GeneralInformation

Hostnames	curiosum.com www.curiosum.dev
Domains	curiosum.com curiosum.dev
Country	Germany
City	Nürnberg
Organization	Contabo GmbH
ISP	Contabo GmbH
ASN	AS51167
Operating System	Ubuntu

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

22 80 443 4000

473614278 | 2024-04-11T17:26:37.332096

22 / tcp

SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQCUxiQmEeXrN8xkUe5sRZfIf2K50MRe+lM2GUjuZQGTTV34
3dPl5QdA7utQv5oP+CtEreg3MJ5WaxefhDGP0nSYOuYi5vQv1xzMqe2zpEUdYQxZAs5Romv3/QJz
UN2/wkbhKQPVvoESGIEEqwjGSAARU4RgFhp0Mqs8bqWvIesxJwhIK/SCA9PbwXBL0SABNPqAsTfw
P5J3T3lkKtUh8xln6wlD7hJL4JOD7XioaOkZwEMe4eVOngkSQIVqDd7yvzg8sLCZQ6dYcddbOkhf
2zmFcPJ6n0jR9X4qfMCrmtPXPq6uFfizvcmaUIzVUB7NQb8IK8E6fXVYqDGCOVjFe2Bv
Fingerprint: 7c:ef:cd:1c:9a:af:53:1d:09:08:0c:27:54:42:55:63

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	diffie-hellman-group14-sha1

Server Host Key Algorithms:
	ssh-rsa
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

677579724 | 2024-04-30T05:33:11.825823

80 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 30 Apr 2024 05:33:11 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive

589765266 | 2024-04-30T07:08:04.428666

443 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 30 Apr 2024 07:08:04 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://curiosum.dev/

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:6e:88:cf:65:59:0a:4a:e1:58:aa:aa:1f:21:2c:a0:70:e1
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar 31 21:04:09 2024 GMT
            Not After : Jun 29 21:04:08 2024 GMT
        Subject: CN=www.curiosum.dev
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a2:df:6a:0c:f6:b5:82:9d:0b:e3:b8:63:6f:65:
                    ca:04:08:01:9d:11:1f:7b:66:6d:81:7f:30:46:36:
                    98:90:b7:28:00:e8:a1:e2:5a:d1:d0:6d:cd:ba:8f:
                    e4:c6:48:84:16:b1:7e:5f:83:f2:1c:b3:25:28:80:
                    80:0f:85:c6:8d:08:4b:99:85:c3:37:c5:d9:fc:fd:
                    7f:16:89:62:fe:1c:bf:f5:a1:79:96:ab:35:45:b1:
                    77:85:47:d8:32:16:ef:ec:d3:fd:b8:34:10:ca:a2:
                    ea:8a:45:b3:6d:bf:ce:2f:75:05:58:39:90:fe:f4:
                    eb:62:e3:e5:f7:38:e5:bb:67:e1:92:68:fb:4b:83:
                    0b:f8:af:5a:a9:9d:71:a3:69:6b:a5:ee:e3:d3:96:
                    c1:29:31:3b:9b:49:13:05:f1:f9:77:67:65:d3:6a:
                    10:40:02:d2:c6:4e:37:e8:ad:93:55:c2:2c:f5:ac:
                    85:40:da:28:d7:a3:79:7b:38:36:b7:d5:e3:c2:5d:
                    22:f6:b9:e5:26:09:d1:65:32:74:dc:07:69:f9:a4:
                    e5:e3:e7:58:48:8f:3f:cd:59:5f:7b:78:eb:e6:0b:
                    72:1d:29:e2:c4:6a:33:11:48:7a:a7:4b:90:d2:92:
                    61:b8:bf:1e:7a:b7:c7:1f:19:55:fd:e7:79:8f:64:
                    46:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                5D:7A:3C:2A:8F:D9:47:96:26:A2:76:22:AF:FE:1D:B3:49:0D:DF:CE
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:www.curiosum.dev
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Mar 31 22:04:09.249 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:7E:ED:10:36:C8:AB:86:55:FA:95:B0:9A:
                                58:B9:CA:D8:EC:DF:41:BD:20:BA:10:8E:EF:69:44:86:
                                91:ED:11:33:02:20:2C:9A:54:50:57:20:A2:FF:4D:97:
                                42:D8:05:5F:02:8A:65:66:9A:86:E5:F2:00:63:47:15:
                                A2:FE:7C:73:B7:77
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
                                65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
                    Timestamp : Mar 31 22:04:09.419 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:21:55:F2:DB:D7:55:5F:EE:6A:72:BD:30:
                                CC:6C:2B:78:B0:4A:3C:6E:54:C3:43:F6:82:83:94:0F:
                                E1:96:C7:1B:02:20:2C:34:A9:7B:7A:ED:BE:10:8B:A2:
                                86:D5:47:46:D2:AE:05:AB:6B:38:EB:1B:32:03:16:2F:
                                94:E1:27:7F:F2:4F
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        21:2c:90:fe:a9:50:79:bd:3a:83:ee:0a:dd:7d:94:85:47:52:
        57:11:5e:ce:48:e9:80:c5:52:a0:e4:3b:7a:60:84:3d:79:10:
        22:f3:15:bd:98:ca:b8:91:f2:fd:db:4f:1e:18:ff:99:61:d8:
        0e:85:e6:88:fc:15:94:21:07:34:87:cf:41:bf:df:d7:49:ba:
        79:89:56:22:4e:1a:f2:2e:f9:05:76:16:ac:42:1e:fb:3d:da:
        a1:69:f9:a7:3c:17:2c:83:b8:26:80:37:20:64:91:ca:1f:78:
        92:f8:bf:b6:13:c9:66:ea:c4:cb:78:47:23:74:d3:7e:f8:e7:
        d7:c4:3f:0b:91:a3:0c:78:eb:72:9b:a4:c9:e2:91:44:58:56:
        e1:52:ac:e8:e8:b0:3a:fb:e3:30:9a:52:53:71:04:94:cd:ec:
        a7:e2:bf:18:4a:72:f9:6a:fa:27:05:94:b8:dc:5d:69:28:51:
        eb:35:0b:cf:e8:47:a7:be:e8:e3:c5:b1:c9:ed:d4:01:ff:ed:
        ac:62:fb:ae:61:0a:65:72:40:2c:9f:9a:95:2c:35:12:b7:cf:
        08:13:cc:ea:28:fc:ff:8c:89:cb:70:b7:bf:c4:8e:79:3e:40:
        2f:9e:31:a2:21:35:16:56:c8:14:cf:dd:d6:28:31:b5:4e:b3:
        8b:d3:d2:d0

334049520 | 2024-04-28T06:03:13.683165

4000 / tcp

HTTP/1.1 400 Bad Request
connection: close
content-length: 0

207.180.236.40

Last Seen: 2024-04-30

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

473614278 | 2024-04-11T17:26:37.332096
22 / tcp

OpenSSH7.6p1 Ubuntu-4ubuntu0.3

677579724 | 2024-04-30T05:33:11.825823
80 / tcp

nginx1.18.0

589765266 | 2024-04-30T07:08:04.428666
443 / tcp

nginx1.18.0

334049520 | 2024-04-28T06:03:13.683165
4000 / tcp

Products

Pricing

Contact Us

207.180.236.40

Last Seen: 2024-04-30

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

473614278 | 2024-04-11T17:26:37.332096 22 / tcp

OpenSSH7.6p1 Ubuntu-4ubuntu0.3

677579724 | 2024-04-30T05:33:11.825823 80 / tcp

nginx1.18.0

589765266 | 2024-04-30T07:08:04.428666 443 / tcp

nginx1.18.0

334049520 | 2024-04-28T06:03:13.683165 4000 / tcp

Products

Pricing

Contact Us

473614278 | 2024-04-11T17:26:37.332096
22 / tcp

677579724 | 2024-04-30T05:33:11.825823
80 / tcp

589765266 | 2024-04-30T07:08:04.428666
443 / tcp

334049520 | 2024-04-28T06:03:13.683165
4000 / tcp