GeneralInformation

Hostnames	138.41.154.104.bc.googleusercontent.com descubre.movistar.co
Domains	googleusercontent.com movistar.co
Cloud Provider	Google
Cloud Region	us-central1
Country	United States
City	Council Bluffs
Organization	Google LLC
ISP	Google LLC
ASN	AS396982

WebTechnologies

JavaScript frameworks

JavaScript libraries

UI frameworks

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-20372	4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2018-16845	5.8nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
CVE-2017-7529	5.0Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
CVE-2017-20005	7.5NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
CVE-2016-4450	5.0os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
CVE-2016-1247	7.2The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
CVE-2016-0747	5.0The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
CVE-2016-0746	7.5Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
CVE-2016-0742	5.0The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

OpenPorts

22 80 443

-846343548 | 2024-04-22T14:21:23.933836

22 / tcp

SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQCnapp0XuIEKR/aODk+bq89CLFCIWpBjBdWDXVMnPOsN+lZ
/dQLFGFmLXVqL+3ql/qOiD2xQX6OLNplQ0QPnPyOrm0Ks01y+kUcu54VbrcRD36L12Eozd9NxwvN
oWjCJW9MGjCWfK6HduQDa7R48GN/RjMXtkW3iDbdJvU9jyTzaRI+StXpRiV+MFf4A6aOnxN4R+DC
ztaisVWR5y1hUllvZ5LxNLWkzP5qrHgHNnhQ4AvFvt04agbS82IMi9yyTMwsbAKtiIEhORJxNcfW
btaYdG9fRrg8z06Xzhwlf/vNaBjBB7M2bjQlnQ84xKRxdPPOHCK3y1b3DTe6t1LEJGqZ
Fingerprint: f3:e5:92:69:ab:71:cd:ac:a5:9c:67:92:f8:fe:8d:5a

Kex Algorithms:
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group-exchange-sha1
	diffie-hellman-group14-sha1
	diffie-hellman-group1-sha1

Server Host Key Algorithms:
	ssh-rsa
	ssh-dss
	ecdsa-sha2-nistp256

Encryption Algorithms:
	aes128-ctr
	aes192-ctr
	aes256-ctr
	arcfour256
	arcfour128
	aes128-cbc
	3des-cbc
	blowfish-cbc
	cast128-cbc
	aes192-cbc
	aes256-cbc
	arcfour
	rijndael-cbc@lysator.liu.se

MAC Algorithms:
	hmac-md5
	hmac-sha1
	umac-64@openssh.com
	hmac-sha2-256
	hmac-sha2-256-96
	hmac-sha2-512
	hmac-sha2-512-96
	hmac-ripemd160
	hmac-ripemd160@openssh.com
	hmac-sha1-96
	hmac-md5-96

Compression Algorithms:
	none
	zlib@openssh.com

134514240 | 2024-04-28T00:48:16.040955

80 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx/1.6.2
Date: Sun, 28 Apr 2024 00:48:15 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: https://104.154.41.138/
Content-Security-Policy: frame-ancestors preferencial.movistar.co www.movistar.co descubre.movistar.co atencionalcliente.movistar.co digitalizacion-ae-dot-modified-wonder-87620.appspot.com mi.movistar.co descubrir-movistar.com descubreseguridadtotal.com www.movistar.com.co
X-Frame-Options: ALLOW-FROM *.movistar.co *.appspot.com movistar.com.co *.movistar.com.co *.telefonicawebsites.co
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: private, no-store, max-age=0, no-cache, must-revalidate
Pragma: no-cache
Expires: 0
Permissions-Policy: microphone=(), camera=()
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade

3868438 | 2024-05-03T11:19:48.707026

443 / tcp

HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Fri, 03 May 2024 11:19:48 GMT
Content-Type: text/html
Content-Length: 3293
Last-Modified: Tue, 14 Nov 2023 13:53:28 GMT
Connection: keep-alive
ETag: "65537bd8-cdd"
Content-Security-Policy: frame-ancestors ofertas.movistar.co preferencial.movistar.co www.movistar.co descubre.movistar.co atencionalcliente.movistar.co digitalizacion-ae-dot-modified-wonder-87620.appspot.com mi.movistar.co descubrir-movistar.com descubreseguridadtotal.com  www.movistar.com.co movistar-administrador-test-dot-modified-wonder-87620.appspot.com
X-Frame-Options: ALLOW-FROM *.movistar.co *.appspot.com movistar.com.co *.movistar.com.co *.telefonicawebsites.co
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: private, no-store, max-age=0, no-cache, must-revalidate
Pragma: no-cache
Expires: 0
Permissions-Policy: microphone=(), camera=()
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Accept-Ranges: bytes

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:13:28:dc:7d:c2:39:31:d9:c6:85:05:79:60:5c:7f
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
        Validity
            Not Before: Apr 19 00:00:00 2023 GMT
            Not After : May 11 23:59:59 2024 GMT
        Subject: C=CO, L=Bogota, O=COLOMBIA TELECOMUNICACIONES SA ESP, CN=descubre.movistar.co
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bb:20:7b:6f:97:92:6a:60:11:98:4a:e9:c6:fd:
                    6d:38:9f:8a:cc:08:19:32:bc:f3:42:16:f8:4c:bd:
                    62:83:65:af:69:cb:10:ae:94:06:31:58:d1:fb:27:
                    2a:d3:f2:af:b8:bc:4e:0e:7f:58:0f:59:5e:c9:35:
                    5b:c3:27:c1:43:f0:7d:f4:24:8a:c0:a8:40:69:c6:
                    34:0b:75:83:72:3e:63:a1:3f:64:76:bd:e3:c6:97:
                    e2:f2:b6:67:39:67:1f:f4:ee:d1:44:54:ce:54:6f:
                    34:30:42:27:0f:c5:62:81:e5:f5:1e:19:92:fd:0e:
                    ae:39:2e:e0:d0:4f:8a:66:3c:68:a3:2e:77:a1:3b:
                    d2:d7:99:fb:a9:78:39:25:83:c9:f5:71:59:da:20:
                    1e:b7:0c:bc:c8:6d:df:20:a3:88:80:f5:5f:07:8f:
                    eb:30:88:86:da:8f:d3:d6:23:ee:c5:32:b5:02:21:
                    85:eb:06:15:7b:0d:16:9b:8c:df:65:02:21:2b:3d:
                    14:0a:55:8f:22:84:d7:6a:db:c7:4f:a3:99:5b:57:
                    aa:10:d0:35:14:89:87:47:34:f1:c6:a2:7b:54:5c:
                    79:28:1e:83:52:c7:64:f3:93:a4:a3:85:c2:f2:f6:
                    12:1e:5f:88:09:df:77:48:1b:63:f0:92:29:f6:23:
                    04:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                74:85:80:C0:66:C7:DF:37:DE:CF:BD:29:37:AA:03:1D:BE:ED:CD:17
            X509v3 Subject Key Identifier: 
                1B:D8:07:3F:B7:51:0A:76:40:4F:1D:6F:1C:22:11:E1:DF:5C:9D:9C
            X509v3 Subject Alternative Name: 
                DNS:descubre.movistar.co
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
                Full Name:
                  URI:http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.2
                  CPS: http://www.digicert.com/CPS
            Authority Information Access: 
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
            X509v3 Basic Constraints: 
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Apr 19 16:57:18.293 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:7B:B8:46:B9:D0:A3:BF:3A:A7:F7:BA:A5:
                                81:C3:09:89:B0:8F:14:E8:89:C8:A3:94:DF:C5:E7:AF:
                                CB:00:95:33:02:21:00:B7:71:62:8C:10:40:A0:6A:FE:
                                25:1A:6C:69:98:CF:2B:10:74:28:DA:12:F1:1E:6A:2E:
                                58:65:6A:CB:2D:4F:AE
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
                                1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
                    Timestamp : Apr 19 16:57:18.397 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:EE:F8:70:7F:F6:82:A6:CD:1B:36:08:
                                70:50:35:E9:21:A9:61:E5:A1:DE:67:C0:46:78:B6:B2:
                                9E:EE:CE:C1:AD:02:21:00:FF:96:74:62:83:13:E0:68:
                                DB:5C:A1:F6:A3:7A:7D:08:8D:23:DD:76:BC:6B:89:7D:
                                78:70:D3:96:E3:7E:EE:16
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Apr 19 16:57:18.368 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:07:A3:95:CF:4A:42:09:B4:64:3B:CC:43:
                                6C:14:AC:FC:94:1C:9A:EB:6D:56:C1:A2:A3:60:F6:8B:
                                8F:CC:DE:5E:02:20:62:B8:66:46:83:C1:2F:72:1B:B3:
                                98:D0:9C:2B:3F:9E:D3:72:F7:B5:C6:F7:22:04:4A:F8:
                                26:07:A9:BB:70:AA
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        44:e4:ca:23:31:51:02:0f:04:7c:f8:bd:55:55:64:75:ff:30:
        99:bc:b5:82:88:ed:a7:9e:dd:d5:c1:d0:22:b8:cc:e4:8d:66:
        45:67:d7:33:dd:11:3e:53:57:62:01:9d:4f:45:f5:f8:f7:a7:
        f7:b1:e5:59:dd:0b:d2:71:af:1f:1f:07:a9:8b:05:54:37:f2:
        b0:0a:fb:2c:a7:1b:15:c2:8e:e5:e1:1a:16:a2:a0:d5:ba:c5:
        59:18:c7:bd:fc:26:c5:d0:88:df:e3:37:08:82:09:c9:12:69:
        72:07:3e:15:4e:68:df:3f:81:a1:cf:25:aa:e9:b0:3a:91:6e:
        89:db:d4:0d:c2:aa:d8:03:38:02:2d:16:44:51:9b:fe:28:1b:
        47:0a:25:d2:36:64:42:76:20:3c:97:bf:44:ad:d4:53:e6:f0:
        da:8d:de:b1:e5:8c:7c:e5:b5:bc:50:8e:6f:c4:56:55:0a:1a:
        2f:97:54:dd:10:c7:2f:7f:dd:7e:6b:56:ca:0b:b4:73:f6:dc:
        d1:fb:0f:50:61:3c:56:89:5b:8b:d6:8b:0b:cc:95:d0:3a:3b:
        56:41:0a:2d:77:b2:0a:d1:95:a7:b1:0d:c1:bb:9e:fd:3b:ac:
        44:ee:cc:92:bb:54:bb:c2:10:d1:fd:1b:ad:6b:be:4e:2c:46:
        8d:ec:90:2f

104.154.41.138

Last Seen: 2024-05-03

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-846343548 | 2024-04-22T14:21:23.933836
22 / tcp

OpenSSH6.0p1 Debian 4+deb7u2

134514240 | 2024-04-28T00:48:16.040955
80 / tcp

nginx1.6.2

3868438 | 2024-05-03T11:19:48.707026
443 / tcp

nginx1.6.2

Products

Pricing

Contact Us

104.154.41.138

Last Seen: 2024-05-03

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-846343548 | 2024-04-22T14:21:23.933836 22 / tcp

OpenSSH6.0p1 Debian 4+deb7u2

134514240 | 2024-04-28T00:48:16.040955 80 / tcp

nginx1.6.2

3868438 | 2024-05-03T11:19:48.707026 443 / tcp

nginx1.6.2

Products

Pricing

Contact Us

-846343548 | 2024-04-22T14:21:23.933836
22 / tcp

134514240 | 2024-04-28T00:48:16.040955
80 / tcp

3868438 | 2024-05-03T11:19:48.707026
443 / tcp