GeneralInformation

Hostnames	car16.com 172-104-98-106.ip.linodeusercontent.com
Domains	car16.com linodeusercontent.com
Cloud Provider	Linode
Cloud Region	jp-13
Country	Japan
City	Tokyo
Organization	Linode
ISP	Akamai Connected Cloud
ASN	AS63949

WebTechnologies

JavaScript frameworks

JavaScript libraries

Programming languages

Node.js

Static site generator

Tag managers

UI frameworks

Web frameworks

Web servers

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-3824	In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
CVE-2023-3823	In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.
CVE-2013-2220	7.5Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
CVE-2007-3205	5.0The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

OpenPorts

22 80 443 3000 3306 6379 8080

985898312 | 2024-04-21T13:31:58.186151

22 / tcp

SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQCyw6gSC4V9APWZI4Rz2QOc7roVMki79bn4nM6SRVTnYgjz
uvfQqcXRRazdysb1GEG412jAoQHnBAk+v0+oUYSruyEMzc16NQ5zKkuuonlbiUeHkF1q7Xrdt3mx
iZuU4QBuaZLt4sT0EB7BofjX8N58N2XQrxJGVbcmK0Kue8VK3czIf86I/IAVSIj+I2kxcvQ5QX37
0UHmouArjpuaw6oXjIu6ht31q3AUG/+cRVwR1U491SxbpiPGk5C5T4m2TQqvD4ZYizL45YqPnwGv
So3JZyRFZHquDHoP2CVW4HbsYw31HBt5Lfcx07YDogvbreHTl7rellwR9u7TliGGMCCMKJPRqhSZ
SDXxhp5y+T0JrIoD2xCFzXVZ2yUFRZtH/pWi5zS9V3WJ3JChtj7M5a2g77GZr3nYbqk/sir7FI0o
t0n7JGgRJm7+1dTsMWFHv0wk7NqA9Ckf8KhrZJDcR03nF+QX0tBFKqLvVBjnj6JsEF9sbtve5ami
ZAXAcoY15Mk=
Fingerprint: a6:8f:d9:18:be:21:fc:47:0e:11:76:42:8e:84:f9:b4

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

-697320684 | 2024-04-25T09:10:39.848437

80 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx/1.25.2
Date: Thu, 25 Apr 2024 09:10:39 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://172.104.98.106/

1907677012 | 2024-04-25T09:10:43.761692

443 / tcp

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 25 Apr 2024 09:10:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 354580
Connection: keep-alive
Set-Cookie: auth.strategy=local; Path=/
ETag: "56914-sJ/22JjO6nZcve/LyoMR/sjhMjE"
Accept-Ranges: none
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=16070400; includeSubDomains
Referrer-Policy: origin
Permissions-Policy: camera=(), microphone=()

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:87:1a:f2:d9:16:53:17:40:34:5f:81:a5:50:92:7b:b0:43
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Feb 12 23:49:57 2024 GMT
            Not After : May 12 23:49:56 2024 GMT
        Subject: CN=car16.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:fc:1d:09:cc:9c:7e:cf:68:43:61:92:f6:8c:23:
                    67:2d:3f:58:dc:42:e7:d8:58:ec:49:60:9d:12:bb:
                    3f:d2:13:a2:b0:df:cf:11:6f:10:e7:eb:56:f5:bc:
                    2e:55:b7:b1:cc:7a:b6:1e:3f:ad:a3:6c:6d:78:4f:
                    9e:92:6a:fd:2c
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                08:AF:24:16:EB:4B:AE:7C:78:D2:A5:F0:94:7B:1A:89:14:36:D2:AB
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:*.car16.com, DNS:car16.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Feb 13 00:49:57.684 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:BC:A0:FF:BB:C4:F6:3F:58:29:7E:81:
                                10:9C:4B:74:CE:86:5C:F6:42:74:3B:F9:CB:9B:5A:07:
                                90:CA:97:46:8B:02:21:00:AF:5B:03:9E:19:2A:F2:51:
                                1D:C8:92:00:62:13:50:CD:CC:7C:50:D7:B7:12:AE:C9:
                                4D:BA:6E:D2:75:28:19:CF
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Feb 13 00:49:57.968 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:09:08:6E:7D:3D:4D:52:BA:B5:0C:71:DA:
                                B7:56:6A:15:E9:58:2C:DA:75:30:2A:D0:8F:00:E7:F1:
                                5C:C5:1E:86:02:21:00:AB:2B:CA:62:D5:DF:30:9E:67:
                                63:A0:82:9E:59:F5:C0:82:71:5F:52:86:C6:66:AA:70:
                                AE:4F:B6:77:73:26:28
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        16:fc:75:73:88:97:b1:76:78:9b:6a:82:a7:76:dd:3f:30:d8:
        d1:1b:0b:b5:64:f7:bb:92:ba:4a:af:ec:7e:96:bb:49:91:b5:
        ce:1c:a3:3e:8d:42:ab:ca:20:7b:24:14:e7:26:b3:fc:ad:0c:
        40:f0:52:44:d7:32:18:22:6a:51:93:79:50:50:b5:a4:58:43:
        4a:00:60:29:17:08:7b:e6:a4:66:db:5a:44:65:73:b2:30:20:
        35:a8:0d:36:9b:35:87:53:0b:0d:58:37:78:bd:55:ad:69:a9:
        d7:89:f8:3a:ca:29:75:c1:19:9c:6d:2f:c3:bc:6b:87:24:82:
        07:24:97:65:41:b2:d4:98:a2:7c:1a:1d:97:e5:3b:5c:52:50:
        68:29:c1:93:5e:a4:98:17:49:d9:58:09:26:7e:b9:78:1e:f7:
        0c:c1:a0:9b:be:85:dc:09:7c:e0:20:c0:28:90:f2:d7:7c:73:
        e5:2f:70:76:5a:a3:7f:9a:a2:7a:78:1a:0f:87:ce:91:61:cd:
        9e:ac:33:ac:07:d3:30:bb:e8:54:b9:9c:aa:7a:e2:65:f8:94:
        44:89:35:2a:ab:b6:94:4a:4f:a2:25:3a:69:8a:30:af:f4:3e:
        10:47:3f:d3:28:e3:1e:ca:7e:a1:ac:e5:a1:98:d2:1b:9d:0b:
        f6:b8:f4:4d

-873982870 | 2024-04-18T12:17:19.209701

3000 / tcp

HTTP/1.1 200 OK
Set-Cookie: auth.strategy=local; Path=/
ETag: "56927-YRanQCqGdLmEJZE7fXqGyBGSR0g"
Content-Type: text/html; charset=utf-8
Accept-Ranges: none
Content-Length: 354599
Vary: Accept-Encoding
Date: Thu, 18 Apr 2024 12:17:18 GMT
Connection: keep-alive
Keep-Alive: timeout=5

1513671470 | 2024-04-18T02:48:58.105292

3306 / tcp

MySQL:
  Protocol Version: 10
  Version: 5.7.43
  Capabilities: 65535
  Server Language: 8
  Server Status: 2
  Extended Server Capabilities: 49663
  Authentication Plugin: mysql_native_password

1036924229 | 2024-04-23T17:45:45.279550

6379 / tcp

# Server
redis_version:7.0.12
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:275d31c4087c801
redis_mode:standalone
os:Linux 5.4.0-156-generic x86_64
arch_bits:64
monotonic_clock:POSIX clock_gettime
multiplexing_api:epoll
atomicvar_api:c11-builtin
gcc_version:12.2.0
process_id:1
process_supervised:no
run_id:04170e1358ad60ba74da072161182d5522d9fa9d
tcp_port:6379
server_time_usec:1713894345019206
uptime_in_seconds:12212679
uptime_in_days:141
hz:10
configured_hz:10
lru_clock:2618312
executable:/data/redis-server
config_file:
io_threads_active:0

# Clients
connected_clients:2
cluster_connections:0
maxclients:10000
client_recent_max_input_buffer:8
client_recent_max_output_buffer:0
blocked_clients:0
tracking_clients:0
clients_in_timeout_table:0

# Memory
used_memory:80252296
used_memory_human:76.53M
used_memory_rss:75288576
used_memory_rss_human:71.80M
used_memory_peak:431613544
used_memory_peak_human:411.62M
used_memory_peak_perc:18.59%
used_memory_overhead:3393512
used_memory_startup:862176
used_memory_dataset:76858784
used_memory_dataset_perc:96.81%
allocator_allocated:80564712
allocator_active:81133568
allocator_resident:86269952
total_system_memory:8331173888
total_system_memory_human:7.76G
used_memory_lua:2722816
used_memory_vm_eval:2722816
used_memory_lua_human:2.60M
used_memory_scripts_eval:2528552
number_of_cached_scripts:1951
number_of_functions:0
number_of_libraries:0
used_memory_vm_functions:32768
used_memory_vm_total:2755584
used_memory_vm_total_human:2.63M
used_memory_functions:184
used_memory_scripts:2528736
used_memory_scripts_human:2.41M
maxmemory:0
maxmemory_human:0B
maxmemory_policy:noeviction
allocator_frag_ratio:1.01
allocator_frag_bytes:568856
allocator_rss_ratio:1.06
allocator_rss_bytes:5136384
rss_overhead_ratio:0.87
rss_overhead_bytes:-10981376
mem_fragmentation_ratio:0.94
mem_fragmentation_bytes:-4923792
mem_not_counted_for_evict:0
mem_replication_backlog:0
mem_total_replication_buffers:0
mem_clients_slaves:0
mem_clients_normal:1800
mem_cluster_links:0
mem_aof_buffer:0
mem_allocator:jemalloc-5.2.1
active_defrag_running:0
lazyfree_pending_objects:0
lazyfreed_objects:0

# Persistence
loading:0
async_loading:0
current_cow_peak:0
current_cow_size:0
current_cow_size_age:0
current_fork_perc:0.00
current_save_keys_processed:0
current_save_keys_total:0
rdb_changes_since_last_save:6
rdb_bgsave_in_progress:0
rdb_last_save_time:1713893566
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:0
rdb_current_bgsave_time_sec:-1
rdb_saves:29347
rdb_last_cow_size:823296
rdb_last_load_keys_expired:0
rdb_last_load_keys_loaded:0
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_rewrites:0
aof_rewrites_consecutive_failures:0
aof_last_write_status:ok
aof_last_cow_size:0
module_fork_in_progress:0
module_fork_last_cow_size:0

# Stats
total_connections_received:22010
total_commands_processed:1270533
instantaneous_ops_per_sec:0
total_net_input_bytes:500253725425
total_net_output_bytes:2906320006168
total_net_repl_input_bytes:89040800
total_net_repl_output_bytes:0
instantaneous_input_kbps:0.00
instantaneous_output_kbps:0.00
instantaneous_input_repl_kbps:0.00
instantaneous_output_repl_kbps:0.00
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:13886
expired_stale_perc:0.00
expired_time_cap_reached_count:0
expire_cycle_cpu_milliseconds:230913
evicted_keys:0
evicted_clients:0
total_eviction_exceeded_time:0
current_eviction_exceeded_time:0
keyspace_hits:691094
keyspace_misses:76251
pubsub_channels:0
pubsub_patterns:0
pubsubshard_channels:0
latest_fork_usec:1403
total_forks:1427
migrate_cached_sockets:0
slave_expires_tracked_keys:0
active_defrag_hits:0
active_defrag_misses:0
active_defrag_key_hits:0
active_defrag_key_misses:0
total_active_defrag_time:0
current_active_defrag_time:0
tracking_total_keys:0
tracking_total_items:0
tracking_total_prefixes:0
unexpected_error_replies:0
total_error_replies:312529
dump_payload_sanitizations:0
total_reads_processed:3773220
total_writes_processed:1369901
io_threaded_reads_processed:0
io_threaded_writes_processed:0
reply_buffer_shrinks:551803
reply_buffer_expands:664364

# Replication
role:master
connected_slaves:0
master_failover_state:no-failover
master_replid:d93e60a9724233db943af6ed2b06894bb12858ed
master_replid2:e3f3bef96cfccbecbaaadfdb1601512643d4050f
master_repl_offset:0
second_repl_offset:1
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0

# CPU
used_cpu_sys:7779.858563
used_cpu_user:9771.892166
used_cpu_sys_children:81.163820
used_cpu_user_children:823.507334
used_cpu_sys_main_thread:7756.585714
used_cpu_user_main_thread:9762.721379

# Modules

# Errorstats
errorstat_ERR:count=312457
errorstat_READONLY:count=64
errorstat_WRONGPASS:count=8

# Cluster
cluster_enabled:0

# Keyspace
db0:keys=11,expires=7,avg_ttl=3084747

# Keys
# NOTE: more keys available in the database
backup1
strapi-/api/pages?filters={"slug":"homepage"},populate=deep&
strapi-/api/posts?filters={"slug":"how-to-apply-feng-shui-to-your-car"},populate=deep&
strapi-/api/posts?filters={"slug":"car-plate-bid-guide"},populate=deep&
strapi-/api/posts?filters={"slug":"change-car-plate"},populate=deep&
strapi-/api/posts?filters={"slug":"motorcycle-plate"},populate=deep&
strapi-/api/posts?filters={"slug":"car-plate"},populate=deep&
backup2
backup4
backup3

# Connected Clients
id=10545 addr=172.18.0.3:50610 laddr=172.18.0.7:6379 fd=8 name= age=6614775 idle=46 flags=N db=0 sub=0 psub=0 ssub=0 multi=-1 qbuf=0 qbuf-free=0 argv-mem=0 multi-mem=0 rbs=1024 rbp=0 obl=0 oll=0 omem=0 tot-mem=1800 events=r cmd=get user=default redir=-1 resp=2
id=23922 addr=224.24.179.175:46304 laddr=172.18.0.7:6379 fd=9 name= age=1 idle=0 flags=N db=0 sub=0 psub=0 ssub=0 multi=-1 qbuf=26 qbuf-free=20448 argv-mem=10 multi-mem=0 rbs=1024 rbp=525 obl=0 oll=0 omem=0 tot-mem=22298 events=r cmd=client|list user=default redir=-1 resp=2

418790745 | 2024-04-22T21:06:02.396990

8080 / tcp

HTTP/1.1 200 OK
Date: Mon, 22 Apr 2024 21:06:02 GMT
Server: Apache/2.4.57 (Debian)
X-Powered-By: PHP/8.2.8
Set-Cookie: phpMyAdmin=10688226c19d4bff99fc43817eaad6d6; path=/; HttpOnly; SameSite=Strict
Expires: Mon, 22 Apr 2024 21:06:02 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Mon, 22 Apr 2024 21:06:02 +0000
Set-Cookie: phpMyAdmin=10688226c19d4bff99fc43817eaad6d6; path=/; HttpOnly; SameSite=Strict
Set-Cookie: pma_lang=en; expires=Wed, 22 May 2024 21:06:02 GMT; Max-Age=2592000; path=/; HttpOnly; SameSite=Strict
Set-Cookie: phpMyAdmin=3667baee7d551a0ccb2feae1e07508a6; path=/; HttpOnly; SameSite=Strict
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

172.104.98.106

Last Seen: 2024-04-25

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

985898312 | 2024-04-21T13:31:58.186151
22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.11

-697320684 | 2024-04-25T09:10:39.848437
80 / tcp

nginx1.25.2

1907677012 | 2024-04-25T09:10:43.761692
443 / tcp

nginx

-873982870 | 2024-04-18T12:17:19.209701
3000 / tcp

1513671470 | 2024-04-18T02:48:58.105292
3306 / tcp

MySQL5.7.43

1036924229 | 2024-04-23T17:45:45.279550
6379 / tcp

Redis key-value store7.0.12

418790745 | 2024-04-22T21:06:02.396990
8080 / tcp

Apache httpd2.4.57

Products

Pricing

Contact Us

172.104.98.106

Last Seen: 2024-04-25

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

985898312 | 2024-04-21T13:31:58.186151 22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.11

-697320684 | 2024-04-25T09:10:39.848437 80 / tcp

nginx1.25.2

1907677012 | 2024-04-25T09:10:43.761692 443 / tcp

nginx

-873982870 | 2024-04-18T12:17:19.209701 3000 / tcp

1513671470 | 2024-04-18T02:48:58.105292 3306 / tcp

MySQL5.7.43

1036924229 | 2024-04-23T17:45:45.279550 6379 / tcp

Redis key-value store7.0.12

418790745 | 2024-04-22T21:06:02.396990 8080 / tcp

Apache httpd2.4.57

Products

Pricing

Contact Us

985898312 | 2024-04-21T13:31:58.186151
22 / tcp

-697320684 | 2024-04-25T09:10:39.848437
80 / tcp

1907677012 | 2024-04-25T09:10:43.761692
443 / tcp

-873982870 | 2024-04-18T12:17:19.209701
3000 / tcp

1513671470 | 2024-04-18T02:48:58.105292
3306 / tcp

1036924229 | 2024-04-23T17:45:45.279550
6379 / tcp

418790745 | 2024-04-22T21:06:02.396990
8080 / tcp