GeneralInformation

Hostnames	api.getcoax.com www.api.getcoax.com
Domains	getcoax.com
Cloud Provider	DigitalOcean
Cloud Region	au-nsw
Country	Australia
City	Sydney
Organization	DigitalOcean, LLC
ISP	DigitalOcean, LLC
ASN	AS14061

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

22 80 443 3000 3001

1785492159 | 2024-05-11T20:51:16.659583

22 / tcp

SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLfYzmm4iNF5poPUm88zMIel
Q58kXjMyTW70bk758Jrte+QEwCYDw9br5aK9VZSrbvzc2fCivraxsRfoaIjCRhI=
Fingerprint: 30:6a:c7:1e:5b:82:23:5a:ed:3d:0e:9b:b3:98:91:cd

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	sntrup761x25519-sha512@openssh.com
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

677579724 | 2024-05-11T16:57:31.017698

80 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 11 May 2024 16:57:30 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive

-1551687914 | 2024-05-11T02:10:09.433066

443 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 11 May 2024 02:10:09 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 84
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: refresh-token

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:9f:76:4d:16:55:d7:90:64:29:50:8b:d3:e5:e0:f3:aa:ba
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: May  8 15:05:17 2024 GMT
            Not After : Aug  6 15:05:16 2024 GMT
        Subject: CN=api.getcoax.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d1:73:5b:71:af:68:88:a2:fe:66:08:f7:97:f3:
                    64:56:d8:15:14:9f:21:26:20:73:92:1b:28:76:bc:
                    05:21:d0:60:42:0a:ad:1b:b6:4e:00:f5:61:71:a5:
                    45:bc:ce:a5:3c:56:48:eb:39:35:2a:0f:c8:f2:16:
                    b9:64:ed:9a:5d:61:4d:71:b8:6e:8b:2c:5c:ed:64:
                    7e:b6:76:21:f8:c8:f7:9b:35:a7:7b:1f:c0:9b:71:
                    9f:42:e2:2a:9f:bd:cd:90:53:eb:d0:32:33:73:20:
                    cd:dc:ff:a4:36:3a:44:04:22:9e:9e:26:4a:ee:0b:
                    b5:93:f8:ca:bf:a4:79:de:47:63:64:7f:41:c0:1e:
                    27:dc:df:cd:57:15:33:06:ec:34:e4:42:30:26:09:
                    40:ec:2b:5d:30:00:92:41:b4:4b:29:43:b1:c4:b7:
                    ca:0a:80:8f:a3:96:ba:03:1c:15:95:bb:a4:19:7d:
                    49:71:53:d9:ac:e7:9c:6c:43:22:dd:1c:5e:85:a1:
                    58:8d:e1:8f:2d:33:99:2e:ae:89:d6:b2:0c:3d:0e:
                    61:98:55:59:6d:17:eb:7f:1e:57:8d:2f:84:ea:c0:
                    a4:7a:44:ac:67:5d:b1:9b:b1:73:64:84:31:a9:02:
                    ff:fb:a2:53:b6:b3:9b:76:6f:8e:d9:4c:c5:45:94:
                    0a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                8A:C3:CF:8A:6E:83:FA:17:61:A0:47:92:AD:80:96:74:D7:73:20:3B
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:api.getcoax.com, DNS:www.api.getcoax.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : May  8 16:05:18.030 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:D3:B1:0C:1A:7E:C0:2A:30:80:4D:4E:
                                98:1A:54:C4:0B:F6:8E:F9:B8:18:9B:FC:E6:1F:36:9C:
                                A2:A4:06:D3:B7:02:21:00:8E:60:7F:DE:DA:41:43:66:
                                04:EB:E5:47:99:0B:01:FF:05:86:46:CB:DD:4F:D1:D4:
                                F3:DB:91:09:0F:19:7B:25
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : May  8 16:05:20.036 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:3A:10:D7:9E:3F:24:0D:25:B7:A2:83:3B:
                                CC:D4:74:50:71:D8:FA:29:DA:CC:2E:B6:AA:35:11:26:
                                8C:CB:DD:52:02:20:35:8F:81:16:4D:2C:34:CA:A6:AF:
                                A9:C5:55:25:87:73:29:40:36:72:61:BB:C2:39:11:91:
                                4F:23:95:24:2E:16
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        52:a3:95:52:36:b6:e5:d8:6b:c7:f8:b6:a2:d3:74:14:e9:94:
        b8:eb:da:c3:b5:84:8a:1a:01:5b:4a:9d:14:0d:eb:01:8c:0b:
        3a:8e:0e:76:0f:8e:b9:d8:78:4e:9b:27:d4:d6:cd:57:4c:a0:
        cf:a2:1f:92:25:a2:19:44:02:be:4b:70:52:e2:e6:8b:e5:7f:
        6f:af:a9:84:64:e6:a3:e1:e8:d4:fb:51:8f:d3:d8:0e:d8:de:
        90:ee:23:9c:00:2e:11:3b:05:2d:e4:da:91:42:02:d8:2d:fb:
        e4:49:ce:02:65:7e:97:be:8c:b0:a5:c2:ed:e0:12:4b:c7:48:
        04:b9:d3:01:8f:b1:16:7e:f5:1c:b2:20:0d:fc:6c:15:84:d5:
        1c:0f:cf:74:85:49:72:a1:c0:d2:5b:f4:9b:60:79:47:fc:7b:
        b0:33:7a:f2:7b:13:9e:a9:ad:86:10:a0:36:81:cc:78:89:70:
        dc:0e:99:b3:7b:e8:35:ec:8b:14:e3:8f:24:c1:d0:c6:43:05:
        92:92:a6:e9:2b:62:6d:6a:8e:ec:6d:3d:27:bd:cf:4c:9c:a5:
        b6:53:91:88:1f:e2:5e:29:55:9a:5a:74:b4:3e:17:8b:80:0a:
        37:14:23:80:23:79:23:88:4a:37:82:c4:6b:41:16:68:b1:c0:
        eb:1a:b2:03

-1551687914 | 2024-05-06T17:13:06.784616

3000 / tcp

HTTP/1.1 404 Not Found
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: refresh-token
Content-Type: application/json; charset=utf-8
Content-Length: 84
Date: Mon, 06 May 2024 17:13:06 GMT
Connection: keep-alive
Keep-Alive: timeout=5

64505954 | 2024-05-07T23:16:08.291481

3001 / tcp

HTTP/1.1 404 Not Found
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: refresh-token
Content-Type: application/json; charset=utf-8
Content-Length: 84
Date: Tue, 07 May 2024 23:16:08 GMT
Connection: keep-alive
Keep-Alive: timeout=5

{"success":false,"message":"The API doesn't exist! Did you type the URL correctly?"}

170.64.192.232

Last Seen: 2024-05-11

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

1785492159 | 2024-05-11T20:51:16.659583
22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.6

677579724 | 2024-05-11T16:57:31.017698
80 / tcp

nginx1.18.0

-1551687914 | 2024-05-11T02:10:09.433066
443 / tcp

nginx1.18.0

-1551687914 | 2024-05-06T17:13:06.784616
3000 / tcp

64505954 | 2024-05-07T23:16:08.291481
3001 / tcp

Products

Pricing

Contact Us

170.64.192.232

Last Seen: 2024-05-11

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

1785492159 | 2024-05-11T20:51:16.659583 22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.6

677579724 | 2024-05-11T16:57:31.017698 80 / tcp

nginx1.18.0

-1551687914 | 2024-05-11T02:10:09.433066 443 / tcp

nginx1.18.0

-1551687914 | 2024-05-06T17:13:06.784616 3000 / tcp

64505954 | 2024-05-07T23:16:08.291481 3001 / tcp

Products

Pricing

Contact Us

1785492159 | 2024-05-11T20:51:16.659583
22 / tcp

677579724 | 2024-05-11T16:57:31.017698
80 / tcp

-1551687914 | 2024-05-11T02:10:09.433066
443 / tcp

-1551687914 | 2024-05-06T17:13:06.784616
3000 / tcp

64505954 | 2024-05-07T23:16:08.291481
3001 / tcp