GeneralInformation

Hostnames	nindeco.com mail.nindeco.com
Domains	nindeco.com
Country	Finland
City	Helsinki
Organization	Hetzner Online GmbH
ISP	Hetzner Online GmbH
ASN	AS24940

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-5824	Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
CVE-2023-50269	Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
CVE-2023-49288	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.
CVE-2023-49286	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-49285	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-46847	Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
CVE-2023-46846	SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
CVE-2023-46728	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
CVE-2023-46724	Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
CVE-2023-45802	When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-31122	Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
CVE-2023-27522	HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
CVE-2023-25690	Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
CVE-2022-41318	A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
CVE-2022-37454	The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
CVE-2022-37436	Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
CVE-2022-36760	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
CVE-2022-31813	7.5Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
CVE-2022-31630	In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-31629	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31628	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-31626	6.0In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
CVE-2022-31625	6.8In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
CVE-2022-30556	5.0Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
CVE-2022-29404	5.0In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
CVE-2022-28615	6.4Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.
CVE-2022-28614	5.0The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
CVE-2022-28330	5.0Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
CVE-2022-26377	5.0Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
CVE-2022-23943	7.5Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
CVE-2022-22721	5.8If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
CVE-2022-22720	7.5Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
CVE-2022-22719	5.0A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
CVE-2021-46784	In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
CVE-2021-44790	7.5A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
CVE-2021-44224	6.4A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
CVE-2021-40438	6.8A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-39275	7.5ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-36160	5.0A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
CVE-2021-34798	5.0Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-33620	4.0Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
CVE-2021-33193	5.0A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
CVE-2021-32792	4.3mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
CVE-2021-32791	4.3mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.
CVE-2021-32786	5.8mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression.
CVE-2021-32785	4.3mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.
CVE-2021-31808	4.0An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
CVE-2021-31807	4.0An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
CVE-2021-31806	4.0An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
CVE-2021-28652	4.0An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.
CVE-2021-28651	5.0An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
CVE-2021-28116	4.3Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
CVE-2021-26691	7.5In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
CVE-2021-26690	5.0Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2021-21708	6.8In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
CVE-2021-21707	5.0In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
CVE-2021-21706	4.3In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
CVE-2021-21705	5.0In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
CVE-2021-21704	4.3In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
CVE-2021-21703	6.9In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
CVE-2020-9490	5.0Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
CVE-2020-8517	5.0An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
CVE-2020-8450	7.5An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
CVE-2020-8449	5.0An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
CVE-2020-7070	5.0In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
CVE-2020-7069	6.4In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2020-7068	3.3In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
CVE-2020-7067	5.0In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
CVE-2020-7066	4.3In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
CVE-2020-7064	5.8In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
CVE-2020-7063	5.0In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
CVE-2020-7062	4.3In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
CVE-2020-7061	6.4In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
CVE-2020-7060	6.4When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2020-7059	6.4When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2020-35452	6.8Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
CVE-2020-25097	5.0An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
CVE-2020-24606	7.1Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
CVE-2020-1934	5.0In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2020-1927	5.8In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-15811	4.0An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
CVE-2020-15810	3.5An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
CVE-2020-15049	6.5An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
CVE-2020-14058	5.0An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
CVE-2020-13938	2.1Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
CVE-2020-11993	4.3Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.
CVE-2020-11984	7.5Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11945	7.5An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
CVE-2020-11579	5.0An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
CVE-2019-9641	7.5An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9640	5.0An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVE-2019-9639	5.0An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638	5.0An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-9637	5.0An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
CVE-2019-9517	7.8Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
CVE-2019-9516	6.8Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
CVE-2019-9513	7.8Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9511	7.8Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-9024	5.0An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
CVE-2019-9023	7.5An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.
CVE-2019-9022	5.0An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
CVE-2019-9021	7.5An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
CVE-2019-9020	7.5An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
CVE-2019-6977	6.8gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
CVE-2019-20372	4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
CVE-2019-18860	4.3Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
CVE-2019-18679	5.0An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
CVE-2019-18678	5.0An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.
CVE-2019-18677	5.8An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
CVE-2019-18676	5.0An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.
CVE-2019-17567	5.0Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
CVE-2019-13345	4.3The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
CVE-2019-13224	7.5A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
CVE-2019-12529	4.3An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
CVE-2019-12528	5.0An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
CVE-2019-12526	7.5An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
CVE-2019-12525	7.5An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
CVE-2019-12524	7.5An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.
CVE-2019-12523	6.4An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.
CVE-2019-12522	4.4An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.
CVE-2019-12521	4.3An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
CVE-2019-12520	5.0An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.
CVE-2019-12519	7.5An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
CVE-2019-11050	6.4When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-11048	5.0In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
CVE-2019-11047	6.4When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-11046	5.0In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
CVE-2019-11045	4.3In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
CVE-2019-11044	5.0In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
CVE-2019-11043	7.5In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVE-2019-11042	5.8When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-11041	5.8When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-11040	6.4When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-11039	6.4Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
CVE-2019-11038	5.0When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
CVE-2019-11036	6.4When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-10098	5.8In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
CVE-2019-10097	6.0In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.
CVE-2019-10092	4.3In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
CVE-2019-10082	6.4In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
CVE-2019-10081	5.0HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
CVE-2019-0220	5.0A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
CVE-2019-0217	6.0In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
CVE-2019-0215	6.0In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
CVE-2019-0211	7.2In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
CVE-2019-0197	4.9A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
CVE-2019-0196	5.0A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
CVE-2018-20783	5.0In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.
CVE-2018-19935	5.0ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
CVE-2018-19518	8.5University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
CVE-2018-19132	4.3Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
CVE-2018-19131	4.3Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
CVE-2018-17082	4.3The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
CVE-2018-16845	5.8nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
CVE-2018-16844	7.8nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
CVE-2018-16843	7.8nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
CVE-2018-1172	4.3This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.
CVE-2018-1000027	5.0The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
CVE-2018-1000024	5.0The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
CVE-2017-9120	7.5PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
CVE-2017-9118	5.0PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
CVE-2017-8923	7.5The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
CVE-2013-4365	7.5Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2013-2765	5.0The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
CVE-2013-2220	7.5Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
CVE-2013-0942	4.3Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0941	2.1EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
CVE-2012-4360	4.3Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4001	5.0The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
CVE-2012-3526	5.0The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
CVE-2011-2688	7.5SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
CVE-2011-1176	4.3The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
CVE-2009-2299	5.0The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
CVE-2009-0796	2.6Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2007-4723	7.5Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
CVE-2007-3205	5.0The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
CVE-2006-20001	A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

OpenPorts

22 25 53 80 137 143 443 445 465 587 993 1723 3128 6001 8083 8181 9000

-1727789857 | 2024-04-26T09:36:22.801698

22 / tcp

SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDxSocXmB6UWNjb2jkDGIuOt9sxIYP0NGaqFZZV0lH3FpTz
7SjEY9dqbVqsXUou3mFFirlaWMTNFaIHBOgfPh3PohNJJl72QdVQrfpiO3wHNDLntp9KCzZt1YWU
ZonpAyFCvkhQBGrGbgQ90a+cML5iqOKQGBosshFg5RR0NmaI2DH9k0Bb4JSTxK48bpLOoqbzVSNE
biJaJXLO95In2pdoMKZdz3FgXd7D1+SjnH+ovqLYZDbrMS2cKCq5Wsdra2msmJrI4QTg31oT6pnp
9nVSPEL7vZPBCJBC6b3F66F90+KdhYCEcPZqrpwTdqIYDyHuwDFb4mcklZ/XJ97ZndG/
Fingerprint: c7:b5:48:1c:f9:fe:3a:6c:10:c8:e9:46:9d:c6:8f:33

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	diffie-hellman-group14-sha1

Server Host Key Algorithms:
	ssh-rsa
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

1851263793 | 2024-05-05T23:25:39.746587

25 / tcp

220-mail.nindeco.com ESMTP
250-mail.nindeco.com
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:33:9d:12:c5:d5:0f:73:b8:5a:fe:07:ec:b3:43:6b:36:85
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: May  5 10:25:24 2024 GMT
            Not After : Aug  3 10:25:23 2024 GMT
        Subject: CN=mail.nindeco.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:e4:b0:32:4b:4c:be:c8:b2:8a:84:57:c3:73:5e:
                    4e:33:ea:5b:4e:08:1e:33:08:0d:27:cc:e2:c0:e3:
                    4b:db:16:04:ee:41:94:db:1a:20:6e:c8:5a:ed:cc:
                    b9:19:1f:c7:01:61:99:d8:c2:22:c7:f1:8f:b8:18:
                    0a:bb:f2:32:89:b7:66:3c:31:4a:ce:97:25:4c:fc:
                    14:ad:4b:5b:c2:7e:5a:2a:b2:79:22:06:71:b3:77:
                    4a:c5:07:fc:46:11:fe:33:0d:b8:dd:15:a0:f4:49:
                    db:b2:47:02:05:a8:c6:cc:f8:de:88:62:a4:c1:8b:
                    c1:cb:1b:94:57:0b:6b:0a:ec:92:b1:bb:df:21:6f:
                    59:43:aa:6d:3e:8b:d0:84:92:7e:05:6c:55:8d:e9:
                    05:6b:03:07:cd:3f:56:39:3c:ee:20:91:2c:cc:2a:
                    62:08:4a:19:8c:08:35:0b:33:2f:6d:62:e6:16:08:
                    f5:ef:be:f7:43:7e:cc:30:9c:29:5f:24:da:fb:16:
                    77:18:ac:ad:8f:60:68:d1:4a:a7:00:f7:d2:cf:70:
                    e3:01:ec:f3:c2:a8:a0:47:b1:c7:ae:c8:11:e6:ed:
                    e6:68:3a:60:1b:00:1d:2c:a9:89:39:81:5c:3a:3e:
                    48:55:a9:f4:1a:78:93:9f:be:74:50:6c:70:4d:f2:
                    d1:7f:b8:8e:44:78:a8:57:ab:3b:b4:e0:70:cf:9b:
                    30:a6:92:3a:88:d5:09:52:a9:16:1e:c1:e4:e7:9c:
                    43:7f:06:ca:81:af:4d:29:3b:14:b2:5b:00:2b:96:
                    54:da:f8:68:a0:69:47:01:1a:eb:d5:1e:b1:9f:02:
                    06:f7:b9:8f:7a:f6:f7:42:68:82:12:ea:77:2e:dc:
                    08:36:2c:09:92:cf:24:0a:79:64:a3:35:22:22:ec:
                    49:04:77:11:5a:c0:e1:e6:cb:b6:4d:0d:21:b8:05:
                    a6:2d:a1:b1:ee:73:85:04:e3:34:83:bb:96:f1:68:
                    bc:d1:9b:17:60:f0:cd:6f:bb:c3:fa:e3:34:72:ce:
                    15:3f:1f:58:15:a2:be:12:b8:2a:bf:df:5e:76:a4:
                    74:cb:05:a4:8c:5d:8a:31:f1:bb:02:5a:f3:27:2c:
                    40:10:18:9a:8e:5e:52:92:7f:4d:c2:99:73:a9:a7:
                    9c:df:eb:a7:4a:a5:66:8f:67:43:44:24:bc:9e:66:
                    85:95:69:dc:72:8e:59:2c:0b:d8:80:dc:91:a9:20:
                    ad:2d:0f:6c:22:95:88:2c:a1:fa:e8:e1:95:bb:8d:
                    93:95:50:93:93:21:33:32:21:54:f3:f7:30:bd:f5:
                    3e:67:e8:e9:32:99:79:12:62:45:09:af:3a:ad:79:
                    f9:9e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                50:87:0B:2B:CB:06:6F:51:68:00:03:5D:6F:DE:17:1D:6C:30:00:18
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:mail.nindeco.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
                                ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
                    Timestamp : May  5 11:25:25.173 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:78:29:A3:0A:56:B7:82:B0:62:A0:A6:71:
                                60:CE:1F:14:B7:90:49:30:A8:4A:CE:F4:0C:71:28:36:
                                9E:E5:58:38:02:21:00:C8:5B:3C:89:A9:77:31:1B:48:
                                E7:F2:9F:A1:33:45:33:B0:15:30:91:64:EB:A3:5C:D4:
                                FA:05:EB:D1:AC:F5:0B
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DF:E1:56:EB:AA:05:AF:B5:9C:0F:86:71:8D:A8:C0:32:
                                4E:AE:56:D9:6E:A7:F5:A5:6A:01:D1:C1:3B:BE:52:5C
                    Timestamp : May  5 11:25:25.363 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:CB:EE:92:0D:09:6A:34:5F:C3:DB:CB:
                                0C:CD:26:5B:58:AB:58:E2:BA:56:40:C2:DA:DC:AA:08:
                                5D:D8:EE:0E:73:02:20:32:CB:C9:9E:BE:B6:99:3E:26:
                                3B:72:8A:3D:A9:76:E0:26:5A:AD:0F:51:21:6F:60:E9:
                                FE:B8:A2:D2:1E:1D:7E
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        7c:33:95:da:8a:4a:1c:8a:c3:f1:04:d4:55:75:b1:34:7d:8d:
        6b:d7:7b:5a:cf:1b:0b:b9:fe:79:53:98:50:29:6b:c3:49:dc:
        9d:a6:af:95:16:b2:da:d1:2b:35:ce:d7:22:13:27:be:7b:35:
        4f:bf:2b:c0:e9:df:0d:55:2d:57:08:67:b0:69:28:61:da:44:
        5d:4b:d9:ab:39:21:0d:b1:b8:f9:17:a9:6b:ff:66:9d:d8:59:
        36:35:1a:6c:f3:b3:b1:94:0f:e7:1b:b6:9a:0a:01:32:83:6d:
        73:eb:c4:92:b1:a5:93:45:be:6c:57:94:33:5d:9e:03:88:a8:
        66:ba:30:27:66:c5:d0:42:48:ae:7b:48:58:7c:c4:60:7d:63:
        c8:87:84:70:25:ca:ae:09:eb:8b:be:9e:e4:61:3c:29:ea:47:
        4d:7e:3c:2a:41:b7:ab:ce:48:43:93:6a:2f:3a:ea:65:b4:c4:
        3a:58:4b:51:ce:9f:e7:29:73:e6:78:da:b5:77:9f:cc:98:d7:
        fe:3b:4a:39:71:4e:e7:d7:a1:9b:ba:f0:1d:1e:68:fd:e9:9a:
        ee:22:9a:db:f6:90:8f:bd:70:1a:7e:78:cb:a6:65:57:e3:a0:
        a5:3f:03:f4:c8:76:df:6d:f6:8f:e1:e4:f4:bf:22:bc:92:a5:
        ec:53:b6:71

-531274556 | 2024-05-03T08:13:15.169001

53 / tcp

9.11.3-1ubuntu1.1-Ubuntu
Resolver name: 40292f4af5a2

-531274556 | 2024-05-05T00:47:53.430267

53 / udp

9.11.3-1ubuntu1.1-Ubuntu
Resolver name: 40292f4af5a2

-1886819355 | 2024-05-01T05:20:47.646633

80 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx/1.13.12
Date: Wed, 01 May 2024 05:20:46 GMT
Content-Type: text/html
Content-Length: 186
Connection: keep-alive
Location: https://95.216.173.216/

1006759738 | 2024-05-03T19:41:35.160143

137 / udp

NetBIOS Response:
  Server Name: UBUNTU
  MAC Address: 00:00:00:00:00:00
  Names:
    UBUNTU <0x0>
    UBUNTU <0x3>
    UBUNTU <0x20>
    \x01\x02__MSBROWSE__\x02 <0x1>
    WORKGROUP <0x0>
    WORKGROUP <0x1d>
    WORKGROUP <0x1e>

1133575510 | 2024-05-01T23:07:58.924785

143 / tcp

* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.
* CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN
A001 OK Pre-login capabilities listed, post-login capabilities have more.
* ID ("name" "Dovecot")
A002 OK ID completed.
A003 BAD Error in IMAP command received by server.
* BYE Logging out
A004 OK Logout completed.

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:b3:0d:fb:89:ec:70:9b:09:43:d8:e2:71:64:fb:8e:b6:2a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar  7 09:41:40 2024 GMT
            Not After : Jun  5 09:41:39 2024 GMT
        Subject: CN=mail.nindeco.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:9c:a9:e8:31:0a:03:83:d5:db:0c:b7:c7:95:8d:
                    a3:b0:1a:ed:87:04:f1:10:f2:01:f1:0c:c1:e8:04:
                    2e:eb:e5:1b:5c:b5:1d:fe:3a:4a:50:0d:b8:a4:82:
                    5e:aa:9e:e8:a4:27:2d:27:4c:6a:b2:25:a7:7a:87:
                    4c:7f:95:48:15:e5:dd:31:24:a1:4e:ef:2c:9b:c9:
                    0f:e7:89:02:c7:bd:c4:1a:a3:7b:f8:e4:41:7b:5d:
                    84:8c:ef:ef:5e:ac:b6:d5:7a:a6:61:a6:01:24:c0:
                    2d:23:bc:b3:19:f2:18:01:38:b1:6d:3a:2f:b9:b8:
                    8e:38:7f:f9:aa:12:78:e3:30:1e:8e:cd:ae:9b:68:
                    59:01:4b:d3:5e:3c:78:c5:0e:4e:2d:5e:f1:44:9f:
                    c1:d0:15:90:11:28:14:92:81:de:b7:01:92:69:a9:
                    27:f2:15:a5:ca:88:a7:94:8f:91:7d:e4:be:e6:a4:
                    3a:cb:42:eb:bd:66:4e:3a:ff:e1:90:7f:65:93:92:
                    9a:78:ac:ab:0f:5b:23:dc:31:0e:e8:4f:0c:12:60:
                    e4:b1:dc:c5:25:ab:4b:56:40:fd:cf:9e:ec:60:7a:
                    20:dc:eb:ea:32:40:59:d5:13:70:9e:5c:df:4b:43:
                    60:15:68:d5:69:af:52:e0:11:ac:91:e1:ff:09:c9:
                    3e:99:ee:e0:bc:09:d6:5c:c4:0b:dd:df:2f:20:9a:
                    91:e1:55:d7:f2:53:3c:c0:58:89:a5:33:e7:28:06:
                    48:fa:cd:69:4e:b9:bd:d0:7d:e4:8f:9b:a5:0b:fc:
                    12:68:c5:79:25:50:be:37:c0:11:87:31:f8:ea:d4:
                    d5:ad:86:9c:1f:29:5f:1a:b4:08:f3:df:f8:c9:ed:
                    16:b0:b5:67:7f:c4:3b:49:15:79:60:0d:5f:fb:be:
                    1c:43:db:7f:4e:0b:d9:f7:98:a3:ce:5c:a7:99:e5:
                    33:06:b6:b8:34:f3:e3:12:07:cb:e6:5e:28:82:de:
                    01:4f:b0:b6:8a:c9:f9:a6:32:50:d5:5b:2a:d3:54:
                    9c:2b:80:fa:15:9a:50:23:d7:5b:e2:77:62:cd:a4:
                    15:33:a6:c2:9b:c0:86:4c:07:2c:05:6b:0d:d3:9e:
                    76:ed:a0:36:61:95:cd:fd:97:26:77:a1:10:84:5d:
                    1a:84:47:ea:3d:11:df:63:1e:2b:96:27:34:3a:99:
                    e6:dd:fd:1f:52:cb:23:20:ed:dd:bc:b2:82:a5:ef:
                    86:b1:fa:b1:5d:ca:33:2e:92:06:a1:c5:aa:1a:81:
                    b3:1b:2a:62:14:50:9b:ed:ba:17:70:60:46:39:96:
                    43:5c:f2:92:f2:ee:6e:87:59:af:7e:c5:b1:8e:04:
                    f7:11:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                9D:27:F1:3E:D7:77:48:51:F5:2D:53:AC:D3:B8:0E:CF:23:C4:A7:41
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:mail.nindeco.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Mar  7 10:41:40.845 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:D1:86:57:37:97:02:2B:A1:00:ED:38:
                                4D:AE:01:DB:D5:DD:B4:30:F3:41:61:81:B2:26:86:01:
                                90:28:89:A3:39:02:20:1A:C8:C4:44:A6:A3:36:2C:54:
                                63:C4:41:84:D5:1A:D8:8E:55:83:BC:6F:97:07:A6:9E:
                                91:79:A5:7D:C6:88:CE
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Mar  7 10:41:41.018 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:20:A2:1D:9F:32:2D:E8:0A:22:5D:B0:0C:
                                DC:DD:64:D2:A3:9F:AF:28:AB:89:AE:1B:7B:C0:74:E2:
                                B3:E7:4E:6D:02:21:00:EF:08:43:78:88:98:60:77:F9:
                                21:14:40:A5:6D:EA:5D:61:E5:E5:B9:9D:F6:18:4A:AA:
                                6B:84:D9:41:56:38:96
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        36:70:50:7f:a3:bf:64:8e:46:1a:50:12:13:bd:a1:d3:d8:0b:
        8f:30:1c:03:83:7e:3e:2f:2a:06:a8:da:48:a8:6a:b0:09:84:
        3b:7b:05:58:4e:fd:aa:fb:6e:52:fd:de:84:2d:ed:cc:cb:63:
        10:ea:6d:37:e8:dd:bd:17:fa:91:f6:3b:21:8c:f0:3d:dc:76:
        f2:a9:36:0b:3e:e2:f0:a9:e1:45:cf:58:33:a6:09:27:bb:3b:
        a6:90:0a:bd:1b:9a:62:85:af:96:89:77:6d:6d:d1:da:c7:99:
        2a:7d:87:5c:21:49:fa:99:87:bc:8d:90:07:ec:a9:49:2d:cd:
        7b:6b:7a:da:55:59:2b:54:ff:b1:f4:39:67:6d:0f:8d:ec:6c:
        a5:b8:e5:63:4a:a3:88:69:5a:8d:ee:16:4d:48:b4:e9:9b:fc:
        69:0d:26:a3:bd:ab:80:77:f8:fc:84:92:bb:d4:32:5b:d8:7d:
        41:7d:d2:70:d9:dc:fa:1c:6d:4b:92:6a:f6:3d:79:e2:4f:1b:
        93:d4:96:c5:3f:3e:3b:b5:b4:e7:13:b4:fd:af:f3:c2:c1:e5:
        2f:29:5b:6d:f8:b9:4d:dd:ab:e2:f2:38:a9:da:e9:ef:e3:1e:
        bb:5f:f1:44:a7:37:6e:61:b5:36:29:c1:66:e6:3f:3a:81:15:
        d0:06:83:02

-109612203 | 2024-05-01T08:05:15.528751

443 / tcp

HTTP/1.1 302 Found
Server: nginx/1.13.12
Date: Wed, 01 May 2024 08:05:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.8
Set-Cookie: advanced-backend=5f104162566aba7b57cb980f44c934f9; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://95.216.173.216/site/login
Strict-Transport-Security: max-age=31536000

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:d3:0c:d2:5d:8e:96:ee:f0:57:ab:6c:99:00:22:de:35:85
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar  7 09:42:40 2024 GMT
            Not After : Jun  5 09:42:39 2024 GMT
        Subject: CN=nindeco.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:95:81:5a:67:9e:e0:9a:f4:a7:20:67:47:2e:bb:
                    d5:23:e2:64:49:3c:25:2d:05:de:b4:27:c4:f7:3a:
                    3a:d2:72:0e:26:aa:a1:c5:07:11:5b:ef:62:06:c9:
                    65:ca:84:01:31:f0:86:8c:14:69:1d:02:4a:4f:34:
                    7e:0a:0c:42:17:f9:c8:b0:74:b4:0c:5e:8c:bf:89:
                    05:fb:e9:77:99:65:c8:7b:ce:69:82:a2:ce:56:79:
                    a0:51:0d:ba:62:e8:44:8e:17:07:06:23:7d:20:71:
                    44:d2:2a:0f:48:7c:e5:ec:9d:8d:20:8d:f3:58:1a:
                    6e:25:a8:80:9f:7d:7f:02:a9:89:04:5a:68:df:26:
                    3a:57:58:e6:33:26:d4:e0:09:c5:b1:90:0a:88:04:
                    20:f2:46:ee:87:43:0e:3f:21:0e:67:a6:ee:82:fc:
                    0e:9c:11:08:82:fa:4c:e1:ef:50:b9:5b:35:d7:42:
                    9e:7d:b9:ae:a3:34:4e:4e:a8:3a:d9:4b:48:6b:07:
                    3f:20:af:fc:7c:b8:57:aa:9c:6b:54:79:98:ff:04:
                    5a:76:d2:12:18:83:5e:65:0e:a5:ee:10:a2:fd:62:
                    51:92:f9:40:bb:ce:0a:43:e3:6f:51:dd:c5:93:33:
                    c4:85:f4:8e:2e:50:a3:23:be:39:9a:b1:f1:5e:27:
                    9a:a0:f4:e2:3b:cc:55:4e:08:5b:ac:20:a2:ef:45:
                    95:41:7a:6f:86:54:f5:fb:ae:d8:c6:b9:9e:90:94:
                    ce:52:05:18:ef:87:ce:c6:de:3a:ce:41:3e:76:fc:
                    8f:61:f4:d8:fd:2f:49:ef:67:45:71:c2:40:83:bb:
                    63:bd:54:ef:40:b8:d0:61:37:3d:c6:96:1c:6d:65:
                    6f:a7:6b:96:fc:23:ec:ae:80:99:6f:f1:0c:e8:d3:
                    7b:b2:2e:6d:cb:db:49:bd:82:5d:7e:c1:97:56:60:
                    c4:01:1f:f4:19:86:53:09:f5:6f:ab:8c:b6:7f:3b:
                    16:ed:b3:34:c4:09:e8:bf:9d:fc:a6:cb:18:5a:b7:
                    ac:e9:88:83:ea:db:a6:40:54:9c:3d:71:78:79:4c:
                    af:2b:47:de:bd:08:b8:02:67:03:62:0c:a2:6c:2e:
                    4f:85:40:91:f8:85:2a:12:e7:e5:91:de:d6:f1:0a:
                    f4:3f:a1:8a:1f:f3:49:56:c5:09:5a:a0:3a:58:77:
                    2d:e6:5e:b2:64:07:07:69:73:25:4b:d9:6c:56:14:
                    db:c5:cd:2f:70:05:e0:53:0e:43:44:45:74:18:ca:
                    ef:32:c9:b0:ad:58:39:1e:b1:68:35:a2:4d:20:cd:
                    01:b9:28:d9:31:c3:f6:d9:e2:fe:e4:8e:59:ab:f6:
                    75:06:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                1B:82:6D:DF:57:3D:D3:0D:6A:86:D6:24:C4:53:94:AB:BC:76:6A:0C
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:nindeco.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Mar  7 10:42:41.023 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:C7:BB:14:35:2E:85:5B:65:A8:00:E5:
                                6D:C6:41:8E:D4:E5:2E:4D:C7:46:D4:AF:25:DC:55:FE:
                                1A:53:86:50:91:02:21:00:88:1B:AF:30:39:91:60:D5:
                                C9:7D:E0:13:FB:19:75:98:BA:69:EE:B7:05:0E:9B:39:
                                1A:25:B9:2D:38:48:06:A1
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
                                65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
                    Timestamp : Mar  7 10:42:41.077 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:52:AD:18:D9:9B:A1:7B:90:86:D8:66:F3:
                                3D:BA:7C:A6:3C:8D:19:A0:BE:34:C0:58:04:06:4D:D2:
                                3E:CD:2C:40:02:21:00:87:2D:29:B8:DD:9C:5F:5C:3E:
                                0D:E4:B0:45:CF:71:09:7E:8C:5D:CA:7A:57:49:2E:98:
                                CE:1C:6E:98:7B:17:47
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        48:45:5d:8c:ec:a3:4e:4e:bb:a3:b8:6f:c7:48:cb:eb:9d:cc:
        74:88:ea:7c:9c:30:dd:6c:55:dd:03:f5:cb:9e:51:6c:3e:bb:
        e3:34:e6:4b:51:ce:7e:a2:e4:b8:5c:5a:3e:81:06:7f:5b:b3:
        e0:12:08:0e:31:af:3d:ae:c9:f0:a7:90:7b:f6:8d:4b:44:f0:
        27:af:6d:78:22:c0:cc:4e:a2:d4:3f:00:15:fe:69:4a:c5:cf:
        ee:23:2f:d1:45:29:d4:67:34:12:af:c9:d9:d6:be:70:4f:1d:
        24:1d:12:01:34:9e:4c:22:68:87:30:91:01:30:77:40:9a:0d:
        90:b3:e5:7e:ba:02:46:51:ae:d0:29:16:47:e0:38:f0:b7:6f:
        f7:eb:a9:e2:11:08:eb:35:47:b0:27:fb:64:2d:f7:65:9d:a8:
        ab:9c:90:9d:28:99:98:ab:30:8e:12:dd:33:ed:fc:7a:7d:52:
        93:e8:61:06:c5:ba:4b:48:3d:f0:48:30:1c:a8:28:d0:0e:14:
        a5:dc:22:cb:1b:cc:c8:ae:b1:e1:38:38:66:33:35:de:c7:43:
        21:95:85:18:5f:38:f0:de:55:27:2f:fa:0b:d8:32:f2:90:1c:
        76:6d:4e:32:cb:b1:7f:8c:67:7b:cf:6a:71:3e:42:c4:ab:eb:
        6e:07:7c:a6

-252123548 | 2024-04-28T17:52:33.721819

445 / tcp

SMB Status:
  Authentication: disabled
  SMB Version: 1
  OS: Windows 6.1
  Software: Samba 4.7.6-Ubuntu
  Capabilities: dfs, extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, nt-find, nt-smb, nt-status, raw-mode, rpc-remote-api, unicode, unix

Shares
Name                 Type       Comments
------------------------------------------------------------------------
IPC$                 IPC        IPC Service (nindeco server (Samba, Ubuntu))

874689713 | 2024-04-11T23:31:55.135695

465 / tcp

220 mail.nindeco.com ESMTP
250-mail.nindeco.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:b3:0d:fb:89:ec:70:9b:09:43:d8:e2:71:64:fb:8e:b6:2a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar  7 09:41:40 2024 GMT
            Not After : Jun  5 09:41:39 2024 GMT
        Subject: CN=mail.nindeco.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:9c:a9:e8:31:0a:03:83:d5:db:0c:b7:c7:95:8d:
                    a3:b0:1a:ed:87:04:f1:10:f2:01:f1:0c:c1:e8:04:
                    2e:eb:e5:1b:5c:b5:1d:fe:3a:4a:50:0d:b8:a4:82:
                    5e:aa:9e:e8:a4:27:2d:27:4c:6a:b2:25:a7:7a:87:
                    4c:7f:95:48:15:e5:dd:31:24:a1:4e:ef:2c:9b:c9:
                    0f:e7:89:02:c7:bd:c4:1a:a3:7b:f8:e4:41:7b:5d:
                    84:8c:ef:ef:5e:ac:b6:d5:7a:a6:61:a6:01:24:c0:
                    2d:23:bc:b3:19:f2:18:01:38:b1:6d:3a:2f:b9:b8:
                    8e:38:7f:f9:aa:12:78:e3:30:1e:8e:cd:ae:9b:68:
                    59:01:4b:d3:5e:3c:78:c5:0e:4e:2d:5e:f1:44:9f:
                    c1:d0:15:90:11:28:14:92:81:de:b7:01:92:69:a9:
                    27:f2:15:a5:ca:88:a7:94:8f:91:7d:e4:be:e6:a4:
                    3a:cb:42:eb:bd:66:4e:3a:ff:e1:90:7f:65:93:92:
                    9a:78:ac:ab:0f:5b:23:dc:31:0e:e8:4f:0c:12:60:
                    e4:b1:dc:c5:25:ab:4b:56:40:fd:cf:9e:ec:60:7a:
                    20:dc:eb:ea:32:40:59:d5:13:70:9e:5c:df:4b:43:
                    60:15:68:d5:69:af:52:e0:11:ac:91:e1:ff:09:c9:
                    3e:99:ee:e0:bc:09:d6:5c:c4:0b:dd:df:2f:20:9a:
                    91:e1:55:d7:f2:53:3c:c0:58:89:a5:33:e7:28:06:
                    48:fa:cd:69:4e:b9:bd:d0:7d:e4:8f:9b:a5:0b:fc:
                    12:68:c5:79:25:50:be:37:c0:11:87:31:f8:ea:d4:
                    d5:ad:86:9c:1f:29:5f:1a:b4:08:f3:df:f8:c9:ed:
                    16:b0:b5:67:7f:c4:3b:49:15:79:60:0d:5f:fb:be:
                    1c:43:db:7f:4e:0b:d9:f7:98:a3:ce:5c:a7:99:e5:
                    33:06:b6:b8:34:f3:e3:12:07:cb:e6:5e:28:82:de:
                    01:4f:b0:b6:8a:c9:f9:a6:32:50:d5:5b:2a:d3:54:
                    9c:2b:80:fa:15:9a:50:23:d7:5b:e2:77:62:cd:a4:
                    15:33:a6:c2:9b:c0:86:4c:07:2c:05:6b:0d:d3:9e:
                    76:ed:a0:36:61:95:cd:fd:97:26:77:a1:10:84:5d:
                    1a:84:47:ea:3d:11:df:63:1e:2b:96:27:34:3a:99:
                    e6:dd:fd:1f:52:cb:23:20:ed:dd:bc:b2:82:a5:ef:
                    86:b1:fa:b1:5d:ca:33:2e:92:06:a1:c5:aa:1a:81:
                    b3:1b:2a:62:14:50:9b:ed:ba:17:70:60:46:39:96:
                    43:5c:f2:92:f2:ee:6e:87:59:af:7e:c5:b1:8e:04:
                    f7:11:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                9D:27:F1:3E:D7:77:48:51:F5:2D:53:AC:D3:B8:0E:CF:23:C4:A7:41
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:mail.nindeco.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Mar  7 10:41:40.845 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:D1:86:57:37:97:02:2B:A1:00:ED:38:
                                4D:AE:01:DB:D5:DD:B4:30:F3:41:61:81:B2:26:86:01:
                                90:28:89:A3:39:02:20:1A:C8:C4:44:A6:A3:36:2C:54:
                                63:C4:41:84:D5:1A:D8:8E:55:83:BC:6F:97:07:A6:9E:
                                91:79:A5:7D:C6:88:CE
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Mar  7 10:41:41.018 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:20:A2:1D:9F:32:2D:E8:0A:22:5D:B0:0C:
                                DC:DD:64:D2:A3:9F:AF:28:AB:89:AE:1B:7B:C0:74:E2:
                                B3:E7:4E:6D:02:21:00:EF:08:43:78:88:98:60:77:F9:
                                21:14:40:A5:6D:EA:5D:61:E5:E5:B9:9D:F6:18:4A:AA:
                                6B:84:D9:41:56:38:96
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        36:70:50:7f:a3:bf:64:8e:46:1a:50:12:13:bd:a1:d3:d8:0b:
        8f:30:1c:03:83:7e:3e:2f:2a:06:a8:da:48:a8:6a:b0:09:84:
        3b:7b:05:58:4e:fd:aa:fb:6e:52:fd:de:84:2d:ed:cc:cb:63:
        10:ea:6d:37:e8:dd:bd:17:fa:91:f6:3b:21:8c:f0:3d:dc:76:
        f2:a9:36:0b:3e:e2:f0:a9:e1:45:cf:58:33:a6:09:27:bb:3b:
        a6:90:0a:bd:1b:9a:62:85:af:96:89:77:6d:6d:d1:da:c7:99:
        2a:7d:87:5c:21:49:fa:99:87:bc:8d:90:07:ec:a9:49:2d:cd:
        7b:6b:7a:da:55:59:2b:54:ff:b1:f4:39:67:6d:0f:8d:ec:6c:
        a5:b8:e5:63:4a:a3:88:69:5a:8d:ee:16:4d:48:b4:e9:9b:fc:
        69:0d:26:a3:bd:ab:80:77:f8:fc:84:92:bb:d4:32:5b:d8:7d:
        41:7d:d2:70:d9:dc:fa:1c:6d:4b:92:6a:f6:3d:79:e2:4f:1b:
        93:d4:96:c5:3f:3e:3b:b5:b4:e7:13:b4:fd:af:f3:c2:c1:e5:
        2f:29:5b:6d:f8:b9:4d:dd:ab:e2:f2:38:a9:da:e9:ef:e3:1e:
        bb:5f:f1:44:a7:37:6e:61:b5:36:29:c1:66:e6:3f:3a:81:15:
        d0:06:83:02

-2025063399 | 2024-04-26T02:59:32.014208

587 / tcp

220 mail.nindeco.com ESMTP
250-mail.nindeco.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:b3:0d:fb:89:ec:70:9b:09:43:d8:e2:71:64:fb:8e:b6:2a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar  7 09:41:40 2024 GMT
            Not After : Jun  5 09:41:39 2024 GMT
        Subject: CN=mail.nindeco.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:9c:a9:e8:31:0a:03:83:d5:db:0c:b7:c7:95:8d:
                    a3:b0:1a:ed:87:04:f1:10:f2:01:f1:0c:c1:e8:04:
                    2e:eb:e5:1b:5c:b5:1d:fe:3a:4a:50:0d:b8:a4:82:
                    5e:aa:9e:e8:a4:27:2d:27:4c:6a:b2:25:a7:7a:87:
                    4c:7f:95:48:15:e5:dd:31:24:a1:4e:ef:2c:9b:c9:
                    0f:e7:89:02:c7:bd:c4:1a:a3:7b:f8:e4:41:7b:5d:
                    84:8c:ef:ef:5e:ac:b6:d5:7a:a6:61:a6:01:24:c0:
                    2d:23:bc:b3:19:f2:18:01:38:b1:6d:3a:2f:b9:b8:
                    8e:38:7f:f9:aa:12:78:e3:30:1e:8e:cd:ae:9b:68:
                    59:01:4b:d3:5e:3c:78:c5:0e:4e:2d:5e:f1:44:9f:
                    c1:d0:15:90:11:28:14:92:81:de:b7:01:92:69:a9:
                    27:f2:15:a5:ca:88:a7:94:8f:91:7d:e4:be:e6:a4:
                    3a:cb:42:eb:bd:66:4e:3a:ff:e1:90:7f:65:93:92:
                    9a:78:ac:ab:0f:5b:23:dc:31:0e:e8:4f:0c:12:60:
                    e4:b1:dc:c5:25:ab:4b:56:40:fd:cf:9e:ec:60:7a:
                    20:dc:eb:ea:32:40:59:d5:13:70:9e:5c:df:4b:43:
                    60:15:68:d5:69:af:52:e0:11:ac:91:e1:ff:09:c9:
                    3e:99:ee:e0:bc:09:d6:5c:c4:0b:dd:df:2f:20:9a:
                    91:e1:55:d7:f2:53:3c:c0:58:89:a5:33:e7:28:06:
                    48:fa:cd:69:4e:b9:bd:d0:7d:e4:8f:9b:a5:0b:fc:
                    12:68:c5:79:25:50:be:37:c0:11:87:31:f8:ea:d4:
                    d5:ad:86:9c:1f:29:5f:1a:b4:08:f3:df:f8:c9:ed:
                    16:b0:b5:67:7f:c4:3b:49:15:79:60:0d:5f:fb:be:
                    1c:43:db:7f:4e:0b:d9:f7:98:a3:ce:5c:a7:99:e5:
                    33:06:b6:b8:34:f3:e3:12:07:cb:e6:5e:28:82:de:
                    01:4f:b0:b6:8a:c9:f9:a6:32:50:d5:5b:2a:d3:54:
                    9c:2b:80:fa:15:9a:50:23:d7:5b:e2:77:62:cd:a4:
                    15:33:a6:c2:9b:c0:86:4c:07:2c:05:6b:0d:d3:9e:
                    76:ed:a0:36:61:95:cd:fd:97:26:77:a1:10:84:5d:
                    1a:84:47:ea:3d:11:df:63:1e:2b:96:27:34:3a:99:
                    e6:dd:fd:1f:52:cb:23:20:ed:dd:bc:b2:82:a5:ef:
                    86:b1:fa:b1:5d:ca:33:2e:92:06:a1:c5:aa:1a:81:
                    b3:1b:2a:62:14:50:9b:ed:ba:17:70:60:46:39:96:
                    43:5c:f2:92:f2:ee:6e:87:59:af:7e:c5:b1:8e:04:
                    f7:11:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                9D:27:F1:3E:D7:77:48:51:F5:2D:53:AC:D3:B8:0E:CF:23:C4:A7:41
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:mail.nindeco.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Mar  7 10:41:40.845 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:D1:86:57:37:97:02:2B:A1:00:ED:38:
                                4D:AE:01:DB:D5:DD:B4:30:F3:41:61:81:B2:26:86:01:
                                90:28:89:A3:39:02:20:1A:C8:C4:44:A6:A3:36:2C:54:
                                63:C4:41:84:D5:1A:D8:8E:55:83:BC:6F:97:07:A6:9E:
                                91:79:A5:7D:C6:88:CE
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Mar  7 10:41:41.018 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:20:A2:1D:9F:32:2D:E8:0A:22:5D:B0:0C:
                                DC:DD:64:D2:A3:9F:AF:28:AB:89:AE:1B:7B:C0:74:E2:
                                B3:E7:4E:6D:02:21:00:EF:08:43:78:88:98:60:77:F9:
                                21:14:40:A5:6D:EA:5D:61:E5:E5:B9:9D:F6:18:4A:AA:
                                6B:84:D9:41:56:38:96
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        36:70:50:7f:a3:bf:64:8e:46:1a:50:12:13:bd:a1:d3:d8:0b:
        8f:30:1c:03:83:7e:3e:2f:2a:06:a8:da:48:a8:6a:b0:09:84:
        3b:7b:05:58:4e:fd:aa:fb:6e:52:fd:de:84:2d:ed:cc:cb:63:
        10:ea:6d:37:e8:dd:bd:17:fa:91:f6:3b:21:8c:f0:3d:dc:76:
        f2:a9:36:0b:3e:e2:f0:a9:e1:45:cf:58:33:a6:09:27:bb:3b:
        a6:90:0a:bd:1b:9a:62:85:af:96:89:77:6d:6d:d1:da:c7:99:
        2a:7d:87:5c:21:49:fa:99:87:bc:8d:90:07:ec:a9:49:2d:cd:
        7b:6b:7a:da:55:59:2b:54:ff:b1:f4:39:67:6d:0f:8d:ec:6c:
        a5:b8:e5:63:4a:a3:88:69:5a:8d:ee:16:4d:48:b4:e9:9b:fc:
        69:0d:26:a3:bd:ab:80:77:f8:fc:84:92:bb:d4:32:5b:d8:7d:
        41:7d:d2:70:d9:dc:fa:1c:6d:4b:92:6a:f6:3d:79:e2:4f:1b:
        93:d4:96:c5:3f:3e:3b:b5:b4:e7:13:b4:fd:af:f3:c2:c1:e5:
        2f:29:5b:6d:f8:b9:4d:dd:ab:e2:f2:38:a9:da:e9:ef:e3:1e:
        bb:5f:f1:44:a7:37:6e:61:b5:36:29:c1:66:e6:3f:3a:81:15:
        d0:06:83:02

1664207957 | 2024-05-05T17:22:09.368040

993 / tcp

* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.
* CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN
A001 OK Pre-login capabilities listed, post-login capabilities have more.
* ID ("name" "Dovecot")
A002 OK ID completed.
A003 BAD Error in IMAP command received by server.
* BYE Logging out
A004 OK Logout completed.

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:b3:0d:fb:89:ec:70:9b:09:43:d8:e2:71:64:fb:8e:b6:2a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar  7 09:41:40 2024 GMT
            Not After : Jun  5 09:41:39 2024 GMT
        Subject: CN=mail.nindeco.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:9c:a9:e8:31:0a:03:83:d5:db:0c:b7:c7:95:8d:
                    a3:b0:1a:ed:87:04:f1:10:f2:01:f1:0c:c1:e8:04:
                    2e:eb:e5:1b:5c:b5:1d:fe:3a:4a:50:0d:b8:a4:82:
                    5e:aa:9e:e8:a4:27:2d:27:4c:6a:b2:25:a7:7a:87:
                    4c:7f:95:48:15:e5:dd:31:24:a1:4e:ef:2c:9b:c9:
                    0f:e7:89:02:c7:bd:c4:1a:a3:7b:f8:e4:41:7b:5d:
                    84:8c:ef:ef:5e:ac:b6:d5:7a:a6:61:a6:01:24:c0:
                    2d:23:bc:b3:19:f2:18:01:38:b1:6d:3a:2f:b9:b8:
                    8e:38:7f:f9:aa:12:78:e3:30:1e:8e:cd:ae:9b:68:
                    59:01:4b:d3:5e:3c:78:c5:0e:4e:2d:5e:f1:44:9f:
                    c1:d0:15:90:11:28:14:92:81:de:b7:01:92:69:a9:
                    27:f2:15:a5:ca:88:a7:94:8f:91:7d:e4:be:e6:a4:
                    3a:cb:42:eb:bd:66:4e:3a:ff:e1:90:7f:65:93:92:
                    9a:78:ac:ab:0f:5b:23:dc:31:0e:e8:4f:0c:12:60:
                    e4:b1:dc:c5:25:ab:4b:56:40:fd:cf:9e:ec:60:7a:
                    20:dc:eb:ea:32:40:59:d5:13:70:9e:5c:df:4b:43:
                    60:15:68:d5:69:af:52:e0:11:ac:91:e1:ff:09:c9:
                    3e:99:ee:e0:bc:09:d6:5c:c4:0b:dd:df:2f:20:9a:
                    91:e1:55:d7:f2:53:3c:c0:58:89:a5:33:e7:28:06:
                    48:fa:cd:69:4e:b9:bd:d0:7d:e4:8f:9b:a5:0b:fc:
                    12:68:c5:79:25:50:be:37:c0:11:87:31:f8:ea:d4:
                    d5:ad:86:9c:1f:29:5f:1a:b4:08:f3:df:f8:c9:ed:
                    16:b0:b5:67:7f:c4:3b:49:15:79:60:0d:5f:fb:be:
                    1c:43:db:7f:4e:0b:d9:f7:98:a3:ce:5c:a7:99:e5:
                    33:06:b6:b8:34:f3:e3:12:07:cb:e6:5e:28:82:de:
                    01:4f:b0:b6:8a:c9:f9:a6:32:50:d5:5b:2a:d3:54:
                    9c:2b:80:fa:15:9a:50:23:d7:5b:e2:77:62:cd:a4:
                    15:33:a6:c2:9b:c0:86:4c:07:2c:05:6b:0d:d3:9e:
                    76:ed:a0:36:61:95:cd:fd:97:26:77:a1:10:84:5d:
                    1a:84:47:ea:3d:11:df:63:1e:2b:96:27:34:3a:99:
                    e6:dd:fd:1f:52:cb:23:20:ed:dd:bc:b2:82:a5:ef:
                    86:b1:fa:b1:5d:ca:33:2e:92:06:a1:c5:aa:1a:81:
                    b3:1b:2a:62:14:50:9b:ed:ba:17:70:60:46:39:96:
                    43:5c:f2:92:f2:ee:6e:87:59:af:7e:c5:b1:8e:04:
                    f7:11:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                9D:27:F1:3E:D7:77:48:51:F5:2D:53:AC:D3:B8:0E:CF:23:C4:A7:41
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:mail.nindeco.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Mar  7 10:41:40.845 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:D1:86:57:37:97:02:2B:A1:00:ED:38:
                                4D:AE:01:DB:D5:DD:B4:30:F3:41:61:81:B2:26:86:01:
                                90:28:89:A3:39:02:20:1A:C8:C4:44:A6:A3:36:2C:54:
                                63:C4:41:84:D5:1A:D8:8E:55:83:BC:6F:97:07:A6:9E:
                                91:79:A5:7D:C6:88:CE
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Mar  7 10:41:41.018 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:20:A2:1D:9F:32:2D:E8:0A:22:5D:B0:0C:
                                DC:DD:64:D2:A3:9F:AF:28:AB:89:AE:1B:7B:C0:74:E2:
                                B3:E7:4E:6D:02:21:00:EF:08:43:78:88:98:60:77:F9:
                                21:14:40:A5:6D:EA:5D:61:E5:E5:B9:9D:F6:18:4A:AA:
                                6B:84:D9:41:56:38:96
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        36:70:50:7f:a3:bf:64:8e:46:1a:50:12:13:bd:a1:d3:d8:0b:
        8f:30:1c:03:83:7e:3e:2f:2a:06:a8:da:48:a8:6a:b0:09:84:
        3b:7b:05:58:4e:fd:aa:fb:6e:52:fd:de:84:2d:ed:cc:cb:63:
        10:ea:6d:37:e8:dd:bd:17:fa:91:f6:3b:21:8c:f0:3d:dc:76:
        f2:a9:36:0b:3e:e2:f0:a9:e1:45:cf:58:33:a6:09:27:bb:3b:
        a6:90:0a:bd:1b:9a:62:85:af:96:89:77:6d:6d:d1:da:c7:99:
        2a:7d:87:5c:21:49:fa:99:87:bc:8d:90:07:ec:a9:49:2d:cd:
        7b:6b:7a:da:55:59:2b:54:ff:b1:f4:39:67:6d:0f:8d:ec:6c:
        a5:b8:e5:63:4a:a3:88:69:5a:8d:ee:16:4d:48:b4:e9:9b:fc:
        69:0d:26:a3:bd:ab:80:77:f8:fc:84:92:bb:d4:32:5b:d8:7d:
        41:7d:d2:70:d9:dc:fa:1c:6d:4b:92:6a:f6:3d:79:e2:4f:1b:
        93:d4:96:c5:3f:3e:3b:b5:b4:e7:13:b4:fd:af:f3:c2:c1:e5:
        2f:29:5b:6d:f8:b9:4d:dd:ab:e2:f2:38:a9:da:e9:ef:e3:1e:
        bb:5f:f1:44:a7:37:6e:61:b5:36:29:c1:66:e6:3f:3a:81:15:
        d0:06:83:02

261189147 | 2024-04-30T11:27:27.778078

1723 / tcp

PPTP:
  Firmware: 1
  Hostname: local
  Vendor: linux

-1229517957 | 2024-05-06T00:27:00.935890

3128 / tcp

HTTP/1.1 400 Bad Request
Server: squid/3.5.27
Mime-Version: 1.0
Date: Mon, 06 May 2024 00:27:00 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3524
X-Squid-Error: ERR_INVALID_URL 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from localhost
X-Cache-Lookup: NONE from localhost:3128
Via: 1.1 localhost (squid/3.5.27)
Connection: close

855668329 | 2024-04-27T17:07:05.092229

6001 / tcp

HTTP/1.1 400 Bad Request
Server: nginx/1.15.3
Date: Sat, 27 Apr 2024 17:07:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 173
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.15.3</center>
</body>
</html>

-1371151012 | 2024-05-02T15:13:26.034340

8083 / tcp

HTTP/1.1 200 OK
Date: Thu, 02 May 2024 15:13:09 GMT
Server: Apache/2.4.38 (Debian)
X-Powered-By: PHP/7.4.20
Set-Cookie: phpMyAdmin=5fd2d72090f8470b307019333095c748; path=/; HttpOnly
Expires: Thu, 02 May 2024 15:13:09 +0000
Cache-Control: no-store, no-cache, must-revalidate,  pre-check=0, post-check=0, max-age=0
Last-Modified: Thu, 02 May 2024 15:13:09 +0000
Set-Cookie: phpMyAdmin=5fd2d72090f8470b307019333095c748; path=/; HttpOnly
Set-Cookie: pma_lang=en; expires=Sat, 01-Jun-2024 15:13:09 GMT; Max-Age=2592000; path=/; HttpOnly; SameSite=Strict
Set-Cookie: phpMyAdmin=942250b377df126b304f93249bd3ac9a; path=/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

4de3
<!doctype html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  <meta name="referrer" content="no-referrer">
  <meta name="robots" content="noindex,nofollow">
  <meta http-equiv="X-UA-Compatible" content="IE=Edge">
  <style id="cfs-style">html{display: none;}</style>
  <link rel="icon" href="favicon.ico" type="image/x-icon">
  <link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
      <link rel="stylesheet" type="text/css" href="./themes/pmahomme/jquery/jquery-ui.css">
    <link rel="stylesheet" type="text/css" href="js/vendor/codemirror/lib/codemirror.css?v=5.1.1">
    <link rel="stylesheet" type="text/css" href="js/vendor/codemirror/addon/hint/show-hint.css?v=5.1.1">
    <link rel="stylesheet" type="text/css" href="js/vendor/codemirror/addon/lint/lint.css?v=5.1.1">
    <link rel="stylesheet" type="text/css" href="./themes/pmahomme/css/theme.css?v=5.1.1&nocache=3246814551ltr&server=1">
    <link rel="stylesheet" type="text/css" href="./themes/pmahomme/css/printview.css?v=5.1.1" media="print" id="printcss">
    <title>phpMyAdmin</title>
    <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.min.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery-migrate.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/sprintf.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/ajax.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/keyhandler.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/bootstrap/bootstrap.bundle.min.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery-ui.min.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/js.cookie.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.mousewheel.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.validate.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery-ui-timepicker-addon.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.ba-hashchange-2.0.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.debounce-1.0.6.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/menu_resizer.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/cross_framing_protection.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/rte.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/tracekit.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/error_report.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/messages.php?l=en&v=5.1.1&lang=en"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/config.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/doclinks.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/functions.js?v=5.1.1"></script>
  <script data-cfasync="false" type="text/javascript" src="js/di

1467987817 | 2024-04-29T02:30:12.339133

8181 / tcp

HTTP/1.1 502 Bad Gateway
Server: nginx/1.13.12
Date: Mon, 29 Apr 2024 02:30:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 174
Connection: keep-alive

<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.13.12</center>
</body>
</html>

1696899805 | 2024-05-04T23:41:36.630709

9000 / tcp

HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Date: Sat, 04 May 2024 23:41:36 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 0

95.216.173.216

Last Seen: 2024-05-06

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1727789857 | 2024-04-26T09:36:22.801698
22 / tcp

OpenSSH7.6p1 Ubuntu-4ubuntu0.3

1851263793 | 2024-05-05T23:25:39.746587
25 / tcp

-531274556 | 2024-05-03T08:13:15.169001
53 / tcp

-531274556 | 2024-05-05T00:47:53.430267
53 / udp

-1886819355 | 2024-05-01T05:20:47.646633
80 / tcp

nginx1.13.12

1006759738 | 2024-05-03T19:41:35.160143
137 / udp

1133575510 | 2024-05-01T23:07:58.924785
143 / tcp

-109612203 | 2024-05-01T08:05:15.528751
443 / tcp

nginx1.13.12

-252123548 | 2024-04-28T17:52:33.721819
445 / tcp

Samba4.7.6-Ubuntu

874689713 | 2024-04-11T23:31:55.135695
465 / tcp

-2025063399 | 2024-04-26T02:59:32.014208
587 / tcp

1664207957 | 2024-05-05T17:22:09.368040
993 / tcp

261189147 | 2024-04-30T11:27:27.778078
1723 / tcp

PPTP

-1229517957 | 2024-05-06T00:27:00.935890
3128 / tcp

Squid http proxy3.5.27

855668329 | 2024-04-27T17:07:05.092229
6001 / tcp

nginx1.15.3

-1371151012 | 2024-05-02T15:13:26.034340
8083 / tcp

Apache httpd2.4.38

1467987817 | 2024-04-29T02:30:12.339133
8181 / tcp

nginx1.13.12

1696899805 | 2024-05-04T23:41:36.630709
9000 / tcp

Products

Pricing

Contact Us

95.216.173.216

Last Seen: 2024-05-06

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1727789857 | 2024-04-26T09:36:22.801698 22 / tcp

1851263793 | 2024-05-05T23:25:39.746587 25 / tcp

-531274556 | 2024-05-03T08:13:15.169001 53 / tcp

-531274556 | 2024-05-05T00:47:53.430267 53 / udp

-1886819355 | 2024-05-01T05:20:47.646633 80 / tcp

1006759738 | 2024-05-03T19:41:35.160143 137 / udp

1133575510 | 2024-05-01T23:07:58.924785 143 / tcp

-109612203 | 2024-05-01T08:05:15.528751 443 / tcp

-252123548 | 2024-04-28T17:52:33.721819 445 / tcp

874689713 | 2024-04-11T23:31:55.135695 465 / tcp

-2025063399 | 2024-04-26T02:59:32.014208 587 / tcp

1664207957 | 2024-05-05T17:22:09.368040 993 / tcp

261189147 | 2024-04-30T11:27:27.778078 1723 / tcp

-1229517957 | 2024-05-06T00:27:00.935890 3128 / tcp

855668329 | 2024-04-27T17:07:05.092229 6001 / tcp

-1371151012 | 2024-05-02T15:13:26.034340 8083 / tcp

1467987817 | 2024-04-29T02:30:12.339133 8181 / tcp

1696899805 | 2024-05-04T23:41:36.630709 9000 / tcp

Products

Pricing

Contact Us

-1727789857 | 2024-04-26T09:36:22.801698
22 / tcp

1851263793 | 2024-05-05T23:25:39.746587
25 / tcp

-531274556 | 2024-05-03T08:13:15.169001
53 / tcp

-531274556 | 2024-05-05T00:47:53.430267
53 / udp

-1886819355 | 2024-05-01T05:20:47.646633
80 / tcp

1006759738 | 2024-05-03T19:41:35.160143
137 / udp

1133575510 | 2024-05-01T23:07:58.924785
143 / tcp

-109612203 | 2024-05-01T08:05:15.528751
443 / tcp

-252123548 | 2024-04-28T17:52:33.721819
445 / tcp

874689713 | 2024-04-11T23:31:55.135695
465 / tcp

-2025063399 | 2024-04-26T02:59:32.014208
587 / tcp

1664207957 | 2024-05-05T17:22:09.368040
993 / tcp

261189147 | 2024-04-30T11:27:27.778078
1723 / tcp

-1229517957 | 2024-05-06T00:27:00.935890
3128 / tcp

855668329 | 2024-04-27T17:07:05.092229
6001 / tcp

-1371151012 | 2024-05-02T15:13:26.034340
8083 / tcp

1467987817 | 2024-04-29T02:30:12.339133
8181 / tcp

1696899805 | 2024-05-04T23:41:36.630709
9000 / tcp