{"vulnerability": "CVE-2016-9244", "sightings": [{"uuid": "efe60369-6f3e-4cba-8b40-dc9fef1fa4d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2016-9244", "type": "seen", "source": "https://t.me/hex4gon1/908", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:02:07.000000Z"}, {"uuid": "f90aaa3f-0b6c-48e6-ad73-bf36dfa94e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2016-9244", "type": "seen", "source": "https://t.me/endsodomaofficial/7318", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T00:49:09.000000Z"}, {"uuid": "72a050dd-56a6-4847-b924-9d0577ded910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2016-9244", "type": "seen", "source": "https://t.me/marianaalecu/3622", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T00:48:21.000000Z"}, {"uuid": "7f3926c9-abec-4a7c-8d5f-d01a8da17138", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2016-9244", "type": "seen", "source": "https://t.me/thegoodfatherag/8840", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:24:44.000000Z"}, {"uuid": "3998f334-227c-4d15-b41a-cc17ca2930a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2016-9244", "type": "seen", "source": "https://t.me/jokerssec/1351", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:00:05.000000Z"}, {"uuid": "0629016e-03df-4240-8214-3c6860a08fd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2016-9244", "type": "seen", "source": "https://t.me/fucklulzsecisrahell/6294", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T02:55:48.000000Z"}, {"uuid": "b1814780-4a91-4216-8665-466195364a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2016-9244", "type": "seen", "source": "https://t.me/eXCe_Fixxed/109130", "content": "# DD0S CVE List by Layer 3/4/7\n\n## Layer 3 (Network) - ICMP, IP, NDP\n\n# 2020\n- CVE-2020-16898 > Windows TCP/IP \"Bad Neighbor\" - ICMPv6 ping of death (DoS via BSOD)\n\n## Layer 4 (Transport) - TCP, UDP\n\n# 2013\n- CVE-2013-5211 > NTP Amplification Attack via 'monlist' (UDP-based)\n\n# 2016\n- CVE-2016-9244 > Cisco VPN IKEv1 flood (UDP port 500 DoS)\n\n# 2018\n- CVE-2018-1000115 > Memcached UDP Amplification (reflection attack)\n\n# 2018\n- CVE-2018-0171 > Cisco Smart Install DoS (TCP port 4786)\n\n## Layer 7 (Application) - HTTP, NTP, Memcached, API\n\n# 2021\n- CVE-2021-22986 > F5 BIG-IP iControl REST unauth DoS/RCE (API abuse)\n\n# 2023\n- CVE-2023-44487 > HTTP/2 Rapid Reset Attack - stream reset flooding\n\n# 2024\n- CVE-2024-29269 > Telesquare LTE Router Cmd Injection (dapat digunakan untuk DoS chaining) {New Cve Bug}", "creation_timestamp": "2025-08-03T06:11:01.000000Z"}, {"uuid": "7ca47b96-b3a0-4ad3-b213-c22702490439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2016-9244", "type": "seen", "source": "https://t.me/eXCe_Fixxed/502", "content": "# DD0S CVE List by Layer 3/4/7\n\n## Layer 3 (Network) - ICMP, IP, NDP\n\n# 2020\n- CVE-2020-16898 > Windows TCP/IP \"Bad Neighbor\" - ICMPv6 ping of death (DoS via BSOD)\n\n## Layer 4 (Transport) - TCP, UDP\n\n# 2013\n- CVE-2013-5211 > NTP Amplification Attack via 'monlist' (UDP-based)\n\n# 2016\n- CVE-2016-9244 > Cisco VPN IKEv1 flood (UDP port 500 DoS)\n\n# 2018\n- CVE-2018-1000115 > Memcached UDP Amplification (reflection attack)\n\n# 2018\n- CVE-2018-0171 > Cisco Smart Install DoS (TCP port 4786)\n\n## Layer 7 (Application) - HTTP, NTP, Memcached, API\n\n# 2021\n- CVE-2021-22986 > F5 BIG-IP iControl REST unauth DoS/RCE (API abuse)\n\n# 2023\n- CVE-2023-44487 > HTTP/2 Rapid Reset Attack - stream reset flooding\n\n# 2024\n- CVE-2024-29269 > Telesquare LTE Router Cmd Injection (dapat digunakan untuk DoS chaining) {New Cve Bug}", "creation_timestamp": "2025-08-03T06:11:01.000000Z"}]}