GeneralInformation

Hostnames	nextcloud.tritonpolling.com
Domains	tritonpolling.com
Country	United States
City	Las Vegas
Organization	FranTech Solutions
ISP	FranTech Solutions
ASN	AS53667
Operating System	Ubuntu

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

22 80 443

105456581 | 2024-05-02T14:12:12.605699

22 / tcp

SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQDab//0vEk3v0RhQ2O9e09mZac4W+Rdx7+QKugDK84BMhV5
Y+jFAmDhMoiei6WfI2s1EOMS1E+GNS6F2TZyGO7pOyV4w0PntzPTqWcRXf6yZEgXVlcVZepPx2Yq
4cHTfdwtVOWnSlX2eNH0wl324t8Wc/PMAlsnZrsZ8uR/7UZB6pwu4aBB33smoVw7PLDTxnDgKbtv
QVcX7jzGZcM9IvfY0mu/YGySblpvPfizCdh5vQt0pttjjffJdgDtjtc927/PN0iU1+0ozdYOz6Kz
1Z8tWWHxwRwEx55+Ag5zRByVJPJ0NNWeI6ItR31UboMwHPOKPjJ9xpfg9HIYtkjjRT92EbOahJIj
NDIETOM1fzfmMr0l04zN8Ff6XHmbwAkobWn7ZHqco/F1QCKIWfYs0hqijrPp9bFNoROhr8cE4m1h
GNzKvxTnZdO8NO6W13wMqp68sR+Kycew2Q4IqhjXcALthc4i60R9q/p/FSWZ5E31VOzq0k1gDBnj
sxIOz2cKHFs=
Fingerprint: c4:5f:76:36:4a:e3:e1:22:8a:86:c2:dc:4c:32:e1:a5

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

589765266 | 2024-05-06T23:19:45.271509

80 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 06 May 2024 23:19:45 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://nextcloud.tritonpolling.com/

1027315590 | 2024-05-10T15:31:39.969974

443 / tcp

HTTP/1.1 400 Bad Request
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 15:31:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=tbpxC9%2BeEF5l8kyIrGNGoEI%2Flgc256EDkBOH%2B0d8u%2BceNhMHGlgIWzZQPRzrkpYxJx%2BB%2F5zJUDObXclvCnlOIgQ%2BTc5CJFtIdyWQYh4D9QaRq7OMk%2FXYCkdP%2BezLKhid; path=/; secure; HttpOnly; SameSite=Lax
Set-Cookie: ocbxe36iar2f=ffu1m5ff3tdppdeq7mkonj9fq8; path=/; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-ZUFxOUx0US9pQ1BTMjNIYXczSlRlSGVLa0g4QVUrTk40N1Q4dTNtUVFLYz06TG52blJwOVU0VXk3bEQ2VGl5UVZGaEM1cEFzNVphSTVzOUs5eUI2N0RlWT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:8f:0d:03:db:78:83:c5:ea:26:4d:b8:3f:e6:f2:58:4d:cb
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: May  1 03:07:29 2024 GMT
            Not After : Jul 30 03:07:28 2024 GMT
        Subject: CN=nextcloud.tritonpolling.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:dd:46:5c:e1:61:36:0b:e1:96:21:5a:d3:da:a0:
                    bb:74:c3:39:d0:45:1e:0b:ea:28:ae:e0:eb:87:3d:
                    1a:f4:f1:df:0d:d8:fd:ac:18:3e:a8:84:68:68:7b:
                    86:67:df:7b:79:1a:31:ad:1c:d5:73:cf:e3:cd:fc:
                    ce:53:fe:ff:d8:7c:d6:db:38:9a:1b:45:5b:2f:1f:
                    f5:07:e3:b3:f1:ed:cf:58:d4:d9:99:bb:fb:43:6f:
                    1f:0e:24:41:a8:de:0e:31:dc:a9:3f:14:0d:c9:57:
                    d1:55:b1:32:74:5d:77:26:54:e0:65:33:8b:a0:3a:
                    4a:ca:ed:1c:e9:ce:5c:8c:79:cf:c9:4f:63:fa:dd:
                    30:5e:05:b4:ca:be:fb:45:c6:1b:f9:eb:0e:f4:b5:
                    c9:ce:bb:20:44:4b:51:47:2d:59:d1:b3:6e:b8:3a:
                    d4:ae:f1:96:dd:9b:32:ed:2e:6a:1f:0c:2b:37:8f:
                    4f:c0:34:94:63:4b:aa:40:3f:e0:dd:ec:aa:f4:9b:
                    cb:da:82:b6:72:3b:dc:35:6e:3a:f8:bf:67:57:62:
                    b0:98:0d:c2:64:8e:96:f3:3b:56:c0:01:42:60:4a:
                    a2:82:9c:ad:7e:e6:a7:6f:89:aa:93:e7:fd:ec:f8:
                    ac:22:d9:e2:3b:d5:ee:59:89:f0:7f:e2:e4:b9:95:
                    08:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                03:4B:32:A1:12:85:2F:C4:C4:4A:26:9F:B0:2D:FB:1C:DF:22:2F:4D
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:nextcloud.tritonpolling.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
                                ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
                    Timestamp : May  1 04:07:29.749 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:80:9F:7D:3F:CB:9C:FD:3D:EE:09:34:
                                B4:80:02:18:0E:DD:6C:B3:A6:17:71:3E:E2:8E:67:77:
                                DC:42:1B:02:64:02:21:00:A2:38:C1:63:F0:84:3B:12:
                                D6:B8:C7:17:AA:C2:76:CD:18:7B:38:53:B6:C3:E5:26:
                                7D:67:20:11:D2:6F:1C:4F
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : May  1 04:07:29.743 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:A6:4B:04:59:49:7C:BA:E3:EB:DA:98:
                                11:5F:C9:F3:CB:1E:44:39:C4:0B:19:BC:F0:08:1A:31:
                                D1:A1:47:5E:46:02:21:00:B1:07:B1:64:1B:44:0A:DE:
                                72:08:66:C2:B7:43:2B:D3:4E:77:8E:5B:1E:C7:6F:6B:
                                A0:68:62:A6:17:B8:42:8A
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        9a:e6:c2:95:86:60:43:5e:69:35:9f:7a:df:9d:1f:cc:17:e7:
        9c:7c:ca:18:f5:e0:ac:ba:7d:fa:ed:b7:60:4c:3a:02:d8:12:
        7b:9d:fb:8a:d1:0b:0b:04:8a:97:34:e8:b2:90:18:e5:d0:95:
        53:2e:25:9b:65:56:b5:a4:b1:3a:25:e0:d5:4e:a5:cb:9b:7e:
        a3:7b:01:93:a1:76:a4:a3:60:cf:2b:2b:02:7b:e9:ff:a0:4a:
        1b:ec:e6:4e:33:8e:e7:28:97:3e:2b:9f:b7:ed:ee:b3:26:11:
        f7:ab:09:6a:bc:1f:41:db:60:67:c3:a7:14:7b:db:32:fd:e3:
        33:37:e3:d6:1e:f3:ce:95:4b:a1:1f:42:ef:a2:c6:65:65:31:
        e3:d8:e2:bb:ee:a8:70:b8:7e:04:9c:69:04:79:41:5a:ae:f3:
        98:71:8d:f5:d0:05:41:35:14:9b:4a:fe:a2:65:9e:bc:5a:51:
        54:ad:6d:48:8f:68:54:84:a7:bc:da:58:be:67:61:c0:ae:91:
        8b:13:4f:f8:3b:f1:e2:a1:ac:b5:61:d5:92:64:38:c3:9c:f4:
        bf:93:50:4f:8e:a0:0f:f8:2b:b5:72:14:51:9e:5b:2e:75:80:
        46:a0:0a:49:58:1c:9e:a6:ae:b4:d2:f5:fb:a5:b4:22:d6:8a:
        b8:47:97:43

209.141.49.248

Last Seen: 2024-05-10

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

105456581 | 2024-05-02T14:12:12.605699
22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.4

589765266 | 2024-05-06T23:19:45.271509
80 / tcp

nginx1.18.0

1027315590 | 2024-05-10T15:31:39.969974
443 / tcp

Nextcloud

Products

Pricing

Contact Us

209.141.49.248

Last Seen: 2024-05-10

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

105456581 | 2024-05-02T14:12:12.605699 22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.4

589765266 | 2024-05-06T23:19:45.271509 80 / tcp

nginx1.18.0

1027315590 | 2024-05-10T15:31:39.969974 443 / tcp

Nextcloud

Products

Pricing

Contact Us

105456581 | 2024-05-02T14:12:12.605699
22 / tcp

589765266 | 2024-05-06T23:19:45.271509
80 / tcp

1027315590 | 2024-05-10T15:31:39.969974
443 / tcp