GeneralInformation

Hostnames	api.flittertrade.com d30300.exe.regrucolo.ru
Domains	flittertrade.com regrucolo.ru
Country	Russian Federation
City	Moscow
Organization	Reg.Ru Hosting
ISP	"Domain names registrar REG.RU", Ltd
ASN	AS197695

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

22 80 111 443 3000 3001 3306 8080 33060

-1013423735 | 2024-04-21T17:59:12.188742

22 / tcp

SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u2
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQC/YvvXYTenB3cIy6F9rC+lSITv/AxvH8TFaDD/4OGTlxvZ
YpCv6lAHRkOMsA4TFKuuP/Yw2bMxsbApmPH0tP3k2xrKGEIWZko9UF7MbYU5GULxQefKcpUh37AX
NR9BHc0Dy5AG+btCTy/qu5815INQQNrFPlzyVPtC5btJMxWM3EX+qQT+PSeDFlpivkIqjOnf0Qgk
sZ1uvQ5pPvma+2zGWi8xeXEQDRtDlg2qmDRMjMId4qSUQP28z32t83HelOM4esXsQla+gzgAu6nj
dk5b2IgsNmHVtqo86wNN5rCoSbmLCtck3TsFYaXCfd4UsNcqj1HoKth2ychdYW5w1cEUS8gwCq+G
P/s3yT/fFBF+hUdjRG/8Dd5XR+KHfPuCuIbrBjTcdrvu4TP2Pl3A/459iu8u6UxlVlONh+aOonNU
BYxlO5benWWTASDmIaJ5t9YNOcICYYktgAA6Sv4HAcw9tVSShe6xZC8CoZMzz9py7mPB3Ev/2SUL
bbCNvCHiISU=
Fingerprint: 4f:20:e5:a0:c2:b9:96:4a:71:b7:9d:dd:94:e2:ec:3f

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

1651973090 | 2024-04-23T05:41:31.058348

80 / tcp

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Tue, 23 Apr 2024 05:41:30 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Sat, 16 Sep 2023 19:39:38 GMT
Connection: keep-alive
ETag: "6506047a-264"
Accept-Ranges: bytes

-1345205424 | 2024-04-24T01:01:42.145898

111 / tcp

Portmap
Program	Version	Protocol	Port
portmapper	4	tcp	111
portmapper	3	tcp	111
portmapper	2	tcp	111
portmapper	4	udp	111
portmapper	3	udp	111
portmapper	2	udp	111

-1345205424 | 2024-04-23T00:47:34.154190

111 / udp

Portmap
Program	Version	Protocol	Port
portmapper	4	tcp	111
portmapper	3	tcp	111
portmapper	2	tcp	111
portmapper	4	udp	111
portmapper	3	udp	111
portmapper	2	udp	111

607219342 | 2024-04-23T08:09:23.436485

443 / tcp

HTTP/1.1 404 
Server: nginx/1.18.0
Date: Tue, 23 Apr 2024 08:09:23 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 275
Connection: keep-alive
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Language: en-US

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:0a:5d:02:96:cd:2e:37:6b:f8:f8:52:85:26:44:88:51:70
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar 16 06:08:00 2024 GMT
            Not After : Jun 14 06:07:59 2024 GMT
        Subject: CN=api.flittertrade.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b3:9f:a0:28:8b:fb:c3:de:ac:6f:ff:c6:76:88:
                    b8:ed:20:b5:1c:4b:db:4e:b7:f7:8e:30:c1:ec:45:
                    79:60:5e:82:3a:49:28:db:91:c5:9f:1c:b8:01:70:
                    cc:cf:9e:92:6f:b4:5b:ee:85:53:08:74:c4:7d:ad:
                    d0:cd:3e:91:a0:f7:3f:c4:aa:2a:93:35:48:0d:34:
                    70:df:61:65:69:b1:88:2c:47:55:57:58:f6:26:de:
                    cf:88:1b:f7:ba:b2:aa:48:ea:d2:c1:0b:b9:87:a7:
                    3b:bb:35:68:1b:57:53:aa:d1:d1:49:38:25:98:53:
                    54:c1:11:1a:76:b9:e8:17:0b:5c:8e:37:0e:cc:98:
                    22:be:da:59:73:a6:96:22:e8:dd:91:f9:52:81:12:
                    fd:fb:b7:ca:35:57:37:40:7e:2d:84:77:f3:21:7d:
                    03:32:ee:a1:35:24:10:64:e9:f5:f9:f8:75:4c:b2:
                    53:13:40:f1:2d:ea:e4:9e:63:1a:e6:2f:26:9b:b7:
                    8e:1d:14:10:fd:5b:b8:ba:1f:74:02:3d:bc:1e:75:
                    7e:6a:cd:5b:e9:7d:cd:22:9b:f0:0e:1b:de:28:c2:
                    39:45:30:c9:29:7c:bb:a6:a0:c3:82:7a:4c:a2:e9:
                    0e:22:41:8b:06:7b:78:00:b8:04:6d:d6:f0:31:cc:
                    05:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                58:35:6D:5A:99:42:CA:2A:9B:D0:74:D8:58:0B:1E:7A:E8:CF:A9:3E
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:api.flittertrade.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
                                65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
                    Timestamp : Mar 16 07:08:01.059 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:79:E8:B6:12:5A:77:AD:93:02:04:B9:EA:
                                0C:9B:2D:49:73:7E:E4:A5:AF:74:6A:F5:9E:49:49:EB:
                                A7:09:EA:1E:02:20:18:D0:9D:ED:7F:E5:EF:E4:8C:EF:
                                9C:E2:B2:33:62:A8:12:46:25:D1:00:D5:71:0C:3F:27:
                                9E:72:7F:69:F0:0B
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Mar 16 07:08:01.558 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:08:15:6E:5B:03:40:43:12:6B:37:B5:89:
                                8D:1B:25:AA:0E:60:9E:7E:40:DC:B8:13:8A:34:01:49:
                                FC:3C:87:39:02:21:00:92:31:8A:DC:C2:25:EB:9B:25:
                                52:E8:58:13:D2:D1:07:A1:1A:2D:90:B9:B9:CE:70:7B:
                                31:96:A9:51:4E:52:B5
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        67:57:3e:f8:6c:10:9a:c7:d9:1c:a1:52:e5:d3:c2:01:f2:b3:
        2a:79:ef:ad:78:d6:1f:87:ad:d3:10:fc:30:2f:4f:ab:0b:9d:
        36:94:d3:75:f0:53:19:a3:02:e1:72:8b:a4:c6:e0:c5:a4:bb:
        76:9b:ce:80:15:98:e3:b7:be:53:e1:70:00:32:5a:3f:ce:b1:
        7a:a1:26:b6:6a:01:6c:5a:6a:41:1e:8c:c5:d9:3e:9c:c6:da:
        82:2e:ae:b4:2b:8d:86:04:96:3e:55:df:c5:e3:95:cc:5a:ec:
        ba:e5:e6:f3:2a:1e:e0:27:10:af:46:6d:6b:cd:0b:36:62:ed:
        dd:42:4e:77:08:a6:9c:94:aa:6c:cd:e5:8c:7c:2d:cc:46:82:
        f0:63:fa:9d:47:62:7d:eb:62:35:25:74:32:cd:77:66:b0:96:
        c6:67:e9:00:d2:5c:4f:4b:b4:9e:b2:6e:9d:68:43:35:e4:c9:
        53:42:69:43:65:c4:6d:2c:0c:62:63:74:05:25:1d:b7:65:69:
        9b:e5:69:a2:87:80:0e:aa:3f:a4:ef:c4:d4:47:d1:75:79:7b:
        ba:10:d4:02:49:56:c7:e2:4d:b6:01:31:01:dc:13:74:d9:52:
        a9:bf:4f:33:71:59:7b:84:06:8a:c8:3e:a5:c1:1a:8a:86:f1:
        a6:a0:44:ce

1716296872 | 2024-04-19T13:45:02.661307

3000 / tcp

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Headers: *
Content-Type: text/html; charset=utf-8
Accept-Ranges: bytes
Content-Length: 1754
ETag: W/"6da-4Mwk95q7n6lFPpt40L8iR50ll0k"
Vary: Accept-Encoding
Date: Fri, 19 Apr 2024 13:45:02 GMT
Connection: keep-alive
Keep-Alive: timeout=5

-1246004407 | 2024-04-21T03:00:51.455805

3001 / tcp

HTTP/1.1 400 Bad Request
Connection: close

1044316745 | 2024-04-18T21:56:18.098920

3306 / tcp

MySQL:
  Protocol Version: 10
  Version: 8.0.35
  Capabilities: 65535
  Server Language: 255
  Server Status: 2
  Extended Server Capabilities: 57343
  Authentication Plugin: mysql_native_password

260642027 | 2024-04-23T04:29:38.369371

8080 / tcp

HTTP/1.1 404 
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 275
Date: Tue, 23 Apr 2024 04:29:38 GMT

-795948505 | 2024-04-16T00:35:46.028777

33060 / tcp

MySQL X Protocol:
  tls: False
  authentication.mechanisms:
    MYSQL41
    SHA256_MEMORY
  doc.formats: text
  client.interactive: False
  compression:
    algorithm:
      deflate_stream
      lz4_message
      zstd_stream
  node_type: mysql
  client.pwd_expire_ok: False

194.58.88.164

Last Seen: 2024-04-24

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1013423735 | 2024-04-21T17:59:12.188742
22 / tcp

OpenSSH8.4p1 Debian 5+deb11u2

1651973090 | 2024-04-23T05:41:31.058348
80 / tcp

nginx1.18.0

-1345205424 | 2024-04-24T01:01:42.145898
111 / tcp

-1345205424 | 2024-04-23T00:47:34.154190
111 / udp

607219342 | 2024-04-23T08:09:23.436485
443 / tcp

nginx1.18.0

1716296872 | 2024-04-19T13:45:02.661307
3000 / tcp

-1246004407 | 2024-04-21T03:00:51.455805
3001 / tcp

1044316745 | 2024-04-18T21:56:18.098920
3306 / tcp

MySQL8.0.35

260642027 | 2024-04-23T04:29:38.369371
8080 / tcp

-795948505 | 2024-04-16T00:35:46.028777
33060 / tcp

MySQL X Protocol

Products

Pricing

Contact Us

194.58.88.164

Last Seen: 2024-04-24

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1013423735 | 2024-04-21T17:59:12.188742 22 / tcp

OpenSSH8.4p1 Debian 5+deb11u2

1651973090 | 2024-04-23T05:41:31.058348 80 / tcp

nginx1.18.0

-1345205424 | 2024-04-24T01:01:42.145898 111 / tcp

-1345205424 | 2024-04-23T00:47:34.154190 111 / udp

607219342 | 2024-04-23T08:09:23.436485 443 / tcp

nginx1.18.0

1716296872 | 2024-04-19T13:45:02.661307 3000 / tcp

-1246004407 | 2024-04-21T03:00:51.455805 3001 / tcp

1044316745 | 2024-04-18T21:56:18.098920 3306 / tcp

MySQL8.0.35

260642027 | 2024-04-23T04:29:38.369371 8080 / tcp

-795948505 | 2024-04-16T00:35:46.028777 33060 / tcp

MySQL X Protocol

Products

Pricing

Contact Us

-1013423735 | 2024-04-21T17:59:12.188742
22 / tcp

1651973090 | 2024-04-23T05:41:31.058348
80 / tcp

-1345205424 | 2024-04-24T01:01:42.145898
111 / tcp

-1345205424 | 2024-04-23T00:47:34.154190
111 / udp

607219342 | 2024-04-23T08:09:23.436485
443 / tcp

1716296872 | 2024-04-19T13:45:02.661307
3000 / tcp

-1246004407 | 2024-04-21T03:00:51.455805
3001 / tcp

1044316745 | 2024-04-18T21:56:18.098920
3306 / tcp

260642027 | 2024-04-23T04:29:38.369371
8080 / tcp

-795948505 | 2024-04-16T00:35:46.028777
33060 / tcp