GeneralInformation

Hostnames	stats.open.online
Domains	open.online
Country	Italy
City	Milan
Organization	Estrema Srl
ISP	STACK EMEA - ITALY S.P.A.
ASN	AS203201

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2021-3618

5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

OpenPorts

80 443 8080

-2100514759 | 2024-05-11T19:12:48.341362

80 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 11 May 2024 19:12:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://stats.open.online/

1055497434 | 2024-05-17T09:10:09.513964

443 / tcp

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 17 May 2024 09:10:09 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2990
Connection: keep-alive
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: 
cache-control: max-age=0, private, must-revalidate
cross-origin-window-policy: deny
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: F9A7nmL5UnVSGX-nyYdB
x-xss-protection: 1; mode=block
set-cookie: _plausible_key=SFMyNTY.g3QAAAABbQAAAAtfY3NyZl90b2tlbm0AAAAYZEQyVXZQcm1Ic3F6dWxxdVhjWVByNWhj.kM0R2BwIdL4EdyTaDJsHLnCfh8rFt3Tt0WZUmUv-OIo; path=/; expires=Wed, 16 May 2029 09:10:09 GMT; max-age=157680000; HttpOnly; SameSite=Lax

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:29:a9:30:a6:95:c8:8b:cf:7b:30:3b:10:ca:eb:5c:07:c0
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: May 15 16:23:10 2024 GMT
            Not After : Aug 13 16:23:09 2024 GMT
        Subject: CN=stats.open.online
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:af:7b:ac:52:43:db:3b:c6:15:7a:72:a6:2f:3f:
                    6d:8e:ee:48:00:8d:cd:eb:7a:a0:0b:44:66:8c:b2:
                    f2:65:6d:4b:ee:37:76:46:67:32:59:28:8e:8e:b0:
                    54:45:7f:ba:f6:4f:75:e4:b6:8a:94:e0:cc:1b:c2:
                    6f:21:dc:fe:3e:ed:ed:54:44:86:e7:cc:e5:0f:29:
                    e4:ac:24:1b:85:27:59:9e:5a:54:8b:b4:c8:8c:70:
                    3b:c8:e8:b0:c0:dc:a2:ac:fe:40:8d:32:e3:72:28:
                    24:ee:68:87:b4:06:4b:46:10:28:ef:c9:43:d7:ef:
                    7d:17:06:f8:b5:b9:72:13:04:e9:a4:5a:96:1e:d7:
                    ae:72:e6:20:3e:cb:b1:2c:eb:0d:98:91:c6:fe:e6:
                    04:94:5e:3a:24:f4:50:61:e2:d2:31:b1:b5:dd:6c:
                    fe:f2:2c:7e:c3:9a:08:fb:14:68:88:55:5f:17:f2:
                    9e:f7:fd:b9:49:38:ef:0b:b3:41:1a:14:0a:0d:e0:
                    f4:08:c3:a9:3c:ea:bf:5f:be:c8:91:aa:72:15:9d:
                    3b:a5:bf:44:09:f7:57:e9:52:f0:cb:b0:66:08:0e:
                    0b:bb:ed:3c:52:75:98:cb:98:f3:2d:0f:0d:40:26:
                    7e:e0:a7:2e:40:09:4f:fe:4b:0f:f1:6a:11:28:c6:
                    10:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                52:AD:DA:D8:AA:05:8D:0D:A1:E3:67:49:0A:1C:DF:B0:3E:66:0D:C7
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:stats.open.online
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : May 15 17:23:11.260 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:46:34:29:43:94:C0:DC:B0:97:95:DA:2C:
                                C3:BD:B4:4C:5C:CF:38:89:6C:68:E0:59:C0:4A:4D:A4:
                                48:3F:C0:6E:02:21:00:85:B0:DA:59:23:55:09:C6:0D:
                                DF:AE:C7:E6:E3:92:4B:B5:F6:F3:B8:95:99:8D:B3:7B:
                                0C:38:90:49:63:C9:AF
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DF:E1:56:EB:AA:05:AF:B5:9C:0F:86:71:8D:A8:C0:32:
                                4E:AE:56:D9:6E:A7:F5:A5:6A:01:D1:C1:3B:BE:52:5C
                    Timestamp : May 15 17:23:11.527 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:35:4D:7A:F2:5B:35:91:4F:14:6C:2D:4E:
                                B3:9C:6D:E7:FC:A4:53:F3:39:0C:3F:32:BD:86:89:F0:
                                38:15:B8:E6:02:21:00:8D:35:36:81:34:5C:8A:0D:C3:
                                C8:AD:12:9C:F9:4A:13:4A:C8:29:41:53:30:CA:60:B8:
                                69:73:DF:85:E8:66:C0
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        28:42:8d:bb:56:38:c8:e3:91:c9:2e:d4:43:6a:89:5c:e1:01:
        25:a6:f4:b9:eb:d3:7e:fe:e1:47:44:00:bc:a8:48:2f:31:07:
        ea:03:67:6d:a7:1c:e0:80:4a:83:2d:90:96:e5:23:b6:e8:3d:
        d9:16:61:8d:b2:5d:0e:af:db:aa:a2:f4:b5:60:74:f9:d6:c8:
        e8:ef:be:61:8c:5a:6a:54:ca:64:26:bb:8a:12:8d:3a:fa:10:
        7b:fe:bf:a2:51:4e:4c:7d:b6:52:ce:f3:21:53:18:a5:53:36:
        08:e6:b9:4e:c1:85:b0:2d:08:54:14:2f:54:9a:55:38:a5:1d:
        28:6d:d3:a1:36:fc:5f:2e:bc:84:4a:5d:5d:b8:56:b6:17:5c:
        f9:a7:06:5c:ea:15:5e:8b:42:e0:4e:64:5d:db:1e:ec:e2:c1:
        9f:ef:68:42:32:b7:8b:3d:f7:7e:5b:04:69:dc:34:9c:a8:b4:
        ba:56:b2:56:2f:17:df:ca:fe:2c:f7:af:e8:d8:9a:01:61:cb:
        fc:e4:5c:22:7c:d7:39:bd:31:5e:c3:46:b6:f6:50:06:fe:00:
        0a:4e:e6:e4:15:92:4a:6f:f0:c8:9b:dd:96:22:29:eb:3b:1b:
        f7:36:2a:8d:03:12:29:d0:4a:8a:34:9b:6a:ee:b0:ce:f9:52:
        a1:1c:f9:4f

772258679 | 2024-05-12T12:20:45.614297

8080 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Sun, 12 May 2024 12:20:45 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://stats.open.online/

45.145.207.128

Last Seen: 2024-05-17

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-2100514759 | 2024-05-11T19:12:48.341362
80 / tcp

nginx

1055497434 | 2024-05-17T09:10:09.513964
443 / tcp

nginx

772258679 | 2024-05-12T12:20:45.614297
8080 / tcp

nginx1.20.1

Products

Pricing

Contact Us

45.145.207.128

Last Seen: 2024-05-17

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-2100514759 | 2024-05-11T19:12:48.341362 80 / tcp

nginx

1055497434 | 2024-05-17T09:10:09.513964 443 / tcp

nginx

772258679 | 2024-05-12T12:20:45.614297 8080 / tcp

nginx1.20.1

Products

Pricing

Contact Us

-2100514759 | 2024-05-11T19:12:48.341362
80 / tcp

1055497434 | 2024-05-17T09:10:09.513964
443 / tcp

772258679 | 2024-05-12T12:20:45.614297
8080 / tcp