GeneralInformation

Hostnames	dev.mobydix between-dev.mobydix.com
Domains	mobydix. mobydix.com
Cloud Provider	DigitalOcean
Cloud Region	de-he
Country	Germany
City	Frankfurt am Main
Organization	DigitalOcean, LLC
ISP	DigitalOcean, LLC
ASN	AS14061

WebTechnologies

JavaScript libraries

jQuery3.1.1

Miscellaneous

Popper

UI frameworks

Bootstrap

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2020-23064	Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

OpenPorts

22 80 443

1328316319 | 2024-04-14T00:52:08.610284

22 / tcp

SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQDA1Sv1Q4xoxg+uEg+B2sz5arshS4JxCCv16deWHnnROzq5
He+0astOUWnVVB1tgSpAFHDrcb1WSJkFeSqJ3u4SRtlJ35AXBIk9limxNlF4mspb8rb2GW5dPuZz
djysdSfq1lOVXPINcdIkvutBWHUCv1y0WaM44DfLacgxW/I5xg3rZ0p5OAS0Biu/d7nAGGYjZP7l
AjhU5MUYDGU9s9+VuORBeqD8F5utKkmnZ5cBX2nBFIYoc+bm/QrLUj2eNZ9LUf3vAcAGjHAnEBm0
00OGmJvI/85Ph/uPAP8K1pvA6UDITKn8Biw3F8iiItpouYjJ6UXMt6+9NIPfZjDzLF/HiCYJNYzC
84aatMb3iAVHxuJBdlZeDqOXxmAIPMRfTdCl5AZ5QhbZ9+JUP1L194KiZ2x+2zqO2Bunj4y/ph/Y
1jiJEDQUFRYmWjboBSRn0/aavawUbuTD0VmV8tB/u51lAn2aWZp8ilrGz3CiJS6EgdM5mOMyVFxr
16n9vtDB0q0=
Fingerprint: 40:85:37:da:48:30:7d:c9:57:3c:a2:61:71:3f:91:17

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

1651973090 | 2024-04-12T07:10:38.834555

80 / tcp

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 12 Apr 2024 07:10:38 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 10 Aug 2021 08:47:32 GMT
Connection: keep-alive
ETag: "61123d24-264"
Accept-Ranges: bytes

829827476 | 2024-04-02T18:43:58.067248

443 / tcp

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Date: Tue, 02 Apr 2024 18:43:57 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkVrWDlsYk5QU2pPT2pKQnVxeVZkK1E9PSIsInZhbHVlIjoiVEdjWVVQNStzSllKekFZUlZLYkpmbGpGYVd3ODRPWk45ME5ISlFacGMvTWRpb1hsYWZXckx1VFRLcVZWVmRCUW1pMWp3dzdlMDV0U1lMRmFYelE3N0k3SVppcldqS2ZUaFpVdWQzWDFnWW1rbmNIZVJ4QXkvSWpCNUMwazhhN0wiLCJtYWMiOiIwMTg3MTMwZGQ2MzY2Y2EzOGY3ZWM1ZGIxODVlODJiMDg0YmM3ZDE2YTUxYWNhMzA2ZDI0MjMwYjhkMTIwM2I0In0%3D; expires=Tue, 02-Apr-2024 20:43:57 GMT; Max-Age=7200; path=/; samesite=lax
Set-Cookie: mobydix_session=eyJpdiI6IjkxL05NbWx3KzR5eXpMa3oyQ09VSFE9PSIsInZhbHVlIjoiZENCT3hDTTlUSE9KUzRnZmRJTTRsTGRWZU9RY0M5cEpSNGoxMk9obS9KU09GemdkWFdHNGg1Qm5oblZJSVYxeGlwZkhtM0FuS0EzbjloTDFDUDJ0UkJWaGhpQjA3NmVlQm1XN0ZvbDlXcElGRFVhK3dYK0VwYWJEV2kzSS9UdmMiLCJtYWMiOiJlODhhNTkxNWJlZGRjMTU3MTg3ZGFhOWU3ZDZhZGRiNTFhZmE4MTQwZWUwYTMxZTAzYmUyMGFmNmFiYTdjMjRjIn0%3D; expires=Tue, 02-Apr-2024 20:43:57 GMT; Max-Age=7200; path=/; httponly; samesite=lax

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:f2:f4:fa:cf:9c:00:ea:93:6e:0c:96:f7:d9:94:8e:4f:43
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Feb  6 18:41:44 2024 GMT
            Not After : May  6 18:41:43 2024 GMT
        Subject: CN=between-dev.mobydix.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d1:d8:58:84:20:77:85:28:84:c3:71:31:02:3d:
                    f8:7f:ff:87:1d:0b:43:da:b2:11:68:51:58:db:65:
                    07:91:53:ba:68:36:23:b3:35:24:58:28:17:9d:fc:
                    f1:81:f4:5a:61:0c:3a:28:a6:ba:54:b6:5b:23:52:
                    1d:dd:81:24:79:28:bb:77:be:31:40:5f:c7:74:3e:
                    9f:72:23:48:12:52:fc:ba:72:e9:83:b7:be:44:fc:
                    a3:59:7b:ee:03:0a:70:bb:bb:1a:e7:e5:6c:d4:8a:
                    66:de:b2:f6:a8:7e:74:37:83:05:2e:fd:ef:39:b9:
                    52:ad:22:ce:66:a4:33:bb:e7:67:20:39:d2:ca:5a:
                    e2:be:c3:2a:d7:6a:89:38:4b:13:44:d8:37:fe:76:
                    b3:3a:d8:d5:41:6f:1f:9b:60:16:50:67:3f:ed:c8:
                    88:d6:8f:e0:f9:57:72:cf:91:48:2e:a6:9f:16:7c:
                    cd:a9:63:0c:6a:8a:59:50:dd:29:61:80:1c:1e:86:
                    9a:8d:70:d3:97:e4:94:6b:27:7c:6a:40:0c:1d:c5:
                    c9:c7:57:5d:8d:22:1c:2d:2f:e9:1b:cc:1c:1b:30:
                    3e:a0:b5:21:1f:19:69:cd:af:9e:16:e5:bd:4d:fd:
                    37:6f:f5:9f:26:0f:2b:0f:f0:ae:a3:eb:25:d8:97:
                    11:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                15:A5:A4:FF:9B:27:11:92:01:B0:24:B8:9F:EA:FB:75:D5:0F:7A:09
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:between-dev.mobydix.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Feb  6 19:41:44.272 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:F9:C9:09:48:53:CD:B8:6B:FE:9D:95:
                                BB:A4:98:8D:62:D2:35:A1:C1:B5:11:8C:9B:34:24:29:
                                AE:C0:F9:77:06:02:20:18:21:7B:B3:70:95:08:DE:05:
                                FD:27:CF:0C:F2:1D:D0:C7:3B:80:94:6A:60:BD:FC:39:
                                03:17:04:66:1C:2A:4D
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Feb  6 19:41:44.773 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:76:4B:37:23:2C:DD:91:20:9C:46:99:03:
                                17:7D:39:F9:4D:75:D9:7F:C0:90:B5:2A:CA:AB:33:E1:
                                96:AC:FE:AF:02:21:00:E6:31:78:6C:F4:7D:02:A6:86:
                                74:4A:72:19:9F:32:4F:FC:6C:AB:E2:68:AC:EE:F9:4C:
                                43:DF:B3:AA:62:DC:F9
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        66:16:c8:73:4d:84:88:66:48:0a:aa:26:82:93:22:d2:0c:24:
        87:04:19:6f:ac:6e:08:40:45:2d:a4:db:f0:7c:6e:cb:74:8b:
        95:4b:37:73:ac:5c:6a:a9:3c:61:1c:5f:06:68:37:b1:c9:6e:
        1b:a9:4d:84:57:c4:c9:9b:45:09:20:91:03:aa:c4:b3:40:bd:
        8c:d9:a2:50:1b:ba:82:d9:b2:90:86:a4:31:ed:15:68:d3:d5:
        42:ff:69:21:19:7d:b8:e5:c1:2d:bd:9a:d8:f3:23:25:79:40:
        24:27:6e:63:63:84:21:bc:54:1a:04:7e:40:2e:a4:b1:61:65:
        ca:73:21:a7:59:87:7a:c4:a1:e4:5a:de:58:59:db:62:b8:0d:
        8d:a8:68:d7:92:00:43:03:aa:02:c9:10:d9:2b:e9:b7:f3:9f:
        17:31:77:b7:dc:e1:0f:92:27:cf:42:a1:d0:3e:7b:c0:32:12:
        f9:d3:af:56:2e:df:ad:1b:9d:4e:b8:31:29:11:ad:c8:7d:43:
        7b:64:4b:66:53:20:fa:f3:dc:81:f2:59:2e:c8:c3:6a:b2:49:
        1f:4c:ce:70:40:76:1c:73:76:64:01:1e:fb:78:eb:60:26:6d:
        14:05:82:36:15:5e:1d:b7:c7:c4:43:e6:b2:be:80:a2:c3:6a:
        4a:8c:ce:22

46.101.218.143

Last Seen: 2024-04-14

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1328316319 | 2024-04-14T00:52:08.610284
22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.11

1651973090 | 2024-04-12T07:10:38.834555
80 / tcp

nginx1.18.0

829827476 | 2024-04-02T18:43:58.067248
443 / tcp

nginx1.18.0

Products

Pricing

Contact Us

46.101.218.143

Last Seen: 2024-04-14

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1328316319 | 2024-04-14T00:52:08.610284 22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.11

1651973090 | 2024-04-12T07:10:38.834555 80 / tcp

nginx1.18.0

829827476 | 2024-04-02T18:43:58.067248 443 / tcp

nginx1.18.0

Products

Pricing

Contact Us

1328316319 | 2024-04-14T00:52:08.610284
22 / tcp

1651973090 | 2024-04-12T07:10:38.834555
80 / tcp

829827476 | 2024-04-02T18:43:58.067248
443 / tcp