinceName=Virginia/countryName=US
| Not valid before: 2015-03-13T19:40:20+00:00
|_Not valid after: 2016-03-12T19:40:20+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
8880/tcp open http Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
|_http-methods: No Allow or Public header in OPTIONS response (status code
500)
|_http-title: Site doesn't have a title (text/html; charset=utf-8).
49154/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
Device type: general purpose|phone
Running: Microsoft Windows 2008|7|Phone|Vista
OS CPE: cpe:/o:microsoft:windows_server_2008:r2
cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8
cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::-
cpe:/o:microsoft:windows_vista::sp1
OS details: Windows Server 2008 R2, Microsoft Windows 7 Professional or
Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0
or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2,
Windows 7 SP1, or Windows Server 2008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150817/3cf6b8c1/attachment.html>;
Jonathan Wilkins [ARCHIVE] /
npub19dβ¦hrdey
2023-06-07 17:36:32
in reply to nevent1qβ¦26w3
Author Public Key
npub19d72j7w8st3x4w7uzhty8r2vtx75wawem7uc3gwp9a83zd3ld7rqnhrdeyPublished at
2023-06-07 17:36:32Event JSON
{
"id": "e81ff3900e3ecb385b8cae2d2bef043ca07a2a69e3a05cad2eb5e8f354f4b564",
"pubkey": "2b7ca979c782e26abbdc15d6438d4c59bd4775d9dfb988a1c12f4f11363f6f86",
"created_at": 1686159392,
"kind": 1,
"tags": [
[
"e",
"c00636860bee6d088553c58e04d624511a6ed6eabf4c2b446a17f9e3dfc5b45f",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "π
Original date posted:2015-08-17\nπ Original message:I'm sure that most people here were skeptical, but FWIW, the server that\nhosts vistomail.com is a mess, it's a Plesk box with more than a couple of\nservices with dubious security histories. MailEnable smtpd, MSRPC, RDP, see\nfor yourself:\n\nMost likely someone popped the box and is entertaining themselves.\n\nNmap scan report for vistomail.com (190.97.163.93)\nHost is up (0.10s latency).\nNot shown: 65521 filtered ports\nPORT STATE SERVICE VERSION\n21/tcp open ftp Microsoft ftpd\n| ssl-cert: Subject: commonName=secureanonymoussurfing.com\n| Not valid before: 2015-05-03T00:00:00+00:00\n|_Not valid after: 2018-05-02T23:59:59+00:00\n|_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.\n25/tcp open smtp MailEnable smptd 8.60--\n| smtp-commands: vistomail.com [192.241.217.85], this server offers 4\nextensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,\n|_ 211 Help:-\u003eSupported Commands:\nHELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP\n53/tcp open domain Microsoft DNS 6.1.7601\n| dns-nsid:\n|_ bind.version: Microsoft DNS 6.1.7601 (1DB14556)\n80/tcp open http Microsoft IIS httpd 7.5\n|_http-favicon: Parallels Control Panel\n| http-methods: Potentially risky methods: TRACE\n|_See http://nmap.org/nsedoc/scripts/http-methods.html\n| http-ntlm-info:\n| Target_Name: DS04\n| NetBIOS_Domain_Name: DS04\n| NetBIOS_Computer_Name: DS04\n| DNS_Domain_Name: DS04\n| DNS_Computer_Name: DS04\n|_ Product_Version: 6.1 (Build 7601)\n|_http-title: Domain Default page\n110/tcp open pop3 MailEnable POP3 Server\n|_pop3-capabilities: USER TOP UIDL\n135/tcp open msrpc Microsoft Windows RPC\n143/tcp open imap MailEnable imapd\n|_imap-capabilities: completed CAPABILITY AUTH=CRAM-MD5 CHILDREN\nUIDPLUSA0001 AUTH=LOGIN IMAP4rev1 OK IDLE IMAP4\n443/tcp open ssl/http Microsoft IIS httpd 7.5\n|_http-favicon: Parallels Control Panel\n| http-methods: Potentially risky methods: TRACE\n|_See http://nmap.org/nsedoc/scripts/http-methods.html\n|_http-title: Domain Default page\n| ssl-cert: Subject: commonName=secureanonymoussurfing.com\n| Not valid before: 2015-05-03T00:00:00+00:00\n|_Not valid after: 2018-05-02T23:59:59+00:00\n|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.\n587/tcp open smtp MailEnable smptd 8.60--\n| smtp-commands: vistomail.com [192.241.217.85], this server offers 4\nextensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,\n|_ 211 Help:-\u003eSupported Commands:\nHELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP\n3389/tcp open ms-wbt-server Microsoft Terminal Service\n8443/tcp open https-alt?\n| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels,\nInc./stateOrProvinceName=Virginia/countryName=US\n| Not valid before: 2015-03-13T19:40:20+00:00\n|_Not valid after: 2016-03-12T19:40:20+00:00\n|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.\n8880/tcp open http Microsoft IIS httpd 7.5\n|_http-favicon: Parallels Control Panel\n|_http-methods: No Allow or Public header in OPTIONS response (status code\n500)\n|_http-title: Site doesn't have a title (text/html; charset=utf-8).\n49154/tcp open msrpc Microsoft Windows RPC\n49156/tcp open msrpc Microsoft Windows RPC\nWarning: OSScan results may be unreliable because we could not find at\nleast 1 open and 1 closed port\nDevice type: general purpose|phone\nRunning: Microsoft Windows 2008|7|Phone|Vista\nOS CPE: cpe:/o:microsoft:windows_server_2008:r2\ncpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8\ncpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::-\ncpe:/o:microsoft:windows_vista::sp1\nOS details: Windows Server 2008 R2, Microsoft Windows 7 Professional or\nWindows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0\nor SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2,\nWindows 7 SP1, or Windows Server 2008\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150817/3cf6b8c1/attachment.html\u003e",
"sig": "6812ae15b8d5c88ad84e6b29f612af4b9735d0c67d9c0e665479f5ceb9e98c87ba6f7492f020c46bc5104151e57d4aef889ca52189d440a0587b4c9b3a676391"
}