GeneralInformation

Hostnames	ga-hits.medianation-tools.ru
Domains	medianation-tools.ru
Cloud Provider	Yandex
Country	Russian Federation
City	Moscow
Organization	Yandex.Cloud LLC
ISP	Yandex.Cloud LLC
ASN	AS200350

WebTechnologies

Programming languages

Python

Web servers

Uvicorn

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

22 80 443 3000 9100

758313111 | 2024-05-05T00:17:50.007556

22 / tcp

SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQC+SxIqEucLinZ/uJdpTUvVke/i+KXKOCN+XLPHEIRGK1Si
iabAucHKJZMxbobq1B79qh1i921FZnJlRY2cVEOvNM+gQfMnoKESb9jWzxAluXmAiNTyRjv50ezT
gLRNdYf0k5FJneclt9dXO0EpP3U/Y4baaPvmdnPtwW8uFGQIs1rp/Hlk1PmjIAXq9L5DBt+n68gQ
UOGGmzc+9fJJYolVypJILjMg+dCFdcTpmiGsopiyouMNiaYVFaX5IFAADA5knLLJlXfb54p6I4QV
IrkgPLI62B/Gr0Ai7ELQKkLtz329jSWhF+dDQOgx/srektJGPr2KFqEkDNzJPFEkT25pF20PqoVn
5Tpk0UGY0MwHsCYl66l9lZbbYJlcEs5QOQOyMpIZA1nCkSPhHzgfw6UMAx264KCRqTz0XgBIjPZk
udpq7LQ0vYnOmBI+mbsIFJNShahBzaD40cJbqmAwuuBZRD4WxzFzGUvaKatt80xTxPopkPx5bIMU
5qqFymLsju8=
Fingerprint: 7d:e9:47:7e:b1:22:94:b6:4e:a9:51:92:01:49:d2:7e

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	sntrup761x25519-sha512@openssh.com
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

677579724 | 2024-05-04T18:54:05.583783

80 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 18:54:05 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive

-166216652 | 2024-05-06T00:12:09.976261

443 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 06 May 2024 00:12:09 GMT
Content-Type: application/json
Content-Length: 22
Connection: keep-alive

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:e2:ce:6d:59:3f:bb:4a:c3:d6:5e:75:5e:e1:e3:b9:2a:02
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar 19 18:29:22 2024 GMT
            Not After : Jun 17 18:29:21 2024 GMT
        Subject: CN=ga-hits.medianation-tools.ru
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:28:e8:ca:32:d3:b5:fc:cb:f7:d7:0d:a3:82:8b:
                    00:24:05:a4:2b:2f:ef:1c:73:4f:65:4f:41:22:69:
                    ea:d2:4a:30:dc:4a:39:c4:d4:d0:f2:ff:96:a0:0a:
                    92:6e:8e:54:96:14:1a:4f:56:dc:d6:a3:62:83:5d:
                    0c:99:f3:5e:d0
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                77:46:E5:31:2D:BC:88:8D:34:7F:86:61:B6:8C:D1:4A:38:FB:3E:4D
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:ga-hits.medianation-tools.ru
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
                                65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
                    Timestamp : Mar 19 19:29:22.633 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:70:80:6B:8A:E4:1A:32:95:ED:37:1F:E2:
                                0B:65:D4:1B:82:DE:80:71:CC:13:7C:A6:26:6E:E0:E2:
                                4A:4D:2C:49:02:21:00:B9:1B:19:02:5A:6D:65:12:02:
                                15:56:EF:33:C2:63:12:95:7E:E6:84:5C:F4:12:04:8D:
                                EB:B1:6A:77:F2:1D:FC
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Mar 19 19:29:22.638 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:43:59:8D:7C:DE:5A:C3:4A:80:68:DB:3A:
                                49:EF:0E:55:10:5E:3B:3A:5B:EC:DC:39:08:E2:D7:3D:
                                32:FC:56:C3:02:20:03:CD:75:FC:56:FD:3E:81:0E:6F:
                                06:F0:ED:0D:FB:51:DF:46:D3:05:ED:19:50:21:90:63:
                                75:22:31:DD:3F:7E
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        24:1e:de:12:0e:bb:b0:a9:3d:2c:50:4d:8b:70:a3:00:42:16:
        89:5d:79:41:48:5d:44:47:74:9a:5c:a0:37:9c:ba:fe:84:aa:
        73:48:46:f8:f9:64:b5:93:35:f3:b3:26:dd:e8:39:d8:cb:72:
        a1:48:1e:c3:3f:1a:75:0a:ae:43:30:87:1d:5b:c6:06:d8:61:
        34:db:d3:c4:cb:e0:9d:92:ef:e2:13:3c:00:96:05:8d:c8:0c:
        af:4a:29:35:dd:fb:d6:9c:c0:bc:f9:6b:df:41:de:38:a1:3a:
        d4:49:4c:09:91:65:8b:6a:dd:12:0c:a7:91:cf:64:d4:73:2e:
        93:32:b6:60:ce:78:21:a2:b2:fa:e4:13:c3:78:e7:ff:3a:bc:
        0c:a8:bb:7b:4c:89:b0:80:1c:52:b4:e2:7e:71:76:3e:30:62:
        1a:7c:d8:dc:28:ed:2f:f9:46:2b:14:3e:10:79:2e:81:88:f9:
        75:0b:5a:6e:09:f9:13:d0:cc:f1:8f:c0:f0:e9:a6:fa:3d:7c:
        7f:d5:0b:11:fd:fa:d4:2c:c0:0e:a9:db:bd:56:d8:3f:20:d2:
        e3:13:51:f0:e6:8e:f2:fa:79:dc:3f:4c:6c:79:33:01:88:ac:
        4a:d6:90:ec:60:2c:66:af:86:9a:6e:47:0e:d1:c2:66:d4:1f:
        aa:7d:df:ce

-166216652 | 2024-05-08T00:00:50.536310

3000 / tcp

HTTP/1.1 404 Not Found
date: Wed, 08 May 2024 00:00:50 GMT
server: uvicorn
content-length: 22
content-type: application/json

-789493679 | 2024-05-03T14:49:26.620199

9100 / tcp

HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close

400 Bad Request
Prometheus Node Exporter:
  node_exporter_build_info:
    branch: HEAD
    goarch: amd64
    goos: linux
    goversion: go1.21.4
    revision: 7333465abf9efba81876303bb57e6fadb946041b
    tags: netgo osusergo static_build
    version: 1.7.0
  node_uname_info:
    domainname: (none)
    machine: x86_64
    nodename: 265f99f3e4ec
    release: 5.15.0-100-generic
    sysname: Linux
    version: #110-Ubuntu SMP Wed Feb 7 13:27:48 UTC 2024
  node_dmi_info:
    bios_date: 04/01/2014
    bios_release: 0.0
    bios_vendor: SeaBIOS
    bios_version: 1.16.1-1
    board_name: xeon-gold-6338
    board_vendor: Yandex
    board_version: pc-q35-yc-2.12
    chassis_vendor: Yandex
    chassis_version: xeon-gold-6338
    product_family: Yandex Cloud
    product_name: xeon-gold-6338
    product_version: pc-q35-yc-2.12
    system_vendor: Yandex
  node_network_info:
    lo:
      address: 00:00:00:00:00:00
      adminstate: up
      broadcast: 00:00:00:00:00:00
      device: lo
      operstate: unknown
    eth0:
      address: 02:42:ac:12:00:02
      adminstate: up
      broadcast: ff:ff:ff:ff:ff:ff
      device: eth0
      duplex: full
      operstate: up

MAC Addresses

02:42:AC:12:00:02
    Unknown

84.252.139.70

Last Seen: 2024-05-08

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

758313111 | 2024-05-05T00:17:50.007556
22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.6

677579724 | 2024-05-04T18:54:05.583783
80 / tcp

nginx1.18.0

-166216652 | 2024-05-06T00:12:09.976261
443 / tcp

nginx1.18.0

-166216652 | 2024-05-08T00:00:50.536310
3000 / tcp

-789493679 | 2024-05-03T14:49:26.620199
9100 / tcp

Prometheus Node Exporter1.7.0

Products

Pricing

Contact Us

84.252.139.70

Last Seen: 2024-05-08

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

758313111 | 2024-05-05T00:17:50.007556 22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.6

677579724 | 2024-05-04T18:54:05.583783 80 / tcp

nginx1.18.0

-166216652 | 2024-05-06T00:12:09.976261 443 / tcp

nginx1.18.0

-166216652 | 2024-05-08T00:00:50.536310 3000 / tcp

-789493679 | 2024-05-03T14:49:26.620199 9100 / tcp

Prometheus Node Exporter1.7.0

Products

Pricing

Contact Us

758313111 | 2024-05-05T00:17:50.007556
22 / tcp

677579724 | 2024-05-04T18:54:05.583783
80 / tcp

-166216652 | 2024-05-06T00:12:09.976261
443 / tcp

-166216652 | 2024-05-08T00:00:50.536310
3000 / tcp

-789493679 | 2024-05-03T14:49:26.620199
9100 / tcp