{"vulnerability": "cve-2015-4000", "sightings": [{"uuid": "8821e88b-0d13-40fe-bf23-1eb3382ab4fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "MISP/5b06d57d-f2b8-4357-9038-45d39f590eb0", "content": "", "creation_timestamp": "2018-05-24T15:44:33.000000Z"}, {"uuid": "93ac7063-af90-42e7-aa4b-7137b78aaae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:42.000000Z"}, {"uuid": "a9810c84-81e1-464a-b85a-9718985edb55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/ssl_version.rb", "content": "", "creation_timestamp": "2022-11-07T22:22:31.000000Z"}, {"uuid": "9f704c18-0cee-459e-86a6-cd7449cf7712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:09:40.000000Z"}, {"uuid": "2a6e8ebc-74fb-4bdf-aaca-66b2ef7f350a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/endsodomaofficial/7318", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T00:49:09.000000Z"}, {"uuid": "5152ea71-8c34-47d9-9dc4-ecb447e38da0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/hex4gon1/908", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:02:07.000000Z"}, {"uuid": "c90349d8-cf0f-4373-873e-90a2a81e746c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/jokerssec/1351", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:00:05.000000Z"}, {"uuid": "fec7fbb5-763f-46b6-bfe6-daf52d6bb15f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/thegoodfatherag/8840", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:24:44.000000Z"}, {"uuid": "8bf2f3a4-c988-4b1b-b508-9a4e0276224b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/information_security_channel/9760", "content": "A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.\n\nSSL Vulnerabilities Detected by A2SV\n[CVE-2007-1858] Anonymous Cipher\n[CVE-2012-4929] CRIME(SPDY)\n[CVE-2014-0160] CCS Injection\n[CVE-2014-0224] HeartBleed\n[CVE-2014-3566] SSLv3 POODLE\n[CVE-2015-0204] FREAK Attack\n[CVE-2015-4000] LOGJAM Attack\n[CVE-2016-0800] SSLv2 DROWN\nPlanned for future:\n[PLAN] SSL ACCF\n[PLAN] SSL Information Analysis\nInstallation & Requirements for A2SV\nA.\nRead the rest of A2SV \u2013 Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed now! Only available at Darknet. (https://www.darknet.org.uk/2017/10/a2sv-auto-scanning-ssl-vulnerability-tool-poodle-heartbleed/)", "creation_timestamp": "2017-10-09T18:29:26.000000Z"}, {"uuid": "79fd9dc4-9f58-482a-914d-3eb94536f2d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/fucklulzsecisrahell/6294", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T02:55:48.000000Z"}, {"uuid": "c44a5a0e-d923-452a-9a1c-4e543f0c9e06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-4000", "type": "seen", "source": "https://t.me/marianaalecu/3622", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09 -->> 77.81.101.111:443 (77.81.101.111) <<--\n\n rDNS (77.81.101.111): --\n Service detected: HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224) not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)\n ROBOT not vulnerable (OK)\n Secure Renegotiation (RFC 5746) supported (OK)\n Secure Client-Initiated Renegotiation not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929) not vulnerable (OK)\n BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566) not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)\n FREAK (CVE-2015-0204) not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)\n make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: HAProxy (2048 bits),\n but no DH EXPORT ciphers\n BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA\n HE-RSA-AES256-SHA\n CDHE-RSA-AES128-SHA\n HE-RSA-AES128-SHA\n ES256-SHA\n ES128-SHA\n VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] -->> 77.81.101.111:443 (77.81.101.111) <<--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T00:48:21.000000Z"}]}