GeneralInformation

Country	China
City	Shanghai
Organization	Aliyun Computing Co., LTD
ISP	Hangzhou Alibaba Advertising Co.,Ltd.
ASN	AS37963

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

80 443 8008 8887 8889 9999

1410193794 | 2024-05-30T14:58:21.693730

80 / tcp

HTTP/1.1 404 
Server: nginx/1.18.0
Date: Thu, 30 May 2024 14:58:21 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 431
Connection: keep-alive
Content-Language: en

549656107 | 2024-05-31T09:34:17.754526

443 / tcp

SSL Error: ALERT_BAD_CERTIFICATE

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:a6:da:08:f2:04:1d:db:1f:bb:aa:fc:b4:ba:7f:b5:fc:49:ce:f5
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=CN, O=weizhi, CN=ShanghaiPKISubCA-G1
        Validity
            Not Before: Nov 29 01:50:50 2023 GMT
            Not After : Nov 26 01:50:49 2026 GMT
        Subject: CN=server_cert_002
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:8a:ed:6e:1a:fe:5b:ae:1a:f7:e7:49:47:1c:b8:
                    c2:d4:08:f5:8a:4e:ba:48:47:17:9a:06:e3:42:e4:
                    89:72:06:d3:ee:b1:36:c1:35:6c:05:26:ad:ba:a8:
                    58:e9:fa:d3:13:74:33:1e:45:da:1d:38:0c:dc:17:
                    20:16:2f:b6:af
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                ED:C8:83:D0:AE:66:BD:0D:72:B0:F8:F9:B0:D9:15:27:84:01:DD:77
            Authority Information Access: 
                CA Issuers - URI:http://my.pki/certs/MyPKISubCA-G1.crt
                OCSP - URI:http://my.pki/ocsp
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://my.pki/crls/MyPKISubCA-G1.crl
            X509v3 Subject Key Identifier: 
                17:F2:D8:B6:B8:1C:ED:4A:AE:12:2C:57:98:75:25:70:73:54:3E:90
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:44:02:20:37:38:29:01:5b:4a:11:fc:e0:8a:ca:dd:af:93:
        93:f2:11:cd:bb:51:f5:e0:e9:4b:e3:90:a3:8f:a2:29:70:77:
        02:20:5e:6e:23:59:a2:6c:65:36:4d:c8:20:3b:b9:de:63:a9:
        2f:e1:60:e0:14:d0:ec:43:9e:6b:ff:5a:b4:a7:ee:c9

76028532 | 2024-05-29T01:05:42.999338

8008 / tcp

HTTP/1.1 401 
Access-control-Allow-Origin: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Credentials: true
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 28-May-2024 01:05:42 GMT; SameSite=lax
WWW-Authenticate: Bearer realm="application"
Content-Length: 0
Date: Wed, 29 May 2024 01:05:42 GMT

1741675827 | 2024-05-13T09:43:28.678163

8887 / tcp

HTTP/1.1 502 Bad Gateway
Server: nginx/1.18.0
Date: Mon, 13 May 2024 09:43:28 GMT
Content-Type: text/html
Content-Length: 559
Connection: keep-alive

61026631 | 2024-05-12T16:50:50.311508

8889 / tcp

HTTP/1.1 404 
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 431
Date: Sun, 12 May 2024 16:50:50 GMT

<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1></body></html>

1973569470 | 2024-06-01T02:36:54.230326

9999 / tcp

HTTP/1.1 400 
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 435
Date: Sat, 01 Jun 2024 02:36:53 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 400 – Bad Request</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 400 – Bad Request</h1></body></html>

101.132.183.210

Last Seen: 2024-06-01

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

1410193794 | 2024-05-30T14:58:21.693730
80 / tcp

nginx1.18.0

549656107 | 2024-05-31T09:34:17.754526
443 / tcp

76028532 | 2024-05-29T01:05:42.999338
8008 / tcp

1741675827 | 2024-05-13T09:43:28.678163
8887 / tcp

nginx1.18.0

61026631 | 2024-05-12T16:50:50.311508
8889 / tcp

1973569470 | 2024-06-01T02:36:54.230326
9999 / tcp

Products

Pricing

Contact Us

101.132.183.210

Last Seen: 2024-06-01

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

1410193794 | 2024-05-30T14:58:21.693730 80 / tcp

nginx1.18.0

549656107 | 2024-05-31T09:34:17.754526 443 / tcp

76028532 | 2024-05-29T01:05:42.999338 8008 / tcp

1741675827 | 2024-05-13T09:43:28.678163 8887 / tcp

nginx1.18.0

61026631 | 2024-05-12T16:50:50.311508 8889 / tcp

1973569470 | 2024-06-01T02:36:54.230326 9999 / tcp

Products

Pricing

Contact Us

1410193794 | 2024-05-30T14:58:21.693730
80 / tcp

549656107 | 2024-05-31T09:34:17.754526
443 / tcp

76028532 | 2024-05-29T01:05:42.999338
8008 / tcp

1741675827 | 2024-05-13T09:43:28.678163
8887 / tcp

61026631 | 2024-05-12T16:50:50.311508
8889 / tcp

1973569470 | 2024-06-01T02:36:54.230326
9999 / tcp