GeneralInformation

Hostnames	folidaymall.com
Domains	folidaymall.com
Country	China
City	Shanghai
Organization	Aliyun Computing Co., LTD
ISP	Hangzhou Alibaba Advertising Co.,Ltd.
ASN	AS37963

WebTechnologies

Analytics

CNZZ

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2020-1938	7.5When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible.
CVE-2019-9516	6.8Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
CVE-2019-9513	7.8Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9511	7.8Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-20372	4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
CVE-2018-16845	5.8nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
CVE-2018-16844	7.8nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
CVE-2018-16843	7.8nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
CVE-2017-7529	5.0Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
CVE-2017-20005	7.5NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.

OpenPorts

80 443 8009 8080 8081 9051 9100

2001718804 | 2024-04-28T19:27:20.485539

80 / tcp

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.10.2
Date: Sun, 28 Apr 2024 19:27:16 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: http://h5.gofoliday.com/
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

-9911665 | 2024-05-05T00:25:02.072390

443 / tcp

HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Sun, 05 May 2024 00:25:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 4042
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST
Cache-Control: max-age=6, public

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:5d:7f:68:e8:21:0b:0f:aa:93:a9:61:70:bc:b1:ad
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018
        Validity
            Not Before: Nov 14 00:00:00 2022 GMT
            Not After : Dec  3 23:59:59 2023 GMT
        Subject: CN=*.folidaymall.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cd:89:29:80:8e:e0:dc:98:9a:cd:e0:05:85:a5:
                    61:33:1d:17:b0:34:91:d3:ab:2e:e5:d1:dd:4b:02:
                    15:46:a0:92:57:fb:fa:a6:31:75:48:2b:3a:ed:e9:
                    5b:2b:e5:8d:e3:d7:c3:79:4d:c8:85:a5:63:b1:3a:
                    3e:a5:ab:d3:bf:af:f2:0b:17:9a:30:a3:9a:9c:df:
                    35:bd:a7:73:f1:65:2f:5c:11:32:0d:b6:d1:af:85:
                    83:5c:0f:0e:ec:df:2e:05:9c:e3:66:2b:10:60:45:
                    aa:2b:8d:1d:a5:ed:ae:43:b9:4c:cf:82:6a:1e:8d:
                    6c:8e:50:54:cc:23:99:56:72:5e:5e:e1:0c:67:8e:
                    1f:01:b9:6b:1a:39:e3:43:02:40:3f:6b:d8:21:72:
                    6f:9a:b2:0c:4a:57:d4:72:03:cd:f5:b3:df:fe:14:
                    9c:62:fd:cd:fb:90:39:ec:b7:64:78:3e:f7:2c:05:
                    f3:02:a2:29:7a:92:7d:6c:6e:d0:a9:c1:92:f4:bd:
                    e4:cc:cf:8e:77:ee:9e:af:f2:b0:ef:fc:a7:b3:3d:
                    9a:09:8a:a2:38:fa:6d:1e:f3:40:19:7b:68:e0:3c:
                    8c:5a:65:7f:e9:a7:fb:64:54:c1:b6:a9:6b:05:e4:
                    0b:34:a8:5f:4e:4c:10:94:9d:25:67:96:83:7a:ca:
                    56:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                53:CA:17:59:FC:6B:C0:03:21:2F:1A:AE:E4:AA:A8:1C:82:56:DA:75
            X509v3 Subject Key Identifier: 
                6D:9C:D6:1B:36:B1:C5:A9:F3:EB:AB:EF:00:20:4A:29:17:10:B7:F9
            X509v3 Subject Alternative Name: 
                DNS:*.folidaymall.com, DNS:folidaymall.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://cdp.rapidssl.com/RapidSSLRSACA2018.crl
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                  CPS: http://www.digicert.com/CPS
            Authority Information Access: 
                OCSP - URI:http://status.rapidssl.com
                CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLRSACA2018.crt
            X509v3 Basic Constraints: 
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
                                03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
                    Timestamp : Nov 14 06:48:04.970 2022 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:E8:F5:A7:54:61:8F:4A:42:15:7A:66:
                                EE:A5:13:71:43:BD:E8:3F:1F:0D:2F:B8:1F:FE:26:DC:
                                F2:C2:44:37:AD:02:20:2E:E0:13:5E:42:93:1C:05:E8:
                                4C:1B:C3:1B:75:F1:C8:53:F7:DD:C4:2B:83:78:CE:1C:
                                44:8D:B4:68:A4:4C:10
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
                                4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
                    Timestamp : Nov 14 06:48:05.085 2022 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:7C:51:B9:02:CF:D7:5D:C4:60:DD:BF:01:
                                57:76:18:85:85:48:3C:53:05:34:82:0C:A0:EC:4B:A0:
                                95:94:98:54:02:21:00:CE:A7:1E:9F:81:49:0C:8D:86:
                                85:EC:92:77:DF:C3:D1:B3:8D:1F:05:28:3C:23:E3:ED:
                                FB:7E:ED:AE:BA:95:4C
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
                                5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
                    Timestamp : Nov 14 06:48:05.012 2022 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:C5:60:45:89:65:33:4A:A5:5D:01:B5:
                                B0:CD:FC:CD:AB:B5:4E:5D:FC:51:15:AA:93:62:07:96:
                                46:F5:EC:CD:54:02:20:12:E3:9B:B1:BE:37:D0:55:D9:
                                60:31:CF:98:4B:7D:EC:CC:70:39:AD:1B:23:78:41:4F:
                                7C:BF:A4:87:3F:C8:6F
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        47:16:be:f2:b0:67:01:86:18:e6:06:f0:64:fb:23:63:48:38:
        1d:8d:9a:37:a4:f5:44:b7:11:2f:76:dd:85:db:3f:93:10:3e:
        27:77:26:ae:56:34:1d:89:5e:13:58:e3:ff:9c:70:f4:41:1e:
        28:40:a0:f2:05:c3:b9:b4:52:3d:86:b7:4d:8e:e7:f1:33:05:
        b2:43:f5:ae:cc:7c:b6:21:bf:9e:b2:64:8b:33:22:a1:de:ba:
        ac:53:1d:bb:d6:3f:4b:e7:bb:9e:a7:6b:5d:f4:af:fb:c0:6b:
        b0:66:63:89:77:5f:20:63:d5:eb:6a:34:d8:49:03:62:7d:32:
        94:ca:d3:6c:c9:ad:bf:27:7d:5d:e2:f1:3a:ab:7e:f8:57:cc:
        af:26:56:a9:c4:8c:10:e8:a6:5a:97:4c:71:bc:35:80:e5:fe:
        7f:51:a1:2b:49:dc:e5:5b:7e:91:67:d5:d2:f3:69:28:e6:bc:
        d8:03:ab:25:9c:fb:1c:5b:d9:32:db:fb:14:65:03:14:37:77:
        90:c4:e8:72:77:36:24:6b:bc:fb:b2:ce:88:9e:66:a4:f8:23:
        ea:97:d1:2f:34:ee:16:f9:6b:79:3b:91:97:9e:c0:33:a8:5b:
        f0:e5:b9:f4:22:e4:fc:d2:4c:be:be:a1:28:77:b8:48:d7:00:
        16:71:40:98

1656845942 | 2024-04-21T01:50:49.280538

8009 / tcp

<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Not found</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.22</h3></body></html>

-294233349 | 2024-04-26T03:05:14.973124

8080 / tcp

HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Fri, 26 Apr 2024 03:05:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 532
Last-Modified: Tue, 07 Jan 2020 01:50:24 GMT
Connection: keep-alive
ETag: "5e13e3e0-214"
Accept-Ranges: bytes

-363958858 | 2024-05-05T08:38:46.005406

8081 / tcp

HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Sun, 05 May 2024 08:38:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 532
Last-Modified: Tue, 07 Jan 2020 01:50:24 GMT
Connection: keep-alive
ETag: "5e13e3e0-214"
Accept-Ranges: bytes

<!DOCTYPE html>
<html>

<head>
    <meta charset=utf-8>
    <meta http-equiv=X-UA-Compatible content="IE=edge">
    <meta name=viewport content="width=device-width,initial-scale=1">
    <meta name=renderer content=webkit>
    <title>FHOTO</title>
    <meta name=description content="">
    <meta name=keywords content="">
</head>
    <body>
        <script type="text/javascript"> 
            var host = window.location.host; 
            window.location.href = 'http://' + host + '/h5/'
        </script> 
    </body>

    </html>

-1584775711 | 2024-04-25T19:57:52.306777

9051 / tcp

HTTP/1.1 400 Bad Request

-1336450107 | 2024-05-02T13:48:45.443307

9100 / tcp

HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close

400 Bad Request
Prometheus Node Exporter:
  node_exporter_build_info:
    branch: HEAD
    goversion: go1.15.8
    revision: b597c1244d7bef49e6f3359c87a56dd7707f6719
    version: 1.1.2
  node_uname_info:
    domainname: (none)
    machine: x86_64
    nodename: foliday-web-01
    release: 3.10.0-1160.42.2.el7.x86_64
    sysname: Linux
    version: #1 SMP Tue Sep 7 14:49:57 UTC 2021
  node_network_info:
    lo:
      address: 00:00:00:00:00:00
      broadcast: 00:00:00:00:00:00
      device: lo
      operstate: unknown
    eth1:
      address: 00:16:3e:1a:66:bc
      broadcast: ff:ff:ff:ff:ff:ff
      device: eth1
      operstate: up
    eth0:
      address: 00:16:3e:02:01:f7
      broadcast: ff:ff:ff:ff:ff:ff
      device: eth0
      operstate: up

MAC Addresses

00:16:3E:02:01:F7
    OUI: 00:16:3E
    Organization: Xensource, Inc.
    Assignment: MA-L
    Registration Date: 2005-10-29
00:16:3E:1A:66:BC
    OUI: 00:16:3E
    Organization: Xensource, Inc.
    Assignment: MA-L
    Registration Date: 2005-10-29

106.14.76.19

Last Seen: 2024-05-05

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

2001718804 | 2024-04-28T19:27:20.485539
80 / tcp

nginx1.10.2

-9911665 | 2024-05-05T00:25:02.072390
443 / tcp

nginx1.10.2

1656845942 | 2024-04-21T01:50:49.280538
8009 / tcp

Apache Tomcat9.0.22

-294233349 | 2024-04-26T03:05:14.973124
8080 / tcp

nginx1.10.2

-363958858 | 2024-05-05T08:38:46.005406
8081 / tcp

nginx1.10.2

-1584775711 | 2024-04-25T19:57:52.306777
9051 / tcp

-1336450107 | 2024-05-02T13:48:45.443307
9100 / tcp

Prometheus Node Exporter1.1.2

Products

Pricing

Contact Us

106.14.76.19

Last Seen: 2024-05-05

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

2001718804 | 2024-04-28T19:27:20.485539 80 / tcp

nginx1.10.2

-9911665 | 2024-05-05T00:25:02.072390 443 / tcp

nginx1.10.2

1656845942 | 2024-04-21T01:50:49.280538 8009 / tcp

Apache Tomcat9.0.22

-294233349 | 2024-04-26T03:05:14.973124 8080 / tcp

nginx1.10.2

-363958858 | 2024-05-05T08:38:46.005406 8081 / tcp

nginx1.10.2

-1584775711 | 2024-04-25T19:57:52.306777 9051 / tcp

-1336450107 | 2024-05-02T13:48:45.443307 9100 / tcp

Prometheus Node Exporter1.1.2

Products

Pricing

Contact Us

2001718804 | 2024-04-28T19:27:20.485539
80 / tcp

-9911665 | 2024-05-05T00:25:02.072390
443 / tcp

1656845942 | 2024-04-21T01:50:49.280538
8009 / tcp

-294233349 | 2024-04-26T03:05:14.973124
8080 / tcp

-363958858 | 2024-05-05T08:38:46.005406
8081 / tcp

-1584775711 | 2024-04-25T19:57:52.306777
9051 / tcp

-1336450107 | 2024-05-02T13:48:45.443307
9100 / tcp