nginx 1.24.0
tcp/443 tcp/80
The Kafka instance is available to the public without authentication.
An attacker could connect to the queue to extract private/confidential information in real-time.
Fingerprint: 43224224eeda9da960defeaa0efe442aec7876f161767cae20cb3d9b2978a9e1
NoAuth Found topic __consumer_offsets Found topic hello_human Found topic latestMsgToRedis Found topic msgToPush Found topic offlineMsgToMongoMysql
Fingerprint: 43224224eeda9da960defeaa443382dff99014654631e395d3dda9b4f11cd29f
NoAuth Found topic msgToPush Found topic offlineMsgToMongoMysql Found topic __consumer_offsets Found topic hello_human Found topic latestMsgToRedis
Fingerprint: 43224224eeda9da960defeaa443382df14a32f90868d29deb1c79b5eb1c79b5e
NoAuth Found topic msgToPush Found topic latestMsgToRedis Found topic offlineMsgToMongoMysql Found topic __consumer_offsets
Fingerprint: 43224224eeda9da960defeaa53dfe5ccaf4daefcf5afd6d13813e88e3813e88e
NoAuth Found topic offlineMsgToMongoMysql Found topic __consumer_offsets Found topic msgToPush Found topic latestMsgToRedis
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
Severity: low
Fingerprint: 5f32cf5d6962f09c7cf176427cf17642beea724387e08ae487e08ae487e08ae4
Found 2 files trough .DS_Store spidering: /template /uploads
Open service 134.122.132.45:22
2024-06-02 04:01
Open service 134.122.132.45:443
2024-06-01 18:59
HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Sat, 01 Jun 2024 18:59:29 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close x-ua-compatible: IE=edge Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/TranslateWebserverUi/cspreport Content-Security-Policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/TranslateWebserverUi/cspreport;worker-src 'self' Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/TranslateWebserverUi/web-reports?context=eJzj8tHikmJw1JBikPj6kkkJiNPVZrBWArFT-gxWHxCun8EaBsSfdsxgbb15jrUfiJP-nWfNAeL2zxdYJwLxkoiLrHsSL7IKcXNMvP92E5tAQ-tmNSW1pPzC-JKixLzinMSSVN3y1KTi1KKy1KJ4IwMjEwNTIws9A4v4AkMAHIky9w" X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Set-Cookie: NID=514=drvlVm1LSp5JbcIW8X5y9pX2WwuEWumh3347h1fa-3pvm4Z6dAdTYGjHQXaon9U0fp-wykdk1531y1nN6zp4Ui4hOwMpG7PBPYImtPA29UnDGMm1sUlptvZzEr7l1nQTj7gg4k31JQF3WB-iBkLUasrocw7NAf7ZhDWSaHPCxW0; expires=Sun, 01-Dec-2024 18:59:29 GMT; path=/; domain=.google.com; Secure; HttpOnly Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Strict-Transport-Security: max-age=31536000
Open service 134.122.132.45:80
2024-06-01 07:32
HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Sat, 01 Jun 2024 07:32:44 GMT Content-Type: text/html Content-Length: 470 Last-Modified: Thu, 16 May 2024 13:58:39 GMT Connection: close ETag: "6646110f-1d6" Accept-Ranges: bytes Page title: Vite App <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <link rel="icon" href="/favicon.ico" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Vite App</title> <script type="module" crossorigin src="/assets/index.53e7ee5a.js"></script> <link rel="modulepreload" href="/assets/vendor.1d5e6308.js"> <link rel="stylesheet" href="/assets/index.b18e429e.css"> </head> <body> <div id="app"></div> </body> </html>
Open service 134.122.132.45:8080
2024-05-31 20:02
HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Fri, 31 May 2024 20:02:42 GMT Connection: close Page title: HTTP Status 404 – Not Found <!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1></body></html>
Open service 134.122.132.45:443
2024-05-29 03:59
HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Wed, 29 May 2024 03:59:11 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close x-ua-compatible: IE=edge Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin-allow-popups Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/TranslateWebserverUi/cspreport Content-Security-Policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/TranslateWebserverUi/cspreport;worker-src 'self' Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=* reporting-endpoints: default="/_/TranslateWebserverUi/web-reports?context=eJzj8tDikmLw1pBikPj6kkkJiDPUZrBWAbFT-gxWHxCun8EaBsSfd8xgbb15jrUfiJP-nWfNAeL2zxdYJwLxj4yLrEI8HP0Xbm1iE7ixZPl7RiW1pPzC-JKixLzinMSSVN3y1KTi1KKy1KJ4IwMjEwNTI3M9A5P4AgMAoHMyfQ" X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Set-Cookie: NID=514=n3eKItDLESJVQD9Zair4z9JZ41sQgtJNGJU9igSpW65GtC_yqfjiL9yg0ZpxEDvSRrHoSQCAhoeXJSb9IPPCeH0C9x81MkRVGRCyKqiPDN-dQh_u9Vgts7qetlQgNPVJlu-qSQTdYiNegw8Spd5cijcZgfBH8eKY0ZfjjU3Fsb0; expires=Thu, 28-Nov-2024 03:59:11 GMT; path=/; domain=.google.com; Secure; HttpOnly Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Strict-Transport-Security: max-age=31536000
Open service 134.122.132.45:8080
2024-05-29 02:22
HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 29 May 2024 02:22:33 GMT Connection: close Page title: HTTP Status 404 – Not Found <!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1></body></html>
Open service 134.122.132.45:22
2024-05-23 07:12