| Hostnames |
cluster3.galaxyprotect.net mc.stormhvh.su connect.techcube.pw |
| Domains | galaxyprotect.net stormhvh.su techcube.pw |
| Country | Russian Federation |
| City | Moscow |
| Organization | RS-Media LLC |
| ISP | RS-Media LLC |
| ASN | AS197309 |
| Operating System | Ubuntu |
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
| CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2021-3618 | 5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. |
| CVE-2021-23017 | 6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. |
-635325516 | 2024-04-27T22:53:50.37545180 / tcp
HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 27 Apr 2024 22:53:50 GMT Content-Type: text/html Content-Length: 1611 Last-Modified: Mon, 01 Apr 2024 10:40:20 GMT Connection: keep-alive ETag: "660a8f14-64b" Accept-Ranges: bytes
869281729 | 2024-04-25T07:04:54.403891443 / tcp
HTTP/1.1 403 Forbidden Server: nginx/1.18.0 (Ubuntu) Date: Thu, 25 Apr 2024 07:04:54 GMT Content-Type: text/html Content-Length: 564 Connection: keep-alive
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:18:f7:01:58:11:94:58:44:12:9f:c2:a6:48:34:1f:06:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 5 17:56:14 2024 GMT
Not After : Jun 3 17:56:13 2024 GMT
Subject: CN=mc.stormhvh.su
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b2:d1:6d:ca:77:82:da:77:9d:23:ac:ed:10:88:
5c:e4:0c:fa:2b:ed:65:d2:41:77:ff:a9:d4:9c:6c:
e0:40:1b:f7:be:54:8f:0d:8e:46:50:4e:f7:3a:94:
50:4d:43:98:75:36:19:da:68:69:da:51:e0:d0:b9:
0b:13:56:0b:f9:a2:25:e5:95:e2:1b:6b:f2:76:d8:
da:f2:8b:89:56:d5:42:43:05:c7:42:d3:3e:08:4d:
84:60:9d:91:9a:a3:a9:24:8f:ed:b4:7f:3d:63:ae:
ae:f8:ad:df:ac:4d:b6:8c:1b:7d:3c:d1:2b:67:30:
72:f3:98:a1:d1:52:60:f3:c0:36:59:8c:e0:16:26:
1d:03:54:2c:55:e0:f4:12:e5:93:c1:86:bf:e5:f5:
fc:ae:37:f0:53:86:aa:60:2b:2f:27:ba:a4:f2:a3:
1a:a3:8d:b2:24:43:d4:32:a2:e2:83:f9:8a:af:a6:
55:04:a6:37:b3:40:84:76:17:c7:3a:e8:df:66:73:
fd:4e:bb:af:2f:fd:ff:9f:8f:51:43:23:56:b6:0f:
24:e0:29:2f:fa:92:02:a3:53:55:27:18:fc:de:7e:
52:87:6a:73:ed:30:47:79:20:ee:d6:2b:92:86:01:
09:a3:e6:47:d9:1f:83:75:5c:b4:7e:8b:f9:c7:11:
31:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EE:C6:14:08:37:9D:59:91:38:46:A8:1C:3E:1B:2C:DD:FE:5D:A5:7A
X509v3 Authority Key Identifier:
14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:mc.stormhvh.su
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
Timestamp : Mar 5 18:56:14.566 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:79:77:9D:3C:E8:71:F9:21:AA:7E:BB:1F:
E5:DB:70:EE:42:D8:75:94:9D:38:46:21:7B:7F:4F:E4:
96:E6:E0:00:02:20:46:BA:DD:FB:9A:06:4B:10:24:60:
57:95:FB:B4:30:E5:D2:A7:2F:35:2E:FA:69:94:B6:AB:
CB:47:2D:5F:B3:0F
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Mar 5 18:56:14.931 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:CF:87:3A:DD:32:35:9F:88:C8:96:E0:
8C:D3:A4:06:EF:DD:A9:24:A0:83:B1:78:6F:90:A7:16:
49:FB:DE:48:A1:02:21:00:8A:75:49:F2:36:94:82:25:
A7:3B:54:AF:47:49:E0:E0:6F:30:20:71:1E:00:87:1A:
F2:CE:12:F5:82:16:54:57
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
ac:e6:7d:c3:90:f8:40:f4:fb:80:00:4c:21:10:c5:a5:5b:ed:
65:f0:1a:d9:e0:b3:29:0e:5b:e5:e5:63:d1:07:73:77:35:08:
8c:4a:50:01:cd:35:1e:20:f6:63:6d:a1:bc:03:6c:a9:23:02:
12:c8:06:33:9a:54:14:aa:2f:11:e5:bb:51:e7:3a:1f:fb:09:
ed:b4:7b:d0:9d:a8:c0:60:aa:69:7b:6f:58:ba:69:08:b9:e2:
86:26:f6:39:c6:a4:2a:d7:fa:b2:2b:21:22:7c:b8:5b:cb:e4:
b2:ee:96:3f:e4:64:8b:55:2b:5a:71:9b:fb:4d:26:6c:36:34:
c2:c3:08:c5:4c:29:80:1c:30:5c:3e:69:79:4f:88:2e:b7:d2:
72:05:12:23:37:5c:0e:1f:c4:80:26:ed:2c:18:51:ce:02:5e:
96:79:c1:44:ac:7e:36:b8:df:30:e3:88:a7:a4:15:86:eb:79:
77:58:2c:e2:c3:f5:3c:3a:c2:5c:4b:b1:7b:e3:92:34:4a:8e:
42:74:52:60:61:4e:69:eb:42:0b:01:6d:ef:f1:52:2b:10:7c:
9b:b0:df:e4:14:00:95:31:24:c0:d6:a8:1a:4a:9d:e8:b4:12:
ed:5c:76:58:5e:62:44:3b:01:cd:c2:f3:17:ac:93:f6:33:c3:
05:1d:05:1a
-1916357745 | 2024-04-05T08:19:58.1652718443 / tcp
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Accept, Accept-Encoding, Authorization, Cache-Control, Content-Type, Content-Length, Origin, X-Real-IP, X-CSRF-Token Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Access-Control-Allow-Origin: https://mc-panel.xanikeo.eu Access-Control-Max-Age: 7200 Content-Type: application/json; charset=utf-8 Www-Authenticate: Bearer X-Request-Id: 03063e9a-d14d-461a-99f8-892a0b4cae64 Date: Fri, 05 Apr 2024 08:19:58 GMT Content-Length: 77
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:0a:2f:59:d8:b8:d8:e8:60:36:8d:00:53:14:33:82:35:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 1 14:39:20 2024 GMT
Not After : Jun 30 14:39:19 2024 GMT
Subject: CN=connect.techcube.pw
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c4:ec:20:1e:eb:77:83:88:bd:52:6c:ce:b0:c5:
13:e6:0d:fb:b3:84:82:de:ca:4f:35:be:97:9f:b4:
c3:47:a0:27:db:8d:c7:75:ba:2b:45:32:c8:94:54:
9d:2e:51:79:2b:c3:a0:9c:41:cb:e0:d2:7e:0b:5a:
c2:29:5f:0e:49:e1:9f:e1:b7:56:10:d2:8d:4f:d9:
8a:1b:b8:2c:18:54:00:9b:d6:b8:8e:dd:bf:2c:2e:
b7:8b:49:32:e0:27:7b:0d:3b:9f:db:d9:a4:43:2b:
6f:3b:ee:b1:f3:8e:0b:5e:cf:6d:f0:93:74:be:98:
b2:61:03:1b:d0:8b:93:f1:44:4e:52:6a:6e:46:d8:
3c:e4:60:e8:c7:0b:fb:b2:d0:aa:7b:16:d7:fa:8d:
0f:79:5b:9e:bb:b5:d2:fa:ae:2a:01:b1:cd:d0:7e:
a2:8d:99:08:b2:bf:20:76:0c:7e:98:81:82:87:b0:
57:1d:c8:5c:d6:71:8f:0e:ed:28:3f:5e:5e:34:49:
88:40:f4:06:50:63:f3:50:f1:ee:44:ba:f2:26:23:
df:ca:78:69:87:53:cf:26:63:c8:0b:44:a6:75:cf:
2d:2b:ca:be:fe:b8:32:90:22:3f:62:a9:4b:1a:25:
1a:b7:c7:41:06:bd:49:51:85:c0:e6:d8:79:29:a3:
a6:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
81:97:F7:84:0A:5D:73:59:AF:63:C6:7E:E9:6D:E9:DC:34:2A:15:BC
X509v3 Authority Key Identifier:
14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:connect.techcube.pw
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Apr 1 15:39:20.943 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B9:9A:CF:10:44:97:9F:DF:30:48:E5:
EB:16:23:68:DA:4C:98:EA:8A:EE:E1:42:8D:75:F0:56:
EE:6A:25:B4:CF:02:20:22:39:46:16:E3:D3:C3:6A:DF:
A6:96:96:55:C5:B9:97:11:3D:0D:14:74:33:3D:D3:63:
31:5E:C9:4A:9E:B4:CB
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Apr 1 15:39:20.955 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:1F:71:DF:D6:F8:68:01:DF:00:12:80:38:39:
0A:BB:0E:49:AD:1B:F2:D5:0F:81:B5:86:32:9A:F9:E8:
FC:32:DC:02:21:00:E6:BC:53:2E:96:87:F5:32:ED:5A:
43:F2:E8:95:D5:5C:13:51:48:E1:CE:34:6B:B0:D5:2B:
AF:91:44:43:59:28
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
a7:d7:da:38:c8:33:28:ed:68:1e:47:92:06:99:3b:be:45:d9:
bb:ed:88:06:a9:39:33:41:9a:b7:67:36:78:fe:24:81:2e:4d:
25:6a:d1:f0:4f:08:d6:95:aa:57:81:98:2f:60:94:8f:1a:29:
78:2f:92:f4:27:82:c6:66:d3:86:be:95:c8:a1:c7:7f:f9:56:
d8:df:53:92:63:0c:e1:c8:06:bf:c5:f7:38:8c:ec:05:07:45:
46:58:cb:51:5a:2c:ea:72:8d:e3:fa:41:7d:66:3b:21:96:98:
44:ca:7c:f2:50:d1:12:f0:c3:a8:4d:9a:8d:2b:7f:2f:9f:ff:
45:57:e6:90:22:48:ca:fa:ac:c4:bd:64:26:e4:a6:4b:77:ba:
15:63:82:ff:8a:cf:99:b7:43:c8:6b:71:3a:a4:78:52:b4:46:
4c:7b:52:47:0d:7d:b1:bf:ff:f9:c9:2e:22:28:b0:8b:61:8e:
7d:d8:89:e2:9f:91:f0:0b:e0:6f:0f:e8:b6:7a:17:f1:f8:2f:
5a:12:dc:4e:e4:01:0f:ac:3c:76:d7:ad:63:d5:1c:1a:93:a3:
4a:ef:6a:ed:66:e7:12:15:43:f1:1c:1f:db:07:39:ed:c3:ab:
25:eb:f4:85:8d:58:80:f4:cd:92:3e:3c:6d:21:67:aa:25:01:
cb:47:71:35
-436167079 | 2024-04-15T18:51:07.9161669100 / tcp
HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close
400 Bad Request
Prometheus Node Exporter:
node_exporter_build_info:
branch: debian/sid
goversion: go1.18.1
revision: 1.3.1-1ubuntu0.22.04.2
version: 1.3.1
node_os_info:
id: ubuntu
id_like: debian
name: Ubuntu
pretty_name: Ubuntu 22.04.4 LTS
version: 22.04.4 LTS (Jammy Jellyfish)
version_codename: jammy
version_id: 22.04
node_uname_info:
domainname: (none)
machine: x86_64
nodename: DELTON-W8RG02WOMVWNDTBY
release: 5.15.0-102-generic
sysname: Linux
version: #112-Ubuntu SMP Tue Mar 5 16:50:32 UTC 2024
node_dmi_info:
bios_date: 10/26/2022
bios_release: 5.17
bios_vendor: American Megatrends Inc.
bios_version: P7.40
board_name: B450M Pro4-F
board_vendor: ASRock
chassis_asset_tag: To Be Filled By O.E.M.
chassis_vendor: To Be Filled By O.E.M.
chassis_version: To Be Filled By O.E.M.
product_family: To Be Filled By O.E.M.
product_name: B450M Pro4-F
product_sku: To Be Filled By O.E.M.
product_version: To Be Filled By O.E.M.
system_vendor: To Be Filled By O.E.M.
node_nvme_info:
nvme0:
device: nvme0
firmware_revision: 002C
model: INTEL SSDPEKNU512GZ
serial: PHKA22500D0G512A
state: live
node_network_info:
lo:
address: 00:00:00:00:00:00
broadcast: 00:00:00:00:00:00
device: lo
operstate: unknown
docker0:
address: 02:42:c5:d9:1d:10
broadcast: ff:ff:ff:ff:ff:ff
device: docker0
duplex: unknown
operstate: down
pterodactyl0:
address: 02:42:85:98:be:8f
broadcast: ff:ff:ff:ff:ff:ff
device: pterodactyl0
duplex: unknown
operstate: down
enp5s0:
address: a8:a1:59:19:df:4f
broadcast: ff:ff:ff:ff:ff:ff
device: enp5s0
duplex: full
operstate: up