GeneralInformation

Hostnames	amp.allboxing.ru amp.calend.ru amp.clickiocdn.com amp.dailystorm.ru amp.dgl.ru amp.jornada.com.mx amp.kolesa.ru amp.kopilka-kulinara.ru amp.lvrach.ru amp.sardegnalive.net amp.shkolazhizni.ru
Domains	allboxing.ru calend.ru clickiocdn.com dailystorm.ru dgl.ru jornada.com.mx kolesa.ru kopilka-kulinara.ru lvrach.ru sardegnalive.net shkolazhizni.ru
Country	United States
City	Washington
Organization	Leaseweb USA, Inc.
ISP	Leaseweb USA, Inc.
ASN	AS30633

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2019-9516	6.8Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
CVE-2019-9513	7.8Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9511	7.8Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-20372	4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

OpenPorts

22 25 83 84 443 873 1500 3333 4000 5000 7001 9998 10001

-1845070900 | 2024-04-23T01:45:31.755502

22 / tcp

SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQC/jk9OahdaGZaJSUT1tAew+72VojDHTSqhBPvgbR0RLCkI
ibhShFDAB+iWD8nGX0CE1bp1JZREzZo5P8DzdeM4ZNWjuVYpq9coEXJoxlTM+FDSc8PehgErNUGL
xydmIGVgqKr0JnyZQ8KAqT6SPK1jfpNX7VlpNUl1RO2r8cuLU9Fn3QQp9RpR70/OwKEMFB1yyoR5
XamkBadVfpucHW42vdSHhpFzaIfXIsorQtppsg3sW9oN0YnE8VExZE39aWSegOvef3TmUTnS2kz3
n4wHUzTFVkVCjpHhjUhRZhvJ0BWYt7ddVvcCxoYTL8Rt1SkyK4hJO47if+snUgxSqEC/
Fingerprint: 97:30:a3:c7:db:ec:1b:cb:d2:ec:4b:40:32:1f:e8:80

Kex Algorithms:
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group14-sha1

Server Host Key Algorithms:
	ssh-rsa
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

-1663235701 | 2024-04-27T09:44:33.602463

25 / tcp

220 LSW-192 ESMTP Postfix (Ubuntu)
250-LSW-192
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d5:44:4a:9a:41:1a:5c:85
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=lswrescue
        Validity
            Not Before: Aug 14 19:34:42 2016 GMT
            Not After : Aug 12 19:34:42 2026 GMT
        Subject: CN=lswrescue
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b3:4a:bf:6b:f4:27:95:95:f8:f8:84:8e:fc:8f:
                    a5:47:ab:01:de:89:e3:ce:d4:95:00:c7:d1:70:89:
                    3e:27:72:a5:e6:0d:99:79:01:53:9f:e6:92:2d:61:
                    df:0f:3b:8a:cc:c4:02:40:0b:0d:78:e2:69:c3:50:
                    69:a3:d2:15:e6:63:ce:b0:da:37:d9:b4:58:1d:a3:
                    9f:36:99:c0:e8:87:a7:55:ee:5d:0f:8c:4c:1f:1a:
                    b1:36:87:05:9b:e5:c2:0c:ba:fc:ee:3e:4f:fe:4b:
                    83:96:39:a2:3b:87:4c:ea:79:a6:cd:8f:da:2e:7e:
                    42:d1:61:e0:8f:97:6f:e8:1f:b7:f0:3a:a1:36:d9:
                    12:73:f8:b8:c7:48:f0:93:44:e5:f2:51:bd:3b:44:
                    8e:ad:ea:82:38:4b:ee:09:93:ee:1f:5f:be:73:e3:
                    56:1c:40:b7:fc:1d:d9:0e:87:cb:e3:3e:69:39:56:
                    b4:fb:07:35:5c:69:1f:e6:b8:51:1d:85:f1:ed:7f:
                    bb:ea:cd:48:e7:66:8a:92:2c:18:db:72:9a:f1:7b:
                    0d:1b:0c:36:2d:17:63:0c:41:1d:1a:d2:40:19:aa:
                    ec:a7:e4:60:29:4d:98:c8:c4:87:7d:e5:60:5b:23:
                    68:cb:dd:c0:b8:77:7f:ad:c3:cf:58:45:b8:82:66:
                    ae:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        29:2a:7e:14:b1:bc:82:f8:df:7a:24:79:4f:f3:d8:30:0f:81:
        d7:86:c2:3c:8a:97:bb:b1:38:4e:1e:c6:f7:b4:64:0d:91:59:
        6f:2c:06:50:5e:ad:55:f9:6f:b2:f4:d6:57:a1:64:a7:3b:f7:
        a4:70:6d:c0:80:8c:34:1e:3d:bf:48:52:a1:70:45:1c:dd:25:
        16:d8:a0:b4:d4:0b:a9:63:16:89:87:63:b8:58:dc:90:c5:0b:
        ea:f5:53:d1:7c:04:f9:70:84:42:f7:a4:eb:bd:be:ca:65:5d:
        88:7c:d9:21:44:78:be:a9:16:bc:d5:b9:76:96:23:fa:de:bd:
        8c:46:51:a0:89:c1:3d:64:6b:77:94:69:b2:76:23:73:bb:6a:
        90:d7:57:a6:e6:04:c5:41:9a:42:4d:b8:45:82:27:82:2f:73:
        58:46:bb:bf:0c:d8:40:75:9a:7e:3b:bd:93:cf:8f:85:a9:85:
        2a:1a:49:a2:86:e2:5a:e2:65:a6:56:ac:16:e3:f8:7c:7a:8c:
        1f:36:d7:ce:64:b9:43:49:b2:94:96:a6:da:38:2e:a3:b6:9f:
        c5:8e:e8:ce:e6:7a:4f:e2:a9:11:80:d7:2d:fd:ab:e3:41:29:
        f7:d5:21:ae:ab:d9:25:7d:83:0a:cc:67:1b:8a:7a:8f:c6:de:
        46:7a:b4:41

-1601064001 | 2024-04-30T16:44:08.683722

83 / tcp

HTTP/1.1 200 
Date: Tue, 30 Apr 2024 16:44:08 GMT
Content-Length: 0

-1518821857 | 2024-04-27T14:13:36.090922

84 / tcp

HTTP/1.1 200 
Date: Sat, 27 Apr 2024 14:13:36 GMT
Content-Length: 0

1788556008 | 2024-04-22T19:08:54.334066

443 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.16.0
Date: Mon, 22 Apr 2024 19:08:54 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:96:65:5b:4a:2e:fe:4e:77:69:7b:48:69:7a:2e:09:66:e2
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar 25 08:04:49 2024 GMT
            Not After : Jun 23 08:04:48 2024 GMT
        Subject: CN=amp.clickiocdn.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:da:2a:c9:1e:d1:ba:f2:5e:8d:11:37:ef:21:f3:
                    1b:31:b8:23:0d:97:1e:89:6b:d9:8d:c6:bd:6c:63:
                    65:18:f3:5b:c1:6f:85:ca:0c:71:1a:df:f2:cf:27:
                    cb:8e:f4:fd:28:83:82:d3:7b:c5:94:2b:1f:ad:1b:
                    79:3a:34:8d:33
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                D3:E4:32:88:74:83:DC:D1:88:15:9E:80:51:22:7D:CC:09:2E:3C:17
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:amp.allboxing.ru, DNS:amp.calend.ru, DNS:amp.clickiocdn.com, DNS:amp.dailystorm.ru, DNS:amp.dgl.ru, DNS:amp.jornada.com.mx, DNS:amp.kolesa.ru, DNS:amp.kopilka-kulinara.ru, DNS:amp.lvrach.ru, DNS:amp.sardegnalive.net, DNS:amp.shkolazhizni.ru
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
                                65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
                    Timestamp : Mar 25 09:04:49.325 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:2D:DD:D9:9D:4A:4D:E4:6F:0E:21:CF:3B:
                                CA:5D:C0:C3:47:9F:96:2F:92:8B:98:33:5D:4E:37:7E:
                                69:71:DC:18:02:21:00:E9:0D:75:B7:4A:CB:14:FD:97:
                                67:DF:CF:EE:80:CC:E7:6C:EF:5E:52:AB:AC:93:61:AE:
                                F7:90:DD:8B:72:89:96
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Mar 25 09:04:51.267 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:A1:C0:A8:23:CC:FE:6D:23:B8:F0:2A:
                                CD:38:E5:AD:7E:4E:DA:FF:F2:ED:5A:CC:E6:A6:01:CC:
                                B9:4A:94:DF:A2:02:20:4C:10:70:06:58:63:B5:CA:72:
                                30:F2:AF:C4:0D:0C:D4:7E:5E:F2:CB:AE:56:FA:7F:77:
                                AD:10:DF:D2:00:7D:B2
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        8d:67:a4:91:5e:d1:40:28:86:c1:47:93:43:75:7f:8c:32:eb:
        f1:9e:31:e7:95:94:ca:a3:eb:b4:51:e7:c3:4b:23:22:1e:5d:
        06:9a:92:e0:21:17:51:42:e6:cd:c2:bc:23:30:70:e3:1f:c5:
        8e:c6:e2:82:6f:41:ab:68:7e:18:94:e3:3d:2c:d2:bf:21:7a:
        0b:23:b2:2b:d1:ce:ae:ff:66:d6:e9:89:9e:a9:87:9e:54:96:
        62:fc:60:b7:aa:f2:53:4c:ef:83:9f:90:2d:90:d2:f2:41:da:
        93:aa:6e:f8:da:22:b8:ff:21:c6:80:5a:76:2b:d7:6d:d7:d4:
        0b:77:bb:77:47:4f:f0:d3:5a:19:2c:5b:4f:97:8c:89:f4:40:
        f6:c0:17:5d:27:c0:0f:98:a6:ac:46:af:e1:95:31:58:04:17:
        2f:a4:8a:36:9d:45:22:88:58:19:c2:45:0d:23:59:21:b1:ec:
        b8:2b:63:d3:2b:08:0e:4a:12:93:0a:fa:c4:31:e3:1e:eb:53:
        76:9b:4b:63:aa:48:26:ed:6f:b3:01:a9:32:6e:c1:ff:13:6e:
        ff:27:3f:51:95:d1:96:3d:20:15:66:a0:a4:04:45:c1:61:7d:
        1a:20:71:46:39:cd:6b:9e:29:2c:c7:93:fa:09:c6:e9:f5:dd:
        24:2c:90:46

-1506076533 | 2024-04-17T13:32:42.778996

873 / tcp

@RSYNCD: 31.0\nt              	t
pu             	t
platform_static	platform_static
@RSYNCD: EXIT

997782709 | 2024-04-20T16:29:24.613380

1500 / tcp

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Sat, 20 Apr 2024 16:29:24 GMT
Content-Length: 0

529709148 | 2024-04-29T05:30:15.340970

3333 / tcp

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Mon, 29 Apr 2024 05:30:15 GMT
Content-Length: 0

-1675418583 | 2024-04-24T04:08:48.148966

4000 / tcp

HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close

400 Bad Request

-566038532 | 2024-04-28T10:34:11.680615

5000 / tcp

HTTP/1.1 403 Forbidden
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: 
Cache-Control: private, no-cache
Pragma: no-cache
Date: Sun, 28 Apr 2024 10:34:11 GMT
Content-Length: 0

683164975 | 2024-04-26T10:41:27.319024

7001 / tcp

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Fri, 26 Apr 2024 10:41:27 GMT
Content-Length: 0

-1991919716 | 2024-04-25T21:51:43.130908

9998 / tcp

HTTP/1.1 400 Bad Request
Server: nginx/1.16.0
Date: Thu, 25 Apr 2024 21:51:39 GMT
Content-Type: text/html
Content-Length: 157
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.16.0</center>
</body>
</html>

679007011 | 2024-04-28T07:56:42.217855

10001 / tcp

HTTP/1.0 400 Bad request
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>400 Bad request</h1>
Your browser sent an invalid request.
</body></html>

192.96.201.97

Last Seen: 2024-04-30

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1845070900 | 2024-04-23T01:45:31.755502
22 / tcp

OpenSSH7.2p2 Ubuntu-4ubuntu2.8

-1663235701 | 2024-04-27T09:44:33.602463
25 / tcp

Postfix smtpd

-1601064001 | 2024-04-30T16:44:08.683722
83 / tcp

-1518821857 | 2024-04-27T14:13:36.090922
84 / tcp

1788556008 | 2024-04-22T19:08:54.334066
443 / tcp

nginx1.16.0

-1506076533 | 2024-04-17T13:32:42.778996
873 / tcp

rsyncd31.0

997782709 | 2024-04-20T16:29:24.613380
1500 / tcp

529709148 | 2024-04-29T05:30:15.340970
3333 / tcp

-1675418583 | 2024-04-24T04:08:48.148966
4000 / tcp

-566038532 | 2024-04-28T10:34:11.680615
5000 / tcp

683164975 | 2024-04-26T10:41:27.319024
7001 / tcp

-1991919716 | 2024-04-25T21:51:43.130908
9998 / tcp

nginx1.16.0

679007011 | 2024-04-28T07:56:42.217855
10001 / tcp

Products

Pricing

Contact Us

192.96.201.97

Last Seen: 2024-04-30

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1845070900 | 2024-04-23T01:45:31.755502 22 / tcp

OpenSSH7.2p2 Ubuntu-4ubuntu2.8

-1663235701 | 2024-04-27T09:44:33.602463 25 / tcp

Postfix smtpd

-1601064001 | 2024-04-30T16:44:08.683722 83 / tcp

-1518821857 | 2024-04-27T14:13:36.090922 84 / tcp

1788556008 | 2024-04-22T19:08:54.334066 443 / tcp

nginx1.16.0

-1506076533 | 2024-04-17T13:32:42.778996 873 / tcp

rsyncd31.0

997782709 | 2024-04-20T16:29:24.613380 1500 / tcp

529709148 | 2024-04-29T05:30:15.340970 3333 / tcp

-1675418583 | 2024-04-24T04:08:48.148966 4000 / tcp

-566038532 | 2024-04-28T10:34:11.680615 5000 / tcp

683164975 | 2024-04-26T10:41:27.319024 7001 / tcp

-1991919716 | 2024-04-25T21:51:43.130908 9998 / tcp

nginx1.16.0

679007011 | 2024-04-28T07:56:42.217855 10001 / tcp

Products

Pricing

Contact Us

-1845070900 | 2024-04-23T01:45:31.755502
22 / tcp

-1663235701 | 2024-04-27T09:44:33.602463
25 / tcp

-1601064001 | 2024-04-30T16:44:08.683722
83 / tcp

-1518821857 | 2024-04-27T14:13:36.090922
84 / tcp

1788556008 | 2024-04-22T19:08:54.334066
443 / tcp

-1506076533 | 2024-04-17T13:32:42.778996
873 / tcp

997782709 | 2024-04-20T16:29:24.613380
1500 / tcp

529709148 | 2024-04-29T05:30:15.340970
3333 / tcp

-1675418583 | 2024-04-24T04:08:48.148966
4000 / tcp

-566038532 | 2024-04-28T10:34:11.680615
5000 / tcp

683164975 | 2024-04-26T10:41:27.319024
7001 / tcp

-1991919716 | 2024-04-25T21:51:43.130908
9998 / tcp

679007011 | 2024-04-28T07:56:42.217855
10001 / tcp