GeneralInformation

Hostnames	ms1622.m.lrmailr.pl
Domains	lrmailr.pl
Country	France
City	Strasbourg
Organization	OVH SAS
ISP	OVH SAS
ASN	AS16276

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2022-22707

4.3In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.

OpenPorts

25 80 81 123 8888

-907626323 | 2024-04-30T07:31:10.606683

25 / tcp

220 ms1622.m.lrmailr.pl ESMTP Postfix (Ubuntu)
250-ms1622.m.lrmailr.pl
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:a4:1b:11:01:3d:e9:54:41:bb:79:17:18:8f:30:71:9e:ce:93:96
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ms1622
        Validity
            Not Before: Apr 14 21:10:27 2022 GMT
            Not After : Apr 11 21:10:27 2032 GMT
        Subject: CN=ms1622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a7:c6:5c:03:17:bc:a6:94:ed:7d:27:26:49:f0:
                    c6:6f:2a:35:7b:76:23:6a:0f:a6:f9:b8:5c:b0:3a:
                    87:c8:3a:7c:e1:9f:bd:21:58:fc:ac:b2:f4:64:2a:
                    02:53:25:9a:0d:80:01:fd:6a:19:a6:52:ff:9e:93:
                    8c:03:b3:3a:17:cd:8e:43:7e:84:f4:91:fc:31:cb:
                    93:e8:a4:95:14:bc:9f:c0:20:1e:a7:d1:9b:de:5c:
                    24:e1:19:a3:3e:18:7f:03:0d:99:c3:be:36:40:7d:
                    4c:5c:1b:3d:38:64:fa:75:c5:ca:8c:8f:3c:e9:d4:
                    4c:23:65:f8:79:a6:a5:54:a1:66:b0:44:71:52:45:
                    a9:74:19:29:0f:ea:4d:0e:6a:ed:29:c6:ee:41:5f:
                    2f:b4:bb:15:64:b1:83:f0:3d:45:66:a1:2a:c1:09:
                    9b:a5:5b:41:9d:6c:ac:1e:cc:7b:10:79:db:a2:d3:
                    52:06:81:17:c2:37:13:df:3e:f7:fe:f0:c9:02:ab:
                    8b:2a:f2:dc:69:2d:20:2b:e2:09:1c:6f:95:63:f6:
                    63:bd:79:4b:01:7e:57:de:44:dc:68:aa:14:56:cc:
                    d0:92:99:ee:0c:9f:71:01:77:68:5c:10:a6:dd:34:
                    45:a6:66:15:4d:44:3b:85:05:43:a6:87:2b:89:fa:
                    22:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Alternative Name: 
                DNS:ms1622
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        0d:f8:50:a0:20:cf:2d:a2:8e:b3:b4:4c:a5:f5:59:a4:59:47:
        99:a2:81:97:35:f6:2b:8b:94:e0:9c:74:54:63:c9:c1:f8:9d:
        c6:f6:ad:2a:ff:26:b1:70:6b:5f:69:75:ea:6c:36:ee:d9:0d:
        41:ce:d0:58:2c:f8:53:85:f1:35:c0:27:5a:a7:08:73:65:a8:
        7e:e1:ee:4f:dd:c2:9e:44:10:c4:7c:ad:63:1a:1e:86:1f:02:
        53:39:07:79:b3:3b:0b:86:36:cb:5e:8d:ba:00:3b:9c:45:1f:
        db:9a:1a:c3:1f:d2:aa:d4:63:f9:e7:4d:19:79:7b:70:da:77:
        e5:05:d0:5a:11:63:9c:71:e0:ae:2b:82:29:91:35:9d:e3:b2:
        77:4e:7a:05:d4:cc:02:61:6c:64:85:5e:33:b4:e2:6b:c2:eb:
        62:d4:f4:6b:ca:80:28:4e:e5:22:8b:cf:50:c3:a4:41:c6:24:
        9f:63:89:b7:fe:96:1c:47:0d:ab:b9:73:f6:5d:22:75:06:5e:
        b6:cb:95:85:9f:c3:d8:2a:a3:56:6a:b2:a9:2a:d0:8e:84:64:
        d2:b6:1e:3e:f4:98:a1:a0:b0:45:41:47:be:5e:fd:68:c3:40:
        0e:6c:bd:d9:5b:ff:02:a5:53:c7:06:a0:d1:98:17:74:a4:5c:
        dd:0c:6f:d0

425533655 | 2024-04-27T06:02:52.783235

80 / tcp

HTTP/1.1 301 Moved Permanently
Location: http://s.xya.pl/&ref=
Content-Length: 0
Date: Sat, 27 Apr 2024 06:02:52 GMT
Server: lighttpd/1.4.55

-2048245182 | 2024-04-21T23:38:55.331516

81 / tcp

HTTP/1.1 404 Not Found
Content-type: text/html; charset=UTF-8
Content-Length: 0
Date: Sun, 21 Apr 2024 23:38:55 GMT
Server: lighttpd/1.4.55

-1626914121 | 2024-04-23T19:26:17.906289

123 / udp

NTP
protocolversion: 3
stratum: 3
leap: 0
precision: -23
rootdelay: 0.00753784179688
rootdisp: 0.0260925292969
refid: 3562249811
reftime: 3922888782.96
poll: 3

410181173 | 2024-04-27T21:13:37.839311

8888 / tcp

HTTP/1.0 403 Access denied
Server: tinyproxy/1.10.0
Content-Type: text/html
Connection: close

164.132.49.188

Last Seen: 2024-04-30

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-907626323 | 2024-04-30T07:31:10.606683
25 / tcp

Postfix smtpd

425533655 | 2024-04-27T06:02:52.783235
80 / tcp

lighttpd1.4.55

-2048245182 | 2024-04-21T23:38:55.331516
81 / tcp

lighttpd1.4.55

-1626914121 | 2024-04-23T19:26:17.906289
123 / udp

410181173 | 2024-04-27T21:13:37.839311
8888 / tcp

Tinyproxy1.10.0

Products

Pricing

Contact Us

164.132.49.188

Last Seen: 2024-04-30

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-907626323 | 2024-04-30T07:31:10.606683 25 / tcp

Postfix smtpd

425533655 | 2024-04-27T06:02:52.783235 80 / tcp

lighttpd1.4.55

-2048245182 | 2024-04-21T23:38:55.331516 81 / tcp

lighttpd1.4.55

-1626914121 | 2024-04-23T19:26:17.906289 123 / udp

410181173 | 2024-04-27T21:13:37.839311 8888 / tcp

Tinyproxy1.10.0

Products

Pricing

Contact Us

-907626323 | 2024-04-30T07:31:10.606683
25 / tcp

425533655 | 2024-04-27T06:02:52.783235
80 / tcp

-2048245182 | 2024-04-21T23:38:55.331516
81 / tcp

-1626914121 | 2024-04-23T19:26:17.906289
123 / udp

410181173 | 2024-04-27T21:13:37.839311
8888 / tcp