GeneralInformation

Hostnames	fcomwebsites.us cpanel.fcomwebsites.us mail.fcomwebsites.us webdisk.fcomwebsites.us webmail.fcomwebsites.us www.fcomwebsites.us 180.98.238.104.host.secureserver.net
Domains	fcomwebsites.us secureserver.net
Country	United States
City	Phoenix
Organization	GoDaddy.com, LLC
ISP	GoDaddy.com, LLC
ASN	AS398101

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-51766	5.3Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
CVE-2022-37452	9.8Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
CVE-2022-37451	7.5Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
CVE-2021-38371	7.5The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
CVE-2021-27216	6.3Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
CVE-2020-8015	7.8A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
CVE-2020-28026	9.8Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.
CVE-2020-28025	7.5Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
CVE-2020-28024	9.8Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
CVE-2020-28023	7.5Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.
CVE-2020-28022	9.8Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.
CVE-2020-28021	8.8Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.
CVE-2020-28020	9.8Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
CVE-2020-28019	7.5Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.
CVE-2020-28018	9.8Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
CVE-2020-28017	9.8Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
CVE-2020-28016	7.8Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.
CVE-2020-28015	7.8Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.
CVE-2020-28014	6.1Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.
CVE-2020-28013	7.8Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
CVE-2020-28012	7.8Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.
CVE-2020-28011	7.8Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
CVE-2020-28010	7.8Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
CVE-2020-28009	7.8Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days).
CVE-2020-28008	7.8Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution.
CVE-2020-28007	7.8Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.
CVE-2020-12783	7.5Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
CVE-2019-15846	9.8Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
CVE-2019-13917	9.8Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
CVE-2019-10149	9.0A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

OpenPorts

21 53 80 443 465 993 2083 2086 2087

-154307439 | 2024-04-05T13:01:42.761496

21 / tcp

220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 120 allowed.
220-Local time is now 06:01. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
530 Login authentication failed
214-The following SITE commands are recognized
 ALIAS
 CHMOD
 IDLE
 UTIME
214 Pure-FTPd - http://pureftpd.org/
211-Extensions supported:
 EPRT
 IDLE
 MDTM
 SIZE
 MFMT
 REST STREAM
 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
 MLSD
 AUTH TLS
 PBSZ
 PROT
 UTF8
 TVFS
 ESTA
 PASV
 EPSV
 SPSV
 ESTP
211 End.

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2128486575 (0x7ede20af)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: emailAddress=ssl@fconline.secureserver.net, CN=fconline.secureserver.net
        Validity
            Not Before: Mar 30 07:59:18 2023 GMT
            Not After : Mar 29 07:59:18 2024 GMT
        Subject: emailAddress=ssl@fconline.secureserver.net, CN=fconline.secureserver.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bd:a4:cb:c4:00:4e:e1:7b:8d:68:37:cd:6b:d9:
                    88:5b:60:e8:01:2e:f2:2d:9f:d6:28:e5:38:b9:a9:
                    a8:de:de:5e:77:88:95:48:8f:4e:d2:35:1b:5f:f2:
                    28:02:df:d9:d8:22:c0:88:a0:b3:b4:93:2c:82:e5:
                    7a:a4:4b:46:a1:ee:1d:d0:47:b6:27:9c:3c:81:a7:
                    00:2a:1e:33:45:15:1a:d0:28:2f:9b:9a:59:15:2b:
                    18:56:04:aa:3f:7d:94:d2:eb:36:35:e5:d5:0b:28:
                    15:3c:7f:5f:e2:c4:52:84:13:a8:ec:f3:7a:85:d0:
                    89:23:d6:fc:af:a4:c0:91:a0:ca:f2:68:9b:86:4d:
                    3b:8f:9f:90:55:c3:1d:3c:99:75:c8:0a:ed:42:74:
                    48:ba:c7:66:93:93:de:8b:07:92:a2:d8:fb:59:e4:
                    5d:e4:b5:f8:b1:3d:b2:0f:6b:7c:41:7d:19:33:fd:
                    43:4b:1b:f7:17:0c:41:b3:2c:27:52:e7:69:89:68:
                    65:2e:a4:be:c2:29:f9:d3:57:3d:13:5d:09:29:79:
                    96:bf:be:02:fe:a2:5b:18:3c:0d:f6:11:34:fa:02:
                    f6:64:56:dd:f7:ae:6d:f6:bf:9a:f3:f3:39:58:2d:
                    40:dd:06:18:29:69:48:bc:22:f2:a8:65:9f:32:4d:
                    b9:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                55:20:7B:5F:5D:54:F8:C7:BC:AA:15:F7:DE:3C:FE:06:78:A5:67:97
            X509v3 Authority Key Identifier: 
                55:20:7B:5F:5D:54:F8:C7:BC:AA:15:F7:DE:3C:FE:06:78:A5:67:97
            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        36:77:f8:d4:b9:a0:c8:4e:f5:ec:4a:0e:84:3c:f6:8c:02:49:
        21:5c:24:b6:ad:5c:af:7d:91:06:00:55:a5:86:25:20:d3:21:
        cd:0e:72:6d:21:48:58:bc:4e:c3:5a:93:7d:74:4b:d6:c4:69:
        84:de:fd:64:11:12:0c:8f:65:77:0a:e5:88:7b:1e:3c:79:89:
        9c:69:06:ff:ba:e8:f1:d7:22:19:a2:09:54:30:ac:c1:87:f8:
        eb:c6:52:49:a9:11:7c:ac:d5:cb:ce:02:6a:08:6b:36:43:b9:
        bc:41:f0:8e:67:da:79:12:7d:f4:1b:db:22:53:49:98:70:ce:
        65:95:31:ee:ee:21:73:31:97:50:da:86:71:1b:4d:13:79:ba:
        5d:6e:16:5d:09:ad:71:49:e8:a3:99:7e:37:49:a0:34:eb:f0:
        ee:65:f7:bf:6c:ea:a5:a2:a7:91:a1:d3:29:37:20:c4:0f:0e:
        e8:c8:ae:68:62:dc:60:69:5a:89:c8:9d:57:a3:db:79:81:b3:
        3a:b0:ae:82:c1:68:58:28:49:f8:b2:f9:99:e3:b6:ac:04:f4:
        39:2b:5c:bc:d6:cb:45:63:17:5c:d6:89:a8:f1:ad:08:68:88:
        cb:26:90:f5:33:fb:13:a5:f8:72:4f:73:58:8a:6f:27:85:4a:
        c4:8c:8f:7d

1018608416 | 2024-04-13T19:04:16.548619

53 / udp

Resolver name: fconline.secureserver.net

1779044211 | 2024-04-19T13:27:10.062736

80 / tcp

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 13:27:09 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html

-612504807 | 2024-04-03T07:28:38.581528

443 / tcp

HTTP/1.1 301 Moved Permanently
Date: Wed, 03 Apr 2024 07:28:38 GMT
Server: Apache
Location: http://104.238.98.180/
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:20:bf:e4:42:c0:3b:09:56:10:8e:bb:83:30:0d:dd
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority
        Validity
            Not Before: Jan 27 00:00:00 2024 GMT
            Not After : Apr 26 23:59:59 2024 GMT
        Subject: CN=fcomwebsites.us
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b9:e1:51:cd:1c:6c:26:5c:33:82:71:7a:a5:5f:
                    30:a7:dc:39:39:14:53:db:59:08:de:e7:fe:d4:51:
                    5f:5a:6c:94:4c:07:b4:d2:7a:1b:f5:00:12:52:88:
                    2e:c7:51:63:94:97:93:68:d1:19:2d:88:21:ba:1f:
                    6e:02:0c:b9:4e:10:f2:f4:32:6d:5a:f6:bf:64:5e:
                    5b:30:ea:52:1c:66:8d:ce:f2:75:91:ae:da:e2:ef:
                    8a:d9:86:76:96:3b:f6:0c:93:d8:d6:bb:87:fc:49:
                    aa:69:b2:f7:41:5e:29:9a:3a:82:17:28:5d:59:77:
                    98:b3:c9:65:fc:3e:a7:97:82:ed:c8:dc:47:c8:30:
                    6a:08:d2:a2:bf:64:c3:00:42:ea:98:ab:f3:5b:0a:
                    34:92:78:2a:7b:0a:8a:df:70:b4:74:43:49:04:5d:
                    30:a2:de:a0:7a:20:92:2a:e3:9c:4e:f9:e4:21:6a:
                    fc:ed:26:a0:30:03:16:e9:db:6f:2c:11:1d:98:44:
                    58:a1:47:1c:11:c6:51:04:4e:8d:12:85:37:70:bd:
                    4e:a2:d3:71:25:fe:7b:cb:77:e0:51:af:33:b0:03:
                    9f:65:5f:ea:d0:6c:40:21:70:3a:12:9f:27:45:bb:
                    b7:38:9b:d5:c0:92:21:37:ab:af:45:82:f2:fa:d5:
                    e5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                7E:03:5A:65:41:6B:A7:7E:0A:E1:B8:9D:08:EA:1D:8E:1D:6A:C7:65
            X509v3 Subject Key Identifier: 
                11:BD:F9:96:1F:36:B3:81:AE:9B:8F:D5:56:A9:AA:39:24:0E:42:BA
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.2.52
                  CPS: https://sectigo.com/CPS
                Policy: 2.23.140.1.2.1
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.comodoca.com/cPanelIncCertificationAuthority.crl
            Authority Information Access: 
                CA Issuers - URI:http://crt.comodoca.com/cPanelIncCertificationAuthority.crt
                OCSP - URI:http://ocsp.comodoca.com
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Jan 27 09:26:40.552 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:0A:92:E9:95:40:7E:3B:A8:A4:CE:30:E1:
                                53:3A:8C:64:1C:2A:43:47:47:A6:9B:7D:34:D9:36:E6:
                                96:D0:C7:CC:02:20:03:E4:C3:84:78:B3:9E:F6:B1:92:
                                FE:1E:A9:1B:FA:FC:78:DD:E0:16:D7:60:69:97:C8:F9:
                                85:6E:51:2E:27:8D
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Jan 27 09:26:40.601 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:50:28:A5:09:DC:BB:DB:48:A7:08:9D:93:
                                6E:7B:31:DD:9A:3D:8B:09:3D:CA:DB:B8:50:8E:3E:3F:
                                DA:2A:F0:1D:02:20:2B:82:9F:5F:6A:29:8C:53:8B:4D:
                                70:AF:A4:B8:A9:DD:5E:DC:25:C6:FE:16:CD:F9:FA:18:
                                BF:8B:10:F7:23:6A
            X509v3 Subject Alternative Name: 
                DNS:fcomwebsites.us, DNS:cpanel.fcomwebsites.us, DNS:mail.fcomwebsites.us, DNS:webdisk.fcomwebsites.us, DNS:webmail.fcomwebsites.us, DNS:www.fcomwebsites.us
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        4f:3d:f2:9a:c3:b3:70:28:e7:9f:5c:9c:bf:dc:f9:b0:15:24:
        a4:d9:ae:07:c2:6b:cc:42:5b:98:a1:4e:30:c3:d8:d3:e1:19:
        d6:57:70:63:fe:c5:80:11:41:74:bd:37:72:84:9f:3e:a0:2b:
        67:7b:fe:00:eb:ce:af:0f:7b:87:5e:ec:69:b7:18:66:13:01:
        a2:03:c7:94:15:b1:f6:52:3f:97:35:3b:89:8d:68:2b:51:8a:
        20:7f:6e:37:f6:10:a3:0e:f6:99:50:47:60:1f:d4:7e:e7:7f:
        a8:e6:a9:e3:c8:c6:11:c4:f0:ce:db:6e:d2:6d:1e:e2:8d:93:
        d7:d3:58:d1:64:51:e5:0f:b2:4b:29:c0:88:f2:ae:af:2c:a0:
        bb:c9:ae:fd:2e:45:a2:c6:45:af:eb:32:a1:e9:0a:40:cc:20:
        af:ac:59:a8:8a:08:0c:d7:69:97:3e:e9:eb:9a:08:1f:3a:21:
        c2:41:08:4c:0f:9a:7a:7f:d4:c3:70:d6:47:75:5b:eb:de:80:
        c7:0b:b9:5a:a4:28:bc:97:99:31:d0:33:03:66:04:32:5f:b3:
        0e:c1:69:a3:57:ff:b8:38:22:ac:18:1d:5c:23:3d:5e:ad:be:
        c6:7e:66:93:7e:d4:7f:ca:ae:5f:e9:c4:ca:7f:cb:60:d4:2b:
        45:b9:44:f9

615631555 | 2024-04-11T23:16:59.259500

465 / tcp

220-fconline.secureserver.net ESMTP Exim 4.91 #1 Thu, 11 Apr 2024 16:16:43 -0700 
220-We do not authorize the use of this system to transport unsolicited, 
220 and/or bulk e-mail.
250-fconline.secureserver.net Hello 224.63.166.14 [224.63.166.14]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2340968439 (0x8b8857f7)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: emailAddress=ssl@fconline.secureserver.net, CN=fconline.secureserver.net
        Validity
            Not Before: Mar 30 07:59:31 2024 GMT
            Not After : Mar 30 07:59:31 2025 GMT
        Subject: emailAddress=ssl@fconline.secureserver.net, CN=fconline.secureserver.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:be:70:75:84:61:5a:8d:d3:cf:4d:cf:50:e1:cf:
                    9e:b5:84:e9:72:04:e8:03:a3:90:65:fb:5e:78:c0:
                    36:d2:8b:b0:54:4a:e5:c3:aa:a2:45:1d:6d:c0:51:
                    56:7e:16:c2:ec:f7:86:f2:94:a2:ef:12:03:a6:04:
                    1d:12:75:31:4b:ca:86:ce:64:ea:e4:b2:56:64:b5:
                    9a:e9:21:32:54:62:67:99:f2:f0:e1:03:2d:b8:96:
                    7a:53:88:82:0e:8d:c5:1b:0e:26:df:c8:3e:6d:76:
                    f4:64:20:87:64:15:fe:11:f5:23:a9:bf:18:ee:45:
                    83:dd:10:df:a0:bf:3c:91:bb:9c:14:16:8a:bc:d2:
                    dc:94:22:67:c9:39:c0:84:8b:81:b6:53:f2:4e:df:
                    83:a8:72:e2:ec:4b:e0:0b:d1:03:87:12:fc:8c:5f:
                    38:a3:ef:c7:97:d0:c1:53:11:69:2c:ae:be:ca:9c:
                    90:37:2b:5b:1d:60:ed:1f:dc:d9:62:21:3f:62:3d:
                    b6:c1:c3:2e:1b:c1:29:c8:aa:37:bc:a5:4c:48:79:
                    e4:2a:c2:5d:45:49:26:35:17:a1:5e:57:a1:cd:f0:
                    30:51:c4:89:c5:d8:4d:92:66:41:65:f9:ff:90:37:
                    bd:71:e5:d7:40:90:bf:27:c4:da:14:dd:9d:d6:f2:
                    06:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                F8:71:09:24:68:46:9C:97:44:E3:40:F1:1D:EC:FE:83:19:BE:BD:20
            X509v3 Authority Key Identifier: 
                F8:71:09:24:68:46:9C:97:44:E3:40:F1:1D:EC:FE:83:19:BE:BD:20
            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        b7:4b:d3:85:9c:b7:fe:4f:ee:90:10:ed:0f:d3:7b:44:af:a8:
        40:5e:7d:43:17:9d:28:b4:c5:14:0e:1c:a6:54:53:2c:cd:bd:
        07:2f:3b:61:ca:31:19:30:6e:96:e2:75:3e:77:14:ff:1e:0a:
        d1:c6:f7:3e:c3:67:15:ff:6a:52:90:16:e1:e9:81:e9:1b:21:
        c1:ac:68:5e:0c:ea:7c:35:d2:4a:4d:f8:ec:84:ce:9c:d2:17:
        75:42:0a:9c:11:3a:cd:80:b0:49:bc:1f:6d:d7:9c:de:44:b7:
        d8:20:94:18:20:70:85:eb:bf:1b:dd:09:83:57:ba:6e:bf:2e:
        ce:8b:64:0f:94:77:84:b2:d1:64:af:e7:f9:ba:dc:c4:0e:3d:
        45:81:0a:45:ef:5f:73:93:2e:7a:1e:c6:6a:f6:9f:9c:66:94:
        10:ff:c4:d0:06:1b:d1:dd:56:6d:01:5c:12:be:dc:c9:a0:d9:
        2f:4a:43:7d:66:fc:d1:ce:ea:1d:75:3a:a0:05:41:73:d3:8f:
        f4:8f:22:66:26:71:3c:64:22:a3:1f:e8:c3:43:0b:a7:20:0d:
        17:bf:a1:09:bb:46:c8:06:ff:48:40:d9:ce:64:a9:65:16:c2:
        a2:dd:50:f2:3f:75:12:72:ef:42:88:b8:1b:ab:d8:a9:99:7c:
        ac:3f:eb:2f

-692588390 | 2024-04-09T19:01:16.438388

993 / tcp

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN
A001 OK Pre-login capabilities listed, post-login capabilities have more.
* ID ("name" "Dovecot")
A002 OK ID completed.
A003 BAD Error in IMAP command received by server.
* BYE Logging out
A004 OK Logout completed.

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9152167561 (0x22182fe89)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fconline.secureserver.net/emailAddress=ssl@fconline.secureserver.net
        Validity
            Not Before: Mar 30 07:59:31 2024 GMT
            Not After : Mar 30 07:59:31 2025 GMT
        Subject: CN=fconline.secureserver.net/emailAddress=ssl@fconline.secureserver.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cb:ba:8e:b8:af:d8:51:d6:36:ad:4a:17:47:b7:
                    08:41:41:93:21:16:a3:43:c6:eb:ea:14:99:95:00:
                    dd:01:8c:a9:c6:4c:cb:0b:da:eb:b6:34:28:7e:da:
                    6c:c2:c5:26:17:39:7c:a5:c1:14:6d:c3:b5:71:ef:
                    da:f8:20:0b:b1:af:16:e4:3f:6a:4f:76:42:66:5d:
                    b4:5a:89:a5:6f:fe:b8:38:c6:a2:68:c5:6d:90:f8:
                    36:9e:58:dc:a7:9b:76:23:6c:26:6a:93:90:f7:77:
                    5c:4d:49:11:23:b3:a6:e5:57:b0:c0:57:19:95:d4:
                    e8:b8:8e:cf:93:c8:00:e5:bb:8d:26:e2:41:bb:eb:
                    a0:03:18:ac:9a:02:25:8b:3c:9b:60:bb:23:75:b5:
                    1b:5f:78:27:0f:51:e2:23:d7:64:61:93:21:d5:50:
                    cc:a8:a4:9b:27:3f:e9:fa:03:d8:e3:05:95:71:a0:
                    9c:eb:71:d6:48:d7:d3:15:df:34:42:92:fc:9a:e0:
                    4b:b5:29:dc:eb:88:b7:46:d9:14:cd:b7:31:e5:cf:
                    7b:e5:d9:cf:8a:e5:d2:0f:44:70:07:80:d2:2c:58:
                    21:97:3f:f4:bf:b6:43:ec:36:dc:6d:3e:d9:54:c5:
                    0b:bb:08:6e:ac:0b:2e:8b:ac:a4:1e:5f:4a:ee:7d:
                    8b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                F5:4B:41:40:26:B1:EF:94:39:4A:5D:08:03:53:22:88:3D:7C:A3:4B
            X509v3 Authority Key Identifier: 
                F5:4B:41:40:26:B1:EF:94:39:4A:5D:08:03:53:22:88:3D:7C:A3:4B
            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        16:2e:c1:74:1c:94:18:96:45:cb:cf:54:a5:bb:dd:5b:2c:ca:
        0c:bb:77:e6:df:e5:33:2e:00:37:75:b4:0a:bb:74:80:0f:d1:
        07:60:0d:b3:18:4d:82:eb:af:01:d4:60:6b:2c:f1:84:33:17:
        f4:50:73:54:e3:f0:4c:17:0b:06:e6:5f:d4:69:ac:3c:89:df:
        86:3e:89:0d:67:d4:b9:da:3a:5c:9c:16:a9:6b:d1:bd:22:97:
        93:a7:19:70:37:27:13:d9:51:5a:9c:74:aa:e7:85:76:30:d5:
        3a:5f:3d:5e:df:a0:de:5b:56:6d:75:55:a9:45:a4:58:9e:53:
        52:96:05:d6:74:c7:17:2d:96:09:2d:45:c2:d4:22:a4:93:c9:
        cd:2b:5d:87:3e:a4:bb:9e:5f:a6:79:62:84:d1:26:07:1c:2e:
        40:81:a9:fa:f0:07:36:2f:69:f2:82:3f:2a:78:15:e9:08:d8:
        a9:7e:72:18:5c:b4:f1:b3:f4:1e:e0:58:c4:88:af:d2:a8:ae:
        50:8b:50:21:56:55:3f:be:4d:49:38:61:e3:4b:dd:57:7c:d2:
        bd:78:15:0a:16:3f:87:94:eb:26:17:f8:c2:36:e0:10:9a:42:
        99:36:3e:b9:ce:7e:4a:ab:0c:9c:7c:46:12:b4:74:44:2a:ef:
        85:c8:ff:58

-292589255 | 2024-03-30T02:27:13.621294

2083 / tcp

HTTP/1.1 401 Access Denied
Connection: close
Content-Type: text/html; charset="utf-8"
Date: Sat, 30 Mar 2024 02:27:13 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Set-Cookie: cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: cpsession=%3a7qr14w8LBMTgbD8S%2c7fdbcea3d2b0efdf5ecd433f837ba339; HttpOnly; path=/; port=2083; secure
Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; domain=.104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2083; secure
Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: imp_key=expired; HttpOnly; domain=104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: key=expired; HttpOnly; domain=104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/3rdparty/squirrelmail/; port=2083; secure
Set-Cookie: SQMSESSID=expired; HttpOnly; domain=104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; domain=.104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083
Cache-Control: no-cache, no-store, must-revalidate, private
Content-Length: 39895

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5512207594 (0x1488d9cea)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: emailAddress=ssl@fconline.secureserver.net, CN=fconline.secureserver.net
        Validity
            Not Before: Mar 30 07:59:17 2023 GMT
            Not After : Mar 29 07:59:17 2024 GMT
        Subject: emailAddress=ssl@fconline.secureserver.net, CN=fconline.secureserver.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e2:48:b7:ef:f9:d9:8d:81:9c:d5:b8:18:97:e1:
                    a2:a3:55:88:bc:17:92:45:34:78:d4:de:f3:c1:d9:
                    d8:04:5b:14:e1:96:0d:e5:d2:26:44:b2:27:7f:d2:
                    59:6a:80:69:4d:4e:e6:33:92:22:59:58:5e:16:f8:
                    15:87:e2:8b:0e:a3:a2:7a:65:c3:c3:20:e8:37:bb:
                    72:9a:30:12:09:e1:87:69:7d:4c:87:1c:bc:a2:ab:
                    0b:e6:b7:68:20:3a:7b:8c:b8:11:95:2c:04:28:7a:
                    71:82:9b:ba:8f:1c:54:59:af:e9:9a:9d:50:15:4b:
                    dc:56:8a:43:bb:17:62:60:d8:ac:75:a7:8f:94:df:
                    18:a8:33:30:82:08:72:40:25:28:2f:79:1e:15:5a:
                    30:8f:1e:97:c4:45:bd:47:97:c4:d1:52:13:03:22:
                    55:91:f2:e1:4d:3a:2a:bc:5f:86:37:99:04:2c:ef:
                    e6:7d:c2:f4:6f:70:97:20:63:a9:30:0c:09:7e:8f:
                    5d:da:3d:bb:34:b1:cd:e0:b4:6b:7a:13:e7:8a:08:
                    0d:fc:dc:e7:ac:ca:0b:14:0d:5e:82:a2:1d:f2:f1:
                    35:5e:3d:e7:24:4e:a0:1d:69:a1:b5:56:e0:c4:3a:
                    54:07:8d:b5:99:1d:89:1f:41:5d:0d:be:ca:e5:c9:
                    63:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                8D:E6:D9:4C:11:89:00:42:8A:71:C6:70:7E:EC:28:F5:03:54:C6:3D
            X509v3 Authority Key Identifier: 
                8D:E6:D9:4C:11:89:00:42:8A:71:C6:70:7E:EC:28:F5:03:54:C6:3D
            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        8e:d1:6a:36:20:f5:b0:89:63:79:1d:70:2f:ca:07:e2:22:dc:
        54:b8:89:f7:2f:57:a4:73:21:af:fd:5b:6f:c3:7b:dc:01:41:
        a8:40:57:76:20:c5:d4:e2:5a:db:fe:3c:b9:09:e6:17:98:e5:
        26:50:8f:78:5b:bd:20:7d:41:40:23:4a:28:76:9e:d4:d6:2c:
        eb:77:6b:0e:a1:b3:bd:71:29:0d:a9:f1:0e:45:4b:46:40:30:
        40:69:80:bb:2c:2a:f1:4f:29:f5:1f:c7:58:43:8b:a9:9e:27:
        14:7e:20:ff:50:df:1e:21:80:cd:77:a5:b5:ab:bb:36:31:f3:
        f3:dd:25:c7:7d:ed:20:5e:16:e1:5e:36:9b:78:f9:16:d6:a8:
        a4:94:a2:32:1a:fa:0c:c1:ef:98:ff:f5:64:48:35:53:c2:07:
        7c:a6:15:d9:80:e1:29:63:12:ac:b6:6c:bd:fc:d2:27:72:69:
        6a:ee:25:0f:a9:cd:ce:e1:63:dd:0e:c3:c0:fb:18:00:2a:04:
        eb:a0:72:31:7f:d1:eb:08:a1:64:71:8f:ef:18:09:51:6d:20:
        47:2f:6e:f2:14:e2:42:21:b5:8e:2d:b7:27:2e:80:19:69:cb:
        43:a7:83:30:03:e0:d3:ee:e7:c7:e8:f0:af:91:4f:60:2c:e0:
        6d:ed:2c:e9

-105063547 | 2024-03-22T23:59:15.619509

2086 / tcp

HTTP/1.1 301 Moved
Content-length: 112
Location: https://104.238.98.180:2087/
Content-type: text/html; charset="utf-8"
Cache-Control: no-cache, no-store, must-revalidate, private

-412086575 | 2024-04-05T21:06:12.736441

2087 / tcp

HTTP/1.1 401 Access Denied
Connection: close
Content-Type: text/html; charset="utf-8"
Date: Fri, 05 Apr 2024 21:06:12 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Set-Cookie: whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: whostmgrsession=%3aiEoMDJ55_ghIoUZ7%2cfd1fde72355df42516cd83fd244a7369; HttpOnly; path=/; port=2087; secure
Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: Horde=expired; HttpOnly; domain=.104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2087; secure
Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: imp_key=expired; HttpOnly; domain=104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: key=expired; HttpOnly; domain=104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/3rdparty/squirrelmail/; port=2087; secure
Set-Cookie: SQMSESSID=expired; HttpOnly; domain=104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: Horde=expired; HttpOnly; domain=.104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.104.238.98.180; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087
Cache-Control: no-cache, no-store, must-revalidate, private
Content-Length: 39575

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 572088559 (0x221960ef)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fconline.secureserver.net/emailAddress=ssl@fconline.secureserver.net
        Validity
            Not Before: Mar 30 07:59:30 2024 GMT
            Not After : Mar 30 07:59:30 2025 GMT
        Subject: CN=fconline.secureserver.net/emailAddress=ssl@fconline.secureserver.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bb:08:3d:b2:6c:27:cf:43:34:7d:2c:84:31:a9:
                    39:64:4b:23:5a:c3:49:5e:d2:89:04:95:a7:d9:76:
                    81:a9:07:cc:75:c7:8d:c1:03:ec:70:ec:b6:4f:56:
                    eb:26:d8:96:88:b5:40:29:02:51:85:68:8a:c8:e9:
                    cf:84:1c:2b:a8:51:23:ac:30:31:9b:e7:d7:88:1a:
                    30:ab:06:9c:a6:1d:b2:f7:b9:e5:21:3f:d5:57:8c:
                    e2:0e:40:7b:8a:43:b7:a4:09:41:89:5b:0f:3b:df:
                    69:e2:45:2a:09:a4:2a:0d:b4:95:34:00:95:b5:7e:
                    d0:cf:af:3e:ce:f7:f1:9f:72:d1:e9:54:61:0b:b3:
                    e4:29:05:1b:d8:1c:95:af:97:b0:62:98:56:af:2c:
                    e0:e0:07:f1:2d:67:bf:e1:e8:4f:ef:66:30:de:ef:
                    23:61:52:58:34:b7:28:ee:e7:05:85:fc:b0:18:1d:
                    c2:5b:4b:f4:a2:dc:dc:0c:2b:1b:e8:2c:e9:5c:c1:
                    0c:5a:6f:27:a7:a7:b5:5d:d7:c0:b2:d9:de:8b:cf:
                    ed:82:23:5d:5d:fe:20:5c:cf:d9:43:9c:dc:db:7a:
                    48:dc:67:23:5c:c9:94:a0:81:3d:4b:2d:78:71:0d:
                    91:f9:8b:2d:cc:d2:84:0f:92:14:65:27:a0:94:0b:
                    27:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                90:B7:62:FD:45:15:6D:F0:E2:B1:61:D7:04:99:4D:49:61:6D:BE:BD
            X509v3 Authority Key Identifier: 
                90:B7:62:FD:45:15:6D:F0:E2:B1:61:D7:04:99:4D:49:61:6D:BE:BD
            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        42:fd:57:36:bc:7a:f0:5a:61:e1:7f:f3:46:e2:ef:eb:29:26:
        8d:98:e4:9b:d4:15:4c:5c:3d:93:a7:98:04:8e:cb:ae:aa:59:
        a7:2a:24:ac:87:f5:42:04:e1:ef:58:fd:be:c8:2c:f9:f4:88:
        75:dc:10:11:cf:7c:25:07:2b:08:61:40:26:27:19:5b:f7:71:
        9e:d3:22:4a:b5:ed:15:af:db:6c:e6:6b:75:48:54:2e:18:30:
        96:90:ff:2f:a1:16:29:09:6f:44:bd:28:75:49:18:bb:24:b4:
        41:92:1a:68:67:b6:97:c7:e6:fc:de:c7:5e:72:ba:2e:9c:40:
        4b:93:b8:9c:65:00:34:f0:74:63:91:50:3c:25:fa:5c:af:bc:
        08:44:fa:8a:1b:a3:11:5c:b6:76:d1:16:21:1f:64:f6:98:b4:
        98:16:82:7d:96:e2:f4:c4:e9:15:57:84:50:71:af:76:ad:88:
        c9:04:dd:3d:12:e2:ff:bc:54:76:b7:19:78:65:ce:32:03:a9:
        87:7f:f9:0c:7a:fc:0a:3f:3a:51:4e:80:b8:59:60:97:1f:75:
        3c:64:a1:4d:1c:40:b8:be:0d:c0:67:a6:36:5e:94:50:42:bb:
        bf:cf:fd:34:03:3f:d7:5c:2e:bc:38:9c:6e:29:97:29:64:d8:
        49:16:d8:ae

104.238.98.180

Last Seen: 2024-04-19

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-154307439 | 2024-04-05T13:01:42.761496
21 / tcp

Pure-FTPd

1018608416 | 2024-04-13T19:04:16.548619
53 / udp

1779044211 | 2024-04-19T13:27:10.062736
80 / tcp

Apache httpd

-612504807 | 2024-04-03T07:28:38.581528
443 / tcp

Apache httpd

615631555 | 2024-04-11T23:16:59.259500
465 / tcp

Exim smtpd4.91

-692588390 | 2024-04-09T19:01:16.438388
993 / tcp

-292589255 | 2024-03-30T02:27:13.621294
2083 / tcp

cPanel

-105063547 | 2024-03-22T23:59:15.619509
2086 / tcp

-412086575 | 2024-04-05T21:06:12.736441
2087 / tcp

WHM

Products

Pricing

Contact Us

104.238.98.180

Last Seen: 2024-04-19

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-154307439 | 2024-04-05T13:01:42.761496 21 / tcp

Pure-FTPd

1018608416 | 2024-04-13T19:04:16.548619 53 / udp

1779044211 | 2024-04-19T13:27:10.062736 80 / tcp

Apache httpd

-612504807 | 2024-04-03T07:28:38.581528 443 / tcp

Apache httpd

615631555 | 2024-04-11T23:16:59.259500 465 / tcp

Exim smtpd4.91

-692588390 | 2024-04-09T19:01:16.438388 993 / tcp

-292589255 | 2024-03-30T02:27:13.621294 2083 / tcp

cPanel

-105063547 | 2024-03-22T23:59:15.619509 2086 / tcp

-412086575 | 2024-04-05T21:06:12.736441 2087 / tcp

WHM

Products

Pricing

Contact Us

-154307439 | 2024-04-05T13:01:42.761496
21 / tcp

1018608416 | 2024-04-13T19:04:16.548619
53 / udp

1779044211 | 2024-04-19T13:27:10.062736
80 / tcp

-612504807 | 2024-04-03T07:28:38.581528
443 / tcp

615631555 | 2024-04-11T23:16:59.259500
465 / tcp

-692588390 | 2024-04-09T19:01:16.438388
993 / tcp

-292589255 | 2024-03-30T02:27:13.621294
2083 / tcp

-105063547 | 2024-03-22T23:59:15.619509
2086 / tcp

-412086575 | 2024-04-05T21:06:12.736441
2087 / tcp