π
Original date posted:2015-08-17
π Original message:I'm sure that most people here were skeptical, but FWIW, the server that
hosts vistomail.com is a mess, it's a Plesk box with more than a couple of
services with dubious security histories. MailEnable smtpd, MSRPC, RDP, see
for yourself:
Most likely someone popped the box and is entertaining themselves.
Nmap scan report for vistomail.com (190.97.163.93)
Host is up (0.10s latency).
Not shown: 65521 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after: 2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.
25/tcp open smtp MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
53/tcp open domain Microsoft DNS 6.1.7601
| dns-nsid:
|_ bind.version: Microsoft DNS 6.1.7601 (1DB14556)
80/tcp open http Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-ntlm-info:
| Target_Name: DS04
| NetBIOS_Domain_Name: DS04
| NetBIOS_Computer_Name: DS04
| DNS_Domain_Name: DS04
| DNS_Computer_Name: DS04
|_ Product_Version: 6.1 (Build 7601)
|_http-title: Domain Default page
110/tcp open pop3 MailEnable POP3 Server
|_pop3-capabilities: USER TOP UIDL
135/tcp open msrpc Microsoft Windows RPC
143/tcp open imap MailEnable imapd
|_imap-capabilities: completed CAPABILITY AUTH=CRAM-MD5 CHILDREN
UIDPLUSA0001 AUTH=LOGIN IMAP4rev1 OK IDLE IMAP4
443/tcp open ssl/http Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Domain Default page
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after: 2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
587/tcp open smtp MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
3389/tcp open ms-wbt-server Microsoft Terminal Service
8443/tcp open https-alt?
| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels,
Inc./stateOrProvinceName=Virginia/countryName=US
| Not valid before: 2015-03-13T19:40:20+00:00
|_Not valid after: 2016-03-12T19:40:20+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
8880/tcp open http Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
|_http-methods: No Allow or Public header in OPTIONS response (status code
500)
|_http-title: Site doesn't have a title (text/html; charset=utf-8).
49154/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
Device type: general purpose|phone
Running: Microsoft Windows 2008|7|Phone|Vista
OS CPE: cpe:/o:microsoft:windows_server_2008:r2
cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8
cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::-
cpe:/o:microsoft:windows_vista::sp1
OS details: Windows Server 2008 R2, Microsoft Windows 7 Professional or
Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0
or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2,
Windows 7 SP1, or Windows Server 2008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150817/3cf6b8c1/attachment.html>