The Redis instance is open to the public.
This could result to data leak and code execution.
Severity: medium
Fingerprint: d606b92f1b5fdf181d681afe1d681afe1d681afe1d681afe1d681afe1d681afe
Redis is open with 10 keys in dbs
Severity: medium
Fingerprint: d606b92f1b5fdf18cb5fa067cb5fa067cb5fa067cb5fa067cb5fa067cb5fa067
Redis is open with 8 keys in dbs
Severity: medium
Fingerprint: d606b92f1b5fdf180fc2d42a0fc2d42a0fc2d42a0fc2d42a0fc2d42a0fc2d42a
Redis is open with 9 keys in dbs
Severity: medium
Fingerprint: d606b92f1b5fdf18a973d22ba973d22ba973d22ba973d22ba973d22ba973d22b
Redis is open with 11 keys in dbs
Severity: medium
Fingerprint: d606b92f1b5fdf18e8f49f30e8f49f30e8f49f30e8f49f30e8f49f30e8f49f30
Redis is open with 12 keys in dbs
Severity: medium
Fingerprint: d606b92f1b5fdf18664621d4664621d4664621d4664621d4664621d4664621d4
Redis is open with 16 keys in dbs
Severity: medium
Fingerprint: d606b92f1b5fdf1868e07c0f68e07c0f68e07c0f68e07c0f68e07c0f68e07c0f
Redis is open with 15 keys in dbs
Severity: medium
Fingerprint: d606b92f1b5fdf181b1f02c91b1f02c91b1f02c91b1f02c91b1f02c91b1f02c9
Redis is open with 2 keys in dbs
Severity: medium
Fingerprint: d606b92f1b5fdf185497e6545497e6545497e6545497e6545497e6545497e654
Redis is open with 3 keys in dbs
Severity: medium
Fingerprint: d606b92f1b5fdf1897c596ab97c596ab97c596ab97c596ab97c596ab97c596ab
Redis is open with 4 keys in dbs
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522ba72599d
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab.com/grepruby/projects/client/lucky-reels/admin/frontend-two.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "develop"] remote = origin merge = refs/heads/develop [branch "refactor/api-changes"] remote = origin merge = refs/heads/refactor/api-changes
Open service 44.222.28.155:8004
2024-06-21 04:08
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Security-Policy: default-src 'none' Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin X-DNS-Prefetch-Control: off X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff Origin-Agent-Cluster: ?1 X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer X-XSS-Protection: 0 Content-Type: text/html; charset=utf-8 Content-Length: 139 Date: Fri, 21 Jun 2024 04:08:43 GMT Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>
Open service 44.222.28.155:22
2024-06-21 01:41
Open service 44.222.28.155:8007
2024-06-20 10:11
HTTP/1.1 404 Not Found Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin X-DNS-Prefetch-Control: off X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff Origin-Agent-Cluster: ?1 X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer X-XSS-Protection: 0 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Type: application/json; charset=utf-8 Content-Length: 22 ETag: W/"16-1AnnTM9P5q4Dv1KmajxbzxifCYI" Date: Thu, 20 Jun 2024 10:11:35 GMT Connection: close {"status":"Not Found"}
Open service 44.222.28.155:8003
2024-06-15 12:46
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Content-Length: 577 Content-Type: text/html;charset=utf-8 Last-Modified: Wed, 12 Jun 2024 08:48:22 GMT ETag: W/"577-1718182102465" Cache-Control: no-cache Date: Sat, 15 Jun 2024 12:46:08 GMT Connection: close Page title: Lucky Reels Admin <!doctype html> <html lang="en"> <head> <meta charset="UTF-8" /> <link rel="icon" type="image/svg+xml" href="/assets/favicon-93233935.ico" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Lucky Reels Admin</title> <script> var global = global || window; </script> <script src="https://cdn.jsdelivr.net/npm/chart.js"></script> <script type="module" crossorigin src="/assets/index-05014daa.js"></script> <link rel="stylesheet" href="/assets/index-3658a6e5.css"> </head> <body> <div id="root"></div> </body> </html>
Open service 44.222.28.155:8006
2024-06-15 07:07
HTTP/1.1 404 Not Found X-Powered-By: Express Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Type: application/json; charset=utf-8 Content-Length: 22 ETag: W/"16-1AnnTM9P5q4Dv1KmajxbzxifCYI" Date: Sat, 15 Jun 2024 07:07:58 GMT Connection: close {"status":"Not Found"}
Open service 44.222.28.155:8002
2024-06-14 07:51
HTTP/1.1 404 Not Found Content-Security-Policy: default-src 'none' Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin X-DNS-Prefetch-Control: off X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff Origin-Agent-Cluster: ?1 X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer X-XSS-Protection: 0 Vary: Origin Access-Control-Allow-Credentials: true Content-Type: text/html; charset=utf-8 Content-Length: 139 Date: Fri, 14 Jun 2024 07:51:31 GMT Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>
Open service 44.222.28.155:8004
2024-06-13 23:58
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Security-Policy: default-src 'none' Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin X-DNS-Prefetch-Control: off X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff Origin-Agent-Cluster: ?1 X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer X-XSS-Protection: 0 Content-Type: text/html; charset=utf-8 Content-Length: 139 Date: Thu, 13 Jun 2024 23:58:39 GMT Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>
Open service 44.222.28.155:22
2024-06-13 21:23
Open service 44.222.28.155:22
2024-06-12 23:05