GeneralInformation

Hostnames	atservers.net by115.atservers.net
Domains	atservers.net
Country	Belarus
City	Minsk
Organization	Aktivnie Tehnologii LLC
ISP	Republican Unitary Telecommunication Enterprise Beltelecom
ASN	AS6697

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2019-9516	6.8Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
CVE-2019-9513	7.8Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9511	7.8Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-20372	4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

OpenPorts

21 22 80 161 443 3306

153547252 | 2024-05-06T09:56:56.234694

21 / tcp

220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 2 of 100 allowed.
220-Local time is now 12:56. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
530 Login authentication failed
214-The following SITE commands are recognized
 ALIAS
 CHMOD
 IDLE
 UTIME
214 Pure-FTPd - http://pureftpd.org/
211-Extensions supported:
 EPRT
 IDLE
 MDTM
 SIZE
 REST STREAM
 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
 MLSD
 AUTH TLS
 PBSZ
 PROT
 UTF8
 ESTA
 PASV
 EPSV
 SPSV
 ESTP
211 End.

2039704282 | 2024-05-07T15:52:12.079709

22 / tcp

SSH-2.0-OpenSSH_5.3\r\n

474301653 | 2024-05-02T10:50:37.121255

80 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.16.0
Date: Thu, 02 May 2024 10:50:37 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 203
Connection: keep-alive
Keep-Alive: timeout=60

-1040131371 | 2024-05-04T00:27:37.856189

161 / udp

SNMP:
  Versions:
    3
  Engine Boots: 39
  Engineid Data: 80001f8880a4fc78697797a55200000000
  Enterprise: 8072
  Engine Time: 891 days, 16:36:58

474301653 | 2024-05-05T04:00:28.068299

443 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.16.0
Date: Sun, 05 May 2024 04:00:27 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 203
Connection: keep-alive
Keep-Alive: timeout=60

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:fb:07:8a:b0:2d:5e:1f:41:0d:a7:22:f6:27:80:73
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1
        Validity
            Not Before: Nov  9 00:00:00 2023 GMT
            Not After : Dec  2 23:59:59 2024 GMT
        Subject: CN=*.atservers.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b1:d2:f0:c3:67:16:59:df:41:a4:4e:72:4f:65:
                    67:9a:14:29:3e:3e:eb:6d:00:e0:e1:0b:c0:e3:6c:
                    81:21:97:59:53:2b:cb:ce:ba:a0:95:df:f4:b1:bf:
                    c6:27:7a:cd:e9:ba:9b:6e:fa:5a:b5:74:5a:ad:a3:
                    b7:bc:08:86:79:40:7a:2b:bd:aa:93:fb:ba:56:cd:
                    f5:2c:56:07:36:a6:6e:26:51:d8:68:c5:9c:6b:b7:
                    be:8a:a1:3d:89:b3:96:7e:d2:d2:ea:98:c7:93:d6:
                    5b:ea:59:fc:f9:9a:2f:a7:11:5b:90:70:f8:15:26:
                    e1:97:95:a2:5d:06:68:97:25:40:cd:f4:10:49:bc:
                    c8:ac:f7:dc:ea:14:cd:59:73:4e:1e:cd:1b:d7:f6:
                    0d:9f:44:45:62:51:55:a4:b2:99:c0:d4:a3:b7:7b:
                    7d:a9:83:0f:c9:24:a9:6c:6e:a4:9e:b6:0e:2e:78:
                    89:4a:a0:7a:4f:71:f1:a1:62:5e:ce:87:ac:16:85:
                    3c:7c:01:8b:b3:10:b5:ad:75:a2:fa:b2:8d:f2:62:
                    dc:31:4d:7f:02:1b:53:27:6b:44:ef:5c:be:34:9f:
                    23:95:c8:40:4b:7b:9b:b7:e7:67:fc:73:23:02:d6:
                    d9:c3:11:e0:2a:df:88:67:4f:5b:41:42:51:5e:b2:
                    1f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                0C:DB:6C:82:49:0F:4A:67:0A:B8:14:EE:7A:C4:48:52:88:EB:56:38
            X509v3 Subject Key Identifier: 
                97:26:9A:86:A6:A3:6E:4D:6A:46:BC:66:6B:E0:DF:20:1C:30:42:B5
            X509v3 Subject Alternative Name: 
                DNS:*.atservers.net, DNS:atservers.net
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                  CPS: http://www.digicert.com/CPS
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl
            Authority Information Access: 
                OCSP - URI:http://status.rapidssl.com
                CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Nov  9 09:45:13.390 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:EE:0D:84:12:C6:F4:99:3B:47:C4:5C:
                                2E:8C:F6:EC:64:D2:F6:06:F5:E8:32:FE:CB:3F:B1:3D:
                                61:13:F8:3B:2B:02:20:2C:92:9A:BE:0E:C2:99:16:BB:
                                62:80:F6:76:7A:F0:32:99:E3:E5:4A:95:EB:9A:F7:A9:
                                E6:AA:CE:91:FF:41:A2
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Nov  9 09:45:13.344 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:AE:D2:85:44:08:5E:F6:50:06:3C:C2:
                                27:7E:E0:08:1B:22:C7:B0:3C:3A:BB:FB:BA:A7:B3:FC:
                                A0:04:C3:6C:08:02:21:00:D1:44:74:B9:A5:1E:02:C4:
                                E7:03:EA:1D:F3:8F:4B:6F:B7:A1:FF:A6:E0:60:BB:85:
                                95:47:85:C4:FA:FD:03:38
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
                                ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
                    Timestamp : Nov  9 09:45:13.408 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:1E:67:92:26:17:E1:88:E8:64:50:31:03:
                                97:34:9E:B4:0F:37:17:19:61:0A:81:AC:6E:79:D6:1F:
                                91:82:B6:8A:02:20:4D:2B:36:84:1A:47:B4:3C:5C:EC:
                                24:82:C8:17:51:30:71:4A:DF:18:9F:D5:93:35:F0:31:
                                C6:7E:3A:E3:D2:A9
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        a7:24:89:be:f0:f2:7a:67:86:59:49:d4:7e:aa:82:91:0e:6d:
        59:0d:6f:ca:4b:87:25:95:cd:4c:28:45:52:ad:96:f6:f3:24:
        5f:65:b3:5c:33:50:af:f0:91:f8:18:0a:6e:a8:23:8e:8e:5d:
        2d:37:30:99:04:21:18:55:44:be:8d:87:78:31:b9:ee:4b:bc:
        f3:fa:ba:f7:cd:e1:07:70:80:a7:73:d4:5e:2c:c4:d2:c2:99:
        29:0a:73:c1:0d:9f:c6:e2:e6:c7:2e:ae:15:67:0a:14:63:a3:
        e0:44:74:0d:dd:28:5c:d1:05:a0:d8:a2:eb:e5:2d:4a:59:37:
        66:61:08:f8:e4:e1:5f:92:96:1b:eb:3d:cb:a4:f3:39:7c:75:
        f4:00:61:93:84:dc:05:dd:a4:d6:4c:02:1e:b2:ae:55:7d:29:
        db:e2:5b:27:89:42:db:eb:fd:08:cf:75:41:22:07:c0:ed:cf:
        49:32:a3:66:ea:09:6a:c4:93:52:0e:a5:9e:2c:a6:10:5c:e5:
        2b:66:ff:d8:f1:26:65:fb:4a:f1:f4:3c:6b:0d:f6:7c:96:e7:
        ce:15:a7:44:a2:52:7d:fc:9b:01:a3:5c:6e:2e:32:9d:2f:74:
        e0:61:47:69:bf:a0:b2:07:23:fc:26:7b:1b:a0:72:ae:ac:c5:
        8e:f4:80:e1

-458631213 | 2024-05-04T22:00:40.813409

3306 / tcp

MySQL:
  Protocol Version: 10
  Version: 5.5.52-38.3-log
  Capabilities: 63487
  Server Language: 51
  Server Status: 2
  Extended Server Capabilities: 32783
  Authentication Plugin: mysql_native_password

178.159.242.82

Last Seen: 2024-05-07

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

153547252 | 2024-05-06T09:56:56.234694
21 / tcp

Pure-FTPd

2039704282 | 2024-05-07T15:52:12.079709
22 / tcp

OpenSSH5.3\r\n

474301653 | 2024-05-02T10:50:37.121255
80 / tcp

nginx1.16.0

-1040131371 | 2024-05-04T00:27:37.856189
161 / udp

474301653 | 2024-05-05T04:00:28.068299
443 / tcp

nginx1.16.0

-458631213 | 2024-05-04T22:00:40.813409
3306 / tcp

MySQL5.5.52-38.3-log

Products

Pricing

Contact Us

178.159.242.82

Last Seen: 2024-05-07

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

153547252 | 2024-05-06T09:56:56.234694 21 / tcp

Pure-FTPd

2039704282 | 2024-05-07T15:52:12.079709 22 / tcp

OpenSSH5.3\r\n

474301653 | 2024-05-02T10:50:37.121255 80 / tcp

nginx1.16.0

-1040131371 | 2024-05-04T00:27:37.856189 161 / udp

474301653 | 2024-05-05T04:00:28.068299 443 / tcp

nginx1.16.0

-458631213 | 2024-05-04T22:00:40.813409 3306 / tcp

MySQL5.5.52-38.3-log

Products

Pricing

Contact Us

153547252 | 2024-05-06T09:56:56.234694
21 / tcp

2039704282 | 2024-05-07T15:52:12.079709
22 / tcp

474301653 | 2024-05-02T10:50:37.121255
80 / tcp

-1040131371 | 2024-05-04T00:27:37.856189
161 / udp

474301653 | 2024-05-05T04:00:28.068299
443 / tcp

-458631213 | 2024-05-04T22:00:40.813409
3306 / tcp