GeneralInformation

Hostnames	ms1829.m.lrmailr.pl
Domains	lrmailr.pl
Country	Germany
City	Frankfurt am Main
Organization	OVH GmbH
ISP	OVH SAS
ASN	AS16276

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2022-22707

5.9In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.

OpenPorts

25 80 81 123 8888

-938050348 | 2024-04-16T12:54:42.168562

25 / tcp

220 ms1829.m.lrmailr.pl ESMTP Postfix (Ubuntu)
250-ms1829.m.lrmailr.pl
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:52:38:90:93:b5:f1:38:cb:8f:a8:d1:49:84:f5:ae:70:55:6f:88
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ms1829
        Validity
            Not Before: Apr  4 15:13:18 2023 GMT
            Not After : Apr  1 15:13:18 2033 GMT
        Subject: CN=ms1829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d0:c9:1b:1f:62:94:44:ab:6e:ae:2b:98:42:f0:
                    b0:a7:d1:05:f7:ed:42:3b:88:e9:5d:c1:3f:11:f6:
                    e6:c1:a5:c9:64:cb:50:7f:1f:76:6f:23:35:2f:0f:
                    84:69:3f:00:25:05:da:81:04:90:d5:7e:8e:6f:a1:
                    b4:21:50:e6:4d:ed:23:78:71:e7:8a:27:36:ff:40:
                    ca:4d:d9:9a:81:be:ee:75:51:6e:ac:fb:53:d7:78:
                    d4:3a:8a:69:ba:c2:48:73:14:8b:62:1a:e4:e7:17:
                    c2:fa:8f:b0:51:13:21:f2:71:2a:36:54:18:67:9e:
                    28:0c:78:db:98:74:b3:b8:d3:6d:42:cc:ca:89:7c:
                    bb:85:33:30:8b:20:4e:a8:f5:68:c7:92:12:d3:67:
                    21:d8:ee:42:07:90:0e:2f:f9:29:16:38:e4:8b:e9:
                    e9:80:2d:fc:e9:5d:9e:18:65:ac:c2:96:92:f9:80:
                    2e:98:13:93:dd:d2:ab:f8:5a:5c:e3:22:1b:d7:56:
                    b6:c6:c1:4f:d5:0e:29:26:7f:a8:92:9f:da:4e:4e:
                    62:a9:cd:df:48:4c:b4:e1:a6:f4:d9:20:02:be:6f:
                    7e:06:e5:72:54:d6:e4:9e:88:76:a4:d1:c9:22:d1:
                    36:29:87:b4:89:9c:c3:01:73:aa:17:22:09:d5:38:
                    34:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Alternative Name: 
                DNS:ms1829
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        b3:63:5c:81:e5:a3:98:a1:c6:59:db:dd:7d:02:c3:c2:80:43:
        59:12:07:d4:f8:48:0d:84:d3:0d:d9:0b:c4:d2:0c:dd:7a:96:
        ee:98:8c:26:60:eb:17:14:01:04:5e:33:86:e5:8f:c7:aa:1b:
        6c:a8:5f:25:d7:1e:f2:2d:e0:e3:6e:d9:79:e1:19:c1:e4:68:
        8e:af:a6:1a:2d:ab:3a:6b:f2:77:4e:93:43:e2:07:f9:d3:fa:
        71:fa:d4:ee:ae:de:07:a9:b8:6e:3e:d6:5f:f2:60:a5:d8:f4:
        6b:0f:6c:46:29:30:0e:2a:1f:c2:3e:cb:75:f6:af:08:d2:6d:
        b1:33:da:3f:97:46:e1:ec:56:4b:77:05:fa:40:b5:75:43:bd:
        2a:51:8c:90:ae:1b:17:d0:e8:18:5e:b2:c6:c5:fa:c8:65:ac:
        65:18:ae:7a:c4:11:29:e2:e5:09:2a:f7:7f:cd:9a:56:87:8f:
        4a:3e:37:d1:ec:84:78:13:60:1d:65:5f:34:f3:68:26:43:91:
        85:8b:cd:20:38:46:35:f1:73:86:60:25:9e:50:b3:2e:0f:ff:
        83:67:db:de:e0:a4:f5:df:ce:71:c6:a0:6f:ae:d1:48:be:15:
        76:64:59:b0:84:f0:18:fa:ec:a4:7c:19:fe:09:25:b9:50:39:
        d1:1c:9a:d8

-1336900766 | 2024-04-16T01:18:48.356702

80 / tcp

HTTP/1.1 301 Moved Permanently
Location: http://s.xya.pl/&ref=
Content-Length: 0
Date: Tue, 16 Apr 2024 01:18:47 GMT
Server: lighttpd/1.4.55

-1733538370 | 2024-04-18T07:24:06.137823

81 / tcp

HTTP/1.1 404 Not Found
Content-type: text/html; charset=UTF-8
Content-Length: 0
Date: Thu, 18 Apr 2024 07:24:06 GMT
Server: lighttpd/1.4.55

1043806249 | 2024-04-05T22:52:16.404016

123 / udp

NTP
protocolversion: 3
stratum: 3
leap: 0
precision: -23
rootdelay: 0.00709533691406
rootdisp: 0.0204315185547
refid: 3676124259
reftime: 3921346107.97
poll: 3

410181173 | 2024-04-11T00:46:09.947252

8888 / tcp

HTTP/1.0 403 Access denied
Server: tinyproxy/1.10.0
Content-Type: text/html
Connection: close

162.19.154.62

Last Seen: 2024-04-18

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-938050348 | 2024-04-16T12:54:42.168562
25 / tcp

Postfix smtpd

-1336900766 | 2024-04-16T01:18:48.356702
80 / tcp

lighttpd1.4.55

-1733538370 | 2024-04-18T07:24:06.137823
81 / tcp

lighttpd1.4.55

1043806249 | 2024-04-05T22:52:16.404016
123 / udp

410181173 | 2024-04-11T00:46:09.947252
8888 / tcp

Tinyproxy1.10.0

Products

Pricing

Contact Us

162.19.154.62

Last Seen: 2024-04-18

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-938050348 | 2024-04-16T12:54:42.168562 25 / tcp

Postfix smtpd

-1336900766 | 2024-04-16T01:18:48.356702 80 / tcp

lighttpd1.4.55

-1733538370 | 2024-04-18T07:24:06.137823 81 / tcp

lighttpd1.4.55

1043806249 | 2024-04-05T22:52:16.404016 123 / udp

410181173 | 2024-04-11T00:46:09.947252 8888 / tcp

Tinyproxy1.10.0

Products

Pricing

Contact Us

-938050348 | 2024-04-16T12:54:42.168562
25 / tcp

-1336900766 | 2024-04-16T01:18:48.356702
80 / tcp

-1733538370 | 2024-04-18T07:24:06.137823
81 / tcp

1043806249 | 2024-04-05T22:52:16.404016
123 / udp

410181173 | 2024-04-11T00:46:09.947252
8888 / tcp