GeneralInformation

Hostnames	banky.club static.banky.club
Domains	banky.club
Country	United States
City	Kansas City
Organization	Nocix, LLC
ISP	Nocix, LLC
ASN	AS33387
Operating System	Ubuntu

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

22 80 443 873 5003 9000 9090 64738

-868442901 | 2024-04-21T02:17:15.650817

22 / tcp

SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.9
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQDSjbb7zlJVwRrUbPMs2IXitxeTMzQDC835exiXPMXIRrkA
dBBC67aBri/gtWpz6Wq+vZDTWWItJkNbEPyvIZ77c+Tm0up809coB8O8eB2IvR+ROW6kclDi6l0Y
x/FlQw3UfWP8LPgOLqTWh85ynIaGs8nheoIrMDahTS8Y7Me+yzleXmishOCUmAC8P/I6wQh4nV03
xGMaTQpWbgGzOInOGtq17UXKFYv7HEADu7sJW4Qv38N0+jwbnm9t+8p8tRU5dyYOcE1mhW5FDUvo
1Ak5QQG5hQGIo3tQ9VR+o3TKxR1AZ+KpZ1XaASnf/c4yqhSx1xEvFvT++hXsQpodPKKO5+jVCNgG
M6ytdy04V9gCRB7J0FJzTQvq3CwZAlkKXmK0ZbQ4WU/iyv5kzmgKlw1imWUBWmYChm+9Sm+CTMrc
jy1H+ZnAAgMEU0XQrVzdG43kTSK6Mh9UsKVd4xmMBwGQ5uuBYlIr2ohrx0ytIUF75siCamlpVlXN
UFVxF5k7u7k=
Fingerprint: ff:51:ed:a4:27:9b:22:3e:f2:50:b5:f6:c8:2c:92:59

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

589765266 | 2024-04-29T06:10:36.058852

80 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 29 Apr 2024 06:10:35 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://198.204.250.50/

869281729 | 2024-04-29T06:45:49.960979

443 / tcp

HTTP/1.1 403 Forbidden
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 29 Apr 2024 06:45:49 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive
Vary: Accept-Encoding

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:78:7c:f6:be:71:5d:0f:b1:54:3d:31:6a:b4:e8:2b:1c:3e
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar 13 03:07:10 2024 GMT
            Not After : Jun 11 03:07:09 2024 GMT
        Subject: CN=banky.club
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bf:6e:fe:d9:c2:6e:16:94:92:94:53:42:49:e6:
                    e1:1f:fd:8d:d6:fb:74:5c:07:0c:4d:b9:8f:af:83:
                    2a:54:8f:b7:77:00:ea:c0:51:28:4f:93:bd:6d:94:
                    29:6d:2f:64:c9:f7:fc:6d:f7:08:28:9b:b5:80:b2:
                    49:a2:38:c1:6b:17:19:0c:e2:cf:d1:29:39:f3:48:
                    80:2e:25:8d:32:37:86:46:61:f0:9a:2e:28:ca:84:
                    e9:9f:f4:d3:d3:fe:72:f3:48:39:4b:2a:41:6a:6d:
                    ba:6b:dc:84:c5:4c:db:cc:0d:c0:78:42:6b:45:08:
                    97:bc:89:56:9d:0d:fe:dc:13:30:bb:33:67:4d:34:
                    25:82:66:31:fa:d4:5a:2b:0d:1e:6d:10:85:86:bb:
                    c6:ae:d5:3c:5c:94:f5:eb:04:28:64:df:3c:c7:2f:
                    88:ea:57:62:62:2c:c4:1d:a0:7d:c6:b5:8a:09:5c:
                    59:8e:eb:71:88:d9:94:ca:fd:1d:ec:d3:34:79:f0:
                    a6:b6:13:b6:eb:cf:18:bf:9b:b1:51:c9:bd:75:54:
                    18:a6:43:03:fe:0e:47:4e:83:d6:6a:c2:cb:1f:6c:
                    29:01:44:1e:9a:49:a2:6f:53:a3:af:b7:75:62:7f:
                    70:11:0a:51:30:7d:d7:b2:0e:e7:c0:1e:55:77:11:
                    05:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                2B:73:00:36:8F:03:1E:CB:2E:1B:34:20:03:A2:FA:75:44:26:8A:61
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:banky.club, DNS:static.banky.club
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Mar 13 04:07:10.831 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:AC:49:9F:EC:32:74:8D:72:5F:66:1C:
                                7D:18:C3:B6:19:C7:CC:CD:C8:5A:DA:FD:82:71:A2:77:
                                DF:01:2C:1F:CA:02:21:00:FD:20:7B:F5:30:28:B3:89:
                                A9:8D:1E:88:D2:A8:FE:50:F5:34:32:B0:9E:52:33:71:
                                0A:48:4A:28:4B:9F:57:85
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
                                65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
                    Timestamp : Mar 13 04:07:10.869 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:5D:5A:5E:45:0C:85:1D:64:6C:49:24:99:
                                DD:BA:6C:A0:82:D9:6D:A9:C3:DD:FB:5B:8A:0A:4D:36:
                                44:6E:81:FB:02:20:60:73:0A:A4:99:B7:3D:C3:73:F4:
                                86:EE:F2:F4:BE:6E:0E:C0:24:C1:FF:D7:C3:DB:D0:8F:
                                FD:FE:AF:ED:F8:84
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        71:b0:fd:fa:d7:d1:82:2d:ba:8d:86:3c:ee:f0:c8:e3:d1:c6:
        49:8e:1f:10:c6:56:1c:28:cf:1f:9e:18:e0:70:bf:80:de:e5:
        cb:44:7f:a0:a9:22:33:e4:43:1b:b6:e6:47:1f:18:a4:b7:e3:
        52:85:b3:14:48:85:78:3c:09:01:bd:5f:a3:73:d7:a0:13:20:
        42:4a:96:03:61:e1:50:a9:d7:12:1a:ed:14:6f:a7:02:b6:44:
        ad:97:2c:79:ba:32:81:de:25:c3:85:02:b5:5f:12:7b:64:10:
        3f:39:50:e2:1a:da:8f:8f:eb:18:3a:a6:8c:56:23:f2:26:b0:
        b5:ca:9b:15:13:a2:63:57:23:03:f1:13:a0:15:20:a0:96:ba:
        09:55:83:b7:1a:ac:fe:dc:2c:ba:f5:b4:4c:a5:ed:79:89:82:
        0f:29:d8:71:08:b7:b5:f3:e9:00:5e:7c:9e:72:33:fe:f9:aa:
        25:2b:ec:7d:c7:26:d0:65:15:0e:59:0b:1e:78:06:b6:0b:a3:
        5d:45:86:18:2f:d1:c7:ed:43:ec:82:08:5e:3b:0e:01:58:ef:
        b9:bd:ec:2f:93:98:5e:eb:70:82:07:c3:06:63:c9:3c:33:ac:
        d9:c1:89:65:ba:2e:16:63:2b:ef:86:6e:68:0a:fd:ec:09:39:
        3a:61:ed:bd

-1690942415 | 2024-04-27T04:44:25.604731

873 / tcp

@RSYNCD: 31.0\nminio          	
@RSYNCD: EXIT

731197476 | 2024-04-09T03:24:05.490010

5003 / tcp

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Tue, 09 Apr 2024 03:24:05 GMT
Content-Length: 19

-352285322 | 2024-04-25T09:03:40.627095

9000 / tcp

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-store
Content-Length: 2256
Content-Security-Policy: block-all-mixed-content
Content-Type: text/html; charset=utf-8
Vary: Origin
Vary: Accept-Encoding
X-Amz-Request-Id: 17C97A7F53B1C6FA
X-Xss-Protection: 1; mode=block
Date: Thu, 25 Apr 2024 09:03:40 GMT

-1988981882 | 2024-04-04T12:00:44.687372

9090 / tcp

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Location: https://198.204.250.50/
Content-Length: 73
X-DNS-Prefetch-Control: off
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff

-666363207 | 2024-04-24T08:22:51.234783

64738 / udp

Mumble Server
Version: 1.3.0
Users: 0
Max Users: 100
Bandwidth: 72000 b/s

198.204.250.50

Last Seen: 2024-04-29

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-868442901 | 2024-04-21T02:17:15.650817
22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.9

589765266 | 2024-04-29T06:10:36.058852
80 / tcp

nginx1.18.0

869281729 | 2024-04-29T06:45:49.960979
443 / tcp

nginx1.18.0

-1690942415 | 2024-04-27T04:44:25.604731
873 / tcp

rsyncd31.0

731197476 | 2024-04-09T03:24:05.490010
5003 / tcp

-352285322 | 2024-04-25T09:03:40.627095
9000 / tcp

MinIO Server

-1988981882 | 2024-04-04T12:00:44.687372
9090 / tcp

-666363207 | 2024-04-24T08:22:51.234783
64738 / udp

Mumble Server1.3.0

Products

Pricing

Contact Us

198.204.250.50

Last Seen: 2024-04-29

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-868442901 | 2024-04-21T02:17:15.650817 22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.9

589765266 | 2024-04-29T06:10:36.058852 80 / tcp

nginx1.18.0

869281729 | 2024-04-29T06:45:49.960979 443 / tcp

nginx1.18.0

-1690942415 | 2024-04-27T04:44:25.604731 873 / tcp

rsyncd31.0

731197476 | 2024-04-09T03:24:05.490010 5003 / tcp

-352285322 | 2024-04-25T09:03:40.627095 9000 / tcp

MinIO Server

-1988981882 | 2024-04-04T12:00:44.687372 9090 / tcp

-666363207 | 2024-04-24T08:22:51.234783 64738 / udp

Mumble Server1.3.0

Products

Pricing

Contact Us

-868442901 | 2024-04-21T02:17:15.650817
22 / tcp

589765266 | 2024-04-29T06:10:36.058852
80 / tcp

869281729 | 2024-04-29T06:45:49.960979
443 / tcp

-1690942415 | 2024-04-27T04:44:25.604731
873 / tcp

731197476 | 2024-04-09T03:24:05.490010
5003 / tcp

-352285322 | 2024-04-25T09:03:40.627095
9000 / tcp

-1988981882 | 2024-04-04T12:00:44.687372
9090 / tcp

-666363207 | 2024-04-24T08:22:51.234783
64738 / udp