GeneralInformation

Hostnames	moomin.default.moomin.uk0.bigv.io digitalvegan.net
Domains	bigv.io digitalvegan.net
Country	United Kingdom
City	Manchester
Organization	BIGV-VM-ACCESS4
ISP	IOMART MANAGED SERVICES LIMITED
ASN	AS35425
Operating System	Debian-Security

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2019-11072	9.8lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
CVE-2018-19052	7.5An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
CVE-2015-3200	7.5mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

OpenPorts

22 80 443

-1840942388 | 2024-04-17T10:01:02.173785

22 / tcp

SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u8
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDMVXPBP1jKYoWVBkDwkGF1dcpvQ14/ShtKOdmbcOfIuo06
ivXscvB/tIoO6WzypCWtm9uvcLGjbDp7Hx17evwIFo4iWT5rKjP4rN9Xk5bc3Aecn24WWDb+e2sG
zB308gkvquBTIAMN2fFv9yyClm6hyYJyl2rTxrb8ROt2LcNtWwwLo3uWkCXAOWhvAlSorElyOO89
/q8rRZqsOo8Twnq7moH9hko0Sd0+DpXXcdCbxctrcSshudggt9slOdq62b9p021Rv28yqDvnfGwo
k2HwDq2p5NvyURTWHCI7TYDYQ9lGl+whxI8/OlgjWRdtrDdJDguj3L30bIybkRnuVECt
Fingerprint: 5e:b2:f6:5c:6e:a5:22:bb:b7:2d:e1:9f:20:c4:9e:8a

Kex Algorithms:
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group14-sha1

Server Host Key Algorithms:
	ssh-rsa
	ssh-dss

Encryption Algorithms:
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com
	chacha20-poly1305@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

495707094 | 2024-04-16T12:15:51.609262

80 / tcp

HTTP/1.1 200 OK
Content-Type: text/html
Accept-Ranges: bytes
ETag: "866837713"
Last-Modified: Mon, 29 Jan 2018 20:50:31 GMT
Content-Length: 45
Date: Tue, 16 Apr 2024 12:15:50 GMT
Server: lighttpd/1.4.35

495707094 | 2024-04-10T21:55:18.634169

443 / tcp

HTTP/1.1 200 OK
Content-Type: text/html
Accept-Ranges: bytes
ETag: "866837713"
Last-Modified: Mon, 29 Jan 2018 20:50:31 GMT
Content-Length: 45
Date: Wed, 10 Apr 2024 21:55:18 GMT
Server: lighttpd/1.4.35

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:13:79:74:3c:62:3f:d9:5b:9b:3d:6c:b8:10:d0:eb:12:a3
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Feb 21 23:13:07 2024 GMT
            Not After : May 21 23:13:06 2024 GMT
        Subject: CN=digitalvegan.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:db:09:d8:4d:9a:cc:72:ec:36:92:cd:24:b8:d3:
                    d4:0b:01:93:c7:3e:44:b1:3c:ac:8b:f2:d7:e5:05:
                    83:7d:1c:31:4f:86:11:9f:f9:89:bd:10:a1:9a:3d:
                    be:63:d2:6f:e8:8d:ff:c5:01:42:85:9c:a1:3a:5c:
                    e1:d8:0a:5c:65:4e:5a:ce:34:b6:e2:e4:0a:84:8a:
                    67:40:04:98:a5:75:93:f5:fd:58:6f:a2:15:fc:30:
                    4b:c8:5e:9e:f5:7f:97:63:99:3d:d9:69:38:bf:66:
                    12:b6:93:6d:d4:9b:60:c2:e6:14:3e:ce:f3:b0:bd:
                    96:16:9c:64:76:fa:dc:88:c3:f5:46:48:43:cb:17:
                    ee:67:4f:f2:eb:aa:ad:31:4c:46:96:bb:1a:53:0b:
                    ed:9a:43:76:3e:fb:1a:b9:0c:db:f5:1c:98:97:15:
                    2d:4a:13:31:08:8a:5c:ca:d5:d2:d5:72:b9:3b:24:
                    33:c3:50:e0:6d:34:04:ea:68:0c:56:f4:ab:71:82:
                    2b:ff:13:27:d3:19:53:85:90:c7:2b:cd:5b:e0:28:
                    76:0a:48:15:73:e7:14:31:82:75:33:99:fd:17:fa:
                    20:5c:06:a5:4d:ef:54:8b:c6:cd:b6:f0:a1:28:c8:
                    59:f1:bb:7b:4e:68:5f:d0:dc:6b:d7:df:7f:eb:fd:
                    13:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                FF:CD:C3:81:22:D4:AD:B5:FB:65:BB:54:84:FB:40:56:81:ED:D6:67
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:digitalvegan.net
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Feb 22 00:13:07.927 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:6D:01:D3:E7:07:C8:6B:91:4B:5D:F1:CC:
                                C7:1B:CE:4A:FE:96:65:27:82:14:E8:EB:4A:BF:6A:BA:
                                DB:29:37:52:02:20:0B:8C:EF:93:6D:16:7E:DA:10:A3:
                                97:EB:97:DB:6B:AD:74:76:C9:17:14:E8:23:B0:98:59:
                                2A:A8:BC:A9:3F:0D
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
                                65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
                    Timestamp : Feb 22 00:13:08.548 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:FA:36:E9:58:07:90:6E:1A:03:3A:06:
                                A7:9C:3B:02:9C:02:AC:76:1C:4E:51:7E:6D:D3:76:5E:
                                36:75:3F:0F:7E:02:20:31:5F:C1:BC:77:EF:50:62:69:
                                4C:EB:CE:02:46:36:42:25:C7:55:38:BA:9D:C4:40:FA:
                                C1:EA:5C:EF:73:5D:7A
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        80:a7:e1:1a:03:a2:87:e8:2b:26:cf:fc:0c:83:9a:3d:75:e5:
        ca:74:68:a4:0c:45:2f:b2:e6:2a:b0:c5:6b:16:86:de:68:1f:
        7c:72:9b:d7:47:4b:bd:5d:ad:d4:02:47:c1:dd:0d:61:c6:ba:
        ad:90:de:9d:75:04:ef:10:73:a8:e8:01:9d:fa:47:8f:9b:47:
        b6:b2:39:3f:de:76:fd:74:cf:d6:49:b7:23:9a:66:51:55:fa:
        e4:9d:af:0b:41:48:17:79:16:fc:91:4e:1c:9c:b1:41:cc:07:
        18:6f:0b:3c:a6:2a:30:48:a5:65:01:bf:1e:10:d2:9e:b5:1c:
        3f:a7:a3:d6:77:7f:f1:09:9c:0e:f6:cc:e4:53:9c:d3:3c:25:
        41:b1:67:0d:d9:ae:5a:d4:3d:df:0c:ce:47:86:a0:0a:6b:e9:
        0f:88:83:61:2a:58:56:45:31:90:12:47:81:2b:7c:9b:63:3a:
        12:bf:f3:23:6e:38:fa:70:e1:5b:2e:65:f0:2f:22:2c:ae:a6:
        d2:47:d0:19:2b:19:fe:66:27:9b:62:ce:c8:49:ec:57:ba:9a:
        d5:47:3a:7e:f7:78:11:50:4a:4c:54:a2:2f:f3:4e:e5:bd:57:
        5c:11:f3:99:9b:e6:93:a6:40:52:aa:f8:36:31:02:51:f2:f3:
        53:05:83:2b

213.138.108.63

Last Seen: 2024-04-17

GeneralInformation

Vulnerabilities

OpenPorts

-1840942388 | 2024-04-17T10:01:02.173785
22 / tcp

OpenSSH6.7p1 Debian 5+deb8u8

495707094 | 2024-04-16T12:15:51.609262
80 / tcp

lighttpd1.4.35

495707094 | 2024-04-10T21:55:18.634169
443 / tcp

lighttpd1.4.35

Products

Pricing

Contact Us

213.138.108.63

Last Seen: 2024-04-17

GeneralInformation

Vulnerabilities

OpenPorts

-1840942388 | 2024-04-17T10:01:02.173785 22 / tcp

OpenSSH6.7p1 Debian 5+deb8u8

495707094 | 2024-04-16T12:15:51.609262 80 / tcp

lighttpd1.4.35

495707094 | 2024-04-10T21:55:18.634169 443 / tcp

lighttpd1.4.35

Products

Pricing

Contact Us

-1840942388 | 2024-04-17T10:01:02.173785
22 / tcp

495707094 | 2024-04-16T12:15:51.609262
80 / tcp

495707094 | 2024-04-10T21:55:18.634169
443 / tcp