GeneralInformation

Hostnames	hosted-by.IHC.ru
Domains	IHC.ru
Country	Russian Federation
City	Moscow
Organization	ihc.ru network in digital hub
ISP	EuroByte LLC
ASN	AS210079

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2019-9516	6.8Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
CVE-2019-9513	7.8Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9511	7.8Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-20372	4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

OpenPorts

22 80 443 2376 6001 6379

118460344 | 2024-04-24T12:20:26.007120

22 / tcp

SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDXgjoiAMMLQB+955RTxKx5J7+qt5uRdNaQ2GhVBm+4/zzb
ZMHnM+EoVBBAIwq4rdLSsUrV/e4yvV1oTof8lEIA+Y0q0xzQgJpTAxfyGjm4gX5uMBgdWJEF3ltP
X4DQ/uARMm8ObORjaVLAhscXamJ9AkjWSQz2fE4yAkWbMoqbk9/ywfjYqk0uSvGv+j0wvyNPBvzd
k8PH3Zk9g1P55iEVrq8iZHAT+xqr8xqnPec0keSpsMJ+99fGouMRsf8o1UGgH0TDDLG1n7qnsfhI
jO5gy06IG0cFjWnXOgbFUCQzWS7ZVX6blUUt9TKtw221m0b6YNZua0ZQd7aWD4WJBY8r
Fingerprint: 4e:f7:f4:6c:96:52:14:e8:a1:96:3b:a0:07:80:00:83

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	diffie-hellman-group14-sha1

Server Host Key Algorithms:
	ssh-rsa
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

-1628292882 | 2024-05-10T19:56:02.012726

80 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.15.8
Date: Fri, 10 May 2024 19:56:01 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

-1628292882 | 2024-05-10T09:47:13.958331

443 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.15.8
Date: Fri, 10 May 2024 09:46:52 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            a2:42:ce:26:f3:3d:67:9e
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=RU, ST=RU, L=RU, O=default, OU=default, CN=default/emailAddress=default@default
        Validity
            Not Before: Jan 30 14:33:55 2018 GMT
            Not After : Jan 28 14:33:55 2028 GMT
        Subject: C=RU, ST=RU, L=RU, O=default, OU=default, CN=default/emailAddress=default@default
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e2:48:9c:7a:d7:ed:b2:7b:80:cb:a5:93:06:b7:
                    66:08:51:34:33:e7:3e:89:40:11:87:b9:2c:0f:31:
                    f0:ff:66:ff:54:3b:a3:0d:20:30:52:e3:91:a8:fb:
                    f9:92:6b:a6:18:a6:7c:09:03:4c:4a:7f:1b:8d:b3:
                    c0:00:13:d0:1c:68:13:ed:00:67:a8:4a:3b:ca:ed:
                    e0:6b:1c:10:62:0d:04:5f:17:b2:e0:fa:fa:af:6e:
                    aa:eb:d8:1a:ed:6b:1c:56:34:1a:7c:4e:e9:37:17:
                    9c:5c:bd:bb:6a:6d:06:75:f5:36:5f:be:4a:35:f8:
                    3f:cc:d7:1b:34:41:6c:e3:84:fa:db:df:66:6b:ce:
                    84:e9:e5:b6:7f:9b:9d:d5:7e:df:60:84:19:04:8d:
                    ec:b6:1f:09:3f:35:42:c1:2a:3d:72:41:86:09:83:
                    12:13:d0:bc:98:8d:3e:63:d2:79:d8:81:fd:6a:51:
                    8c:31:09:4a:4e:d7:3c:06:33:86:1e:3a:41:df:fe:
                    07:70:80:ce:6c:ca:1d:60:66:45:86:9f:11:7a:df:
                    89:0b:e7:23:3d:fb:55:f2:7f:05:72:26:d9:10:60:
                    3e:07:6f:78:18:33:69:00:b5:ff:25:c8:12:8a:63:
                    58:91:c6:b7:bc:4e:e7:71:d6:ab:d2:43:25:fd:7b:
                    fd:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                C3:3E:11:5A:AE:AA:E1:3C:08:49:CA:42:3A:12:B5:6D:77:52:7D:22
            X509v3 Authority Key Identifier: 
                C3:3E:11:5A:AE:AA:E1:3C:08:49:CA:42:3A:12:B5:6D:77:52:7D:22
            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        2d:85:f2:89:4c:73:42:d8:48:5e:75:36:a4:98:88:07:67:aa:
        54:e4:32:e6:e7:b0:cf:ba:86:fe:fe:65:48:b0:15:ba:d9:ee:
        94:be:2a:34:a2:4f:79:8c:f9:52:f7:f5:e9:ad:89:db:8f:1b:
        27:96:f4:8a:93:4d:a0:df:4d:06:12:df:1c:7d:4a:9f:43:91:
        71:6e:14:7b:83:c4:fe:51:61:81:1a:62:50:2f:76:70:65:e5:
        85:b1:51:64:19:dc:ec:68:bd:c6:fe:2c:b3:06:ba:85:48:70:
        0f:74:85:d0:a7:7b:e4:fc:04:27:99:22:77:70:09:6a:b6:44:
        b4:71:f2:33:11:ac:86:49:4e:39:e8:96:61:9d:1e:ca:c2:ed:
        19:63:c3:e2:6d:1c:c2:ea:4a:14:cf:21:a9:21:ed:72:06:17:
        dc:49:5a:1b:74:0b:05:82:cd:31:b5:40:cf:e4:f8:32:ba:00:
        80:71:7a:be:e8:42:bf:52:59:90:6b:5b:68:d0:ad:6b:5a:2f:
        0d:19:44:c5:75:12:38:49:80:28:4b:85:b4:f1:cb:f5:c9:0c:
        7f:00:0a:18:e7:6b:01:0e:3a:a3:6c:69:9d:e5:98:ad:7a:aa:
        43:ba:d3:21:90:ce:f7:c1:4e:c9:ef:47:15:80:99:fe:63:df:
        61:b1:59:60

549656107 | 2024-05-05T20:15:13.374209

2376 / tcp

SSL Error: ALERT_BAD_CERTIFICATE

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:5e:ab:84:91:29:79:3b:25:7e:52:e9:61:e6:ee:aa
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=unknown
        Validity
            Not Before: Jul 28 14:51:00 2022 GMT
            Not After : Jul 12 14:51:00 2025 GMT
        Subject: O=unknown.vp-all-int-ihc-msk-1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:be:58:a4:0f:3f:17:24:7d:5d:b7:6b:e3:e8:3e:
                    72:9e:65:6d:f7:d4:d8:a5:23:94:d6:6b:63:f0:0c:
                    f9:bc:37:77:ec:1d:ef:9f:0a:bb:50:0b:b9:a1:53:
                    d7:d3:09:11:b0:77:de:b1:fb:19:5e:e9:32:a5:70:
                    30:1e:f7:15:26:1e:46:e0:2a:05:75:79:07:1f:c1:
                    41:54:60:ed:bd:da:90:f8:4a:85:10:1b:95:18:35:
                    5b:cd:f2:3f:8a:64:9c:de:8d:d5:76:fc:87:6c:14:
                    31:7a:98:3e:71:9e:0a:22:82:18:6f:cd:52:20:77:
                    21:aa:d0:a9:c4:48:1c:61:88:7c:bc:42:a8:81:f3:
                    c6:ee:6a:72:80:6b:92:46:02:38:34:40:1d:71:71:
                    70:7d:88:cf:33:94:4a:21:d0:1a:97:0e:3a:87:78:
                    cb:68:d6:5f:4b:e4:c4:9c:68:8b:30:0b:93:24:38:
                    73:4c:4d:9d:d1:17:b3:72:d9:a8:2c:27:e2:02:71:
                    e0:8b:41:51:23:eb:76:82:c0:01:6e:4a:4c:77:25:
                    e6:2e:38:d4:47:d0:9c:0f:fa:ef:5d:90:ed:81:c1:
                    18:93:66:05:fc:11:fa:1a:d5:a8:d5:dc:59:92:e9:
                    56:2b:1f:0f:4d:eb:23:50:c5:39:f6:49:08:f8:38:
                    46:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Key Agreement
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Alternative Name: 
                DNS:localhost, IP Address:91.218.228.87
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        11:7d:17:ac:83:08:3f:19:cc:7d:c0:d0:7c:6d:cd:e4:c4:7f:
        8f:dc:e2:72:10:b4:05:39:61:8c:cd:43:15:50:32:dd:b4:02:
        ac:44:66:d0:c8:12:7b:4e:b6:bd:db:94:91:06:8a:b2:8d:e6:
        ed:9f:cf:0b:b8:83:44:36:00:e0:75:2e:4c:bf:f6:53:b4:69:
        18:5a:12:0b:1e:9e:9b:77:94:58:36:6f:30:2a:85:ac:59:6a:
        e4:ff:74:dd:be:73:b8:da:eb:14:c3:14:7d:38:e7:90:e3:a6:
        ef:67:d5:fc:f4:35:33:d2:42:e1:9c:26:7c:55:5e:63:54:e4:
        4e:47:f1:5a:fc:6f:90:c4:c4:a6:97:c1:f3:63:76:74:b3:43:
        10:1b:b4:18:01:49:59:b0:fd:9c:b5:37:33:43:4b:38:2f:55:
        f9:c1:c7:e9:c0:b8:2e:87:1e:bb:13:06:bf:15:1c:bb:02:9c:
        25:6c:76:9e:46:06:f6:c6:da:df:ad:11:e5:d3:59:5d:d5:8d:
        d6:6f:96:01:2f:82:00:c9:03:a8:50:33:c8:b2:9b:02:a2:2b:
        cd:43:3c:01:e7:ef:03:b7:5f:85:eb:47:c2:33:ed:8f:aa:c4:
        1a:b3:e9:7a:da:05:02:92:63:13:4b:7b:47:f6:f4:47:1b:06:
        29:47:de:e7

-1246004407 | 2024-05-07T06:55:58.078519

6001 / tcp

HTTP/1.1 400 Bad Request
Connection: close

-1927723706 | 2024-05-11T19:19:22.370311

6379 / tcp

-NOAUTH Authentication required.

91.218.228.87

Last Seen: 2024-05-11

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

118460344 | 2024-04-24T12:20:26.007120
22 / tcp

OpenSSH7.6p1 Ubuntu-4ubuntu0.7

-1628292882 | 2024-05-10T19:56:02.012726
80 / tcp

nginx1.15.8

-1628292882 | 2024-05-10T09:47:13.958331
443 / tcp

nginx1.15.8

549656107 | 2024-05-05T20:15:13.374209
2376 / tcp

-1246004407 | 2024-05-07T06:55:58.078519
6001 / tcp

-1927723706 | 2024-05-11T19:19:22.370311
6379 / tcp

Redis key-value store

Products

Pricing

Contact Us

91.218.228.87

Last Seen: 2024-05-11

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

118460344 | 2024-04-24T12:20:26.007120 22 / tcp

OpenSSH7.6p1 Ubuntu-4ubuntu0.7

-1628292882 | 2024-05-10T19:56:02.012726 80 / tcp

nginx1.15.8

-1628292882 | 2024-05-10T09:47:13.958331 443 / tcp

nginx1.15.8

549656107 | 2024-05-05T20:15:13.374209 2376 / tcp

-1246004407 | 2024-05-07T06:55:58.078519 6001 / tcp

-1927723706 | 2024-05-11T19:19:22.370311 6379 / tcp

Redis key-value store

Products

Pricing

Contact Us

118460344 | 2024-04-24T12:20:26.007120
22 / tcp

-1628292882 | 2024-05-10T19:56:02.012726
80 / tcp

-1628292882 | 2024-05-10T09:47:13.958331
443 / tcp

549656107 | 2024-05-05T20:15:13.374209
2376 / tcp

-1246004407 | 2024-05-07T06:55:58.078519
6001 / tcp

-1927723706 | 2024-05-11T19:19:22.370311
6379 / tcp