GeneralInformation

Hostnames	ec2-52-206-110-23.compute-1.amazonaws.com alb.thetroylab.com
Domains	amazonaws.com thetroylab.com
Cloud Provider	Amazon
Cloud Region	us-east-1
Cloud Service	EC2
Country	United States
City	Ashburn
Organization	Amazon Technologies Inc.
ISP	Amazon.com, Inc.
ASN	AS14618

WebTechnologies

JavaScript libraries

jQuery2.2.0

UI frameworks

Materialize CSS52.206.110.23

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2020-23064	Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-9516	6.8Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
CVE-2019-9513	7.8Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9511	7.8Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-20372	4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

OpenPorts

80 443

-1770614387 | 2024-03-23T21:30:42.460201

80 / tcp

HTTP/1.1 200 OK
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Date: Sat, 23 Mar 2024 21:30:42 GMT
Server: nginx/1.15.8
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImVZN2pJd0h2OStydWUrT2s3SW5SeWc9PSIsInZhbHVlIjoiWklMV1M2MDRQbmlZU2FcL1hwUWdtRlhsTlduTk5DM1VVaE5CdXFVRjdKbFM3eGJjNzRJWllRVlI2S05LTkoyeGUiLCJtYWMiOiJmODhiNzMyNzFiYzU0ZjJkNDk3NDhkNjkwNTBjMmZmMjlkZjE5YmY3NWIyNzY3NjBjYjVlNjNlZTI1Yzk5NDk2In0%3D; expires=Sat, 23-Mar-2024 23:30:42 GMT; Max-Age=7200; path=/
Set-Cookie: laravel_session=eyJpdiI6Ikt1UG1CT0ordjdkUjNZSWFXZ2U2aUE9PSIsInZhbHVlIjoieXR5UWdqYmgrTjhtSmRSUU9TZlhHdWdreHl3SU1GcUxrSFFYRFFJeXNjTEIxN1VVVlRGY1Nvd1RGSUxhWVliSCIsIm1hYyI6IjZiZGU1ZGQ5M2E5MjVhNTI5ZGI4MzM0Y2QwNWU1NjkyZmZhYmNlYTMxMjk5ZDI0NDlhYzkzM2Q0OGIxNjAwY2UifQ%3D%3D; expires=Sat, 23-Mar-2024 23:30:42 GMT; Max-Age=7200; path=/; httponly
Content-Length: 3850
Connection: keep-alive

293410365 | 2024-04-17T15:13:52.968402

443 / tcp

HTTP/1.1 503 Service Temporarily Unavailable
Server: awselb/2.0
Date: Wed, 17 Apr 2024 15:13:52 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:9b:97:1e:b5:23:42:5a:dc:91:c4:97:4e:b3:33:4f
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Amazon, CN=Amazon RSA 2048 M01
        Validity
            Not Before: Oct 28 00:00:00 2022 GMT
            Not After : Nov 26 23:59:59 2023 GMT
        Subject: CN=alb.thetroylab.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b3:37:ed:e7:21:5a:94:97:db:83:8c:f1:bd:a6:
                    61:dd:0d:5d:67:b5:36:45:9c:d6:f2:78:c5:87:c9:
                    5f:ab:2e:d7:e4:42:2d:c9:01:95:4d:07:12:c7:de:
                    16:13:99:29:77:13:55:9b:05:51:14:2a:bb:3b:e7:
                    96:03:50:64:91:1d:05:16:03:6e:e2:fc:cc:bf:06:
                    f9:58:0c:71:95:e3:ee:8d:ff:52:b3:3c:43:c4:df:
                    80:47:3a:45:1a:a2:00:e6:e8:26:8f:ea:8c:3c:32:
                    44:cc:7b:14:8d:bc:78:72:70:4e:e7:11:c7:35:d2:
                    8c:f1:fb:0a:db:29:08:e6:1c:5e:28:a7:98:34:02:
                    14:23:9c:5f:6a:8b:89:9a:ac:62:df:40:b7:6c:7d:
                    8e:18:d5:2c:1d:35:40:3e:01:96:a9:bd:dd:46:fb:
                    3d:be:b6:49:9b:e9:58:83:0b:88:04:3f:39:a8:a4:
                    aa:bd:77:5c:be:3f:79:d0:ca:0b:7a:ef:87:e9:1d:
                    b6:d1:37:83:9c:fb:7e:bd:3d:bf:7b:8f:ed:06:a9:
                    3a:52:3f:fd:84:b3:28:13:6a:65:70:b4:e6:1b:b6:
                    20:02:04:c8:c6:44:6e:de:9a:54:a7:53:e2:94:0e:
                    16:ba:a3:4e:f9:bf:c7:39:67:60:b7:d3:e6:76:e9:
                    a4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                81:B8:0E:63:8A:89:12:18:E5:FA:3B:3B:50:95:9F:E6:E5:90:13:85
            X509v3 Subject Key Identifier: 
                97:75:26:0D:30:0A:6F:8B:6D:54:D6:02:66:F2:57:C8:70:43:BB:14
            X509v3 Subject Alternative Name: 
                DNS:alb.thetroylab.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.r2m01.amazontrust.com/r2m01.crl
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            Authority Information Access: 
                OCSP - URI:http://ocsp.r2m01.amazontrust.com
                CA Issuers - URI:http://crt.r2m01.amazontrust.com/r2m01.cer
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
                                B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
                    Timestamp : Oct 28 19:21:14.101 2022 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:1B:E2:0C:79:ED:84:20:32:40:3D:2B:43:
                                FF:CF:2D:4E:10:69:F3:15:20:FB:46:6E:7B:8D:51:EB:
                                27:0C:B2:C0:02:21:00:C0:54:12:2E:27:0B:7E:67:12:
                                DE:D8:85:BB:67:D4:D9:48:D1:3C:A1:BC:E5:D2:E3:8F:
                                52:CC:2F:76:A6:AC:2D
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
                                4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
                    Timestamp : Oct 28 19:21:14.144 2022 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:EA:31:8C:DD:C8:A7:11:1D:44:C9:68:
                                73:B2:F1:24:7C:1E:C9:EA:AC:27:F5:97:EC:CF:4A:43:
                                44:83:68:FE:9B:02:21:00:FF:8B:C1:51:8F:1C:08:88:
                                2F:89:F3:89:48:45:DB:DE:7D:C1:A9:00:7C:4E:01:14:
                                70:07:25:13:6D:5E:09:25
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
                                5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
                    Timestamp : Oct 28 19:21:14.076 2022 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:2D:5C:01:98:D8:18:21:C9:C0:C0:B8:6A:
                                B6:34:80:5A:2A:B7:DF:7D:E1:A9:C5:87:D4:4F:D0:4A:
                                3D:D4:E6:86:02:20:22:20:08:08:47:38:59:7B:66:B3:
                                BE:78:EA:ED:DB:61:BA:F8:78:ED:12:39:81:CC:E7:2C:
                                E3:97:24:D5:40:72
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        33:41:eb:b2:14:0a:4f:b3:37:c4:9a:74:bf:1d:60:7c:c0:ca:
        0d:69:03:0b:2b:5f:df:18:74:c7:21:84:4a:d8:73:cf:0e:1b:
        b8:3b:a0:40:0f:8d:6d:26:6a:1e:73:70:c7:0f:f7:d4:4f:23:
        3c:80:c2:0d:c7:82:83:da:4a:b3:a1:15:56:47:f2:cd:9a:c9:
        ce:82:73:cd:f2:52:03:a0:68:31:30:fe:1a:f1:2b:7b:00:13:
        44:a7:9e:36:87:0a:d6:33:dd:6c:3b:9d:39:40:e9:7a:3d:3f:
        8e:76:dc:31:c6:fa:ce:ef:af:43:8e:20:57:7d:9b:ef:d4:76:
        36:74:82:9c:d9:f0:54:83:7d:64:c1:9b:f0:92:fa:fe:9c:00:
        63:9f:c0:2a:f3:ac:da:b2:30:d5:9e:09:10:2c:80:27:a5:c8:
        6c:fd:64:ea:fd:74:da:ca:6e:5a:c0:65:e8:cd:18:82:26:4d:
        ae:b5:ca:0c:69:02:18:ef:b6:f7:62:5b:f1:bb:71:dc:c6:3c:
        f9:9c:b7:02:9a:af:d0:76:22:02:5c:d7:ec:01:da:10:6e:ff:
        d7:ca:e4:95:d1:dd:16:be:15:97:76:c2:d0:7c:20:88:26:0b:
        19:2d:43:61:3c:2a:47:1b:1b:3c:8f:f0:94:78:0f:a4:eb:ba:
        26:e9:e9:33

52.206.110.23

Last Seen: 2024-04-17

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-1770614387 | 2024-03-23T21:30:42.460201
80 / tcp

nginx1.15.8

293410365 | 2024-04-17T15:13:52.968402
443 / tcp

AWS ELB2.0

Products

Pricing

Contact Us

52.206.110.23

Last Seen: 2024-04-17

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-1770614387 | 2024-03-23T21:30:42.460201 80 / tcp

nginx1.15.8

293410365 | 2024-04-17T15:13:52.968402 443 / tcp

AWS ELB2.0

Products

Pricing

Contact Us

-1770614387 | 2024-03-23T21:30:42.460201
80 / tcp

293410365 | 2024-04-17T15:13:52.968402
443 / tcp