GeneralInformation

Country	Netherlands
City	Amsterdam
Organization	Shelter LLC
ISP	Shelter LLC
ASN	AS211409

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-51766	Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2022-37451	Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

21 22 25 80 9090

-145104298 | 2024-04-29T09:00:30.045922

21 / tcp

220 ProFTPD Server (Debian) [::ffff:45.15.156.19]
530 Login incorrect.
214-The following commands are recognized (* =>'s unimplemented):
 CWD     XCWD    CDUP    XCUP    SMNT*   QUIT    PORT    PASV    
 EPRT    EPSV    ALLO    RNFR    RNTO    DELE    MDTM    RMD     
 XRMD    MKD     XMKD    PWD     XPWD    SIZE    SYST    HELP    
 NOOP    FEAT    OPTS    HOST    CLNT    AUTH*   CCC*    CONF*   
 ENC*    MIC*    PBSZ*   PROT*   TYPE    STRU    MODE    RETR    
 STOR    STOU    APPE    REST    ABOR    RANG    USER    PASS    
 ACCT*   REIN*   LIST    NLST    STAT    SITE    MLSD    MLST    
214 Direct comments to root@localhost
211-Features:
 CLNT
 EPRT
 EPSV
 HOST
 LANG C.UTF-8*
 MDTM
 MFF modify;UNIX.group;UNIX.mode;
 MFMT
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.groupname*;UNIX.mode*;UNIX.owner*;UNIX.ownername*;
 RANG STREAM
 REST STREAM
 SITE COPY
 SITE MKDIR
 SITE RMDIR
 SITE SYMLINK
 SITE UTIME
 SIZE
 TVFS
 UTF8
211 End

-1087790906 | 2024-04-30T20:05:32.587481

22 / tcp

SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGnDsyuphJFkienvfUtmr1nl
6E8REu7HVyDL7sx2P8SynAPlCp1OxG2f2ALvzKV/tN62/pAHL57bZfHaicojz5g=
Fingerprint: 18:6b:70:7d:c0:42:e1:69:08:d7:ec:1d:d3:c1:c0:cd

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	sntrup761x25519-sha512@openssh.com
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

1840431253 | 2024-05-04T15:10:20.955343

25 / tcp

220 ispforall.xyz ESMTP Exim 4.95 Ubuntu Sat, 04 May 2024 15:10:03 +0000
250-ispforall.xyz Hello 224.70.103.2 [224.70.103.2]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-PIPE_CONNECT
250-AUTH PLAIN LOGIN CRAM-MD5
250-CHUNKING
250-STARTTLS
250-SMTPUTF8
250 HELP

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:02:0a:3e:ba:00:c4:5a:32:04:25:e1:9e:47:18:7f:a7:37:9c:97
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=XX, ST=XX, L=XX, O=XX, OU=XX, CN=scarlet-elbaite.nl.zerohost.io/emailAddress=root@scarlet-elbaite.nl.zerohost.io
        Validity
            Not Before: Jan 15 11:51:39 2024 GMT
            Not After : Jan 12 11:51:39 2034 GMT
        Subject: C=XX, ST=XX, L=XX, O=XX, OU=XX, CN=scarlet-elbaite.nl.zerohost.io/emailAddress=root@scarlet-elbaite.nl.zerohost.io
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:99:b7:8e:ca:07:02:4d:40:16:c9:19:bc:a9:ec:
                    02:84:f3:e5:0b:d1:12:2d:50:dd:44:cd:87:b7:85:
                    45:64:cc:cd:70:25:a6:55:06:61:df:02:fa:02:bb:
                    61:6b:57:1d:76:e8:4e:0a:ac:6c:fd:63:f8:5a:52:
                    b0:f0:89:c0:8a:64:a7:fe:e4:8f:8f:08:bc:59:d4:
                    4c:d7:78:c4:a2:a4:e1:20:9a:c7:8a:13:d5:e4:b2:
                    29:a5:72:93:90:5f:5e:f8:ea:78:17:f9:3a:b0:8d:
                    07:e4:cf:3a:e8:d1:f7:54:c5:4a:58:36:41:31:7b:
                    a6:bb:7b:2c:74:1b:57:51:2c:67:e2:1d:2d:f2:54:
                    53:92:4f:e6:fe:4f:e8:19:55:3a:2d:63:e1:de:85:
                    da:51:98:b0:33:6f:f5:d0:91:5f:6f:3d:22:f3:03:
                    9b:67:dd:9c:3d:4c:c2:65:60:3a:91:55:a8:34:48:
                    1c:78:a8:f1:44:4d:cc:39:4a:e9:2b:c3:fe:e0:8b:
                    34:33:95:a9:40:41:01:8f:e9:de:45:a4:d2:61:78:
                    fa:81:4d:74:d8:a0:d0:84:27:10:f3:da:99:2a:fe:
                    8b:ad:bd:05:64:a5:b0:7e:70:32:7d:44:7b:37:ae:
                    04:fe:e8:c7:de:e6:68:54:5c:2f:f2:81:75:77:5e:
                    8b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                00:EA:55:10:E1:E9:3C:4F:35:94:03:DE:01:9F:FE:38:FC:19:90:35
            X509v3 Authority Key Identifier: 
                00:EA:55:10:E1:E9:3C:4F:35:94:03:DE:01:9F:FE:38:FC:19:90:35
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        31:36:b3:05:3d:26:ef:fc:48:f4:04:b7:65:a7:1b:f4:bb:95:
        0c:73:b5:46:f1:39:f4:48:cc:b8:17:cc:be:54:1d:3e:05:24:
        57:b3:bb:44:96:49:81:34:02:17:f8:62:1a:96:2d:a3:df:0d:
        0c:02:76:ad:6f:2b:f1:f1:22:8a:e2:46:6b:f9:76:99:e0:a6:
        b6:a1:b5:14:0f:ac:23:63:13:99:75:b6:21:c0:02:29:b1:aa:
        21:0c:2e:67:d7:a4:a9:69:6a:50:6e:5d:c6:24:75:c0:ef:7d:
        ba:4f:f9:e4:cc:c0:e9:9f:7b:f6:26:ab:04:93:2c:bd:3b:6c:
        02:8d:ac:22:55:18:33:07:7a:b6:90:7a:1f:b6:c5:eb:38:5e:
        a3:3a:9d:3b:3c:91:c7:ed:59:0d:13:aa:12:b1:2d:18:1a:1d:
        e6:48:3c:9a:5e:e9:22:73:02:5d:3a:18:0e:1c:0d:d3:66:2e:
        09:d6:ae:49:e4:1b:e5:ce:3c:10:f9:38:36:bf:67:b4:72:98:
        84:b3:49:ea:fa:7d:7f:84:96:43:d1:ef:af:ef:60:3e:d9:08:
        ed:0d:cb:19:91:4f:c2:d4:94:1d:b4:bb:59:01:59:1e:05:9c:
        de:4c:6e:d7:e9:d2:2c:5f:b4:76:37:7e:b3:31:27:6a:2c:68:
        a2:31:c9:20

780672404 | 2024-05-03T13:45:40.104592

80 / tcp

HTTP/1.1 502 Bad Gateway
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 03 May 2024 13:45:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

183960754 | 2024-05-01T16:14:40.950895

9090 / tcp

HTTP/1.1 200 OK
Date: Wed, 01 May 2024 16:14:40 GMT
Content-Length: 714
Content-Type: text/html; charset=utf-8

45.15.156.19

Last Seen: 2024-05-04

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-145104298 | 2024-04-29T09:00:30.045922
21 / tcp

-1087790906 | 2024-04-30T20:05:32.587481
22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.6

1840431253 | 2024-05-04T15:10:20.955343
25 / tcp

Exim smtpd4.95

780672404 | 2024-05-03T13:45:40.104592
80 / tcp

nginx1.18.0

183960754 | 2024-05-01T16:14:40.950895
9090 / tcp

Products

Pricing

Contact Us

45.15.156.19

Last Seen: 2024-05-04

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-145104298 | 2024-04-29T09:00:30.045922 21 / tcp

-1087790906 | 2024-04-30T20:05:32.587481 22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.6

1840431253 | 2024-05-04T15:10:20.955343 25 / tcp

Exim smtpd4.95

780672404 | 2024-05-03T13:45:40.104592 80 / tcp

nginx1.18.0

183960754 | 2024-05-01T16:14:40.950895 9090 / tcp

Products

Pricing

Contact Us

-145104298 | 2024-04-29T09:00:30.045922
21 / tcp

-1087790906 | 2024-04-30T20:05:32.587481
22 / tcp

1840431253 | 2024-05-04T15:10:20.955343
25 / tcp

780672404 | 2024-05-03T13:45:40.104592
80 / tcp

183960754 | 2024-05-01T16:14:40.950895
9090 / tcp