GeneralInformation

Hostnames	ec2-13-55-222-232.ap-southeast-2.compute.amazonaws.com loyalit.com.au www.loyalit.com.au
Domains	amazonaws.com loyalit.com.au
Cloud Provider	Amazon
Cloud Region	ap-southeast-2
Cloud Service	EC2
Country	Australia
City	Sydney
Organization	Amazon Corporate Services Pty Ltd
ISP	Amazon.com, Inc.
ASN	AS16509

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2021-3618

5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

OpenPorts

80 443

-1131643975 | 2024-04-23T12:40:28.536625

80 / tcp

HTTP/1.1 403 Forbidden
Server: nginx
Date: Tue, 23 Apr 2024 12:40:28 GMT
Content-Type: text/html
ETag: W/"66207c6a-a75"
Vary: Accept-Encoding
Age: 0
X-Proxy-Cache-Control: 
X-Soro: 737841337
Cache-Control: private, max-age=0, no-cache
X-Cache-Server: AU
Content-Length: 2677
Connection: keep-alive

806118362 | 2024-04-22T10:22:02.452854

443 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Mon, 22 Apr 2024 10:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=f7305620171c53a0d71f23d7873b9a7e; path=/; HttpOnly
Location: https://www.loyalit.com.au/
Expires: Mon, 22 Apr 2024 20:17:17 +1000
X-Server: 113
Vary: Accept-Encoding
Age: 0
X-Proxy-Cache-Control: no-cache no-store, public, max-age=0
X-Soro: 735801369
Cache-Control: private, max-age=0, no-cache
X-Cache-Server: AU

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c6:47:7a:fe:b3:29:bf:eb:6e:84:c9:8c:b6:6b:cf:e2:a2
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Apr  6 08:11:27 2024 GMT
            Not After : Jul  5 08:11:26 2024 GMT
        Subject: CN=loyalit.com.au
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:aa:ef:40:a3:30:b8:a1:91:79:6b:96:8f:df:48:
                    10:da:9d:1c:ff:db:1b:c5:65:f7:58:4a:a4:d7:08:
                    61:34:82:e7:91:35:42:9d:6e:52:42:66:96:a1:28:
                    23:58:f4:6a:9e:8e:69:96:f7:b1:cb:4c:fb:b2:e7:
                    51:0d:36:61:6f:b4:a5:ff:ae:c2:0a:58:dd:b3:b9:
                    ef:0e:01:6e:ed:0b:04:d5:41:70:dc:d4:39:74:e3:
                    82:58:90:84:97:a5:98:e6:e2:29:f7:dc:de:1e:fc:
                    fc:15:7a:21:69:e8:87:38:bd:5e:38:cd:66:8c:71:
                    4d:86:70:d8:33:db:0a:b1:c3:29:75:aa:08:7b:e0:
                    75:50:a6:ac:72:b4:a3:d2:05:ea:10:e1:ea:3c:3d:
                    76:98:8a:b5:6b:28:20:24:23:14:d2:15:c7:41:d3:
                    d1:5c:d3:ba:36:cc:76:ba:2e:96:90:32:a4:6a:23:
                    3d:65:08:65:88:82:40:ae:ca:71:e1:1d:97:fc:00:
                    f7:cb:eb:68:6d:13:28:05:c1:aa:5a:03:0d:4c:2a:
                    33:c4:01:15:a9:b1:70:a3:a2:e8:e7:db:b4:09:62:
                    6a:78:9f:47:76:81:6a:cd:30:57:95:36:60:25:38:
                    b8:98:df:aa:42:b8:14:0d:0a:e2:76:f2:43:2f:46:
                    50:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                1C:C4:8C:C8:BE:41:A5:38:AC:F8:0B:76:8C:C3:C4:3D:FD:C4:9E:31
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:loyalit.com.au, DNS:www.loyalit.com.au
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Apr  6 09:11:28.067 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:95:D1:26:6B:1E:9A:07:32:0D:D2:B9:
                                9F:BC:A7:03:D8:FF:B0:9A:E2:E0:FE:BD:69:AD:58:56:
                                6E:0E:32:22:5D:02:20:6B:E1:25:F1:69:D0:12:B8:32:
                                EE:4F:24:77:EB:28:13:22:F8:07:ED:61:2E:4C:0A:B0:
                                C1:F2:3B:6C:D7:93:5C
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DF:E1:56:EB:AA:05:AF:B5:9C:0F:86:71:8D:A8:C0:32:
                                4E:AE:56:D9:6E:A7:F5:A5:6A:01:D1:C1:3B:BE:52:5C
                    Timestamp : Apr  6 09:11:28.265 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:1E:F0:D0:2E:25:27:18:B2:B1:5A:A1:7C:
                                97:35:E1:5F:AD:4C:C6:2E:47:BA:E7:AA:08:B4:15:62:
                                FB:DB:9C:D3:02:20:7B:A1:DF:80:2A:8E:FF:C0:54:16:
                                6F:A2:01:FE:9C:81:DE:AA:39:D6:FA:41:D1:03:46:70:
                                AA:99:D2:42:1A:AC
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        3c:f6:6a:49:67:c7:1a:0b:63:c4:d7:44:f0:2f:1a:46:1d:46:
        9f:26:25:52:a8:c7:30:be:ec:d8:87:14:9f:f3:7f:7c:99:85:
        5d:fc:b4:2d:b8:1c:09:94:db:cb:ab:c8:64:c5:c7:7b:6b:f8:
        51:b8:72:fd:1f:29:df:db:93:95:7d:db:90:4b:c3:32:e9:cf:
        7e:01:d6:84:8c:67:f1:c5:b9:4e:ac:e5:3e:3b:3f:46:70:ac:
        ed:08:c3:f5:10:cf:3f:88:f0:8d:d8:31:ac:ee:e9:63:36:7b:
        69:99:2a:9d:09:1f:34:40:3d:10:7e:e3:93:8d:ea:e3:2d:bf:
        94:2b:0a:7d:da:96:23:d9:2b:b3:e1:8c:b3:a4:0f:5f:2c:f0:
        81:7f:c9:e5:f5:1f:5c:88:d5:43:50:e1:73:17:ed:94:48:2b:
        15:bf:ab:36:1c:79:74:d0:24:7a:fa:72:84:6f:8b:dd:2d:d2:
        6f:9f:a7:28:66:3c:2d:59:d5:35:4b:3e:52:44:92:2c:1a:99:
        eb:0d:7f:fb:75:af:0e:0c:05:ef:f3:91:a0:2d:17:73:67:7b:
        60:f2:7f:27:ab:86:c1:80:60:2c:c5:c6:bd:b9:74:5e:fd:da:
        a2:f5:4a:d6:03:bd:bf:0c:1d:98:93:4a:c3:73:0c:0e:8b:7f:
        6c:d0:9d:ee

13.55.222.232

Last Seen: 2024-04-23

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1131643975 | 2024-04-23T12:40:28.536625
80 / tcp

nginx

806118362 | 2024-04-22T10:22:02.452854
443 / tcp

nginx1.20.1

Products

Pricing

Contact Us

13.55.222.232

Last Seen: 2024-04-23

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1131643975 | 2024-04-23T12:40:28.536625 80 / tcp

nginx

806118362 | 2024-04-22T10:22:02.452854 443 / tcp

nginx1.20.1

Products

Pricing

Contact Us

-1131643975 | 2024-04-23T12:40:28.536625
80 / tcp

806118362 | 2024-04-22T10:22:02.452854
443 / tcp