nginx
tcp/443 tcp/80
MongoDB is currently open without authentication.
This results in all the database data made available publicly.
Severity: medium
Fingerprint: 436d217a47ab42586cdc50eb8f40a34352f67fcf0a470ddd3132005219c0bfac
Collections: 3, document count: 3, size: 1.1 kB HTTP/1.0 200 OK Connection: close Content-Type: text/plain Content-Length: 85 It looks like you are trying to access MongoDB over HTTP on the native driver port. Found collection READ__ME_TO_RECOVER_YOUR_DATA.README with 1 documents (374 B) Found collection admin.system.version with 2 documents (764 B) Found collection config.system.sessions with 0 documents (0 B)
Severity: critical
Fingerprint: 436d217a47ab425853e271cb8889702352f8396f121a097dcf0957f2660e04a5
Collections: 10, document count: 8507, size: 66.5 MB HTTP/1.0 200 OK Connection: close Content-Type: text/plain Content-Length: 85 It looks like you are trying to access MongoDB over HTTP on the native driver port. Found collection READ_ME_TO_RECOVER_DATA.READ_ME_TO_RECOVER_DATA with 1 documents (445 B) Found collection admin.system.version with 2 documents (764 B) Found collection config.system.sessions with 0 documents (0 B) Found collection local.startup_log with 4 documents (7.9 kB) Found collection petio.friends with 26 documents (7.4 kB) Found collection petio.movies with 5790 documents (61.6 MB) Found collection petio.libraries with 4 documents (1.9 kB) Found collection petio.music with 1666 documents (271.9 kB) Found collection petio.shows with 988 documents (4.5 MB) Found collection petio.discovers with 26 documents (156.8 kB)
Severity: critical
Fingerprint: 436d217a47ab42582566177f5ceffa27e69bcc5ba3c476711f33880e02afe0bb
Collections: 11, document count: 91058, size: 71.1 MB HTTP/1.0 200 OK Connection: close Content-Type: text/plain Content-Length: 85 It looks like you are trying to access MongoDB over HTTP on the native driver port. Found collection READ_ME_TO_RECOVER_YOUR_DATA.README with 5 documents (3.6 kB) Found collection admin.system.version with 2 documents (764 B) Found collection config.system.sessions with 10 documents (990 B) Found collection local.startup_log with 1 documents (2.0 kB) Found collection petio.music with 1666 documents (271.9 kB) Found collection petio.movies with 5784 documents (61.5 MB) Found collection petio.imdbs with 82549 documents (4.6 MB) Found collection petio.friends with 26 documents (7.4 kB) Found collection petio.discovers with 26 documents (157.2 kB) Found collection petio.shows with 985 documents (4.5 MB) Found collection petio.libraries with 4 documents (1.9 kB)
Severity: critical
Fingerprint: 436d217a47ab4258108e475f3ff6c10738e0fd7b772ca391b6256c2e8ee21720
Collections: 11, document count: 90966, size: 71.0 MB HTTP/1.0 200 OK Connection: close Content-Type: text/plain Content-Length: 85 It looks like you are trying to access MongoDB over HTTP on the native driver port. Found collection READ_ME_TO_RECOVER_YOUR_DATA.README with 5 documents (3.6 kB) Found collection admin.system.version with 2 documents (764 B) Found collection config.system.sessions with 10 documents (990 B) Found collection local.startup_log with 1 documents (2.0 kB) Found collection petio.music with 1666 documents (271.9 kB) Found collection petio.movies with 5781 documents (61.5 MB) Found collection petio.imdbs with 82465 documents (4.6 MB) Found collection petio.friends with 26 documents (7.4 kB) Found collection petio.discovers with 26 documents (156.3 kB) Found collection petio.shows with 980 documents (4.5 MB) Found collection petio.libraries with 4 documents (1.9 kB)
Severity: high
Fingerprint: 436d217a47ab425879efbee05b852872442a8514eec21c2643ae4bd9c812f2aa
Collections: 6, document count: 83, size: 289.9 kB HTTP/1.0 200 OK Connection: close Content-Type: text/plain Content-Length: 85 It looks like you are trying to access MongoDB over HTTP on the native driver port. Found collection READ_ME_TO_RECOVER_YOUR_DATA.README with 2 documents (1.4 kB) Found collection admin.system.version with 2 documents (764 B) Found collection config.system.sessions with 10 documents (990 B) Found collection petio.movies with 25 documents (231.9 kB) Found collection petio.shows with 19 documents (47.8 kB) Found collection petio.friends with 25 documents (7.0 kB)
Severity: critical
Fingerprint: 436d217a47ab4258113d8abb581a9e73944dc0bf30a9530d7ac566c27176d41a
Collections: 9, document count: 8486, size: 66.1 MB HTTP/1.0 200 OK Connection: close Content-Type: text/plain Content-Length: 85 It looks like you are trying to access MongoDB over HTTP on the native driver port. Found collection READ_ME_TO_RECOVER_DATA.READ_ME_TO_RECOVER_DATA with 3 documents (1.3 kB) Found collection admin.system.version with 2 documents (764 B) Found collection config.system.sessions with 10 documents (990 B) Found collection petio.libraries with 4 documents (1.9 kB) Found collection petio.friends with 26 documents (7.4 kB) Found collection petio.shows with 974 documents (4.4 MB) Found collection petio.movies with 5776 documents (61.4 MB) Found collection petio.music with 1666 documents (271.9 kB) Found collection petio.discovers with 25 documents (2.0 kB)
Severity: critical
Fingerprint: 436d217a47ab4258e6b2af2211b1fd84de54a166f3767dac98bb94eb7a627f8e
Collections: 9, document count: 8477, size: 66.2 MB HTTP/1.0 200 OK Connection: close Content-Type: text/plain Content-Length: 85 It looks like you are trying to access MongoDB over HTTP on the native driver port. Found collection READ_ME_TO_RECOVER_DATA.READ_ME_TO_RECOVER_DATA with 4 documents (1.8 kB) Found collection admin.system.version with 2 documents (764 B) Found collection config.system.sessions with 10 documents (990 B) Found collection petio.discovers with 26 documents (158.1 kB) Found collection petio.music with 1666 documents (271.9 kB) Found collection petio.movies with 5766 documents (61.3 MB) Found collection petio.libraries with 4 documents (1.9 kB) Found collection petio.friends with 26 documents (7.4 kB) Found collection petio.shows with 973 documents (4.4 MB)
A JSON configuration file has been found at config.json
.
It may contains application configuration such as credentials.
False positive might happen when hitting a JSON API endpoint.
Fingerprint: b18befd9dd6536aa30550de5029b1de204a72ba5f829b4c2f829b4c2f829b4c2
{ "PlexRequestApi": "", "PlexRequestApiPort": "7778" }
Severity: low
Fingerprint: b18befd9dd6536aa30550de5dcc96347b67ea6b5fe606e92fe606e92fe606e92
{ "PlexRequestApi": "", "PlexRequestApiPort": "7778" }
Open service 70.175.21.18:443
2024-05-25 00:00
HTTP/1.1 200 OK Server: nginx Date: Sat, 25 May 2024 00:00:14 GMT Content-Type: text/html Content-Length: 1345 Last-Modified: Wed, 11 Oct 2023 13:06:51 GMT Connection: close ETag: "65269deb-541" Accept-Ranges: bytes Page title: Welcome to your SWAG instance <html> <head> <title>Welcome to your SWAG instance</title> <style> body{ font-family: Helvetica, Arial, sans-serif; } .message{ width:440px; padding:20px 40px; margin:0 auto; background-color:#f9f9f9; border:1px solid #ddd; color: #1e3d62; } center{ margin:40px 0; } h1{ font-size: 18px; line-height: 26px; } p{ font-size: 12px; } a{ color: rgb(207, 48, 139); } </style> </head> <body> <div class="message"> <h1>Welcome to your <a target="_blank" href="https://github.com/linuxserver/docker-swag">SWAG</a> instance</h1> <p>A webserver and reverse proxy solution brought to you by <a target="_blank" href="https://www.linuxserver.io/">linuxserver.io</a> with php support and a built-in Certbot client.</p> <p>We have an article on how to use swag here: <a target="_blank" href="https://docs.linuxserver.io/general/swag">docs.linuxserver.io</a></p> <p>For help and support, please visit: <a target="_blank" href="https://www.linuxserver.io/support">linuxserver.io/support</a></p> </div> </body> </html>
Open service 70.175.21.18:80
2024-05-24 00:48
HTTP/1.1 301 Moved Permanently Server: nginx Date: Fri, 24 May 2024 00:48:03 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://70.175.21.18/ Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx</center> </body> </html>
Open service 70.175.21.18:80 · mail.dustinhollon.com
2024-05-18 01:07
HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 18 May 2024 01:07:13 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://mail.dustinhollon.com/ Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx</center> </body> </html>
Open service 70.175.21.18:443 · mail.dustinhollon.com
2024-05-18 01:07
HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 18 May 2024 01:07:16 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: /webmail/ Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 1; mode=block Referrer-Policy: same-origin Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx</center> </body> </html>