GeneralInformation

Hostnames	5.161.90.139.sslip.io static.139.90.161.5.clients.your-server.de
Domains	sslip.io your-server.de
Country	United States
City	Ashburn
Organization	Hetzner Online GmbH
ISP	Hetzner Online GmbH
ASN	AS213230

WebTechnologies

Programming languages

Python

Web frameworks

Django

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2023(1)

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

2021(2)

CVE-2021-23017

7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVE-2021-3618

7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

OpenPorts

22 80 443 9000

22 / tcp

72828417 | 2025-03-26T21:32:47.179317

SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQC6V9N8A5Dafap0dm8WK0YOyUX5UvgBN0oKkglCMSXk5FO2
7FSscKfHNaOEqNv6+zYBrJjDpSfKsLazr8/6NLPhxCJVlG5lCRb14E5NAnFDoXlFLLr5+nuvOa4k
AeaS+HbRbuAmo+nAg/FcwTXNhyjwZOVAfnENHAH47DrVZoJQrWc3QZ+KEkWOs+3JFq3hJh4hgj1n
1Y9DLaLbcQH21jdaXtSzsla3z6Jj675rYPDlCdofzhYCxa/CBJIeMa7piZlAjMJT+PaiPR1afLIM
GHvqoUghxs12E2Y0iqE1LLxJhJfHrb2MF8aGIBVYBXytQs6V2qHqcAsgH0aWGEor1Ip13APg8Tqe
RPRzrAh29N8OAiGXnzZirNJouFg8ssQYBSBu9qMCyoLaNqrLY9iCQmpE2RAXT0EZYX4cXLSkrp2T
yZ05syhqLPH1YjszJz62p8MPz86EbbFELuqIewHT5pZe3C+caweFKwJXB5V7tmPtJxWSgsa57nYg
7Hto4I+M8Ns=
Fingerprint: aa:02:cd:4e:e1:c9:fc:4e:33:77:6f:40:76:3d:ec:cf

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

80 / tcp

1651973090 | 2025-03-29T21:33:03.866776

Hashes

hash

1550837551

http.dom_hash

-2049760045

http.html_hash

1651973090

http.server_hash

-1786963686

http.title_hash

911614014

Welcome to nginx!

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 29 Mar 2025 21:32:53 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 30 Mar 2022 11:52:10 GMT
Connection: keep-alive
ETag: "6244446a-264"
Accept-Ranges: bytes

Vulnerabilities

443 / tcp

-1938317830 | 2025-03-26T18:08:21.122679

Hashes

hash

-522974930

http.dom_hash

1854441167

http.favicon.hash

1128884281

http.html_hash

-1938317830

http.robots_hash

-1022729730

http.server_hash

-1786963686

http.title_hash

1197238161

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 26 Mar 2025 18:08:20 GMT
Content-Type: text/html
Content-Length: 14889
Connection: keep-alive
Expires: Wed, 26 Mar 2025 18:08:20 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Vary: Accept-Language, Cookie
Content-Language: en
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy-Report-Only: script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-LQ2AtpH7jd7e7nLshMFVMQ=='; object-src 'none'; worker-src 'none'; default-src 'none'; font-src 'self' data:; base-uri 'none'; media-src *; img-src blob: data: *; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io; frame-ancestors 'none'; style-src 'unsafe-inline' *
Set-Cookie: sc=mpd80QzFj7DtUz3WXaJ0GmnMJjGWKQnW; expires=Wed, 25 Mar 2026 18:08:20 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Set-Cookie: sentrysid=eyJ0ZXN0Y29va2llIjoid29ya2VkIn0:1txVAq:qbJFPpHBAFoqmEqsCtfm6F2TbShOnkdVyvOF6V3_5jE; expires=Wed, 09 Apr 2025 18:08:20 GMT; HttpOnly; Max-Age=1209600; Path=/

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:a6:14:d1:cc:51:49:7b:df:dc:25:44:57:d6:ab:dd:4a:c0
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R11
        Validity
            Not Before: Mar 19 05:48:50 2025 GMT
            Not After : Jun 17 05:48:49 2025 GMT
        Subject: CN=5.161.90.139.sslip.io
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c0:a3:b9:aa:54:e5:11:64:81:7d:d7:af:c5:7b:
                    62:d7:4e:7d:52:45:15:2f:35:7b:ba:4a:a6:f6:49:
                    67:5f:e8:a3:7e:c9:84:dc:57:fa:b2:56:d8:b8:49:
                    20:68:66:7d:1a:aa:29:6d:ab:a9:40:5c:cc:8b:f0:
                    9f:a2:8c:11:52:c6:be:65:48:8e:4e:7c:72:81:11:
                    3d:ed:12:5a:e0:cd:67:8a:34:76:8a:3d:27:9c:e6:
                    a1:2e:91:df:66:f8:d1:63:e9:e8:27:20:07:f9:87:
                    fa:00:22:61:a0:36:55:f0:cc:e2:d9:f4:98:0e:cc:
                    49:79:54:a6:ff:16:fb:7e:b4:73:17:bb:2e:60:99:
                    b7:d0:df:9b:1c:5a:79:ac:70:a8:a9:50:c8:bd:44:
                    df:3e:a1:26:e3:6b:da:ae:87:14:12:73:2c:dd:24:
                    c0:f1:24:57:a6:b1:4a:8c:d2:f3:e1:c6:18:ac:c3:
                    c0:30:c1:39:ee:c5:fd:2c:5f:45:52:b5:c0:5b:aa:
                    46:a7:2d:f1:ec:bc:4d:da:62:85:f7:b2:e0:f6:38:
                    74:c3:60:f2:1f:ae:54:16:94:7b:65:3f:c2:fe:87:
                    41:b7:0d:e6:85:2b:87:40:f7:eb:39:07:ae:74:8a:
                    dd:4e:a7:e9:67:41:d4:f5:9a:a4:5e:88:cd:3f:1e:
                    af:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                EB:34:F1:3A:47:86:6C:80:3D:1B:25:52:B5:C8:10:D3:00:39:68:3B
            X509v3 Authority Key Identifier: 
                C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
            Authority Information Access: 
                OCSP - URI:http://r11.o.lencr.org
                CA Issuers - URI:http://r11.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:5.161.90.139.sslip.io
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://r11.c.lencr.org/65.crl
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
                                22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
                    Timestamp : Mar 19 06:47:20.472 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:1E:C2:52:54:97:74:D2:26:23:1C:1D:72:
                                80:39:50:5F:DA:81:25:90:51:FA:8F:3A:84:EA:21:4E:
                                95:02:84:F6:02:21:00:9B:5C:C7:54:F2:CA:41:B4:2A:
                                DE:BE:F4:39:CC:66:27:8D:16:0C:BC:83:2E:6D:2E:AE:
                                57:30:24:FC:4E:5C:08
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
                                1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
                    Timestamp : Mar 19 06:47:20.512 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:CB:97:DA:CC:39:60:71:7B:0C:F0:82:
                                14:26:30:71:D4:E9:C3:86:0E:75:B5:0A:45:FF:04:69:
                                66:52:A6:E0:5C:02:20:74:74:D3:50:F7:B4:5F:F0:7D:
                                F9:DC:80:6C:05:DC:E2:0C:B3:CE:C8:E3:B7:76:94:FD:
                                F3:2A:F3:01:26:6E:40
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        94:3b:d8:bd:3c:40:0e:24:11:16:45:80:c2:d9:ff:df:04:b0:
        76:a3:a6:a4:47:35:f3:8f:cf:7f:e5:d9:3f:05:18:22:e7:74:
        59:e3:c4:d6:36:be:3f:db:0f:35:3f:97:92:d4:9a:58:23:9c:
        b9:e5:69:95:9d:2b:b9:b7:74:19:6a:68:e5:00:9f:bb:e6:04:
        31:52:75:b8:51:3c:f7:ef:f4:a9:d0:2f:25:4c:25:fb:66:be:
        e8:ac:60:6a:ec:9a:15:d2:c1:82:1c:54:cf:88:82:11:92:57:
        73:ef:8d:79:8f:e0:74:96:7c:8b:41:76:04:9f:7b:e2:01:f7:
        ad:38:6d:36:24:91:bc:07:5a:2c:3e:d8:d8:34:06:4b:74:0f:
        04:17:38:bf:96:d0:56:7f:bf:2b:1f:d5:7c:fd:7e:e8:d7:e6:
        53:f4:19:40:eb:67:d2:63:72:e5:eb:18:05:76:78:de:74:23:
        b0:f0:09:50:51:1a:da:4e:32:62:5e:82:57:e0:80:ec:fd:62:
        78:5f:65:e4:a2:6a:a9:dd:7a:3b:49:40:68:cd:fa:20:5e:27:
        b6:7e:80:da:92:c2:7b:33:d2:b5:23:21:6d:1f:82:bd:40:1a:
        7a:12:78:1e:1f:40:eb:11:2b:5f:83:dc:c5:e6:b0:7e:11:1f:
        9c:ad:f3:dd

Vulnerabilities

9000 / tcp

-1481019788 | 2025-03-22T23:48:36.551627

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Mar 2025 23:48:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Location: /auth/login/
X-Robots-Tag: noindex, nofollow
Vary: Accept-Language, Cookie
Content-Language: en
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy-Report-Only: script-src 'self' 'unsafe-inline' 'report-sample'; object-src 'none'; worker-src 'none'; default-src 'none'; font-src 'self' data:; base-uri 'none'; media-src *; img-src blob: data: *; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io; frame-ancestors 'none'; style-src 'unsafe-inline' *
Set-Cookie: sentrysid=eyJfbmV4dCI6Ii8ifQ:1tw8Zw:B0aQgybztTKl5nZQN42P_dY8iQGZLDzMEgKCg0WRMqM; expires=Sat, 05 Apr 2025 23:48:36 GMT; HttpOnly; Max-Age=1209600; Path=/

5.161.90.139

Last Seen: 2025-03-29

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

22 / tcp

72828417 | 2025-03-26T21:32:47.179317

OpenSSH8.4p1 Debian 5+deb11u3

80 / tcp

1651973090 | 2025-03-29T21:33:03.866776

Hashes

nginx1.18.0

443 / tcp

-1938317830 | 2025-03-26T18:08:21.122679

Hashes

nginx1.18.0

9000 / tcp

-1481019788 | 2025-03-22T23:48:36.551627

nginx

Products

Pricing

Contact Us

5.161.90.139

Last Seen: 2025-03-29

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

OpenPorts

22 / tcp 72828417 | 2025-03-26T21:32:47.179317

OpenSSH8.4p1 Debian 5+deb11u3

80 / tcp 1651973090 | 2025-03-29T21:33:03.866776

Hashes

nginx1.18.0

443 / tcp -1938317830 | 2025-03-26T18:08:21.122679

Hashes

nginx1.18.0

9000 / tcp -1481019788 | 2025-03-22T23:48:36.551627

nginx

Products

Pricing

Contact Us

Vulnerabilities

22 / tcp

72828417 | 2025-03-26T21:32:47.179317

80 / tcp

1651973090 | 2025-03-29T21:33:03.866776

443 / tcp

-1938317830 | 2025-03-26T18:08:21.122679

9000 / tcp

-1481019788 | 2025-03-22T23:48:36.551627