nginx
tcp/443
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652251d3a77d
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://codeup.aliyun.com/leafcolor/leafcolor/leafcolor2-web.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master
Severity: medium
Fingerprint: 2580fa947e78dd08b10a0dade4cdefbe355dabb1608db7b007245c4a5524d0d5
HTTP/1.1 400 Bad Request Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private Date: Sat, 06 May 2023 15:00:50 GMT 34 The provided host name is not valid for this server. 0 [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://codeup.aliyun.com/leafcolor/leafcolor/leafcolor2-web.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master
The docker registry is public and could contain private production images.
This could result in both credentials and source code leak.
Fingerprint: be48c9b1d75b7b1036779b4db70e7d2b64693b1364693b1364693b1364693b13
Found 2 image(s) in docker registry: k8s-pod-pvtoolimg : 1 tags pause : 1 tags
Fingerprint: be48c9b1d75b7b1036779b4d4f53dae2aa4579064d52c0cc5965c42e1cca2cf0
Found 2 image(s) in docker registry: HTTP/1.1 200 OK Cache-Control: no-cache Date: Sun, 07 May 2023 14:14:56 GMT Content-Length: 0 Connection: close k8s-pod-pvtoolimg : 1 tags pause : 1 tags
Open service 110.42.247.133:443
2024-05-12 18:42
HTTP/1.1 400 Bad Request Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private Date: Sun, 12 May 2024 18:42:58 GMT The provided host name is not valid for this server.
Open service 110.42.247.133:5000
2024-05-12 18:24
HTTP/1.1 200 OK Cache-Control: no-cache Date: Sun, 12 May 2024 18:24:49 GMT Content-Length: 0 Connection: close
Open service 110.42.247.133:443
2024-05-08 13:17
HTTP/1.1 400 Bad Request Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private Date: Wed, 08 May 2024 13:17:41 GMT The provided host name is not valid for this server.
Open service 110.42.247.133:5000
2024-04-30 19:59
HTTP/1.1 200 OK Cache-Control: no-cache Date: Tue, 30 Apr 2024 19:59:43 GMT Content-Length: 0 Connection: close
Open service 110.42.247.133:5000
2024-04-28 18:46
HTTP/1.1 200 OK Cache-Control: no-cache Date: Sun, 28 Apr 2024 18:46:09 GMT Content-Length: 0 Connection: close
Open service 110.42.247.133:443
2024-04-28 18:07
HTTP/1.1 400 Bad Request Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private Date: Sun, 28 Apr 2024 18:07:36 GMT The provided host name is not valid for this server.
Open service 110.42.247.133:5000
2024-04-25 12:02
HTTP/1.1 200 OK Cache-Control: no-cache Date: Thu, 25 Apr 2024 12:02:54 GMT Content-Length: 0 Connection: close
Open service 110.42.247.133:3308
2024-04-25 08:54
MySQL detected
Open service 110.42.247.133:5000
2024-04-23 09:19
HTTP/1.1 200 OK Cache-Control: no-cache Date: Tue, 23 Apr 2024 09:19:53 GMT Content-Length: 0 Connection: close
Open service 110.42.247.133:3308
2024-04-22 21:09
MySQL detected
Open service 110.42.247.133:5000
2024-04-18 19:05
HTTP/1.1 200 OK Cache-Control: no-cache Date: Thu, 18 Apr 2024 19:05:51 GMT Content-Length: 0 Connection: close