GeneralInformation

Hostnames	api.retargeting.app static.18.70.21.65.clients.your-server.de
Domains	retargeting.app your-server.de
Country	Finland
City	Helsinki
Organization	Hetzner Online GmbH
ISP	Hetzner Online GmbH
ASN	AS24940
Operating System	Ubuntu

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-46118	4.9RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2022-31008	7.5RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-32719	4.8RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

80 443 3306 3333 5000 5672

677579724 | 2024-04-09T03:15:48.900321

80 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 09 Apr 2024 03:15:48 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive
Vary: Accept-Encoding

-1949150698 | 2024-04-16T07:27:23.039302

443 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Tue, 16 Apr 2024 07:27:22 GMT

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c1:c4:d5:23:d4:ed:90:d9:e3:87:52:e5:da:fd:0b:eb:40
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Feb 26 06:45:07 2024 GMT
            Not After : May 26 06:45:06 2024 GMT
        Subject: CN=api.retargeting.app
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ec:7a:37:22:be:66:35:57:7c:40:35:0f:c6:db:
                    3c:60:8e:2a:47:8e:d1:a0:22:a9:e0:7b:b5:1f:ca:
                    26:32:7b:ce:63:1b:21:c3:3f:8e:1e:43:f7:29:3b:
                    80:4a:01:c3:2a:05:d9:32:3b:e3:9f:00:28:71:e1:
                    66:03:cc:bd:d7:8b:73:c0:41:f8:1f:d2:f0:78:b8:
                    a6:cb:d2:9e:3e:d2:85:f5:b1:e4:69:ca:dd:8c:39:
                    75:d3:22:58:3f:82:52:91:74:16:e8:2d:1a:e6:89:
                    e5:f8:f4:dd:3e:e6:fd:5e:12:09:07:ab:74:ac:a1:
                    5d:51:91:a3:f2:0c:e9:be:8a:b9:3d:b9:93:e7:0b:
                    bd:a7:f2:d2:80:7f:22:fe:89:ed:ce:a2:0e:34:4c:
                    57:47:4c:f7:24:d1:60:42:bf:5d:66:23:2d:33:64:
                    f0:69:d5:ad:a5:bc:7b:fe:1c:18:df:d8:bb:49:b3:
                    de:31:27:1f:b8:3d:af:8f:11:d3:01:70:ff:c4:f2:
                    f0:0c:e1:7d:5b:26:a4:81:d7:ca:7f:f7:e9:c5:04:
                    1d:f7:5b:2d:fa:83:04:16:cc:63:7d:77:a6:22:30:
                    1e:85:5b:2a:b2:8d:74:70:c4:a6:5e:05:5a:4e:52:
                    7f:3c:59:f3:7e:c2:cc:4e:d3:6f:3e:8e:a5:43:11:
                    b1:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                0C:8A:B7:EA:11:62:82:93:62:53:FD:2D:34:4D:DB:D0:28:6D:44:40
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:api.retargeting.app
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Feb 26 07:45:07.433 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:A0:5A:4D:EC:76:84:44:15:5E:DB:0C:
                                0E:AC:CB:A5:57:9A:43:E8:15:70:DE:A3:4D:64:2E:85:
                                1F:0A:C3:75:C4:02:21:00:82:3F:78:AF:4D:DA:08:99:
                                65:DA:08:2A:D2:49:C8:E7:66:67:85:15:19:2D:EB:45:
                                C5:57:2E:FD:57:0C:EB:B0
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Feb 26 07:45:07.429 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:5F:33:A8:66:BE:E3:1F:AD:0B:33:BD:73:
                                FC:6D:3D:9F:E2:DE:D0:3D:40:97:D0:1B:5E:A0:5D:5A:
                                48:72:49:02:02:21:00:9C:65:AE:D4:D9:49:1B:B7:BA:
                                C3:FD:98:88:70:A4:AA:2A:CB:A3:91:60:02:B1:EB:5E:
                                99:95:0E:8C:DA:DA:D7
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        aa:66:12:ae:09:6d:f6:46:08:46:bd:90:e0:e3:b6:ec:6a:b5:
        8f:8f:51:a9:0d:d1:ab:2e:b3:95:86:65:cd:5e:22:05:4a:91:
        cb:12:61:7e:1f:15:9f:5a:70:82:de:c2:c8:d9:bc:a3:5b:02:
        56:7b:a0:3d:94:e5:57:5e:94:9a:d7:22:7a:07:9a:1c:83:7f:
        a6:63:ed:9c:3f:e2:bb:15:43:0f:1d:27:c5:21:f9:55:9f:e2:
        70:ae:3c:1e:03:5f:89:c4:9d:bb:7b:cd:1e:b4:ee:1c:b6:75:
        ca:70:79:af:75:1c:75:8b:99:1c:bc:01:ba:5f:f3:b6:3e:2f:
        c9:80:37:3f:68:f4:1b:64:26:95:cf:a5:b9:6a:0a:6a:77:dc:
        a0:55:ad:e2:53:d0:f0:66:e1:39:98:06:65:b3:5a:f8:69:fb:
        22:2f:34:f0:d1:1a:97:59:d7:82:b3:0c:f3:e6:b2:77:4f:ef:
        71:2a:fb:e3:d6:0c:6a:a3:ed:89:da:b8:68:66:41:3b:66:a7:
        7b:80:a3:22:61:ad:8e:e9:55:98:a5:cf:30:b1:d9:b7:65:af:
        81:06:83:16:78:0c:c4:dd:ed:96:8e:10:87:c3:36:69:0e:d2:
        64:b0:a5:fc:0b:1b:6f:e8:6c:e6:ca:af:2b:89:f3:e2:80:e0:
        e3:c1:89:f4

2010319658 | 2024-04-02T04:11:42.218670

3306 / tcp

MariaDB:
  Protocol Version: 10
  Version: 10.6.4-MariaDB-1:10.6.4+maria~focal
  Capabilities: 63486
  Server Language: 45
  Server Status: 2
  Extended Server Capabilities: 33279
  Authentication Plugin: mysql_native_password

-770651211 | 2024-04-17T14:42:34.884724

3333 / tcp

HTTP/1.1 401 Unauthorized
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 17 Apr 2024 14:42:34 GMT
Content-Type: text/html
Content-Length: 590
Connection: keep-alive
WWW-Authenticate: Basic realm="Node"

1416263274 | 2024-04-12T08:16:03.575798

5000 / tcp

HTTP/1.1 404 NOT FOUND
Content-Length: 232
Content-Type: text/html; charset=utf-8
Date: Fri, 12 Apr 2024 08:16:03 GMT
Server: waitress

-1054778924 | 2024-04-10T18:59:21.287523

5672 / tcp

AMQP:
  Protocol Version: 0-9
  Product: RabbitMQ
  Product Version: 3.8.17
  Platform: Erlang/OTP 24.0.2
  Capabilities:
    Exchange Exchange Bindings: True
    Connection.blocked: True
    Authentication Failure Close: True
    Direct Reply To: True
    Basic.nack: True
    Per Consumer Qos: True
    Consumer Priorities: True
    Consumer Cancel Notify: True
    Publisher Confirms: True

65.21.70.18

Last Seen: 2024-04-17

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

677579724 | 2024-04-09T03:15:48.900321
80 / tcp

nginx1.18.0

-1949150698 | 2024-04-16T07:27:23.039302
443 / tcp

nginx1.18.0

2010319658 | 2024-04-02T04:11:42.218670
3306 / tcp

MariaDB10.6.4-MariaDB-1:10.6.4+maria~focal

-770651211 | 2024-04-17T14:42:34.884724
3333 / tcp

nginx1.18.0

1416263274 | 2024-04-12T08:16:03.575798
5000 / tcp

-1054778924 | 2024-04-10T18:59:21.287523
5672 / tcp

RabbitMQ3.8.17

Products

Pricing

Contact Us

65.21.70.18

Last Seen: 2024-04-17

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

677579724 | 2024-04-09T03:15:48.900321 80 / tcp

nginx1.18.0

-1949150698 | 2024-04-16T07:27:23.039302 443 / tcp

nginx1.18.0

2010319658 | 2024-04-02T04:11:42.218670 3306 / tcp

MariaDB10.6.4-MariaDB-1:10.6.4+maria~focal

-770651211 | 2024-04-17T14:42:34.884724 3333 / tcp

nginx1.18.0

1416263274 | 2024-04-12T08:16:03.575798 5000 / tcp

-1054778924 | 2024-04-10T18:59:21.287523 5672 / tcp

RabbitMQ3.8.17

Products

Pricing

Contact Us

677579724 | 2024-04-09T03:15:48.900321
80 / tcp

-1949150698 | 2024-04-16T07:27:23.039302
443 / tcp

2010319658 | 2024-04-02T04:11:42.218670
3306 / tcp

-770651211 | 2024-04-17T14:42:34.884724
3333 / tcp

1416263274 | 2024-04-12T08:16:03.575798
5000 / tcp

-1054778924 | 2024-04-10T18:59:21.287523
5672 / tcp