GeneralInformation

Hostnames	agent.lutzstefan.com ha.lutzstefan.com stenas.lutzstefan.com 80-108-82-129.cable.dynamic.surfer.at
Domains	lutzstefan.com surfer.at
Country	Austria
City	Dornbirn
Organization	Magenta Telekom
ISP	T-Mobile Austria GmbH
ASN	AS8412
Operating System	Synology DiskStation Manager (DSM) 7.2.1-69057

WebTechnologies

JavaScript frameworks

Vue.js

Network storage

Synology DiskStation

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

OpenPorts

80 81 443 500 1723 3128 4444 8080

396138133 | 2024-09-14T17:52:19.582844

80 / tcp

403 Forbidden

HTTP/1.1 403 Forbidden
Date: Sat, 14 Sep 2024 17:52:19 GMT
Server: Apache
Content-Length: 199
Content-Type: text/html; charset=iso-8859-1

-540242108 | 2024-09-10T19:52:04.292919

81 / tcp

HTTP/1.1 302 Found
Date: Tue, 10 Sep 2024 19:52:04 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.30
Location: http://amazon.lutzstefan.com/api/
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

CVE-2022-31813 CVE-2022-22720 CVE-2021-44790 CVE-2021-39275 CVE-2019-9641 123 moreCVE-2019-9023 CVE-2019-9021 CVE-2019-9020 CVE-2018-19518 CVE-2018-7584 CVE-2017-12933 CVE-2017-11142 CVE-2017-9228 CVE-2017-9227 CVE-2017-9226 CVE-2017-9224 CVE-2017-8923 CVE-2017-7679 CVE-2017-3169 CVE-2017-3167 CVE-2016-1283 CVE-2013-4365 CVE-2013-2220 CVE-2011-3192 CVE-2011-2688 CVE-2007-4723 CVE-2022-30556 CVE-2022-29404 CVE-2022-28615 CVE-2022-28614 CVE-2022-28330 CVE-2022-22721 CVE-2022-22719 CVE-2021-40438 CVE-2021-34798 CVE-2021-32792 CVE-2021-32791 CVE-2021-32786 CVE-2021-32785 CVE-2020-11579 CVE-2019-9639 CVE-2019-9638 CVE-2019-9637 CVE-2019-9024 CVE-2019-6977 CVE-2018-20783 CVE-2018-19935 CVE-2018-19520 CVE-2018-19396 CVE-2018-19395 CVE-2018-17082 CVE-2018-15132 CVE-2018-14883 CVE-2018-14851 CVE-2018-10549 CVE-2018-10548 CVE-2018-10547 CVE-2018-10546 CVE-2018-5712 CVE-2018-5711 CVE-2018-1303 CVE-2018-1302 CVE-2018-1301 CVE-2017-16642 CVE-2017-11628 CVE-2017-11145 CVE-2017-11144 CVE-2017-11143 CVE-2017-9798 CVE-2017-9788 CVE-2017-9229 CVE-2017-7963 CVE-2017-7890 CVE-2017-7272 CVE-2016-8743 CVE-2016-5387 CVE-2016-4975 CVE-2015-9253 CVE-2015-3183 CVE-2015-0228 CVE-2014-0231 CVE-2014-0226 CVE-2014-0118 CVE-2014-0098 CVE-2013-6438 CVE-2013-5704 CVE-2013-2765 CVE-2013-1896 CVE-2013-1862 CVE-2013-0942 CVE-2012-4558 CVE-2012-4557 CVE-2012-4360 CVE-2012-4001 CVE-2012-3526 CVE-2012-3499 CVE-2012-0883 CVE-2012-0053 CVE-2012-0031 CVE-2011-4317 CVE-2011-3639 CVE-2011-3607 CVE-2011-3368 CVE-2011-3348 CVE-2011-1176 CVE-2011-0419 CVE-2010-2068 CVE-2010-1623 CVE-2010-1452 CVE-2009-3720 CVE-2009-3560 CVE-2009-2299 CVE-2008-0455 CVE-2007-3205 CVE-2024-40898 CVE-2024-4577 CVE-2023-45802 CVE-2023-31122 CVE-2022-37436 CVE-2022-31629 CVE-2022-31628 CVE-2018-10545 CVE-2016-8612 CVE-2013-0941 CVE-2012-2687 CVE-2011-4415 CVE-2009-0796 CVE-2006-20001

396138133 | 2024-09-17T15:13:59.189891

443 / tcp

403 Forbidden

HTTP/1.1 403 Forbidden
Date: Tue, 17 Sep 2024 15:13:59 GMT
Server: Apache
Content-Length: 199
Content-Type: text/html; charset=iso-8859-1

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:e6:73:c6:9f:e0:22:3f:74:21:ac:3e:99:11:4f:86:c9:e2
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R10
        Validity
            Not Before: Sep  4 02:11:02 2024 GMT
            Not After : Dec  3 02:11:01 2024 GMT
        Subject: CN=stenas.lutzstefan.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ee:9b:71:02:2d:d4:5d:4e:1b:0d:cb:61:9f:21:
                    95:b4:33:ce:a7:f5:3f:ba:db:cf:6e:f0:92:30:8c:
                    f5:a4:6c:b1:fa:c0:ed:01:8c:b7:32:13:10:a9:fd:
                    af:ee:fd:d8:f7:99:e4:1d:64:0a:36:64:b7:70:30:
                    85:b3:ac:d6:99:d9:fa:ea:7d:4f:79:41:01:6d:31:
                    c2:f6:64:f7:70:de:e6:5f:94:0e:e7:05:79:9a:d9:
                    00:42:2e:5c:e0:6b:7f:1c:9e:48:92:ac:18:06:82:
                    5f:ca:d8:13:aa:c2:2c:2a:0c:9b:51:7c:5e:c6:f8:
                    5f:c8:de:5c:46:72:11:9b:42:b0:ee:4d:79:93:ec:
                    87:7d:3d:75:fe:2f:d0:ee:3a:34:d1:89:e0:a1:56:
                    01:0e:2d:da:51:b5:72:1a:83:dd:8f:6e:a1:89:c8:
                    20:36:a9:ba:6f:09:07:66:56:ba:7d:1b:25:f9:7e:
                    4f:66:85:4a:83:b6:3c:fc:40:36:e6:5e:a3:73:09:
                    79:f6:e4:4d:18:51:73:84:47:59:aa:70:f7:ae:f0:
                    2e:2f:3d:a4:ed:59:a6:eb:52:97:7f:32:b7:51:e5:
                    44:44:78:84:6c:97:c2:3c:e2:54:ca:25:06:c4:14:
                    ec:ba:65:cb:3b:9d:cf:55:68:27:cb:7f:b1:b6:98:
                    b2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                D5:3B:99:B5:C4:57:B7:86:7B:8A:D3:62:37:B9:D3:D5:93:48:6F:01
            X509v3 Authority Key Identifier: 
                BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8
            Authority Information Access: 
                OCSP - URI:http://r10.o.lencr.org
                CA Issuers - URI:http://r10.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:agent.lutzstefan.com, DNS:ha.lutzstefan.com, DNS:stenas.lutzstefan.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Sep  4 03:09:32.384 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:5D:91:CB:16:68:EC:28:D1:AE:9B:EF:DF:
                                6F:56:A4:0E:DC:B9:EC:5C:18:F1:C7:2F:5B:68:89:EB:
                                FD:7A:E9:10:02:21:00:C1:B1:AA:03:34:F6:8F:E1:4B:
                                57:F2:02:6B:8B:CA:A7:50:42:FE:93:89:5C:2C:DF:CE:
                                77:02:00:59:C1:72:B8
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Sep  4 03:09:32.447 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:26:8D:81:CF:65:7D:2B:19:38:D9:A7:28:
                                6B:6E:27:58:38:81:A3:23:AF:99:5B:46:84:34:5A:5F:
                                F6:DE:CF:52:02:20:34:64:EF:88:7D:5F:BA:C6:3D:21:
                                D6:9B:2C:CA:40:0C:CC:E0:6B:C6:0B:33:00:38:38:73:
                                08:9E:0F:98:DC:AD
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        21:b7:91:c1:31:5a:29:4d:c5:ce:52:88:6d:9b:88:77:cb:48:
        b9:30:d8:3c:62:f7:4f:96:e8:1a:4c:25:cb:cc:c5:76:af:cc:
        f8:0e:02:4a:67:83:0d:86:f2:9e:59:d2:83:a8:e9:86:73:ed:
        90:0c:52:cb:c8:6c:d2:24:a8:ea:d1:27:7e:15:24:48:88:96:
        7b:97:28:75:eb:ff:60:9e:3d:da:ee:e3:48:b3:0e:ac:54:30:
        ef:0b:2b:8d:fe:30:9c:69:0a:c1:73:8b:b5:00:4d:4e:bd:a6:
        b7:43:95:52:3d:b0:e2:9f:fa:70:e0:95:3a:82:a4:cd:b1:de:
        19:1b:c8:b5:e6:fd:5c:62:a7:df:cc:25:6c:b1:bd:e1:f2:63:
        5b:e4:31:c5:ae:27:23:de:b1:09:f4:f1:43:d8:2f:ae:2b:9d:
        9e:d9:f6:86:4c:d2:83:f3:ea:46:73:15:ae:fe:7d:b1:94:df:
        6d:5e:d3:11:98:2c:e9:db:e5:3a:21:e9:c4:42:9a:d7:8d:eb:
        c9:1e:92:f3:62:db:07:33:e9:a1:47:48:d0:80:39:2d:ee:1a:
        ab:4c:af:c8:cb:f5:d3:dd:c9:66:bc:ca:84:f2:72:eb:36:b4:
        e8:1c:f1:ef:e1:22:5b:64:88:02:2d:01:38:e7:45:ba:69:f7:
        3e:fb:ea:09

1303612635 | 2024-09-16T02:43:25.334443

500 / udp

VPN (IKE)

Initiator SPI: 35306b3933333172
Responder SPI: 3675756576353973
Next Payload: Notification (N)
Version: 1.0
Exchange Type: Informational
Flags:
    Encryption:     False
    Commit:         False
    Authentication: False
Message ID: 00000000
Length: 40

261189147 | 2024-09-10T23:09:19.839628

1723 / tcp

PPTP:
  Firmware: 1
  Hostname: local
  Vendor: linux

164962286 | 2024-09-16T09:54:08.493762

3128 / tcp

400 Bad Request

HTTP/1.1 400 Bad Request
Date: Mon, 16 Sep 2024 09:54:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:;
X-Content-Security-Policy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:;
X-Webkit-CSP: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:;
Content-Length: 483
Connection: close
Content-Type: text/html; charset=iso-8859-1

1390257992 | 2024-09-18T10:32:38.756129

4444 / tcp

WebAdmin

HTTP/1.1 200 OK
Date: Wed, 18 Sep 2024 10:32:34 GMT
Server: Apache
Expires: Thursday, 01-Jan-1970 00:00:01 GMT
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:;
X-Content-Security-Policy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:;
X-Webkit-CSP: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:;
Cache-Control: no-store
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            de:ba:13:4b:24:23:b2:85
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=at, L=Dornbirn, O=none, CN=none WebAdmin CA/emailAddress=astaroadmin@lutzstefan.com
        Validity
            Not Before: Dec 14 16:21:53 2013 GMT
            Not After : Jan  1 00:00:01 2038 GMT
        Subject: C=at, L=Dornbirn, O=none, CN=FIREWALL
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:9e:b3:a2:5e:86:a2:80:37:d6:06:8f:cc:6f:79:
                    3b:cc:56:92:bc:46:7d:41:ee:f9:55:2e:2c:38:02:
                    cb:0c:0e:cb:ec:f7:c0:2a:f0:ce:2d:4a:1c:11:d5:
                    6f:21:8e:96:e8:eb:95:d5:6b:25:47:d9:1c:97:a1:
                    2f:e4:c5:47:d8:f4:eb:b5:7c:69:5a:fa:c8:96:c6:
                    1a:41:10:b5:c6:90:33:e5:33:f6:7a:b6:3c:4a:51:
                    e9:02:69:18:30:35:82:0b:4b:02:01:ff:e5:99:1f:
                    25:36:15:9d:d9:07:3d:e0:de:d0:92:b3:45:29:af:
                    2f:3d:1e:f8:85:d0:58:f8:61:6d:1c:57:fd:3a:9d:
                    84:c3:7f:30:64:81:fa:da:f4:c6:08:92:7f:15:3a:
                    b0:45:d5:8d:54:6c:34:2f:c4:1d:51:6d:cf:cf:44:
                    97:89:49:86:2b:1a:fc:b8:b0:c1:38:3b:23:64:35:
                    38:56:5f:05:7a:bc:b0:9d:34:02:95:4a:a9:10:75:
                    27:c2:d6:78:a4:0c:21:a7:fc:1b:b0:35:ef:38:cc:
                    16:fd:04:23:70:87:61:4e:5b:ba:b9:c3:ac:cb:10:
                    8c:5b:2c:fd:ea:93:4b:57:f9:f1:15:c3:59:df:9d:
                    73:cd:e3:b0:0f:e5:b9:11:dc:b2:97:a4:bf:db:b8:
                    d0:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                D6:9B:8B:D6:D8:A2:A4:14:0D:E4:9A:23:9B:1B:04:9C:B3:E2:9E:CC
            X509v3 Authority Key Identifier: 
                keyid:B7:CC:1E:48:41:E2:AD:21:E5:C1:06:40:9E:BE:3B:66:9D:34:50:AB
                DirName:/C=at/L=Dornbirn/O=none/CN=none WebAdmin CA/emailAddress=astaroadmin@lutzstefan.com
                serial:DE:BA:13:4B:24:23:B2:84
            X509v3 Subject Alternative Name: 
                DNS:FIREWALL
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        26:17:24:59:0e:b6:22:0b:92:e2:1e:89:01:79:76:ab:9c:d4:
        0a:5f:6f:50:dd:21:be:f7:09:f4:d0:e4:61:95:ba:e5:5f:65:
        b3:b7:e6:7c:b3:bb:dc:cd:f0:10:88:ac:00:2c:47:92:8e:d1:
        e5:d5:a9:2a:72:98:08:6a:7a:42:9b:fd:e6:e1:0c:f2:a7:50:
        43:c2:f8:d6:0b:9e:d0:61:94:62:4f:22:49:e2:d5:da:22:0d:
        7f:db:1b:bd:6c:42:01:bb:a6:df:b8:28:82:a8:2b:94:13:8c:
        48:d1:72:39:a2:72:94:aa:5b:49:a0:1b:7a:a8:39:8e:10:3c:
        79:59:82:12:04:a5:9b:6a:bf:f4:1b:63:52:e8:b4:5e:b5:35:
        d8:fb:b3:09:44:98:69:d8:ca:59:b5:5e:c1:f8:ca:e9:c2:10:
        04:3e:f4:68:2c:46:9a:26:dc:b1:d3:8c:41:7c:27:ff:62:27:
        ee:da:8f:07:0b:04:a5:f0:95:c2:59:7a:51:e8:26:dd:a0:2a:
        71:87:e6:ad:77:57:eb:be:0b:26:45:03:d6:0f:9d:11:8e:19:
        f7:92:d5:44:11:aa:22:7d:28:b8:c7:0d:22:0b:7b:1c:70:76:
        5a:b7:53:99:10:92:33:68:aa:8c:56:df:95:4c:3d:3e:aa:72:
        05:4c:7e:3f

915019751 | 2024-09-20T00:53:14.227934

8080 / tcp

STENAS - Synology NAS

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Sep 2024 00:53:14 GMT
Content-Type: text/html; charset="UTF-8"
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding
Cache-control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Security-Policy: base-uri 'self';  connect-src data: ws: wss: http: https:; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://help.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' data: blob: https://*.synology.com https://*.synology.cn http://*.synology.com http://*.synology.cn http://global.synologydownload.com https://global.synologydownload.com; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://global.download.synology.com; media-src 'self' data: about: https://*.synology.com https://help.synology.cn;  script-src 'self' 'unsafe-eval' data: blob: https://maps.google.com https://maps.googleapis.com https://ajax.googleapis.com https://help.synology.com https://help.synology.cn; style-src 'self' 'unsafe-inline' https://*.googleapis.com;


Synology DiskStation Manager (DSM):
  Version: 7.2.1-69057
  Hostname: STENAS

80.108.82.129

Last Seen: 2024-09-20

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

396138133 | 2024-09-14T17:52:19.582844
80 / tcp

Apache httpd

-540242108 | 2024-09-10T19:52:04.292919
81 / tcp

Apache httpd2.2.15

396138133 | 2024-09-17T15:13:59.189891
443 / tcp

Apache httpd

1303612635 | 2024-09-16T02:43:25.334443
500 / udp

261189147 | 2024-09-10T23:09:19.839628
1723 / tcp

PPTP

164962286 | 2024-09-16T09:54:08.493762
3128 / tcp

Apache httpd

1390257992 | 2024-09-18T10:32:38.756129
4444 / tcp

Sophos SSL VPN User Portal

915019751 | 2024-09-20T00:53:14.227934
8080 / tcp

nginx

Products

Pricing

Contact Us

80.108.82.129

Last Seen: 2024-09-20

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 81 Latest CVSS

OpenPorts

396138133 | 2024-09-14T17:52:19.582844 80 / tcp

Apache httpd

-540242108 | 2024-09-10T19:52:04.292919 81 / tcp

Apache httpd2.2.15

396138133 | 2024-09-17T15:13:59.189891 443 / tcp

Apache httpd

1303612635 | 2024-09-16T02:43:25.334443 500 / udp

261189147 | 2024-09-10T23:09:19.839628 1723 / tcp

PPTP

164962286 | 2024-09-16T09:54:08.493762 3128 / tcp

Apache httpd

1390257992 | 2024-09-18T10:32:38.756129 4444 / tcp

Sophos SSL VPN User Portal

915019751 | 2024-09-20T00:53:14.227934 8080 / tcp

nginx

Products

Pricing

Contact Us

Vulnerabilities

396138133 | 2024-09-14T17:52:19.582844
80 / tcp

-540242108 | 2024-09-10T19:52:04.292919
81 / tcp

396138133 | 2024-09-17T15:13:59.189891
443 / tcp

1303612635 | 2024-09-16T02:43:25.334443
500 / udp

261189147 | 2024-09-10T23:09:19.839628
1723 / tcp

164962286 | 2024-09-16T09:54:08.493762
3128 / tcp

1390257992 | 2024-09-18T10:32:38.756129
4444 / tcp

915019751 | 2024-09-20T00:53:14.227934
8080 / tcp