LeakIX - Host 148.251.79.239

Host 148.251.79.239

Germany

Hetzner Online GmbH

Software information

nginx nginx 1.14.2

tcp/443 tcp/80

Gitlab instance looks outdated
The following Gitlab instance is publicly accessible and looks out-dated :

It is critical to update to a safe version as soon as possible to avoid account takeover.

Severity is mitigated by the need of a valid email address.

Reference:

https://www.cvedetails.com/cve/CVE-2023-7028
IP: 148.251.79.239
Domain: gitlab.ontando.ru
Port: 443
URL: https://gitlab.ontando.ru

First seen 2024-01-20 08:46
Last seen 2024-12-21 17:26
Open for 336 days
- Severity: high
  Fingerprint: db64c48d331961cce5776b3a892edddd892edddd892edddd892edddd892edddd
```
Found vulnerable Gitlab instance
Affected by CVE-2023-7028
```
  Found on 2024-12-21 17:26
Create report

Open service 148.251.79.239:443 · gitlab.ontando.ru

2024-12-21 17:26

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Sat, 21 Dec 2024 17:26:10 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 105
Connection: close
Cache-Control: no-cache
Content-Security-Policy: 
Location: https://gitlab.ontando.ru/users/sign_in
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Gitlab-Meta: {"correlation_id":"01JFN42N2ABPJ9ME8TMCGWDBJJ","version":"1"}
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 01JFN42N2ABPJ9ME8TMCGWDBJJ
X-Runtime: 0.058641
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000
Referrer-Policy: strict-origin-when-cross-origin
Expires: Sat, 21 Dec 2024 17:26:09 GMT


<html><body>You are being <a href="https://gitlab.ontando.ru/users/sign_in">redirected</a>.</body></html>

Found 18 hours ago by HttpPlugin

Create report

Open service 148.251.79.239:80 · gitlab.ontando.ru

2024-12-21 17:26

HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Sat, 21 Dec 2024 17:26:09 GMT
Content-Type: text/html
Content-Length: 185
Connection: close
Location: https://gitlab.ontando.ru/

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>

Found 18 hours ago by HttpPlugin

Create report

Open service 148.251.79.239:443 · gitlab.ontando.ru

2024-12-21 00:34

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Sat, 21 Dec 2024 00:34:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 105
Connection: close
Cache-Control: no-cache
Content-Security-Policy: 
Location: https://gitlab.ontando.ru/users/sign_in
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Gitlab-Meta: {"correlation_id":"01JFKA63E057NQ7G3E03HPTAQG","version":"1"}
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 01JFKA63E057NQ7G3E03HPTAQG
X-Runtime: 0.059186
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000
Referrer-Policy: strict-origin-when-cross-origin
Expires: Sat, 21 Dec 2024 00:34:24 GMT


<html><body>You are being <a href="https://gitlab.ontando.ru/users/sign_in">redirected</a>.</body></html>

Found one day ago by HttpPlugin

Create report

Open service 148.251.79.239:443 · gitlab.ontando.ru

2024-12-19 01:10

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Thu, 19 Dec 2024 01:10:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 105
Connection: close
Cache-Control: no-cache
Content-Security-Policy: 
Location: https://gitlab.ontando.ru/users/sign_in
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Gitlab-Meta: {"correlation_id":"01JFE7EXCX4ZXMBH0B0ZY7KTB4","version":"1"}
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 01JFE7EXCX4ZXMBH0B0ZY7KTB4
X-Runtime: 0.059825
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000
Referrer-Policy: strict-origin-when-cross-origin
Expires: Thu, 19 Dec 2024 01:10:35 GMT


<html><body>You are being <a href="https://gitlab.ontando.ru/users/sign_in">redirected</a>.</body></html>

Found 2024-12-19 by HttpPlugin

Create report

Open service 148.251.79.239:443 · gitlab.ontando.ru

2024-12-14 09:32

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Sat, 14 Dec 2024 09:32:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 105
Connection: close
Cache-Control: no-cache
Content-Security-Policy: 
Location: https://gitlab.ontando.ru/users/sign_in
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Gitlab-Meta: {"correlation_id":"01JF285QAR8NS8DFQ7EG8HXS1J","version":"1"}
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 01JF285QAR8NS8DFQ7EG8HXS1J
X-Runtime: 0.049639
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000
Referrer-Policy: strict-origin-when-cross-origin
Expires: Sat, 14 Dec 2024 09:32:10 GMT


<html><body>You are being <a href="https://gitlab.ontando.ru/users/sign_in">redirected</a>.</body></html>

Found 2024-12-14 by HttpPlugin

Create report

Open service 148.251.79.239:443 · gitlab.ontando.ru

2024-12-12 13:36

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Thu, 12 Dec 2024 13:36:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 105
Connection: close
Cache-Control: no-cache
Content-Security-Policy: 
Location: https://gitlab.ontando.ru/users/sign_in
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Gitlab-Meta: {"correlation_id":"01JEXHC57J4S74VJ65MX1B50PZ","version":"1"}
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 01JEXHC57J4S74VJ65MX1B50PZ
X-Runtime: 0.066397
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000
Referrer-Policy: strict-origin-when-cross-origin
Expires: Thu, 12 Dec 2024 13:36:45 GMT


<html><body>You are being <a href="https://gitlab.ontando.ru/users/sign_in">redirected</a>.</body></html>

Found 2024-12-12 by HttpPlugin

Create report

Open service 148.251.79.239:443 · beta.auth.ontando.ru

2024-12-11 18:52

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 11 Dec 2024 18:52:34 GMT
Content-Type: text/html
Content-Length: 1295
Last-Modified: Fri, 27 Nov 2020 19:49:38 GMT
Connection: close
ETag: "5fc15852-50f"
Accept-Ranges: bytes

Page title: Ontando auth services

<!DOCTYPE html>
<html>
<head>
    <title>Ontando auth services</title>

    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
    <link rel="stylesheet/less" type="text/css" href="less/main.less" />

    <script src="js/less.min.js" ></script>
    <script src="https://code.jquery.com/jquery-3.4.1.min.js" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>

    <script src="https://kit.fontawesome.com/4b0e85d5ff.js" crossorigin="anonymous"></script>

    <script src="web.js"></script>

    <!-- Google API -->
    <script src="https://apis.google.com/js/platform.js?onload=g_api_callback_init" async defer></script>
</head>
<body>
<div id="pre-loading-popup">Loading app. Please wait...</div>
<div id="react-app"></div>
</body>
</html>

Found 2024-12-11 by HttpPlugin

Create report

Open service 148.251.79.239:80 · beta.auth.ontando.ru

2024-12-11 18:52

HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Wed, 11 Dec 2024 18:52:34 GMT
Content-Type: text/html
Content-Length: 185
Connection: close
Location: https://beta.auth.ontando.ru/

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>

Found 2024-12-11 by HttpPlugin

Create report

Open service 148.251.79.239:80 · auth.ontando.ru

2024-12-11 18:52

HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Wed, 11 Dec 2024 18:52:15 GMT
Content-Type: text/html
Content-Length: 185
Connection: close
Location: https://auth.ontando.ru/

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>

Found 2024-12-11 by HttpPlugin

Create report

Open service 148.251.79.239:443 · auth.ontando.ru

2024-12-11 18:52

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 11 Dec 2024 18:52:19 GMT
Content-Type: text/html
Content-Length: 1295
Connection: close
Last-Modified: Tue, 02 Feb 2021 18:07:06 GMT
ETag: "601994ca-50f"
Accept-Ranges: bytes
Expires: Wed, 11 Dec 2024 18:52:18 GMT
Cache-Control: no-cache

Page title: Ontando auth services

<!DOCTYPE html>
<html>
<head>
    <title>Ontando auth services</title>

    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
    <link rel="stylesheet/less" type="text/css" href="less/main.less" />

    <script src="js/less.min.js" ></script>
    <script src="https://code.jquery.com/jquery-3.4.1.min.js" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>

    <script src="https://kit.fontawesome.com/4b0e85d5ff.js" crossorigin="anonymous"></script>

    <script src="web.js"></script>

    <!-- Google API -->
    <script src="https://apis.google.com/js/platform.js?onload=g_api_callback_init" async defer></script>
</head>
<body>
<div id="pre-loading-popup">Loading app. Please wait...</div>
<div id="react-app"></div>
</body>
</html>

Found 2024-12-11 by HttpPlugin

Create report

Open service 148.251.79.239:443 · gitlab.ontando.ru

2024-12-02 12:48

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Mon, 02 Dec 2024 12:49:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 105
Connection: close
Cache-Control: no-cache
Content-Security-Policy: 
Location: https://gitlab.ontando.ru/users/sign_in
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Gitlab-Meta: {"correlation_id":"01JE3PNGB0XX54P85NFKTR8NP2","version":"1"}
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 01JE3PNGB0XX54P85NFKTR8NP2
X-Runtime: 0.048948
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000
Referrer-Policy: strict-origin-when-cross-origin
Expires: Mon, 02 Dec 2024 12:48:59 GMT


<html><body>You are being <a href="https://gitlab.ontando.ru/users/sign_in">redirected</a>.</body></html>

Found 2024-12-02 by HttpPlugin

Create report

Open service 148.251.79.239:443 · gitlab.ontando.ru

2024-11-30 10:34

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Sat, 30 Nov 2024 10:34:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 105
Connection: close
Cache-Control: no-cache
Content-Security-Policy: 
Location: https://gitlab.ontando.ru/users/sign_in
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Gitlab-Meta: {"correlation_id":"01JDYA6K6279NTZHFNCGQE1Z97","version":"1"}
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 01JDYA6K6279NTZHFNCGQE1Z97
X-Runtime: 0.019875
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000
Referrer-Policy: strict-origin-when-cross-origin
Expires: Sat, 30 Nov 2024 10:34:56 GMT


<html><body>You are being <a href="https://gitlab.ontando.ru/users/sign_in">redirected</a>.</body></html>

Found 2024-11-30 by HttpPlugin

Create report

Open service 148.251.79.239:443 · gitlab.ontando.ru

2024-11-28 06:35

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Thu, 28 Nov 2024 06:35:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 105
Connection: close
Cache-Control: no-cache
Content-Security-Policy: 
Location: https://gitlab.ontando.ru/users/sign_in
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Gitlab-Meta: {"correlation_id":"01JDRQQK9QR9D21JGAPVRGGGX1","version":"1"}
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 01JDRQQK9QR9D21JGAPVRGGGX1
X-Runtime: 0.065321
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000
Referrer-Policy: strict-origin-when-cross-origin
Expires: Thu, 28 Nov 2024 06:35:58 GMT


<html><body>You are being <a href="https://gitlab.ontando.ru/users/sign_in">redirected</a>.</body></html>

Found 2024-11-28 by HttpPlugin

Create report

Open service 148.251.79.239:443 · gitlab.ontando.ru

2024-11-20 20:35

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Wed, 20 Nov 2024 20:35:55 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 105
Connection: close
Cache-Control: no-cache
Content-Security-Policy: 
Location: https://gitlab.ontando.ru/users/sign_in
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Gitlab-Meta: {"correlation_id":"01JD5MKTK7JE3NHBSXGYJEYG6H","version":"1"}
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 01JD5MKTK7JE3NHBSXGYJEYG6H
X-Runtime: 0.021236
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000
Referrer-Policy: strict-origin-when-cross-origin
Expires: Wed, 20 Nov 2024 20:35:54 GMT


<html><body>You are being <a href="https://gitlab.ontando.ru/users/sign_in">redirected</a>.</body></html>

Found 2024-11-20 by HttpPlugin

Create report

Open service 148.251.79.239:80

2024-11-20 15:28

HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Wed, 20 Nov 2024 15:28:38 GMT
Content-Type: text/html
Content-Length: 185
Connection: close
Location: https://148.251.79.239/

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>

Found 2024-11-20 by HttpPlugin

Create report

gitlab.ontando.ru

Fingerprint:

55061cebc84c7f45606e0c7db3cf02587857a336f00d6813affb1f583caaee59

CN:

gitlab.ontando.ru

Key:

RSA-2048

Issuer:

R11

Not before:

2024-12-21 16:26

Not after:

2025-03-21 16:26

gitlab.ontando.ru

Fingerprint:

e21b81edf32446e484f4050325d4986b5086bdeda0c963434e44f22beb649591

CN:

gitlab.ontando.ru

Key:

RSA-2048

Issuer:

R10

Not before:

2024-10-22 07:51

Not after:

2025-01-20 07:51

beta.auth.ontando.ru

Fingerprint:

acab5aeffe7b47d2beef9e33dedffcef1f3d506606d4a468e0891fbef21ca52e

CN:

beta.auth.ontando.ru

Key:

RSA-2048

Issuer:

R11

Not before:

2024-12-11 17:52

Not after:

2025-03-11 17:52

auth.ontando.ru

Fingerprint:

5bddb704a131aa520e064f3fd7afb2a509d46f0d1c25f47dc93cf30ac0f21af2

CN:

auth.ontando.ru

Key:

RSA-2048

Issuer:

R11

Not before:

2024-12-11 17:52

Not after:

2025-03-11 17:52

Domain summary

gitlab.ontando.ru 10 beta.auth.ontando.ru 1 auth.ontando.ru 1

3 recorded

Host 148.251.79.239

Germany

Software information

Gitlab instance looks outdated

gitlab.ontando.ru

gitlab.ontando.ru

beta.auth.ontando.ru

auth.ontando.ru

Domain summary