{"vulnerability": "cve-2015-0204", "sightings": [{"uuid": "47182af5-fe55-4e0b-ab1e-01a3a3ac9983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0204", "type": "seen", "source": "https://gist.github.com/aw-junaid/9f4a67eb2ab569d724a8a8910d2e972f", "content": "", "creation_timestamp": "2026-03-01T01:43:27.000000Z"}, {"uuid": "8860801c-0934-400e-832f-2595bc4a64bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0204", "type": "seen", "source": "https://t.me/hex4gon1/908", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:02:07.000000Z"}, {"uuid": "cb6e2271-787a-47e4-b78b-2736b84f16d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0204", "type": "seen", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/3548", "content": "\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 192.168.0.10 \u2502 \u2502 \u2502 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\n[Open ports]\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 ip \u2503 proto \u2503 port \u2503 service \u2503 product \u2503 version \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 192.168.0.10 \u2502 tcp \u2502 21 \u2502 ftp \u2502 ProFTPD \u2502 1.3.5 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 22 \u2502 ssh \u2502 OpenSSH \u2502 6.6.1p1 Ubuntu 2ubuntu2.10 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 80 \u2502 http \u2502 Apache httpd \u2502 2.4.7 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 445 \u2502 netbios-ssn \u2502 Samba smbd \u2502 3.X - 4.X \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 631 \u2502 ipp \u2502 CUPS \u2502 1.7 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\n[Vulnerabilities]\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 ip \u2503 proto \u2503 port \u2503 vuln_name \u2503 cve \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 192.168.0.10 \u2502 tcp \u2502 0 \u2502 TCP Timestamps Information Disclosure (https://www.kitploit.com/search/label/Information%20Disclosure) \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 21 \u2502 FTP Unencrypted Cleartext Login \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 22 \u2502 Weak MAC Algorithm(s) Supported (SSH) \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 22 \u2502 Weak Encryption Algorithm(s) Supported (SSH) \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 22 \u2502 Weak Host Key Algorithm(s) (SSH) \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 22 \u2502 Weak Key Exchange (KEX) Algorithm(s) Supported (SSH) \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 80 \u2502 Test HTTP dangerous methods \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 80 \u2502 Drupal Core SQLi Vulnerability (SA-CORE-2014-005) - Active Check \u2502 CVE-2014-3704 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 80 \u2502 Drupal Coder RCE Vulnerability (SA-CONTRIB-2016-039) - Active Check \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 80 \u2502 Sensitive File Disclosure (HTTP) \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 80 \u2502 Unprotected Web App / Device Installers (HTTP) \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 80 \u2502 Cleartext Transmission of Sensitive Information (https://www.kitploit.com/search/label/Sensitive%20Information) via HTTP \u2502 N/A \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 80 \u2502 jQuery < 1.9.0 XSS Vulnerability \u2502 CVE-2012-6708 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 80 \u2502 jQuery < 1.6.3 XSS Vulnerability \u2502 CVE-2011-4969 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 80 \u2502 Drupal 7.0 Information Disclosure Vulnerability - Active Check \u2502 CVE-2011-3730 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 631 \u2502 SSL/TLS: Report Vulnerable Cipher Suites for HTTPS \u2502 CVE-2016-2183 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 631 \u2502 SSL/TLS: Report Vulnerable Cipher Suites for HTTPS \u2502 CVE-2016-6329 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 631 \u2502 SSL/TLS: Report Vulnerable Cipher Suites for HTTPS \u2502 CVE-2020-12872 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 631 \u2502 SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection \u2502 CVE-2011-3389 \u2502\n\u2502 192.168.0.10 \u2502 tcp \u2502 631 \u2502 SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection \u2502 CVE-2015-0204 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500& #9472;\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\n[Users]", "creation_timestamp": "2024-01-08T12:19:23.000000Z"}, {"uuid": "7fe48fb2-f3b3-4c6a-85b6-f9a2d442e0d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0204", "type": "seen", "source": "https://t.me/endsodomaofficial/7318", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T00:49:09.000000Z"}, {"uuid": "b9f3b839-d1b5-4b20-85b1-8a3b8217ab3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0204", "type": "seen", "source": "https://t.me/thegoodfatherag/8840", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:24:44.000000Z"}, {"uuid": "c2c8dd4f-9d5f-4cc6-8370-ae5893157916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0204", "type": "seen", "source": "https://t.me/fucklulzsecisrahell/6294", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T02:55:48.000000Z"}, {"uuid": "b82d2499-8d8a-4101-9e17-c147b3046d9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0204", "type": "seen", "source": "https://t.me/jokerssec/1351", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:00:05.000000Z"}, {"uuid": "d81c22db-d3f9-4cff-9c8c-c884b8a27d9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0204", "type": "seen", "source": "https://t.me/marianaalecu/3622", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T00:48:21.000000Z"}, {"uuid": "ae85b2c5-5cec-49d2-a8fe-8a225e51af61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0204", "type": "seen", "source": "https://t.me/information_security_channel/9760", "content": "A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.\n\nSSL Vulnerabilities Detected by A2SV\n[CVE-2007-1858] Anonymous Cipher\n[CVE-2012-4929] CRIME(SPDY)\n[CVE-2014-0160] CCS Injection\n[CVE-2014-0224] HeartBleed\n[CVE-2014-3566] SSLv3 POODLE\n[CVE-2015-0204] FREAK Attack\n[CVE-2015-4000] LOGJAM Attack\n[CVE-2016-0800] SSLv2 DROWN\nPlanned for future:\n[PLAN] SSL ACCF\n[PLAN] SSL Information Analysis\nInstallation & Requirements for A2SV\nA.\nRead the rest of A2SV \u2013 Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed now! Only available at Darknet. (https://www.darknet.org.uk/2017/10/a2sv-auto-scanning-ssl-vulnerability-tool-poodle-heartbleed/)", "creation_timestamp": "2017-10-09T18:29:26.000000Z"}, {"uuid": "11511342-41e7-4960-a781-8144ee736948", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-0204", "type": "seen", "source": "https://gist.github.com/magajay4life-pixel/f7260a84b8e6d9a00baa0febf00bfd83", "content": "ID,Asset,Vulnerability,CVE,CVSS,Severity,Exploitability,Business Impact,Risk Rating,Remediation,Owner,Status\nVULN-001,Metasploitable Linux Server,Outdated Apache server 2.2.x EOL,N/A,9.8,Critical,High - Public exploits,Remote compromise,Critical,Upgrade Apache to 2.4+ and apply patches,WebAdmin,Open\nVULN-002,Metasploitable Linux Server,Operating system Ubuntu 8.04 EOL,N/A,10.0,Critical,High - No patches,Full system compromise,Critical,Upgrade to supported OS version,SysAdmin,Open\nVULN-003,Metasploitable Linux Server,Apache PHP-CGI Remote Code Execution,N/A,7.8,High,High - Metasploit module,Remote code execution,High,Disable CGI or patch PHP/Apache,WebAdmin,Open\nVULN-004,Metasploitable Linux Server,PHP-CGI query string injection,N/A,7.8,High,High - Public PoC,Remote code execution,High,Patch PHP and secure configurations,WebAdmin,Open\nVULN-005,Metasploitable Linux Server,CGI Remote File Inclusion,N/A,9.8,Critical,High - Metasploit module,System takeover,Critical,Disable remote file inclusion and validate inputs,WebAdmin,Open\nVULN-006,Metasploitable Linux Server,Publicly accessible phpinfo file,CWE-552,6.8,Medium,Medium - Recon,aids exploitation,Medium,Remove phpinfo files,WebAdmin,Open\nVULN-007,Metasploitable Linux Server,PHP version exposed via headers,N/A,7.5,High,Medium - Targeting known vulns,Targeted attacks,High,Disable expose_php,WebAdmin,Open\nVULN-008,Metasploitable Linux Server,Backup and sensitive files exposed,N/A,8.0,High,Medium - Direct access,Credential theft,High,Remove backup files and enforce access control,WebAdmin,Open\nVULN-009,Metasploitable Linux Server,Directory indexing enabled,CVE-1999-0678,6.5,Medium,Medium - Recon,Information disclosure,Medium,Disable directory listing,WebAdmin,Open\nVULN-010,Metasploitable Linux Server,Default Apache files exposed,N/A,9.2,Critical,Medium - Fingerprinting,Server fingerprinting,Critical,Remove default files,WebAdmin,Open\nVULN-011,Metasploitable Linux Server,HTTP TRACE/TRACK methods enabled,N/A,5.8,Medium,Medium - XST,Cookie/auth header exposure,Medium,Disable TRACE/TRACK,WebAdmin,Open\nVULN-012,Metasploitable Linux Server,Missing anti-clickjacking protection,N/A,6.8,Medium,Medium - Clickjacking,UI redress attacks,Medium,Add X-Frame-Options or CSP frame-ancestors,WebAdmin,Open\nVULN-013,Metasploitable Linux Server,Missing X-Content-Type-Options header,N/A,6.8,Medium,Medium - MIME sniffing,Malicious content execution,Medium,Add nosniff header,WebAdmin,Open\nVULN-014,Metasploitable Linux Server,Server responds to unsupported HTTP methods,N/A,7.5,High,Medium - Increased attack surface,Exploitation potential,High,Restrict HTTP methods,WebAdmin,Open\nVULN-015,Metasploitable Linux Server,Apache MultiViews enabled,CVE-2001-0731,7.5,High,Medium - Brute force,Discover hidden resources,High,Disable MultiViews,WebAdmin,Open\nVULN-016,Metasploitable Linux Server,phpMyAdmin exposed,N/A,7.0,High,High - SQLi/XSS,Database compromise,High,Restrict access and upgrade phpMyAdmin,DBA,Open\nVULN-017,Metasploitable Linux Server,vsFTPd backdoor vulnerability,CVE-2011-2523,10.0,Critical,High - Metasploit module,Remote root shell,Critical,Remove or patch FTP service,SysAdmin,Open\nVULN-018,Metasploitable Linux Server,UnrealIRCd backdoor,N/A,10.0,Critical,High - Metasploit module,Full compromise,Critical,Replace compromised service,SysAdmin,Open\nVULN-019,Metasploitable Linux Server,Bind shell backdoor detected,N/A,10.0,Critical,High - Active backdoor,Unauthorized remote access,Critical,Investigate and remove backdoor,SysAdmin,Open\nVULN-020,Metasploitable Linux Server,RMI registry remote class loading,N/A,9.0,Critical,High - RCE,Arbitrary code execution,Critical,Secure or disable RMI service,SysAdmin,Open\nVULN-021,Metasploitable Linux Server,VNC weak/default password,N/A,10.0,Critical,High - Brute force,Remote desktop access,Critical,Enforce strong authentication,SysAdmin,Open\nVULN-022,Metasploitable Linux Server,Telnet transmits credentials plaintext,N/A,9.8,Critical,High - MITM/Capture,Credential interception,Critical,Disable Telnet use SSH,SysAdmin,Open\nVULN-023,Metasploitable Linux Server,rlogin and rsh services enabled,N/A,9.8,Critical,High - Credential interception,Unauthorized access,Critical,Disable legacy services,SysAdmin,Open\nVULN-024,Metasploitable Linux Server,NFS shares world-readable,N/A,9.8,Critical,Medium - Mount shares,Data exposure,Critical,Restrict NFS permissions,SysAdmin,Open\nVULN-025,Metasploitable Linux Server,SMB signing not enforced,N/A,9.8,Critical,High - MITM/Session hijack,Session hijacking,Critical,Enable SMB signing,SysAdmin,Open\nVULN-026,Metasploitable Linux Server,Samba Badlock vulnerability,CVE-2016-2118,9.8,Critical,High - Public exploit,Privilege escalation,Critical,Patch Samba,SysAdmin,Open\nVULN-027,Metasploitable Linux Server,DNS cache poisoning,N/A,9.8,Critical,High - Cache poisoning,Traffic redirection,Critical,Patch DNS server,SysAdmin,Open\nVULN-028,Metasploitable Linux Server,DNS cache snooping,N/A,9.8,Critical,Medium - Info disclosure,Network activity inference,Critical,Restrict DNS recursion,SysAdmin,Open\nVULN-029,Metasploitable Linux Server,BIND DNS vulnerable to DoS,N/A,9.8,Critical,Medium - DoS,Service disruption,Critical,Upgrade BIND,SysAdmin,Open\nVULN-030,Metasploitable Linux Server,Slowloris DoS vulnerability,CVE-2007-6750,9.8,Critical,High - Resource exhaustion,Service unavailability,Critical,Configure connection limits/timeouts,WebAdmin,Open\nVULN-031,Metasploitable Linux Server,Weak SSL/TLS protocols SSLv2 SSLv3 TLS1.0,N/A,9.8,Critical,High - Downgrade attacks,Traffic interception,Critical,Disable weak protocols,WebAdmin,Open\nVULN-032,Metasploitable Linux Server,SSL POODLE vulnerability,CVE-2014-3566,9.8,Critical,Medium - Padding oracle,Decrypt encrypted traffic,Critical,Disable SSLv3,WebAdmin,Open\nVULN-033,Metasploitable Linux Server,SSL CCS Injection vulnerability,CVE-2014-0224,9.8,Critical,High - MITM,Session hijacking,Critical,Patch OpenSSL,WebAdmin,Open\nVULN-034,Metasploitable Linux Server,Weak Diffie-Hellman parameters Logjam,CVE-2015-4000,7.5,High,Medium - Downgrade,Decrypt traffic,High,Use strong DH groups,WebAdmin,Open\nVULN-035,Metasploitable Linux Server,Weak/anonymous cipher suites,N/A,7.5,High,Medium - Intercept,Communication interception,High,Disable weak ciphers,WebAdmin,Open\nVULN-036,Metasploitable Linux Server,RC4 cipher supported,N/A,6.8,Medium,Medium - Cryptographic attacks,Communication exposure,Medium,Disable RC4,WebAdmin,Open\nVULN-037,Metasploitable Linux Server,FREAK vulnerability,CVE-2015-0204,6.8,Medium,Medium - Downgrade,Weak encryption,Critical,Disable export ciphers,WebAdmin,Open\nVULN-038,Metasploitable Linux Server,SWEET32 vulnerability,N/A,9.8,Critical,Medium - Collision attacks,Session collision,Critical,Disable 3DES,WebAdmin,Open\nVULN-039,Metasploitable Linux Server,DROWN vulnerability,N/A,9.8,Critical,High - SSLv2 exploit,TLS session decryption,Critical,Disable SSLv2,WebAdmin,Open\nVULN-040,Metasploitable Linux Server,SSL certificate issues,N/A,9.8,Critical,Medium - MITM,Trust reduction/C MITM,Critical,Use valid certificates,WebAdmin,Open\nVULN-041,Metasploitable Linux Server,Weak SSH algorithms,N/A,9.8,Critical,High - Session compromise,Encrypted session compromise,Critical,Use strong algorithms,SysAdmin,Open\nVULN-042,Metasploitable Linux Server,Session cookies lack HttpOnly flag,N/A,9.8,Critical,High - XSS token theft,Session token access,Critical,Set HttpOnly and Secure flags,WebAdmin,Open\nVULN-043,Metasploitable Linux Server,Multiple exposed admin panels,N/A,9.8,Critical,High - Unauthorized access,File upload attacks,Critical,Restrict access and secure endpoints,WebAdmin,Open\nVULN-044,Metasploitable Linux Server,Apache Tomcat EOL version,N/A,9.8,Critical,High - Known exploits,Remote code execution,Critical,Upgrade Tomcat,WebAdmin,Open\nVULN-045,Metasploitable Linux Server,Weak password hashing MD5,N/A,9.8,Critical,High - Cracking,Password cracking,Critical,Use bcrypt/Argon2,SysAdmin,Open\nVULN-046,Metasploitable Linux Server,Application error disclosure,N/A,7.5,Critical,Medium - Info disclosure,Targeted attacks,Critical,Implement generic error handling,WebAdmin,Open\nVULN-047,Metasploitable Linux Server,Missing Content Security Policy,N/A,9.8,Critical,High - XSS/Data injection,XSS and data injection,Critical,Implement CSP header,WebAdmin,Open\nVULN-048,Metasploitable Linux Server,Vulnerable/outdated JavaScript library,N/A,6.8,Critical,Medium - XSS/Script injection,Client-side attacks,Critical,Update JS libraries,WebAdmin,Open", "creation_timestamp": "2026-06-16T06:00:26.000000Z"}]}