GeneralInformation

Hostnames	acheck.povargek.ru
Domains	povargek.ru
Country	Russian Federation
City	Moscow
Organization	SmartApe OU
ISP	LLC Smart Ape
ASN	AS56694

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2019-9516	6.8Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
CVE-2019-9513	7.8Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9511	7.8Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-20372	4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

OpenPorts

53 80 111 123 443

-876419114 | 2024-04-04T23:19:35.818508

53 / tcp

9.9.5-9+deb8u19-Debian
Resolver name: database

-876419114 | 2024-04-15T19:25:48.645636

53 / udp

9.9.5-9+deb8u19-Debian
Resolver name: database

1131679364 | 2024-03-29T22:42:50.243084

80 / tcp

HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Fri, 29 Mar 2024 22:42:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=kko3mod1rlauon7u1iod17qsp3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

-1117906012 | 2024-03-27T01:23:37.621877

111 / tcp

Portmap
Program	Version	Protocol	Port
portmapper	4	tcp	111
portmapper	3	tcp	111
portmapper	2	tcp	111
portmapper	4	udp	111
portmapper	3	udp	111
portmapper	2	udp	111
status	1	udp	56316
status	1	tcp	51633

-1117906012 | 2024-04-13T11:08:54.659048

111 / udp

Portmap
Program	Version	Protocol	Port
portmapper	4	tcp	111
portmapper	3	tcp	111
portmapper	2	tcp	111
portmapper	4	udp	111
portmapper	3	udp	111
portmapper	2	udp	111
status	1	udp	56316
status	1	tcp	51633

347179081 | 2024-03-27T22:25:18.807999

123 / udp

NTP
protocolversion: 3
stratum: 2
leap: 0
precision: -22
rootdelay: 0.0045166015625
rootdisp: 0.0424957275391
refid: 1500379925
reftime: 3920565877.65
poll: 3

1131679364 | 2024-04-16T16:30:12.198944

443 / tcp

HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Tue, 16 Apr 2024 16:30:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=b1ip1jp5u5v4rr25oeur7ap415; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:c2:37:8c:6c:30:1c:79:5f:17:a8:88:8c:79:80:46:ee:52
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Apr  1 23:57:10 2024 GMT
            Not After : Jun 30 23:57:09 2024 GMT
        Subject: CN=acheck.povargek.ru
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c1:ea:64:e8:e5:37:82:89:5d:0c:8c:3d:c1:23:
                    98:f8:85:72:d5:c8:b9:00:c0:8e:0f:9f:4d:bb:1c:
                    8f:13:8a:d8:e1:16:72:b4:1f:36:c0:35:88:7c:8c:
                    17:30:58:a1:fb:d9:c3:c4:e8:0b:33:5b:87:94:a2:
                    31:22:40:a3:ab:45:ee:da:18:97:bf:36:d6:86:04:
                    51:be:78:c7:0c:c0:06:57:f3:48:4d:1f:90:e3:41:
                    f9:23:d6:bb:16:76:85:22:e8:43:f9:f5:97:6d:43:
                    e8:5b:6c:32:25:12:a3:fc:5a:0b:24:8f:7d:3e:71:
                    4f:2f:17:72:21:a6:54:1a:8d:af:95:49:ff:89:fe:
                    13:de:ad:42:95:27:ff:17:68:1f:ac:ed:16:55:70:
                    df:fb:98:ba:6b:88:7c:74:e7:4d:0f:25:d6:35:10:
                    66:79:84:b0:d8:55:d3:a0:44:7f:6a:25:cf:9f:c9:
                    3c:74:56:b8:3b:eb:4f:4e:ea:ef:39:56:ad:8f:25:
                    13:1d:9b:f8:88:3c:ca:9e:ce:41:36:d0:0c:21:be:
                    89:17:0b:83:21:44:19:f1:cc:db:30:b1:37:8e:0f:
                    51:73:17:a1:18:36:c0:21:e3:53:0c:bc:bb:b0:ab:
                    c4:48:7c:dd:ec:60:8b:71:d1:12:29:d5:1c:31:f8:
                    96:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                C2:5D:B9:29:F2:4F:92:6F:62:76:66:5C:49:A0:90:3A:8D:60:6E:B2
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:acheck.povargek.ru
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Apr  2 00:57:10.186 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:18:49:9B:E3:5E:80:4E:FE:38:8F:9F:33:
                                2D:F1:11:82:48:79:91:BF:B8:43:D4:B1:1B:14:1D:BF:
                                4B:AD:31:BA:02:20:1D:0D:93:B0:DE:C2:7A:56:AF:82:
                                BB:78:7D:3D:26:AA:CB:1E:7F:1C:4F:72:07:45:6D:01:
                                78:F5:0D:2C:7B:E7
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Apr  2 00:57:10.114 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:6F:7C:F2:DF:15:E7:02:57:AD:15:FE:DD:
                                BC:FA:F6:11:06:D8:A4:68:16:DC:75:12:3A:2B:29:36:
                                64:1F:3B:CA:02:20:19:1E:B5:5C:6F:B9:6E:1D:85:F3:
                                1C:7A:A9:DA:FF:A9:A9:A5:D8:AB:CF:EA:6E:EA:65:EC:
                                BD:C0:0B:79:85:3C
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        05:8a:8a:97:33:0f:3b:f5:3c:a1:96:73:e8:c8:fa:9f:4e:0a:
        2c:ba:ed:37:a9:9a:40:51:f4:3f:a9:0d:4a:0d:2e:15:7b:64:
        90:4f:2d:07:01:1b:a1:de:b7:80:50:44:99:54:c3:ff:c4:0e:
        98:6e:8f:b4:1b:26:de:7d:c5:94:ad:d4:c0:a2:e4:57:2a:ab:
        65:fd:01:9e:57:02:f7:67:75:ce:1f:e1:47:54:41:96:90:49:
        b6:67:57:dc:ad:0c:fb:6c:b1:68:74:59:c1:9b:fd:a5:c2:55:
        ff:85:f1:a3:3d:db:d0:6c:66:fe:18:29:af:ff:43:6d:80:cc:
        f2:7c:58:46:84:66:dc:29:1e:d8:f2:d1:9f:4c:7d:d3:0b:98:
        c7:f6:72:a2:a9:4d:ed:1f:4a:55:01:11:5d:c0:27:df:90:f2:
        0c:a7:0b:13:88:1a:95:93:b7:9d:14:76:bf:8b:5d:51:64:af:
        2e:8d:c2:9b:05:dd:a8:b6:0b:4e:60:a8:8a:e0:38:7d:22:32:
        9d:ce:f1:ac:4f:86:0e:a0:18:10:a1:e9:82:c5:6f:a7:3d:d8:
        0a:9f:3b:12:5d:c5:99:86:3e:91:3f:b8:a2:24:22:7f:0c:9d:
        a6:05:e5:6a:62:4a:3d:a5:dd:ee:c9:28:d8:11:f9:28:67:2f:
        8c:30:96:4b

188.127.230.103

Last Seen: 2024-04-16

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-876419114 | 2024-04-04T23:19:35.818508
53 / tcp

-876419114 | 2024-04-15T19:25:48.645636
53 / udp

1131679364 | 2024-03-29T22:42:50.243084
80 / tcp

nginx1.16.0

-1117906012 | 2024-03-27T01:23:37.621877
111 / tcp

-1117906012 | 2024-04-13T11:08:54.659048
111 / udp

347179081 | 2024-03-27T22:25:18.807999
123 / udp

1131679364 | 2024-04-16T16:30:12.198944
443 / tcp

nginx1.16.0

Products

Pricing

Contact Us

188.127.230.103

Last Seen: 2024-04-16

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-876419114 | 2024-04-04T23:19:35.818508 53 / tcp

-876419114 | 2024-04-15T19:25:48.645636 53 / udp

1131679364 | 2024-03-29T22:42:50.243084 80 / tcp

nginx1.16.0

-1117906012 | 2024-03-27T01:23:37.621877 111 / tcp

-1117906012 | 2024-04-13T11:08:54.659048 111 / udp

347179081 | 2024-03-27T22:25:18.807999 123 / udp

1131679364 | 2024-04-16T16:30:12.198944 443 / tcp

nginx1.16.0

Products

Pricing

Contact Us

-876419114 | 2024-04-04T23:19:35.818508
53 / tcp

-876419114 | 2024-04-15T19:25:48.645636
53 / udp

1131679364 | 2024-03-29T22:42:50.243084
80 / tcp

-1117906012 | 2024-03-27T01:23:37.621877
111 / tcp

-1117906012 | 2024-04-13T11:08:54.659048
111 / udp

347179081 | 2024-03-27T22:25:18.807999
123 / udp

1131679364 | 2024-04-16T16:30:12.198944
443 / tcp