GeneralInformation

Hostnames	static.36.123.108.65.clients.your-server.de
Domains	your-server.de
Country	Finland
City	Helsinki
Organization	Hetzner Online GmbH
ISP	Hetzner Online GmbH
ASN	AS24940

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2022-37454	The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
CVE-2022-31629	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31628	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2017-8923	7.5The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
CVE-2013-2220	7.5Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
CVE-2007-3205	5.0The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

OpenPorts

22 80 443 8081 50000

1125477563 | 2024-05-03T13:30:17.427159

22 / tcp

SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBLRPHWz5u90zs7DxRsGAM8r
WjmCYZE8A9NBxa3hryJl4OSQzolcfXEPrhALxUpThf1n+jue0FinhAdseVe+JWw=
Fingerprint: 18:4d:54:a3:e2:ef:c7:da:62:cb:5e:28:8c:8f:13:9f

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	sntrup761x25519-sha512@openssh.com
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

747856725 | 2024-05-09T02:53:23.838127

80 / tcp

HTTP/1.1 404 Not Found
Date: Thu, 09 May 2024 02:53:23 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: nginx
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.33
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
X-Content-Type-Options: nosniff

747856725 | 2024-05-10T18:29:13.082490

443 / tcp

HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 18:29:12 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: nginx
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.33
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
X-Content-Type-Options: nosniff

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:0b:ee:77:40:86:79:71:13:d2:b1:94:d8:5f:34:13:b9:5a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar 13 08:13:07 2024 GMT
            Not After : Jun 11 08:13:06 2024 GMT
        Subject: CN=*.crunch.help
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:29:25:40:f5:c7:74:99:c8:53:c0:31:80:82:e3:
                    cd:8f:dd:3d:50:ab:b2:c3:33:ab:71:3b:02:bb:72:
                    97:48:76:f4:c9:b1:87:d4:a6:e6:62:c1:7c:64:15:
                    96:3e:42:fb:e5:2e:4f:5f:25:7f:1e:75:d0:e5:e4:
                    5c:f1:47:ae:20
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                36:54:B6:AD:79:B4:68:41:4A:B8:6C:F6:71:94:CD:42:12:9A:3F:9B
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:*.crunch.help
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Mar 13 09:13:08.043 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:FD:0B:C0:D8:B9:5A:DD:84:2A:2B:95:
                                0A:2A:DB:AA:52:68:9C:FD:E0:03:2F:F1:4D:ED:6F:E3:
                                76:B7:CE:A6:8E:02:21:00:D1:95:F1:72:DC:47:5E:2C:
                                D1:1E:0B:00:F5:66:67:0B:86:AF:98:89:4B:8C:55:E9:
                                FB:02:9E:24:CD:83:50:2A
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Mar 13 09:13:08.041 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:70:5B:CC:BB:BB:FF:51:0E:F1:CB:1A:D0:
                                12:95:C9:27:DD:64:0C:AA:1C:CB:BE:10:9C:7D:CA:D6:
                                74:A3:B9:53:02:20:22:43:16:12:CD:56:C0:43:3B:21:
                                F9:2F:C2:EC:80:81:A2:5A:8F:E6:17:C9:E2:01:07:66:
                                E3:91:5A:E7:A0:6D
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        8c:af:02:ba:b0:e7:fb:8b:10:82:dc:99:8d:20:27:35:f9:dd:
        b5:e9:ea:ff:ce:50:9f:f0:67:cd:b8:80:57:94:95:df:3d:c1:
        d8:b7:66:cb:f6:61:eb:0f:0a:af:dd:e7:23:f1:3e:6a:c4:ae:
        99:e3:ed:4d:49:ba:37:5f:c9:97:f0:be:9e:53:43:28:63:70:
        6b:84:85:4a:e9:5e:df:84:b2:d5:44:18:fe:e0:88:15:97:e7:
        f3:a7:6f:e6:53:26:cf:d1:2a:4d:60:c5:dc:2f:fd:b4:e8:d8:
        88:7d:d7:48:4a:60:fb:e2:1c:2a:12:c4:56:a0:08:97:5f:61:
        df:83:d6:98:6e:3a:2e:2f:55:3f:cf:d2:71:dc:0b:a5:61:6b:
        fc:61:03:3e:5e:e0:3c:af:93:95:70:85:21:ae:62:c7:28:ee:
        00:a8:32:fc:12:62:ae:d6:b4:27:34:53:34:5f:73:e1:98:86:
        ce:0f:21:82:eb:f0:0c:ff:76:3a:50:41:4a:dc:12:8c:7d:93:
        cf:1e:ca:a6:39:af:45:da:f5:85:47:03:dd:4a:9f:4e:37:8e:
        c2:f0:24:4f:c1:52:71:38:ca:06:6f:9c:ce:fb:20:ba:0b:39:
        c3:fb:1b:12:88:de:c1:90:09:4e:e7:93:ca:1a:1e:78:59:e0:
        fb:69:9c:3c

-1704664727 | 2024-05-08T18:18:47.461591

8081 / tcp

HTTP/1.1 403 Forbidden
Server: nginx
Date: Wed, 08 May 2024 18:18:47 GMT
Content-Type: text/html
Content-Length: 146
Connection: close

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>

347358245 | 2024-05-07T03:25:16.335675

50000 / tcp

HTTP/1.1 403 Forbidden
Server: nginx
Date: Tue, 07 May 2024 03:25:16 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>

65.108.123.36

Last Seen: 2024-05-10

GeneralInformation

Vulnerabilities

OpenPorts

1125477563 | 2024-05-03T13:30:17.427159
22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.6

747856725 | 2024-05-09T02:53:23.838127
80 / tcp

nginx

747856725 | 2024-05-10T18:29:13.082490
443 / tcp

nginx

-1704664727 | 2024-05-08T18:18:47.461591
8081 / tcp

nginx

347358245 | 2024-05-07T03:25:16.335675
50000 / tcp

nginx

Products

Pricing

Contact Us

65.108.123.36

Last Seen: 2024-05-10

GeneralInformation

Vulnerabilities

OpenPorts

1125477563 | 2024-05-03T13:30:17.427159 22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.6

747856725 | 2024-05-09T02:53:23.838127 80 / tcp

nginx

747856725 | 2024-05-10T18:29:13.082490 443 / tcp

nginx

-1704664727 | 2024-05-08T18:18:47.461591 8081 / tcp

nginx

347358245 | 2024-05-07T03:25:16.335675 50000 / tcp

nginx

Products

Pricing

Contact Us

1125477563 | 2024-05-03T13:30:17.427159
22 / tcp

747856725 | 2024-05-09T02:53:23.838127
80 / tcp

747856725 | 2024-05-10T18:29:13.082490
443 / tcp

-1704664727 | 2024-05-08T18:18:47.461591
8081 / tcp

347358245 | 2024-05-07T03:25:16.335675
50000 / tcp