GeneralInformation

Hostnames	bates.giftphilanthropy.com
Domains	giftphilanthropy.com
Country	United States
City	Los Angeles
Organization	Internap Holding LLC
ISP	DediPath
ASN	AS35913

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2019-12529	An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
CVE-2019-12525	An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
CVE-2016-10002	Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
CVE-2016-10003	Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
CVE-2018-1000024	The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
CVE-2018-19132	Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
CVE-2018-19131	Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
CVE-2018-1000027	The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

OpenPorts

25 80 443 3128

762052664 | 2022-05-05T17:00:06.409474

25 / tcp

220 photoportable.com ESMTP service ready
250-photoportable.com says hello
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250-8BITMIME
250-AUTH CRAM-MD5
250-AUTH=CRAM-MD5
250-XACK
250-SIZE 0
250-VERP
250 DSN

710775292 | 2022-05-24T22:43:38.507301

80 / tcp

HTTP/1.0 404 Not Found
Date: Tue, 24 May 2022 22:43:38 GMT
Server: Apache
Content-Length: 162
Connection: close
Content-Type: text/html; charset=UTF-8

1993683159 | 2022-05-24T22:25:15.866882

443 / tcp

HTTP/1.1 403 Forbidden
Date: Tue, 24 May 2022 22:25:15 GMT
Server: Apache
Content-Length: 202
Connection: close
Content-Type: text/html; charset=iso-8859-1

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14070 (0x36f6)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=92.118.52.122/emailAddress=root@92.118.52.122
        Validity
            Not Before: Mar 16 14:22:37 2022 GMT
            Not After : Mar 16 14:22:37 2023 GMT
        Subject: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=92.118.52.122/emailAddress=root@92.118.52.122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a2:e6:b0:2b:b4:76:8e:00:e8:c0:e5:d9:4c:29:
                    72:f0:de:6e:1e:13:9d:89:64:c1:9e:fb:c5:00:15:
                    11:cc:80:10:d1:43:32:97:81:cd:bd:c1:6e:9c:b3:
                    10:dc:21:a2:00:4a:94:96:0b:28:e3:0e:27:67:4c:
                    ab:36:f2:ca:49:a1:01:4b:98:4b:9e:15:7a:59:18:
                    fe:be:95:43:8b:1a:0c:2f:89:e5:a2:d3:4d:e8:ec:
                    c0:7f:94:98:26:6c:47:7b:ff:69:17:c8:e4:47:c5:
                    b7:95:1c:2f:40:7f:5a:a2:f5:5c:a2:97:13:69:45:
                    68:91:bb:43:15:62:be:d6:12:1d:df:42:db:31:6a:
                    c0:ee:8b:81:17:87:f9:44:13:b3:e4:73:ce:17:39:
                    cd:dd:e9:17:c7:bb:a1:c4:ce:98:28:3d:98:0d:50:
                    92:3b:70:ee:be:69:bb:62:08:0a:6f:d4:9c:55:19:
                    d6:9b:4c:0a:fa:d5:c9:5c:b8:76:3e:f0:b5:22:14:
                    d0:ba:30:db:9d:31:0f:4a:36:55:4f:b6:5c:92:08:
                    05:15:c3:79:39:aa:e8:48:e4:74:d9:44:1d:9e:f2:
                    19:d7:00:af:c8:2a:53:1c:ba:17:2c:f5:01:a8:27:
                    cf:62:9f:f3:39:a5:76:6f:01:82:b9:5c:0c:60:6b:
                    4d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        64:b6:c8:7b:ff:10:c6:4a:bf:e5:27:19:ff:88:c7:f3:05:3c:
        ae:bf:bc:dc:96:cc:ec:f0:d3:5d:de:90:cb:20:5b:de:d3:6e:
        b3:37:8b:f4:aa:b6:1c:05:40:a2:dc:1b:dd:a5:2b:8f:04:ee:
        16:bb:20:9f:a3:c8:ce:85:c2:66:32:0a:c5:ea:ae:93:36:fb:
        1b:ab:c5:d2:12:24:35:71:34:ad:7e:04:5e:f7:21:c7:83:db:
        f9:49:e2:8b:15:14:66:39:4e:fb:00:0b:5f:58:05:81:10:47:
        fe:09:98:9d:6c:ca:c5:1f:a5:c9:39:2e:1c:e8:8b:43:82:8e:
        2a:37:dd:85:51:80:95:be:b8:3a:01:91:86:f8:6c:2a:2b:9d:
        9a:40:3d:14:86:3c:a5:03:99:36:41:bb:5d:36:56:bb:ec:91:
        80:ca:b5:e5:e5:32:0f:1b:c4:73:bc:2a:26:f0:37:8e:17:75:
        dd:c2:a6:22:b5:4d:80:32:78:f6:19:31:61:2e:a4:5e:37:92:
        26:50:99:b3:88:37:1f:af:8f:12:d6:fd:02:b4:fe:61:cd:1a:
        d0:2e:77:32:93:a5:7e:82:1f:5a:69:f5:ef:c9:ce:ce:a8:08:
        7f:4f:fa:81:d4:9c:25:f1:4e:fd:67:db:6f:48:95:1c:79:9a:
        ee:f9:11:59

-2094593584 | 2022-05-01T23:32:46.957504

3128 / tcp

HTTP/1.1 400 Bad Request
Server: squid/3.5.20
Mime-Version: 1.0
Date: Sun, 01 May 2022 23:32:46 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3512
X-Squid-Error: ERR_INVALID_URL 0
Vary: Accept-Language
Content-Language: en
Connection: close

66.151.199.40

Last Seen: 2022-05-24

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

762052664 | 2022-05-05T17:00:06.409474
25 / tcp

710775292 | 2022-05-24T22:43:38.507301
80 / tcp

Apache httpd

1993683159 | 2022-05-24T22:25:15.866882
443 / tcp

Apache httpd

-2094593584 | 2022-05-01T23:32:46.957504
3128 / tcp

Squid http proxy3.5.20

Products

Pricing

Contact Us

66.151.199.40

Last Seen: 2022-05-24

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

762052664 | 2022-05-05T17:00:06.409474 25 / tcp

710775292 | 2022-05-24T22:43:38.507301 80 / tcp

Apache httpd

1993683159 | 2022-05-24T22:25:15.866882 443 / tcp

Apache httpd

-2094593584 | 2022-05-01T23:32:46.957504 3128 / tcp

Squid http proxy3.5.20

Products

Pricing

Contact Us

762052664 | 2022-05-05T17:00:06.409474
25 / tcp

710775292 | 2022-05-24T22:43:38.507301
80 / tcp

1993683159 | 2022-05-24T22:25:15.866882
443 / tcp

-2094593584 | 2022-05-01T23:32:46.957504
3128 / tcp