GeneralInformation

Hostnames	livetracking.prod.eu-west-1.hydratest.aws.a2z.com ec2-52-49-70-8.eu-west-1.compute.amazonaws.com
Domains	a2z.com amazonaws.com
Cloud Provider	Amazon
Cloud Region	eu-west-1
Cloud Service	EC2
Country	Ireland
City	Dublin
Organization	Amazon Data Services Ireland Limited
ISP	Amazon.com, Inc.
ASN	AS16509

WebTechnologies

CDN

jQuery CDN

JavaScript libraries

jQuery3.4.1

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2020-23064	Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-20372	4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

OpenPorts

80 443

-867213016 | 2024-04-01T22:28:49.167094

80 / tcp

HTTP/1.1 200 OK
Date: Mon, 01 Apr 2024 22:28:48 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8707
Connection: keep-alive
Server: nginx/1.16.1
X-Powered-By: Express
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Thu, 25 Jun 2020 10:27:15 GMT
ETag: W/"2203-172eb046bb8"

586566355 | 2024-04-23T12:40:29.132802

443 / tcp

HTTP/1.1 404 Not Found
Date: Tue, 23 Apr 2024 12:40:28 GMT
x-amzn-RequestId: b6721ac7-52fd-4555-a6a6-3da8376d04c1
Content-Length: 29
Connection: keep-alive

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:c8:43:71:46:bc:81:f1:43:3c:f6:2a:99:8a:3e:0f
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Amazon, CN=Amazon RSA 2048 M02
        Validity
            Not Before: Oct 30 00:00:00 2023 GMT
            Not After : Nov 27 23:59:59 2024 GMT
        Subject: CN=livetracking.prod.eu-west-1.hydratest.aws.a2z.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d7:88:50:76:51:bd:42:24:7b:96:d1:f6:b6:f8:
                    e0:f6:2d:ee:b5:cd:8c:47:e6:83:12:54:47:4d:d1:
                    ce:24:88:24:59:1c:cf:a6:e7:47:9c:a7:f2:85:78:
                    7d:32:f9:a1:dc:b2:7e:ae:97:0c:0e:d8:d0:7e:43:
                    6b:fa:1e:9d:42:57:92:05:5a:89:43:88:e4:15:ff:
                    ad:25:87:0a:e5:2e:15:31:70:83:29:8a:22:2b:b1:
                    dc:28:3e:2a:c3:d1:47:1c:8d:dd:63:07:1e:46:eb:
                    c0:ae:92:9c:4c:91:80:b2:56:67:27:98:14:be:0a:
                    96:77:4c:b4:bd:7d:15:13:3f:fc:d8:58:c0:a8:49:
                    6a:de:59:b8:e0:3c:e4:85:c2:49:f4:ca:01:dd:f0:
                    48:53:a2:21:a3:65:9c:69:fa:22:69:56:38:7b:2e:
                    0a:23:30:c5:88:2d:5d:e1:7a:58:8a:57:23:fb:64:
                    04:fc:9c:c2:36:6e:ba:d1:48:92:cf:b9:50:27:aa:
                    76:d9:af:68:79:bf:ab:54:42:dc:3e:1a:78:c1:e2:
                    df:23:31:1f:91:d1:58:b6:46:18:5c:bc:73:ca:32:
                    d3:3a:20:e1:a8:e2:58:1f:49:76:c5:9a:1c:63:ea:
                    d7:59:d1:2e:cf:1c:7e:92:c8:67:44:4d:4d:36:1c:
                    a1:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                C0:31:52:CD:5A:50:C3:82:7C:74:71:CE:CB:E9:9C:F9:7A:EB:82:E2
            X509v3 Subject Key Identifier: 
                4C:C5:C5:C3:3B:98:BC:44:41:74:3D:7B:AB:A4:1C:E2:87:AB:CB:C0
            X509v3 Subject Alternative Name: 
                DNS:livetracking.prod.eu-west-1.hydratest.aws.a2z.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.r2m02.amazontrust.com/r2m02.crl
            Authority Information Access: 
                OCSP - URI:http://ocsp.r2m02.amazontrust.com
                CA Issuers - URI:http://crt.r2m02.amazontrust.com/r2m02.cer
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Oct 30 00:33:34.440 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:A4:4C:ED:63:BD:A4:A7:69:66:0B:E7:
                                6A:0F:1D:C4:95:53:7D:A5:DD:DC:F2:D9:63:A2:33:5E:
                                86:E3:F2:1A:C1:02:21:00:B9:F3:43:90:6F:FB:1B:AD:
                                D6:91:BD:AB:2D:1E:A0:6B:35:A1:83:2B:EA:86:44:C9:
                                DA:23:40:AF:F7:18:03:F1
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Oct 30 00:33:34.375 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:FD:4D:B1:59:1C:04:7B:2E:38:E3:84:
                                BA:E4:DE:C2:46:B6:F9:3E:5D:1C:52:AD:59:DC:9C:EA:
                                19:86:00:29:29:02:20:42:34:63:04:09:9E:16:5A:C9:
                                91:85:C6:F6:CA:85:42:EA:1E:A6:14:51:77:F6:6B:2A:
                                15:4C:71:52:BB:26:85
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
                                91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
                    Timestamp : Oct 30 00:33:34.369 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:F8:A5:92:48:FE:00:34:E5:F1:45:AA:
                                46:26:6B:C4:C6:24:92:C1:F2:1C:F9:BD:B0:8F:07:FF:
                                BD:66:E1:62:4C:02:20:2B:9B:BD:D0:ED:AC:F6:70:11:
                                13:53:87:4E:48:60:C8:B6:02:57:C5:65:F3:D7:3E:95:
                                FF:00:59:13:45:AF:79
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        4f:e4:40:ff:77:b0:5f:67:b6:ff:90:32:65:9a:f6:5c:be:8c:
        ce:5f:3f:e7:09:fd:e4:b8:ae:3f:cb:ab:cd:91:a7:92:6c:43:
        ac:54:89:c8:01:d5:9f:37:8c:17:5e:05:eb:0b:81:b1:94:4e:
        60:50:d4:49:97:07:1e:99:d3:16:74:cf:d8:03:8f:72:6f:c2:
        d7:0f:41:36:ba:7a:7f:f1:1b:7b:18:bb:90:fa:f2:9d:d9:9b:
        5f:df:f9:7a:96:7b:fc:57:e0:8d:57:0d:13:f9:27:e0:9a:5b:
        2b:37:5e:5c:6f:58:2e:93:b4:52:d9:c6:ce:57:1e:b0:5b:1e:
        00:1a:f3:f7:f6:00:6a:3e:f6:05:f2:cf:6f:bd:b9:37:c8:c2:
        89:e8:05:17:3d:8c:ca:9c:8b:cb:56:65:c9:5e:f3:bb:99:c2:
        26:76:59:a6:bc:e2:c2:84:3f:dd:99:59:50:4e:07:20:fe:d1:
        9e:ac:34:c0:c6:86:a1:7a:9d:5c:c7:8d:a0:40:1e:6d:21:e2:
        33:c0:74:9b:c6:fb:d9:08:64:71:86:4c:2c:e6:09:24:79:37:
        0d:0f:57:9c:b6:d5:08:b9:84:3b:ec:9a:f7:a7:40:31:95:f8:
        4b:58:4e:12:4d:96:e6:da:9b:40:92:b0:90:32:f8:eb:55:a9:
        1f:d9:63:d4

52.49.70.8

Last Seen: 2024-04-23

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-867213016 | 2024-04-01T22:28:49.167094
80 / tcp

nginx1.16.1

586566355 | 2024-04-23T12:40:29.132802
443 / tcp

Products

Pricing

Contact Us

52.49.70.8

Last Seen: 2024-04-23

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-867213016 | 2024-04-01T22:28:49.167094 80 / tcp

nginx1.16.1

586566355 | 2024-04-23T12:40:29.132802 443 / tcp

Products

Pricing

Contact Us

-867213016 | 2024-04-01T22:28:49.167094
80 / tcp

586566355 | 2024-04-23T12:40:29.132802
443 / tcp