GeneralInformation

Hostnames	139-162-190-248.ip.linodeusercontent.com admin.medaserver.click sem.medaserver.click static.medaserver.click
Domains	linodeusercontent.com medaserver.click
Cloud Provider	Linode
Cloud Region	de-he
Country	Germany
City	Frankfurt am Main
Organization	139.162.0.0/16
ISP	Akamai Connected Cloud
ASN	AS63949

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

80 443 3000 4000

1651973090 | 2024-04-26T19:56:48.057950

80 / tcp

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 26 Apr 2024 19:56:47 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Sun, 14 Apr 2024 19:50:41 GMT
Connection: keep-alive
ETag: "661c3391-264"
Accept-Ranges: bytes

2102290190 | 2024-04-25T00:14:14.410685

443 / tcp

HTTP/1.1 400 Bad Request
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 25 Apr 2024 00:14:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:fe:84:88:a1:77:c8:da:68:53:fc:69:b1:72:24:1c:72:ac
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Apr 14 19:05:04 2024 GMT
            Not After : Jul 13 19:05:03 2024 GMT
        Subject: CN=admin.medaserver.click
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:96:c7:50:67:a4:ac:07:22:b5:ee:f7:1e:a3:a0:
                    40:c9:27:e5:82:f3:c5:47:6a:34:36:8f:26:31:00:
                    56:e4:fd:24:5c:23:c1:ee:90:b0:da:f5:2e:e1:ed:
                    20:14:3f:f5:43:55:da:ba:82:05:03:94:1d:6f:cd:
                    7e:ed:b9:40:60
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                9B:76:1C:BA:16:93:A5:E1:96:64:89:AC:39:E2:83:89:30:73:0D:21
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:admin.medaserver.click, DNS:sem.medaserver.click, DNS:static.medaserver.click
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Apr 14 20:05:04.894 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:EC:BD:36:B3:7D:57:57:A3:3F:C6:6E:
                                96:39:9B:C2:61:1D:E1:9E:3B:71:4D:8E:B5:42:E8:78:
                                71:FD:E3:B4:98:02:21:00:9E:95:F7:B7:F6:CB:6C:8B:
                                E7:39:39:86:E4:BE:4B:FD:BE:4E:56:3C:E7:8E:E9:F9:
                                A1:73:72:8A:24:99:19:81
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DF:E1:56:EB:AA:05:AF:B5:9C:0F:86:71:8D:A8:C0:32:
                                4E:AE:56:D9:6E:A7:F5:A5:6A:01:D1:C1:3B:BE:52:5C
                    Timestamp : Apr 14 20:05:05.090 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:AB:C6:82:29:E3:23:5F:B6:55:B1:16:
                                DF:B2:5E:F6:8B:E4:4D:FE:4E:2C:47:87:AE:57:13:CF:
                                9F:96:53:6C:5A:02:21:00:C6:BA:F4:16:E2:3B:69:70:
                                01:94:E7:78:92:56:34:0A:94:74:B8:EE:DF:FC:80:77:
                                11:E5:54:A3:8F:72:07:8E
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        95:ef:16:31:cb:82:10:36:56:27:7a:e2:db:06:59:3c:2a:42:
        16:f5:eb:f5:cf:41:5d:4f:64:51:57:cc:f5:7d:32:22:c3:2a:
        6a:13:d3:98:40:0f:2e:f6:0a:76:4f:8f:54:97:41:3c:fc:1a:
        5a:00:59:48:9f:ec:c1:a4:1e:d7:83:9e:5b:bf:3d:31:f5:6c:
        ed:cf:ce:93:1d:79:c0:1a:b8:d8:d5:d2:23:f6:c0:5f:78:ef:
        d6:e2:c7:14:a6:06:ae:fe:0a:d7:de:21:63:57:a0:c0:c8:18:
        1c:e7:05:a8:12:d0:73:16:7c:90:38:12:0a:b4:96:36:d4:c8:
        5a:0d:30:99:a2:1a:a2:10:bb:3a:b1:b8:29:11:9e:55:d7:a6:
        0e:ad:04:01:62:2c:62:ba:54:b4:01:3d:c6:8c:be:95:ba:81:
        f7:cf:2b:f2:9e:1a:9f:b1:02:e0:7f:f6:df:a8:d6:0b:09:81:
        b3:c4:9f:dd:0d:4c:f5:61:47:a6:f4:ba:25:3f:77:76:fb:c9:
        cc:33:fd:1e:17:17:5b:c7:ee:0f:1a:91:e5:75:21:38:6b:5c:
        4e:4e:a2:00:63:f3:1c:f1:8a:c0:d7:06:a5:a7:2d:65:48:b9:
        a8:d0:c9:84:52:12:86:bc:a1:74:53:78:68:07:bc:78:d3:d4:
        36:3a:cc:32

2102290190 | 2024-04-22T03:15:36.326633

3000 / tcp

HTTP/1.1 400 Bad Request
X-Powered-By: Express
Access-Control-Allow-Origin: *
Date: Mon, 22 Apr 2024 03:15:25 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 14

-1246004407 | 2024-04-27T17:12:02.665728

4000 / tcp

HTTP/1.1 400 Bad Request
Connection: close

139.162.190.248

Last Seen: 2024-04-27

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

1651973090 | 2024-04-26T19:56:48.057950
80 / tcp

nginx1.18.0

2102290190 | 2024-04-25T00:14:14.410685
443 / tcp

nginx1.18.0

2102290190 | 2024-04-22T03:15:36.326633
3000 / tcp

-1246004407 | 2024-04-27T17:12:02.665728
4000 / tcp

Products

Pricing

Contact Us

139.162.190.248

Last Seen: 2024-04-27

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

1651973090 | 2024-04-26T19:56:48.057950 80 / tcp

nginx1.18.0

2102290190 | 2024-04-25T00:14:14.410685 443 / tcp

nginx1.18.0

2102290190 | 2024-04-22T03:15:36.326633 3000 / tcp

-1246004407 | 2024-04-27T17:12:02.665728 4000 / tcp

Products

Pricing

Contact Us

1651973090 | 2024-04-26T19:56:48.057950
80 / tcp

2102290190 | 2024-04-25T00:14:14.410685
443 / tcp

2102290190 | 2024-04-22T03:15:36.326633
3000 / tcp

-1246004407 | 2024-04-27T17:12:02.665728
4000 / tcp