GeneralInformation

Hostnames	li1474-238.members.linode.com pitchstack.co www.pitchstack.co
Domains	linode.com pitchstack.co
Cloud Provider	Linode
Cloud Region	sg-04
Country	Singapore
City	Singapore
Organization	139.162.0.0/16
ISP	Akamai Connected Cloud
ASN	AS63949
Operating System	Ubuntu

WebTechnologies

CDN

Google Hosted Libraries

JavaScript libraries

jQuery1.11.3

Security

reCAPTCHA

UI frameworks

Bootstrap

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2021-3618	7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2020-11023	6.1In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	6.1In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-20372	5.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
CVE-2019-11358	6.1jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2018-16845	8.2nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
CVE-2017-7529	7.5Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
CVE-2017-20005	9.8NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
CVE-2016-4450	7.5os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
CVE-2016-1247	7.8The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
CVE-2016-0747	5.3The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
CVE-2016-0746	9.8Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
CVE-2016-0742	7.5The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
CVE-2015-9251	6.1jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

OpenPorts

22 25 80 443

1590112246 | 2024-04-21T10:51:29.346175

22 / tcp

SSH-2.0-OpenSSH_6.9p1 Ubuntu-2ubuntu0.2
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQC1+DaRHUkI9lV45ZsjcLwHikBkROc9jtr7GVNjLt4A6XjU
At69ihK72CgUyZLdUQ7mdm764E4WFS1Lr4FpG55c5SfGWNOvY65xYXj3JS9tZCXzpvueFLDn3vwk
AXzHI5QRBGLxppAzb7DKkaUFMiyvwduMRzVwbNkiVE/ftdn9SJ0anA1oVx3swHkXN66L0XEGcYtZ
jFSIkhTKcTaTPNEK8EQO6Lk02+Q+fQfQbrAh63Jop6IlG5f4ThS45ZBCoNaq7LGJqqDHOlrP1nKk
FdRU+jz+smUxUe7vf/7IZ4QPEZknVzgKhMgf9g5Ok1pky5rkRV5tNBzD5qQpqr+fHiRP
Fingerprint: ac:e4:29:41:1c:73:f0:ba:b6:28:ad:b6:b8:be:29:02

Kex Algorithms:
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group14-sha1

Server Host Key Algorithms:
	ssh-rsa
	ssh-dss
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

2062400738 | 2024-04-20T04:04:46.982849

25 / tcp

220 ubuntu ESMTP Postfix (Ubuntu)
250-ubuntu
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b7:c2:7b:06:84:1d:ac:46
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ubuntu
        Validity
            Not Before: Mar 21 00:51:42 2016 GMT
            Not After : Mar 19 00:51:42 2026 GMT
        Subject: CN=ubuntu
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a9:53:94:1d:7a:95:55:00:ff:07:97:0b:1d:77:
                    49:45:d7:1a:b1:e5:44:6d:38:06:0d:cc:35:9b:f6:
                    a2:dd:d9:e8:ea:61:32:a0:41:b9:c5:cf:a7:3b:47:
                    50:ef:6c:93:3c:b3:bf:a4:3e:e1:b1:15:0f:35:ba:
                    6e:6f:49:cc:4d:58:33:1c:91:d2:2b:8c:b0:55:c8:
                    24:b4:2e:5a:f8:96:78:e5:fb:3d:3c:8a:f2:a4:41:
                    bc:83:1d:e5:03:26:97:96:2e:be:6c:4e:9e:b3:08:
                    9b:63:df:ae:67:77:60:e9:a1:6b:76:77:9b:c6:84:
                    e5:c7:7d:91:74:1f:ee:cc:c9:bc:8c:27:86:0a:05:
                    2a:5b:ce:eb:a1:79:e6:28:63:04:5e:22:62:03:ac:
                    09:1b:fb:13:3f:15:a1:a0:65:af:d2:a0:be:e9:61:
                    4f:7e:0d:47:bf:60:da:58:53:91:63:ca:af:77:ff:
                    1f:b3:90:38:9a:aa:c8:85:42:3f:5d:b6:5d:e6:e5:
                    24:ce:46:1c:8e:7f:4d:b1:66:c1:b7:62:90:6a:d0:
                    f2:5f:f7:10:5f:cb:82:6d:dd:6f:12:dc:65:3b:b6:
                    00:10:2c:8d:a7:62:6d:d0:35:cb:a1:95:92:9e:4a:
                    88:04:fc:2d:00:b4:a9:42:c7:a8:72:a4:8b:02:55:
                    c1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        4c:af:d4:36:70:a7:8d:55:c4:78:f5:ef:e4:03:ff:80:bf:27:
        2d:18:d4:49:d8:bc:71:ff:29:75:ef:69:fe:8a:c2:53:29:bc:
        60:6d:20:de:79:76:84:6a:85:f4:0a:a2:55:5b:ac:ba:97:8e:
        60:48:e5:ad:6a:3c:08:69:28:e7:72:2c:f3:92:d9:33:88:97:
        f2:c5:94:dc:88:67:e9:d7:08:82:12:8a:f0:fd:e8:cc:e1:ce:
        12:70:64:15:70:cd:10:41:f3:c3:fe:02:1e:8c:e7:9e:84:aa:
        f5:f9:38:5b:e9:f0:16:a7:79:41:85:98:29:58:54:05:7a:cb:
        41:aa:b8:ae:26:5e:46:25:03:78:bd:82:b5:3f:38:00:17:b7:
        ab:6f:d5:aa:5b:30:1d:b4:c5:19:56:be:a6:b1:fc:3f:b6:7f:
        66:49:e0:ab:5a:fd:11:be:67:43:14:1e:e3:c4:25:e1:50:84:
        ca:69:8f:64:c9:36:cd:97:af:02:b7:ff:ec:0d:4f:fa:4a:1a:
        ac:e9:11:e8:d6:b5:78:b8:4d:fd:a2:1a:e3:59:aa:e5:f6:0f:
        f5:5f:bf:93:4f:49:35:a3:13:2d:82:0a:76:01:ca:2b:af:d6:
        32:99:ca:74:d8:3b:06:26:e8:e4:c7:ff:33:af:43:5f:8a:d1:
        a7:6a:d5:10

-443898347 | 2024-04-14T21:58:35.131262

80 / tcp

HTTP/1.1 200 OK
Server: nginx/1.9.3 (Ubuntu)
Date: Sun, 14 Apr 2024 21:58:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=b1fnj7m4l9b7l7m5uvrtsqc6g5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

814515094 | 2024-04-17T13:21:46.896232

443 / tcp

HTTP/1.1 200 OK
Server: nginx/1.9.3 (Ubuntu)
Date: Wed, 17 Apr 2024 13:21:46 GMT
Content-Type: text/html
Content-Length: 5670
Last-Modified: Wed, 19 Oct 2016 03:55:18 GMT
Connection: keep-alive
ETag: "5806eea6-1626"
Accept-Ranges: bytes

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:2c:94:f0:e4:72:ab:57:11:44:f9:cc:ad:f1:8b:0a:30:3a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
        Validity
            Not Before: Mar 27 05:31:00 2017 GMT
            Not After : Jun 25 05:31:00 2017 GMT
        Subject: CN=pitchstack.co
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:af:b7:69:9a:b1:4a:93:ea:55:e6:94:ce:92:1e:
                    a4:34:29:cb:b6:03:a8:8c:ec:bc:73:c3:81:85:1c:
                    7e:42:bb:30:b9:68:08:1d:93:5c:4d:1f:2a:35:05:
                    4b:cf:2f:a1:c5:07:a9:53:61:50:a9:74:27:13:61:
                    70:7b:5d:57:95:2f:66:7c:f0:0d:c3:b9:5e:28:b5:
                    5d:a9:ef:d3:b8:7a:a9:36:37:49:4e:41:07:a5:fa:
                    e0:24:72:21:0a:2f:c1:d8:4d:85:8e:98:30:f0:3b:
                    d0:71:38:26:50:75:b1:83:9d:45:57:42:df:51:91:
                    be:5d:cb:f4:8a:84:1d:8b:82:3d:82:a7:0a:76:4f:
                    09:6d:6c:5d:ca:da:65:cb:e9:7d:4a:28:2f:13:23:
                    79:92:bc:9a:ec:c3:50:60:94:29:38:a5:49:49:b1:
                    a0:cc:57:66:1c:57:81:e3:b0:b1:38:1f:68:e8:6f:
                    8b:4b:24:8b:41:5d:89:9a:0f:60:39:23:63:59:60:
                    04:ba:01:d7:b3:59:d7:81:b6:fd:58:ef:01:47:92:
                    e4:bd:e6:37:26:34:e9:f6:f5:bc:0d:49:54:2b:88:
                    cd:36:7b:2c:e4:2d:78:d4:04:64:57:20:f9:67:b9:
                    7a:f6:a5:e7:f6:e4:36:e3:36:0e:f9:f9:29:19:88:
                    4d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                48:FF:36:05:B6:AC:3F:7B:18:05:6A:4F:56:07:87:F6:D1:EB:08:74
            X509v3 Authority Key Identifier: 
                A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
            Authority Information Access: 
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org/
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
            X509v3 Subject Alternative Name: 
                DNS:pitchstack.co, DNS:www.pitchstack.co
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org
                  User Notice:
                    Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        20:90:c6:08:e3:bd:97:2d:49:48:a2:ca:6d:da:47:7f:fe:a4:
        d0:15:4b:38:2d:fb:fd:c1:ad:06:9a:59:66:de:8e:0f:27:71:
        93:f0:c4:d6:0d:1e:1a:6d:88:42:0a:7a:73:b5:76:41:67:ed:
        8e:4f:cd:73:f9:19:87:56:3d:28:e4:d4:20:c2:94:c1:8b:88:
        c8:4a:43:e3:2c:56:24:69:db:5a:10:eb:fa:8f:3f:49:60:b3:
        f8:6b:67:bd:8a:74:fd:da:83:32:9b:60:90:e4:15:12:50:24:
        b5:35:38:96:ef:28:41:af:48:6f:5a:33:d2:56:7c:eb:1a:0d:
        4f:70:aa:4e:d0:78:fd:a6:e5:25:48:f4:f7:1e:98:23:a6:f4:
        ae:d4:a8:2d:d6:ba:52:1f:87:9d:25:46:f1:64:ea:b5:2d:f8:
        ae:45:45:34:1d:dd:f6:14:8d:9e:42:36:ad:9c:3e:1b:1d:24:
        4f:a6:4a:65:12:3e:5a:76:90:68:64:f0:b2:33:86:e2:06:93:
        b4:8f:38:34:99:50:48:fd:1e:0c:50:09:fa:a1:7b:a4:41:fa:
        7a:25:05:ad:11:3a:c2:50:7a:39:17:91:eb:bc:e3:13:28:b7:
        da:0b:62:dc:58:6c:63:24:bb:84:84:ff:79:15:fb:c4:90:6c:
        a6:be:76:b9

139.162.61.238

Last Seen: 2024-04-21

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1590112246 | 2024-04-21T10:51:29.346175
22 / tcp

OpenSSH6.9p1 Ubuntu-2ubuntu0.2

2062400738 | 2024-04-20T04:04:46.982849
25 / tcp

Postfix smtpd

-443898347 | 2024-04-14T21:58:35.131262
80 / tcp

nginx1.9.3

814515094 | 2024-04-17T13:21:46.896232
443 / tcp

nginx1.9.3

Products

Pricing

Contact Us

139.162.61.238

Last Seen: 2024-04-21

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1590112246 | 2024-04-21T10:51:29.346175 22 / tcp

OpenSSH6.9p1 Ubuntu-2ubuntu0.2

2062400738 | 2024-04-20T04:04:46.982849 25 / tcp

Postfix smtpd

-443898347 | 2024-04-14T21:58:35.131262 80 / tcp

nginx1.9.3

814515094 | 2024-04-17T13:21:46.896232 443 / tcp

nginx1.9.3

Products

Pricing

Contact Us

1590112246 | 2024-04-21T10:51:29.346175
22 / tcp

2062400738 | 2024-04-20T04:04:46.982849
25 / tcp

-443898347 | 2024-04-14T21:58:35.131262
80 / tcp

814515094 | 2024-04-17T13:21:46.896232
443 / tcp