Scan Apps Whitelist Non IPS

Scan Results
September 21, 2023
Report Summary
User Name: Supriadi IT
Login Name: htach_st9
Company: Hitachi Construction Machinery Co., Ltd.
User Role: Scanner
Address: East Tower 3F 650 Kandatsu-machi, Tsuchiura-shi
City: Ibaraki
Zip: 300-0013
Country: Japan
Created: 09/21/2023 at 05:01:05 PM (GMT+0900)
Launch Date: 09/21/2023 at 04:34:34 PM (GMT+0900)
Active Hosts: 1
Total Hosts: 1
Type: On demand
Status: Finished
Reference: scan/1695281674.29238
External Scanners: 139.87.112.11 (Scanner 12.15.57-1, Vulnerability Signatures 2.5.870-2)
Duration: 00:22:17
Title: pentest apps - 20230921
Asset Groups: -
IPs: 182.23.52.118
Excluded IPs: -
Options Profile: HCMセキュリティ診断用プロファイル
Summary of Vulnerabilities
Vulnerabilities Total 31 Security Risk (Avg) 3.0
by Severity
Severity Confirmed Potential Information Gathered Total
5 0 0 0 0
4 0 0 0 0
3 0 2 1 3
2 2 0 2 4
1 0 0 24 24
Total 2 2 27 31
5 Biggest Categories
Category Confirmed Potential Information Gathered Total
General remote services 2 0 9 11
TCP/IP 0 0 7 7
Information gathering 0 0 7 7
Web server 0 2 3 5
Firewall 0 0 1 1
Total 2 2 27 31
Scan Results page 1

Vulnerabilities by Severity
Operating Systems Detected
Services Detected
Detailed Results
182.23.52.118 (-, -) Ubuntu/Linux
Vulnerabilities (2)
2 SSL Certificate - Subject Common Name Does Not Match Server FQDN port 443/tcp over SSL
QID: 38170
Category: General remote services
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 10/12/2019
User Modified: -
Scan Results page 2

Edited: No
PCI Vuln: No
THREAT:
An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote
server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.
A certificate whose Subject commonName or subjectAltName does not match the server FQDN offers only encryption without authentication.
Please note that a false positive reporting of this vulnerability is possible in the following case:
If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured.
In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will
solve this problem.
IMPACT:
A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and
then steal all the encryption communication.
SOLUTION:
Please install a server certificate whose Subject commonName or subjectAltName matches the server FQDN.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Certificate #0 CN=apps.hexindo-tbk.co.id (apps.hexindo-tbk.co.id) and IP (182.23.52.118) don't match

(www.apps.hexindo-tbk.co.id) doesn't resolve
(apps.hexindo-tbk.co.id) and IP (182.23.52.118) don't match
2 Pre-shared Key Off-line Bruteforcing Using IKE Aggressive Mode port 500/udp
QID: 38498
Associated CVEs: CVE-2002-1623
Vendor Reference: cisco-sn-20030422-ike
Bugtraq ID: 7423, 5607
User Modified: -
Edited: No
PCI Vuln: Yes
THREAT:
IKE is used during Phase 1 and Phase 2 of establishing an IPSec connection. Phase 1 is where the two ISAKMP peers establish a secure,
authenticated channel with which to communicate. Every participant in IKE must possess a key which may be either pre-shared (PSK) or a public
key. There are inherent risks to configurations that use pre-shared keys which are exaggerated when Aggressive Mode is used.
IMPACT:
Using Aggressive Mode with pre-shared keys is the least secure option. In this particular scenario, it is possible for an attacker to gather all
necessary information in order to mount an off-line dictionary (brute force) attack on the pre-shared keys. For more information about this type
of attack, visit http://www.ernw.de/download/pskattack.pdf (http://www.ernw.de/download/pskattack.pdf).
SOLUTION:
IKE Aggressive mode with pre-shared keys should be avoided where possible. Otherwise a strong pre-shared key should be chosen.
Scan Results page 3

COMPLIANCE:
Not Applicable
EXPLOITABILITY:
nvd
Reference: CVE-2002-1623
Description: The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does
not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid
usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1
SecuRemote.
Link: http://www.securityfocus.com/archive/1/290202
Reference: CVE-2002-1623
Description: The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does
not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid
usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1
SecuRemote.
Link: http://www.securiteam.com/securitynews/5TP040U8AW.html
ASSOCIATED MALWARE:
RESULTS:
isakmp hash(key + identity): ce10fa8f223a46d4ed05c7011a7c481465cbaa62
Potential Vulnerabilities (2)
3 Web Server Stopped Responding port 80/tcp
QID: 86476
Category: Web server
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: Yes
THREAT:
The Web server stopped responding to 3 consecutive connection attempts and/or more than 3 consecutive HTTP / HTTPS requests. Consequently, the
service aborted testing for HTTP / HTTPS vulnerabilities. The vulnerabilities already detected are still posted.
For more details about this QID, please review the following Qualys KB article:
Qualys KB (https://success.qualys.com/support/s/article/000003057)
IMPACT:
The service was unable to complete testing for HTTP / HTTPS vulnerabilities since the Web server stopped responding.
SOLUTION:
Check the Web server status.
If the Web server was crashed during the scan, please restart the server, report the incident to Customer Support and stop scanning the Web server
until the issue is resolved.
If the Web server is unable to process multiple concurrent HTTP / HTTPS requests, please lower the scan harshness level and launch another scan.
If this vulnerability continues to be reported, please contact Customer Support.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
Scan Results page 4

RESULTS:
The web server did not respond for 4 consecutive HTTP requests.
After these, the service was able to connect to the web server 2 minutes later, but the web server still did not respond to a simple HTTP GET
request.
3 Web Server Stopped Responding port 443/tcp over SSL
QID: 86476
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: Yes
THREAT:
The Web server stopped responding to 3 consecutive connection attempts and/or more than 3 consecutive HTTP / HTTPS requests. Consequently, the
service aborted testing for HTTP / HTTPS vulnerabilities. The vulnerabilities already detected are still posted.
For more details about this QID, please review the following Qualys KB article:
Qualys KB (https://success.qualys.com/support/s/article/000003057)
IMPACT:
The service was unable to complete testing for HTTP / HTTPS vulnerabilities since the Web server stopped responding.
SOLUTION:
Check the Web server status.
If the Web server was crashed during the scan, please restart the server, report the incident to Customer Support and stop scanning the Web server
until the issue is resolved.
If the Web server is unable to process multiple concurrent HTTP / HTTPS requests, please lower the scan harshness level and launch another scan.
If this vulnerability continues to be reported, please contact Customer Support.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
The web server did not respond for 4 consecutive HTTP requests.
After these, the service was still unable to connect to the web server 2 minutes later.
Information Gathered (27)
3 Remote Access or Management Service Detected
QID: 42017
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Scan Results page 5

Edited: No
PCI Vuln: No
THREAT:
A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type
of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting
further attacks.
The Results section includes information on the remote access service that was found on the target.
Services like Telnet, Rlogin, SSH, windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and
ISAKMP are checked.
IMPACT:
Consequences vary by the type of attack.
SOLUTION:
Expose the remote access or remote management services only to the system administrators or intended users of the system.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Service name: ISAKMP on UDP port 500.
2 Operating System Detected
QID: 45017
Category: Information gathering
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided
below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report.
1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating
system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this
"fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the
fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the
version of the operating system detected may be that of the firewall instead of the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding
special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended
it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages.
Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service
maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include
"MIB_II.system.sysDescr" for the operating system.
IMPACT:
Not applicable.
Scan Results page 6

SOLUTION:
Not applicable.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Operating System Technique ID
Ubuntu/Linux TCP/IP Fingerprint U7254:80
2 Host Uptime Based on TCP TimeStamp Option
QID: 82063
Category: TCP/IP
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The TCP/IP stack on the host supports the TCP TimeStamp (kind 8) option. Typically the timestamp used is the host's uptime (since last reboot) in
various units (e.g., one hundredth of second, one tenth of a second, etc.). Based on this, we can obtain the host's uptime. The result is given in the
Result section below.
Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the
uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Based on TCP timestamps obtained via port 80, the host's uptime is 30 days, 2 hours, and 58 minutes.
The TCP timestamps from the host are in units of 1 milliseconds.
1 DNS Host Name
QID: 6
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Scan Results page 7

User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
IP address Host name
182.23.52.118 No registered hostname
1 Firewall Detected
QID: 34011
Category: Firewall
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs).
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
Scan Results page 8

RESULTS:
Some of the ports filtered by the firewall are: 20, 21, 22, 23, 25, 53, 111, 135, 445, 1.
Listed below are the ports filtered by the firewall.

No response has been received when any of these ports are probed.
1-3,5,7,9,11,13,15,17-25,27,29,31,33,35,37-39,41-79,81-223,242-246,256-265,
280-282,309,311,318,322-325,344-351,363,369-442,444-581,587,592-593,598,
600,606-620,624,627,631,633-637,666-674,700,704-705,707,709-711,729-731,
740-742,744,747-754,758-765,767,769-777,780-783,786,799-801,860,873,886-888,
900-901,911,950,954-955,990-993,995-1001,1008,1010-1011,1015,1023-1100,
1109-1112,1114,1123,1155,1167,1170,1207,1212,1214,1220-1222,1234-1236,
1241,1243,1245,1248,1269,1313-1314,1337,1344-1625,1636-1774,1776-1815,
1818-1824,1900-1909,1911-1920,1944-1951,1973,1981,1985-2028,2030,2032-2036,
2038,2040-2049,2053,2065,2067,2080,2097,2100,2102-2107,2109,2111, and more.
We have omitted from this list 701 higher ports to keep the report size manageable.
1 Target Network Information
QID: 45004
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to
the target network (where the scanner appliance is located).
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If
your ISP is routing traffic, your ISP's gateway server returned this information.
IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks
against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
The network handle is: APNIC-182

Network description:
Asia Pacific Network Information Centre
1 Internet Service Provider
QID: 45005
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
Scan Results page 9

User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to
the target network (where the scanner appliance is located).
This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If
your ISP is routing traffic, your ISP's gateway server returned this information.
IMPACT:
This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further
attacks against it.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
The ISP network handle is: PL-ARELION

ISP Network description:
Provider
1 Traceroute
QID: 45006
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in
between.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Hops IP Round Trip Time Probe Port
1 139.87.10.32 0.43ms ICMP
Scan Results page 10

2 4.15.10.202 0.72ms ICMP
3 4.15.10.201 0.96ms ICMP
4 4.69.137.138 1.17ms ICMP
5 4.68.68.50 1.76ms ICMP
6 62.115.125.52 2.14ms ICMP
7 62.115.143.38 9.55ms ICMP
8 62.115.143.38 10.24ms UDP 80
9 62.115.137.109 122.88ms UDP 80
10 80.239.193.158 175.11ms ICMP
11 80.239.193.158 175.16ms ICMP
12 36.37.79.82 186.92ms ICMP
13 182.23.52.118 189.49ms ICMP
1 Host Scan Time - Scanner
QID: 45038
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan
Time for this host is reported in the Result section below.
The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The
Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts,
which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back
to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes
to perform parallel host scanning on all scanners.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Scan duration: 1293 seconds
Start time: Thu, Sep 21 2023, 07:35:22 GMT
End time: Thu, Sep 21 2023, 07:56:55 GMT
1 Scan Activity per Port
QID: 45426

Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
Scan activity per port is an estimate of the amount of internal process time the scanner engine spent scanning a particular TCP or UDP port. This
information can be useful to determine the reason for long scan times. The individual time values represent internal process time, not elapsed
time, and can be longer than the total scan time because of internal parallelism. High values are often caused by slowly responding services or
services on which requests time out.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Protocol Port Time
TCP 80 1:28:34
TCP 443 0:18:05
UDP 500 0:01:58
1 Open UDP Services List
QID: 82004
Category: TCP/IP
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
A port scanner was used to draw a map of all the UDP services on this host that can be accessed from the Internet.
Note that if the host is behind a firewall, there is a small chance that the list includes a few ports that are filtered or blocked by the firewall
but are not actually open on the target host. This (false positive on UDP open ports) may happen when the firewall is configured to reject UDP
packets for most (but not all) ports with an ICMP Port Unreachable packet. This may also happen when the firewall is configured to allow UDP packets
for most (but not all) ports through and filter/block/drop UDP packets for only a few ports. Both cases are uncommon.
IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:

Shut down any unknown or unused service on the list. If you have difficulty working out which service is provided by which process or program,
contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting
port scanners of this kind, visit the CERT Web site (http://www.cert.org).
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Port IANA Assigned Ports/Services Description Service Detected
500 isakmp isakmp isakmp
1 Open TCP Services List
QID: 82023
Category: TCP/IP
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the
Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections.
The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the
service (Description) and the service that the scanner detected using service discovery (Service Detected).
IMPACT:
Unauthorized users can exploit this information to test vulnerabilities in each of the open services.
SOLUTION:
Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program,
contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting
port scanners of this kind, visit the CERT Web site (http://www.cert.org).
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Port IANA Assigned Ports/Services Description Service Detected OS On Redirected Port
80 www-http World Wide Web HTTP http
443 https http protocol over TLS/SSL http over ssl
1 ICMP Replies Received
QID: 82040

Category: TCP/IP
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer
that informs gateways of the inter-connectivity and accessibility of other gateways or hosts.
We have sent the following types of packets to trigger the host to send us ICMP replies:
Echo Request (to trigger Echo Reply)
Timestamp Request (to trigger Timestamp Reply)
Address Mask Request (to trigger Address Mask Reply)
UDP Packet (to trigger Port Unreachable Reply)
IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply)
Listed in the "Result" section are the ICMP replies that we have received.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
ICMP Reply Type Triggered By Additional Information
Echo (type=0 code=0) Echo Request Echo Reply
Time Exceeded (type=11 code=0) (Various) Time Exceeded
1 Degree of Randomness of TCP Initial Sequence Numbers
QID: 82045
Category: TCP/IP
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average
change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of
difficulty for exploitation of the TCP ISN generation scheme used by the host.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable

EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Average change between subsequent TCP initial sequence numbers is 160122307 with a standard deviation of 637139038. These TCP initial sequence
numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(4196 microseconds). The degree of difficulty to exploit the
TCP initial sequence number generation scheme is: hard.
1 IP ID Values Randomness
QID: 82046
Category: TCP/IP
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes
between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT
section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many
operating systems, these changes reflect the network load of the host at the time this test was conducted.
Please note that for reliability reasons only the network traffic from open TCP ports is analyzed.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
IP ID changes observed (network order) for port 80: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Duration: 33 milli seconds
1 Host Name Not Available
QID: 82056
Category: TCP/IP
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No

THREAT:
Attempts to obtain the fully-qualified domain name (FQDN) or the Netbios name failed for this host.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
No results available
1 Web Server Supports HTTP Request Pipelining port 80/tcp
QID: 86565
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
Version 1.1 of the HTTP protocol supports URL-Request Pipelining. This means that instead of using the "Keep-Alive" method to keep the TCP
connection alive over multiple requests, the protocol allows multiple HTTP URL requests to be made in the same TCP packet. Any Web server which
is HTTP 1.1 compliant should then process all the URLs requested in the single TCP packet and respond as usual.
The target Web server was found to support this functionality of the HTTP 1.1 protocol.
IMPACT:
Support for URL-Request Pipelining has interesting consequences. For example, as explained in this paper by Daniel Roelker
(http://www.defcon.org/images/defcon-11/dc-11-presentations/dc-11-Roelker/dc-11-roelker-paper.pdf), it can be used for evading detection by
Intrusion Detection Systems. Also, it can be used in HTTP Response-Spliting style attacks.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
GET / HTTP/1.1
Host:182.23.52.118:80
GET /Q_Evasive/ HTTP/1.1

Host:182.23.52.118:80
HTTP/1.1 404 Not Found

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache

content-type: text/html
content-length: 1238
date: Thu, 21 Sep 2023 07:42:21 GMT
server: LiteSpeed
<!DOCTYPE html>
<html style="height:100%">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<title> 404 Not Found
</title></head>
<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%;
left:50%;">
<h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
<h2 style="margin-top:20px;font-size: 30px;">Not Found
</h2>
<p>The resource requested could not be found on this server!</p>
</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px
30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
1px 0 rgba(255, 255, 255, 0.3) inset;">
<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that
LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
pragma: no-cache
date: Thu, 21 Sep 2023 07:42:21 GMT
server: LiteSpeed
<!DOCTYPE html>
<head>
</title></head>
left:50%;">
</h2>
1px 0 rgba(255, 255, 255, 0.3) inset;">
1 SSL Server Information Retrieval port 443/tcp over SSL
QID: 38116
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The following is a list of supported SSL ciphers.

Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers
setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through
a non-LOW grade cipher. In this case even though LOW grade cipher will be listed here QID 38140 will not be reported.

IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
CIPHER KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY-STRENGTH) GRADE
SSLv2 PROTOCOL IS DISABLED
SSLv3 PROTOCOL IS DISABLED
TLSv1 PROTOCOL IS DISABLED
TLSv1.1 PROTOCOL IS DISABLED
TLSv1.2 PROTOCOL IS ENABLED
TLSv1.2 COMPRESSION METHOD None
AES128-SHA RSA RSA SHA1 AES(128) MEDIUM
AES256-SHA RSA RSA SHA1 AES(256) HIGH
AES128-GCM-SHA256 RSA RSA AEAD AESGCM(128) MEDIUM
AES256-GCM-SHA384 RSA RSA AEAD AESGCM(256) HIGH
ECDHE-RSA-AES128-SHA ECDH RSA SHA1 AES(128) MEDIUM
ECDHE-RSA-AES256-SHA ECDH RSA SHA1 AES(256) HIGH
ECDHE-RSA-AES128-GCM-SHA256 ECDH RSA AEAD AESGCM(128) MEDIUM
ECDHE-RSA-AES256-GCM-SHA384 ECDH RSA AEAD AESGCM(256) HIGH
TLSv1.3 PROTOCOL IS ENABLED
TLS13-AES-128-GCM-SHA256 N/A N/A AEAD AESGCM(128) MEDIUM
TLS13-AES-256-GCM-SHA384 N/A N/A AEAD AESGCM(256) HIGH
TLS13-CHACHA20-POLY1305-SHA256 N/A N/A AEAD CHACHA20/POLY1305(256) HIGH
1 SSL Session Caching Information port 443/tcp over SSL
QID: 38291
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is
targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to
establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL
handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security
parameters.
This test determines if SSL session caching is enabled on the host.
IMPACT:

SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes
only.
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
TLSv1.2 session caching is enabled on the target.

TLSv1.3 session caching is disabled on the target.
1 Secure Sockets Layer/Transport Layer Security (SSL/TLS) Invalid Protocol Version Tolerance port 443/tcp over SSL
QID: 38597
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol
versions to the target in order to find out what is the target's behavior. The results section contains a table that indicates what was the
target's response to each of our tests.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
my version target version
0304 0303
0399 0303
0400 0303
0499 0303
1 SSL Certificate will expire within next six months port 443/tcp over SSL

QID: 38600
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
Certificates are used for authentication purposes in different protocols such as SSL/TLS. Each certificate has a validity period outside of which
it is supposed to be considered invalid. This QID is reported to inform that a certificate will expire within next six months. The advance notice
can be helpful since obtaining a certificate can take some time.
IMPACT:
Expired certificates can cause connection disruptions or compromise the integrity and privacy of the connections being protected by the
certificates.
SOLUTION:
Contact the certificate authority that signed your certificate to arrange for a renewal.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Certificate #0 CN=apps.hexindo-tbk.co.id The certificate will expire within six months: Dec 27 23:59:59 2023 GMT
1 Secure Sockets Layer/Transport Layer Security (SSL/TLS) Key Exchange Methods port 443/tcp over SSL
QID: 38704
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The following is a list of SSL/TLS key exchange methods supported by the server, along with their respective key sizes, strengths and ciphers.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:

ASSOCIATED MALWARE:
RESULTS:
CIPHER NAME GROUP KEY-SIZE FORWARD-SECRET CLASSICAL-STRENGTH QUANTUM-STRENGTH
TLSv1.2
AES256-GCM-SHA384 RSA 2048 no 110 low
AES128-GCM-SHA256 RSA 2048 no 110 low
AES256-SHA RSA 2048 no 110 low
AES128-SHA RSA 2048 no 110 low
ECDHE-RSA-AES256-GCM-SHA384 ECDHE x25519 256 yes 128 low
ECDHE-RSA-AES256-GCM-SHA384 ECDHE secp256r1 256 yes 128 low
ECDHE-RSA-AES128-GCM-SHA256 ECDHE x25519 256 yes 128 low
ECDHE-RSA-AES256-SHA ECDHE x25519 256 yes 128 low
ECDHE-RSA-AES256-SHA ECDHE secp256r1 256 yes 128 low
ECDHE-RSA-AES128-SHA ECDHE x25519 256 yes 128 low
TLSv1.3
TLS13-AES-128-GCM-SHA256 ECDHE x25519 256 yes 128 low
TLS13-AES-128-GCM-SHA256 ECDHE secp256r1 256 yes 128 low
TLS13-AES-256-GCM-SHA384 ECDHE x25519 256 yes 128 low
TLS13-CHACHA20-POLY1305-SHA256 ECDHE x25519 256 yes 128 low
TLS13-CHACHA20-POLY1305-SHA256 ECDHE secp256r1 256 yes 128 low
TLS13-CHACHA20-POLY1305-SHA256 ECDHE secp384r1 384 yes 192 low
1 Secure Sockets Layer/Transport Layer Security (SSL/TLS) Protocol Properties port 443/tcp over SSL
QID: 38706
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
The following is a list of detected SSL/TLS protocol properties.
IMPACT:
Items include:
Extended Master Secret: indicates whether the extended_master_secret extension is supported or required by the server. This extension enhances
security and is recommended. Applicable to TLSv1, TLSv1.1, TLSv1.2, DTLSv1, DTLSv1.2
Encrypt Then MAC: indicates whether the encrypt_then_mac extension is supported or required by the server. This extension enhances the security

of non-AEAD ciphers and is recommended. Applicable to TLSv1, TLSv1.1, TLSv1.2, DTLSv1, DTLSv1.2
Heartbeat: indicates whether the heartbeat extension is supported. It is not recommended to enable this, except for DTLS. Applicable to TLSv1,
TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1, DTLSv1.2
Truncated HMAC: indicates whether the truncated_hmac extension is supported. This can degrade security and is not recommended. Applicable to
TLSv1, TLSv1.1, TLSv1.2, DTLSv1, DTLSv1.2
Cipher priority: indicates whether client, server or both determine the priority of ciphers. Having the server determine the priority is
recommended. Applicable to SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1, DTLSv1.2
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
NAME STATUS
TLSv1.2
Extended Master Secret yes
Encrypt Then MAC no
Heartbeat no
Truncated HMAC no
Cipher priority controlled by server
OCSP stapling no
SCT extension no
TLSv1.3
Heartbeat no
Cipher priority controlled by client
OCSP stapling no
SCT extension no
1 Secure Sockets Layer (SSL) Certificate Transparency Information port 443/tcp over SSL
QID: 38718
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
SSL Certificate Transparency is an industry effort to improve visibility into the process of how certificate authorities issue certificates. It is
designed to allow the owners of domain names to find all certificates that have been issued for their domains, and which certificate authorities have
issued them. This is done by requiring certificate authorities to publish all issued certificates in public logs. TLS servers can then provide
cryptographic evidence to TLS clients that the server certificate has been registered in public logs, thus providing some degree of confidence that the
certificate is legitimate. Such cryptographic evidence is referred to as an "SCT Log Proof".
The information below lists all validated SCT Log Proofs for server certificates along with information about the public log, where available.
IMPACT:
N/A

SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
Source Validated Name URL ID Time
Certificate #0 CN=apps.hexindo-tb
k.co.id
Certificate no (unknown) (unknown) e83ed0da3ef5063532e75728bc896bc903d3c Thu 01 Jan 1970
bd1116beceb69e1777d6d06bd6e 12:00:00 AM GMT
Certificate no (unknown) (unknown) b3737707e18450f86386d605a9dc11094a792 Thu 01 Jan 1970
db1670c0b87dcf0030e7936a59a 12:00:00 AM GMT
Certificate no (unknown) (unknown) b73efb24df9c4dba75f239c5ba58f46c5dfc4 Thu 01 Jan 1970
2cf7a9f35c49e1d098125edb499 12:00:00 AM GMT
1 TLS Secure Renegotiation Extension Support Information port 443/tcp over SSL
QID: 42350
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS
connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the
client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as
the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed
over. This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is
supported by the server or not.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
TLS Secure Renegotiation Extension Status: supported.

1 SSL Certificate - Information port 443/tcp over SSL
QID: 86002
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
SSL certificate information is provided in the Results section.
IMPACT:
N/A
SOLUTION:
N/A
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
NAME VALUE
(0)CERTIFICATE 0
(0)Version 3 (0x2)
(0)Serial Number 0c:e8:99:8b:b4:81:7c:1d:12:25:19:c6:38:c4:dd:53
(0)Signature Algorithm sha256WithRSAEncryption
(0)ISSUER NAME
countryName US
organizationName "DigiCert, Inc."
commonName GeoTrust Global TLS RSA4096 SHA256 2022 CA1
(0)SUBJECT NAME
commonName apps.hexindo-tbk.co.id
(0)Valid From Dec 27 00:00:00 2022 GMT
(0)Valid Till Dec 27 23:59:59 2023 GMT
(0)Public Key Algorithm rsaEncryption
(0)RSA Public Key (2048 bit)
(0) RSA Public-Key: (2048 bit)
(0) Modulus:
(0) 00:c8:75:34:3a:d5:57:55:c2:00:12:db:02:f8:81:
(0) 97:c0:4a:28:fd:1f:a8:52:ab:04:12:c9:99:36:fe:
(0) 09:1e:b0:3a:4a:14:9f:7c:23:13:19:a5:89:66:fe:
(0) ab:ad:54:96:6e:6d:28:5a:1c:86:2e:12:b9:a1:5f:
(0) 32:de:d1:37:0f:e6:94:5d:f8:64:b8:3f:ff:60:02:
(0) 1c:f2:2b:fa:73:5d:d2:01:7d:99:ab:7a:ef:be:e7:
(0) 39:2f:0a:33:db:85:19:b8:fc:f9:fe:26:9b:09:00:
(0) 6f:11:22:c6:49:f0:6e:ea:c7:28:c0:a9:4b:bc:0b:
(0) 9a:84:fc:15:b2:e7:e1:4d:3e:be:77:8c:35:77:4a:
(0) f8:af:af:02:6a:a8:4e:5c:60:4f:5b:e0:5c:73:05:

(0) e3:7d:2c:c2:ad:cd:0d:a3:58:13:c5:5d:68:34:a6:
(0) 4d:da:55:8c:6e:9b:f2:ff:49:52:c0:68:da:42:80:
(0) 8c:d4:b8:37:83:9f:8d:8a:c8:1c:1a:b0:fa:63:fe:
(0) f1:df:38:f7:a5:b8:94:70:f1:ba:b9:c6:89:67:65:
(0) e7:2a:6f:fa:18:06:a2:19:49:67:21:d0:f9:51:44:
(0) a3:56:59:aa:c6:96:30:3e:1c:6c:74:e1:14:6c:75:
(0) c8:1c:1d:9f:00:31:49:55:23:c5:be:a0:3b:8e:5c:
(0) 8f:1b
(0) Exponent: 65537 (0x10001)
(0)X509v3 EXTENSIONS
(0)X509v3 Authority Key Identifier keyid:A5:B4:D6:EB:36:C4:E7:6B:A6:DF:C4:64:0B:01:2A:20:04:B8:66:23
(0)X509v3 Subject Key Identifier 70:18:49:0D:09:F7:75:17:60:9E:47:88:77:FB:CD:B8:B4:5F:BF:C8
(0)X509v3 Subject Alternative Name DNS:apps.hexindo-tbk.co.id, DNS:www.apps.hexindo-tbk.co.id
(0)X509v3 Key Usage critical
(0) Digital Signature, Key Encipherment
(0)X509v3 Extended Key Usage TLS Web Server Authentication, TLS Web Client Authentication
(0)X509v3 CRL Distribution Points
(0) Full Name:
(0) URI:http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
(0)
(0) Full Name:
(0) URI:http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
(0)X509v3 Certificate Policies Policy: 2.23.140.1.2.1
(0) CPS: http://www.digicert.com/CPS
(0)Authority Information Access OCSP - URI:http://ocsp.digicert.com
(0) CA Issuers - URI:http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt
(0)X509v3 Basic Constraints CA:FALSE
(0)CT Precertificate SCTs Signed Certificate Timestamp:
(0) Version : v1 (0x0)
(0) Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
(0) 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
(0) Timestamp : Dec 27 01:46:01.692 2022 GMT
(0) Extensions: none
(0) Signature : ecdsa-with-SHA256
(0) 30:45:02:21:00:A8:D0:33:47:D5:43:FA:D1:76:A4:9D:
(0) D4:D9:0C:05:32:77:63:58:F2:9D:4E:0A:66:D7:33:B1:
(0) 9F:A0:3E:83:BC:02:20:46:7E:D4:E3:DF:D5:89:69:27:
(0) 5D:29:5B:96:EA:22:7B:A9:CD:34:2D:79:70:01:88:8B:
(0) 1D:B5:DB:DE:BC:8D:E3
(0) Signed Certificate Timestamp:
(0) Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
(0) 4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
(0) 30:46:02:21:00:B5:5D:72:A3:54:B5:78:A7:34:E0:C6:
(0) 54:BB:D6:31:66:E8:B2:40:27:D7:89:7E:1B:F8:2D:48:
(0) 94:C8:A1:86:E3:02:21:00:99:DB:15:47:32:8B:92:84:
(0) 0C:E5:35:BF:E3:B0:D4:A7:13:22:89:10:24:3D:D6:69:
(0) B1:1C:37:3D:74:76:13:F7
(0) Signed Certificate Timestamp:
(0) Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
(0) 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99

(0) 30:44:02:20:59:63:96:1E:FB:0A:F5:D2:44:97:2A:1C:
(0) 7B:BB:D9:10:F6:50:48:D5:BE:76:AF:6D:07:2B:5F:DC:
(0) 0C:DD:03:91:02:20:2E:4E:50:7C:5E:E1:51:B0:0A:4E:
(0) 0C:D0:B5:DE:F2:FA:2D:95:B5:4B:83:D8:AF:58:22:C2:
(0) 1C:1B:E7:D3:97:84
(0)Signature (512 octets)
(0) 5b:bd:a7:29:2f:aa:ca:23:be:41:58:da:b4:f5:53:84
(0) 4f:f0:31:4c:cb:15:82:a1:36:e0:13:d5:b5:5f:56:71
(0) 50:64:c8:c5:3f:7c:bb:53:e9:78:61:b9:af:4e:9b:9f
(0) ae:12:58:f1:96:7a:72:c8:95:c9:e0:c0:2f:c4:5e:f8
(0) 8f:75:d7:6e:e2:49:2c:d9:b9:e5:0b:0a:c2:65:44:7c
(0) c3:fa:47:82:0b:df:02:25:b2:2e:00:66:37:25:64:c3
(0) 3b:b6:bf:6b:37:d3:f3:a5:e4:2f:1a:76:7f:52:46:ed
(0) 26:fd:e0:34:72:81:4b:de:32:ae:24:38:da:0f:35:12
(0) 0b:a8:15:eb:25:ce:4b:26:42:de:ad:58:28:32:a1:2d
(0) 12:b8:79:63:50:59:a6:a5:55:7e:d8:dc:2e:eb:62:2d
(0) bd:ff:ca:89:24:fe:d5:a5:d3:6d:01:03:10:c8:23:3d
(0) 12:e8:35:48:56:ec:70:49:2f:a1:c8:5c:38:0f:b5:eb
(0) 67:74:5a:34:21:75:80:32:2c:2c:f3:26:11:76:21:2e
(0) 1c:e9:d0:12:dd:7f:e9:7a:96:52:e5:5d:78:41:1d:da
(0) b0:15:5b:dd:4e:16:f6:de:13:cb:73:e2:11:19:7c:82
(0) 03:aa:bb:11:2a:42:3b:4b:28:9b:83:0e:48:3e:af:a6
(0) 0e:86:6a:f2:20:1e:b8:0a:22:a1:04:e6:02:27:55:85
(0) a9:1d:96:70:e3:11:67:1c:b9:25:49:1a:a3:a3:a1:0f
(0) 6c:7a:03:b8:f3:ff:a2:b4:a4:2f:c8:b0:20:f4:59:52
(0) c3:d4:51:33:0a:72:1b:e1:ca:90:27:49:73:31:82:1a
(0) 6f:78:97:c8:e8:1a:97:24:02:f2:83:08:d6:5f:df:3e
(0) 14:3e:31:6a:7f:a9:34:db:5d:00:70:9c:02:fd:cf:ac
(0) ae:a3:08:a9:2f:cf:d1:40:af:53:b6:be:53:41:88:4a
(0) 58:cb:10:3f:b8:7d:80:3a:c6:fe:c9:33:48:d9:0b:15
(0) 61:2e:0f:cf:aa:c6:4e:e8:ae:86:c3:b9:ba:b9:28:7d
(0) 42:d4:1e:3f:dc:ff:50:d4:b7:a7:d9:3d:3b:91:3a:68
(0) 90:81:d0:53:8e:21:f6:4e:f7:63:b4:47:ec:6a:82:82
(0) 61:04:67:3a:78:a8:1d:60:c4:13:fe:8e:70:ae:1e:66
(0) d3:31:27:b6:f5:4f:eb:08:78:bc:e5:5b:a1:d4:e7:4b
(0) e9:b2:a7:6e:36:9b:23:e1:3b:41:57:d2:59:09:9c:dc
(0) bd:49:20:6f:14:7c:2c:4e:92:f8:b4:09:13:59:44:37
(0) 2c:7e:66:cf:cb:af:38:fa:33:3d:66:bc:fc:b1:ca:9e
(1)CERTIFICATE 1
(1)Version 3 (0x2)
(1)Serial Number 0f:62:2f:6f:21:c2:ff:5d:52:1f:72:3a:1d:47:d6:2d
(1)ISSUER NAME
countryName US
organizationName DigiCert Inc
organizationalUnitName www.digicert.com
commonName DigiCert Global Root CA
(1)SUBJECT NAME
countryName US
organizationName "DigiCert, Inc."
commonName GeoTrust Global TLS RSA4096 SHA256 2022 CA1
(1)Valid From May 4 00:00:00 2022 GMT

(1)Valid Till Nov 9 23:59:59 2031 GMT
(1) Modulus:
(1) 00:e8:b6:c3:87:e4:86:86:4f:08:8e:8b:ee:72:cc:
(1) 8e:f2:53:16:0d:ab:bd:76:bb:24:f8:10:b6:99:bd:
(1) 2e:ce:19:f6:ed:bf:4a:e8:93:0d:c8:e7:19:f8:cc:
(1) 62:af:6e:4d:d0:6c:89:18:c2:0b:c7:e1:dc:7b:2b:
(1) 3c:c0:82:02:f7:c0:7f:b6:d8:df:8f:6b:39:5e:17:
(1) 59:31:97:67:64:52:50:4d:b4:cc:ac:a1:88:5d:59:
(1) f9:29:32:48:3e:7e:f7:2c:73:2c:d1:32:6f:e2:57:
(1) 37:c2:cb:2d:cc:81:d8:7c:3b:f6:31:2a:ea:fd:3d:
(1) fb:cc:cb:e4:8a:77:c0:5c:fd:f9:47:37:4f:1e:0b:
(1) 57:04:ef:5b:9d:29:18:c1:c5:97:7c:69:8c:ee:e2:
(1) 41:2d:91:0a:43:5c:1c:77:6a:7c:41:24:2b:2f:04:
(1) 4a:d5:46:03:6e:da:61:8b:87:6e:07:71:8a:f8:ef:
(1) d0:0c:71:dc:ce:0d:ad:67:ce:f2:d1:a3:f3:0d:2d:
(1) f0:b8:4a:0d:3b:a4:fe:01:4e:23:89:25:45:c1:d1:
(1) 8d:cb:87:ea:08:8a:ea:69:0c:de:aa:46:19:02:d6:
(1) f9:97:3b:43:dd:cd:15:76:a5:13:94:33:9f:9f:c9:
(1) 11:22:1c:48:f1:43:39:ec:e8:02:2f:5f:31:db:44:
(1) 6b:b4:23:f7:fc:82:69:4c:79:4b:5e:25:eb:ac:e5:
(1) 13:53:9d:cb:98:73:a5:00:4e:96:cc:3d:2a:32:71:
(1) b1:fa:5c:e0:b4:13:07:c6:83:68:d8:d2:ab:32:e9:
(1) c2:3e:97:96:c4:63:69:1a:27:f4:64:92:d6:ae:87:
(1) 0d:82:37:a3:ca:51:c7:4d:f1:33:59:3b:25:38:22:
(1) cb:24:4e:fb:ce:0f:56:32:d4:3b:1c:ba:bb:84:ab:
(1) 11:74:4c:d2:37:6d:c6:a9:f3:7f:05:b6:08:5b:0a:
(1) a3:ee:71:1d:90:7d:c6:de:66:f3:6c:f0:53:36:3b:
(1) f9:53:87:12:0f:18:a4:9c:52:d8:de:87:47:a4:01:
(1) bf:1a:3f:ea:98:32:7d:d9:b0:02:38:8e:1a:10:35:
(1) 19:f1:ef:41:67:f6:bf:21:cd:82:e2:ea:d4:99:f8:
(1) 82:bd:1b:db:b1:cc:66:5e:b2:aa:ab:af:f4:ef:57:
(1) 80:38:cf:93:5e:3b:7b:29:bc:19:b3:7a:02:60:41:
(1) 91:ed:07:5d:1f:1f:3f:08:9e:af:5b:29:80:8a:01:
(1) 5b:7b:71:65:8e:8e:88:9a:ff:25:19:76:9f:93:27:
(1) 51:9d:d0:77:21:5f:bf:37:e4:b8:15:b0:54:22:3b:
(1) 58:8e:20:54:99:a1:90:e3:1e:1b:d8:2b:84:84:4f:
(1) 9b:ec:c7
(1) Exponent: 65537 (0x10001)
(1)X509v3 Basic Constraints critical
(1) CA:TRUE, pathlen:0
(1)X509v3 Subject Key Identifier A5:B4:D6:EB:36:C4:E7:6B:A6:DF:C4:64:0B:01:2A:20:04:B8:66:23
(1)X509v3 Authority Key Identifier keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55
(1) Digital Signature, Certificate Sign, CRL Sign
(1)X509v3 Extended Key Usage TLS Web Server Authentication, TLS Web Client Authentication
(1)Authority Information Access OCSP - URI:http://ocsp.digicert.com
(1) CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalRootCA.crt
(1)X509v3 CRL Distribution Points
(1) Full Name:
(1) URI:http://crl3.digicert.com/DigiCertGlobalRootCA.crl
(1)X509v3 Certificate Policies Policy: 2.16.840.1.114412.2.1

(1) Policy: 2.23.140.1.1
(1) Policy: 2.23.140.1.2.1
(1) Policy: 2.23.140.1.2.2
(1) Policy: 2.23.140.1.2.3
(1) 9e:72:b5:c0:51:c7:0b:73:5d:6f:d2:da:d3:b2:48:9b
(1) b8:6e:11:51:52:e6:11:17:dd:52:30:35:17:f1:a5:fc
(1) 67:f2:48:74:b6:5b:d7:e7:7a:2c:86:a2:56:4c:9b:14
(1) a6:0b:f0:ad:b1:b9:a9:7a:fc:d2:f4:b5:c2:34:4f:73
(1) 70:fd:03:70:4b:5d:8d:ad:f6:d2:fe:d8:7d:6a:eb:3b
(1) 92:24:9b:9c:d6:e4:33:6b:1c:eb:5b:f1:f6:51:74:a9
(1) 89:25:84:9c:d2:3a:45:0f:3d:2c:aa:e0:17:61:83:c1
(1) ba:a6:e0:2a:ae:f4:0d:ab:13:4d:31:34:f2:32:ce:4a
(1) 34:97:69:2c:c1:1d:20:a7:5e:94:cf:bd:28:a1:0c:cb
(1) df:e3:58:6b:8b:a0:da:fc:06:f8:e4:0f:1d:7d:55:04
(1) 88:30:2a:f0:4c:58:90:48:2d:ec:32:46:50:ac:28:19
(1) 23:09:d0:6d:fd:b2:9c:e4:8c:0e:eb:4b:a2:36:b9:b8
(1) a0:7b:97:eb:db:1f:6a:92:3c:57:f7:bc:3d:87:a1:31
(1) fb:4b:cf:a4:d0:77:d7:6f:f7:fb:65:23:39:18:39:67
(1) dc:34:db:04:f2:36:aa:69:8c:8b:01:59:24:e3:2e:60
(1) 04:0f:d5:cc:8f:f3:2c:25:85:f7:44:74:a5:5c:5b:a1
(2)CERTIFICATE 2
(2)Version 3 (0x2)
(2)Serial Number 08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
(2)ISSUER NAME
countryName US
(2)SUBJECT NAME
countryName US
(2)Valid From Nov 10 00:00:00 2006 GMT
(2)Valid Till Nov 10 00:00:00 2031 GMT
(2) Modulus:
(2) 00:e2:3b:e1:11:72:de:a8:a4:d3:a3:57:aa:50:a2:
(2) 8f:0b:77:90:c9:a2:a5:ee:12:ce:96:5b:01:09:20:
(2) cc:01:93:a7:4e:30:b7:53:f7:43:c4:69:00:57:9d:
(2) e2:8d:22:dd:87:06:40:00:81:09:ce:ce:1b:83:bf:
(2) df:cd:3b:71:46:e2:d6:66:c7:05:b3:76:27:16:8f:
(2) 7b:9e:1e:95:7d:ee:b7:48:a3:08:da:d6:af:7a:0c:
(2) 39:06:65:7f:4a:5d:1f:bc:17:f8:ab:be:ee:28:d7:
(2) 74:7f:7a:78:99:59:85:68:6e:5c:23:32:4b:bf:4e:
(2) c0:e8:5a:6d:e3:70:bf:77:10:bf:fc:01:f6:85:d9:
(2) a8:44:10:58:32:a9:75:18:d5:d1:a2:be:47:e2:27:
(2) 6a:f4:9a:33:f8:49:08:60:8b:d4:5f:b4:3a:84:bf:
(2) a1:aa:4a:4c:7d:3e:cf:4f:5f:6c:76:5e:a0:4b:37:
(2) 91:9e:dc:22:e6:6d:ce:14:1a:8e:6a:cb:fe:cd:b3:
(2) 14:64:17:c7:5b:29:9e:32:bf:f2:ee:fa:d3:0b:42:

(2) d4:ab:b7:41:32:da:0c:d4:ef:f8:81:d5:bb:8d:58:
(2) 3f:b5:1b:e8:49:28:a2:70:da:31:04:dd:f7:b2:16:
(2) f2:4c:0a:4e:07:a8:ed:4a:3d:5e:b5:7f:a3:90:c3:
(2) af:27
(2) Exponent: 65537 (0x10001)
(2) Digital Signature, Certificate Sign, CRL Sign
(2)X509v3 Basic Constraints critical
(2) CA:TRUE
(2)X509v3 Subject Key Identifier 03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55
(2)X509v3 Authority Key Identifier keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55
(2) cb:9c:37:aa:48:13:12:0a:fa:dd:44:9c:4f:52:b0:f4
(2) df:ae:04:f5:79:79:08:a3:24:18:fc:4b:2b:84:c0:2d
(2) b9:d5:c7:fe:f4:c1:1f:58:cb:b8:6d:9c:7a:74:e7:98
(2) 29:ab:11:b5:e3:70:a0:a1:cd:4c:88:99:93:8c:91:70
(2) e2:ab:0f:1c:be:93:a9:ff:63:d5:e4:07:60:d3:a3:bf
(2) 9d:5b:09:f1:d5:8e:e3:53:f4:8e:63:fa:3f:a7:db:b4
(2) 66:df:62:66:d6:d1:6e:41:8d:f2:2d:b5:ea:77:4a:9f
(2) 9d:58:e2:2b:59:c0:40:23:ed:2d:28:82:45:3e:79:54
(2) 92:26:98:e0:80:48:a8:37:ef:f0:d6:79:60:16:de:ac
(2) e8:0e:cd:6e:ac:44:17:38:2f:49:da:e1:45:3e:2a:b9
(2) 36:53:cf:3a:50:06:f7:2e:e8:c4:57:49:6c:61:21:18
(2) d5:04:ad:78:3c:2c:3a:80:6b:a7:eb:af:15:14:e9:d8
(2) 89:c1:b9:38:6c:e2:91:6c:8a:ff:64:b9:77:25:57:30
(2) c0:1b:24:a3:e1:dc:e9:df:47:7c:b5:b4:24:08:05:30
(2) ec:2d:bd:0b:bf:45:bf:50:b9:a9:f3:eb:98:01:12:ad
(2) c8:88:c6:98:34:5f:8d:0a:3c:c6:e9:d5:95:95:6d:de
1 Web Server Supports HTTP Request Pipelining port 443/tcp over SSL
QID: 86565
Associated CVEs: -
Vendor Reference: -
Bugtraq ID: -
User Modified: -
Edited: No
PCI Vuln: No
THREAT:
Version 1.1 of the HTTP protocol supports URL-Request Pipelining. This means that instead of using the "Keep-Alive" method to keep the TCP
connection alive over multiple requests, the protocol allows multiple HTTP URL requests to be made in the same TCP packet. Any Web server which
is HTTP 1.1 compliant should then process all the URLs requested in the single TCP packet and respond as usual.
The target Web server was found to support this functionality of the HTTP 1.1 protocol.
IMPACT:
Support for URL-Request Pipelining has interesting consequences. For example, as explained in this paper by Daniel Roelker
(http://www.defcon.org/images/defcon-11/dc-11-presentations/dc-11-Roelker/dc-11-roelker-paper.pdf), it can be used for evading detection by
Intrusion Detection Systems. Also, it can be used in HTTP Response-Spliting style attacks.
SOLUTION:
N/A
COMPLIANCE:

Not Applicable
EXPLOITABILITY:
ASSOCIATED MALWARE:
RESULTS:
GET / HTTP/1.1
Host:182.23.52.118:443
GET /Q_Evasive/ HTTP/1.1

Host:182.23.52.118:443

pragma: no-cache
date: Thu, 21 Sep 2023 07:42:35 GMT
server: LiteSpeed
<!DOCTYPE html>
<head>
</title></head>
left:50%;">
</h2>
1px 0 rgba(255, 255, 255, 0.3) inset;">
pragma: no-cache
date: Thu, 21 Sep 2023 07:42:35 GMT
server: LiteSpeed
<!DOCTYPE html>
<head>
</title></head>
left:50%;">
</h2>
1px 0 rgba(255, 255, 255, 0.3) inset;">

Appendix
Hosts Scanned (IP)

182.23.52.118
Target distribution across scanner appliances

External : 182.23.52.118
Options Profile
HCMセキュリティ診断用プロファイル
Scan Settings
Ports:
Scanned TCP Ports: Standard Scan
Scanned UDP Ports: Standard Scan
Scan Dead Hosts: On
Close Vulnerabilities on Dead Hosts Count: Off
Purge old host data when OS changes: Off
Load Balancer Detection: Off
Perform 3-way Handshake: Off
Vulnerability Detection: Complete
Intrusive Checks: Excluded
Password Brute Forcing:
System: Standard
Custom: Disabled
Authentication:
Windows: Disabled
Unix/Cisco/Network SSH: Disabled
Unix Least Privilege Authentication: Disabled
Oracle: Disabled
Oracle Listener: Disabled
SNMP: Disabled
VMware: Disabled
DB2: Disabled
HTTP: Disabled
MySQL: Disabled
Tomcat Server: Disabled
MongoDB: Disabled
Palo Alto Networks Firewall: Disabled
Jboss Server: Disabled
Oracle WebLogic Server: Disabled
MariaDB: Disabled
InformixDB: Disabled
MS Exchange Server: Disabled
Oracle HTTP Server: Disabled
MS SharePoint: Disabled
Sybase: Disabled
Kubernetes: Disabled
SAP IQ: Disabled
SAP HANA: Disabled

Azure MS SQL: Disabled
Neo4j: Disabled
NGINX: Disabled
Infoblox: Disabled
Overall Performance: Custom
Additional Certificate Detection:
Authenticated Scan Certificate Discovery: Disabled
Test Authentication: Disabled
Hosts to Scan in Parallel:
Use Appliance Parallel ML Scaling: Off
External Scanners: 15
Scanner Appliances: 15
Processes to Run in Parallel:
Total Processes: 10
HTTP Processes: 6
Packet (Burst) Delay: Long
Port Scanning and Host Discovery:
Intensity: Normal
Dissolvable Agent:
Dissolvable Agent (for this profile): Disabled
Windows Share Enumeration: Disabled
Windows Directory Search: Disabled
Lite OS Discovery: Disabled
Host Alive Testing: Disabled
Do Not Overwrite OS: Disabled
Advanced Settings
Host Discovery: TCP Standard Scan, UDP Standard Scan, ICMP On
Ignore firewall-generated TCP RST packets: Off
Ignore all TCP RST packets: Off
Ignore firewall-generated TCP SYN-ACK packets: Off
Do not send TCP ACK or SYN-ACK packets during host discovery: Off
Report Legend
Vulnerability Levels
A Vulnerability is a design flaw or mis-configuration which makes your network (or a host on your network) susceptible to malicious attacks from local or
remote users. Vulnerabilities can exist in several areas of your network, such as in your firewalls, FTP servers, Web servers, operating systems or CGI
bins. Depending on the level of the security risk, the successful exploitation of a vulnerability can vary from the disclosure of information about the host
to a complete compromise of the host.
Severity Level Description
1 Minimal Intruders can collect information about the host (open ports, services, etc.) and may be
able to use this information to find other vulnerabilities.
2 Medium Intruders may be able to collect sensitive information from the host, such as the
precise version of software installed. With this information, intruders can easily
exploit known vulnerabilities specific to software versions.
3 Serious Intruders may be able to gain access to specific information stored on the host,
including security settings. This could result in potential misuse of the host by
intruders. For example, vulnerabilities at this level may include partial disclosure of
file contents, access to certain files on the host, directory browsing, disclosure of
filtering rules and security mechanisms, denial of service attacks, and unauthorized use
of services, such as mail-relaying.
4 Critical Intruders can possibly gain control of the host, or there may be potential leakage of
highly sensitive information. For example, vulnerabilities at this level may include
full read access to files, potential backdoors, or a listing of all the users on the
host.

5 Urgent Intruders can easily gain control of the host, which can lead to the compromise of your
entire network security. For example, vulnerabilities at this level may include full
read and write access to files, remote execution of commands, and the presence of
backdoors.
Potential Vulnerability Levels
A potential vulnerability is one which we cannot confirm exists. The only way to verify the existence of such vulnerabilities on your network would be to
perform an intrusive scan, which could result in a denial of service. This is strictly against our policy. Instead, we urge you to investigate these potential
vulnerabilities further.
1 Minimal If this vulnerability exists on your system, intruders can collect information about the
host (open ports, services, etc.) and may be able to use this information to find other
vulnerabilities.
2 Medium If this vulnerability exists on your system, intruders may be able to collect sensitive
information from the host, such as the precise version of software installed. With this
information, intruders can easily exploit known vulnerabilities specific to software
versions.
3 Serious If this vulnerability exists on your system, intruders may be able to gain access to
specific information stored on the host, including security settings. This could result
in potential misuse of the host by intruders. For example, vulnerabilities at this level
may include partial disclosure of file contents, access to certain files on the host,
directory browsing, disclosure of filtering rules and security mechanisms, denial of
service attacks, and unauthorized use of services, such as mail-relaying.
4 Critical If this vulnerability exists on your system, intruders can possibly gain control of the
host, or there may be potential leakage of highly sensitive information. For example,
vulnerabilities at this level may include full read access to files, potential
backdoors, or a listing of all the users on the host.
5 Urgent If this vulnerability exists on your system, intruders can easily gain control of the
host, which can lead to the compromise of your entire network security. For example,
vulnerabilities at this level may include full read and write access to files, remote
execution of commands, and the presence of backdoors.
Information Gathered
Information Gathered includes visible information about the network related to the host, such as traceroute information, Internet Service Provider (ISP), or
a list of reachable hosts. Information Gathered severity levels also include Network Mapping data, such as detected firewalls, SMTP banners, or a list of
open TCP services.
1 Minimal Intruders may be able to retrieve sensitive information related to the host, such as
open UDP and TCP services lists, and detection of firewalls.
2 Medium Intruders may be able to determine the operating system running on the host, and view banner versions.
3 Serious Intruders may be able to detect highly sensitive data, such as global system user lists.
CONFIDENTIAL AND PROPRIETARY INFORMATION.

Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this
report is complete or error-free. Copyright 2023, Qualys, Inc.

Scan Apps Whitelist Non IPS

Uploaded by

Copyright:

Available Formats

Scan Apps Whitelist Non IPS

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Scan Apps Whitelist Non IPS

Uploaded by

Copyright:

Available Formats

Scan Results

September 21, 2023

Vulnerabilities Total 31 Security Risk (Avg) 3.0

Scan Results page 1

Operating Systems Detected

182.23.52.118 (-, -) Ubuntu/Linux

Scan Results page 2

Certificate #0 CN=apps.hexindo-tbk.co.id (apps.hexindo-tbk.co.id) and IP (182.23.52.118) don't match

Scan Results page 3

isakmp hash(key + identity): ce10fa8f223a46d4ed05c7011a7c481465cbaa62

Potential Vulnerabilities (2)

3 Web Server Stopped Responding port 80/tcp

Scan Results page 4

3 Web Server Stopped Responding port 443/tcp over SSL

Information Gathered (27)

3 Remote Access or Management Service Detected

Scan Results page 5

Service name: ISAKMP on UDP port 500.

2 Operating System Detected

Scan Results page 6

2 Host Uptime Based on TCP TimeStamp Option

1 DNS Host Name

Scan Results page 7

Scan Results page 8

Listed below are the ports filtered by the firewall.

1 Target Network Information

The network handle is: APNIC-182

1 Internet Service Provider

Scan Results page 9

The ISP network handle is: PL-ARELION

Scan Results page 10

1 Host Scan Time - Scanner

Scan duration: 1293 seconds

Start time: Thu, Sep 21 2023, 07:35:22 GMT

End time: Thu, Sep 21 2023, 07:56:55 GMT

1 Scan Activity per Port

Scan Results page 11

1 Open UDP Services List

Scan Results page 12

1 Open TCP Services List

1 ICMP Replies Received

Scan Results page 13

1 Degree of Randomness of TCP Initial Sequence Numbers

Scan Results page 14

IP ID changes observed (network order) for port 80: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

1 Host Name Not Available

Scan Results page 15

1 Web Server Supports HTTP Request Pipelining port 80/tcp

GET /Q_Evasive/ HTTP/1.1

HTTP/1.1 404 Not Found

Scan Results page 16

1 SSL Server Information Retrieval port 443/tcp over SSL

The following is a list of supported SSL ciphers.

Scan Results page 17

1 SSL Session Caching Information port 443/tcp over SSL

Scan Results page 18

TLSv1.2 session caching is enabled on the target.

Scan Results page 19

Scan Results page 20