GeneralInformation

Hostnames	cybersecurity.theater
Domains	cybersecurity.theater
Cloud Provider	Oracle Cloud Infrastructure
Cloud Region	ca-toronto-1
Country	Canada
City	Toronto
Organization	Oracle Public Cloud
ISP	Oracle Corporation
ASN	AS31898

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2023(1)

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

2021(2)

CVE-2021-23017

7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVE-2021-3618

7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

OpenPorts

22 80 443

22 / tcp

1378895638 | 2025-03-21T21:44:47.956727

SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.11
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC66vNHKuETWxAoJLDAk+f0B
4TgW3ucD7n+5NWSJPoK2PtkzggGfBkHikqb2guttZDjmNb54xfHs4bUsYP1U+CU=
Fingerprint: 69:26:04:74:91:a7:11:1d:63:1b:91:18:62:1e:85:c1

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	sntrup761x25519-sha512@openssh.com
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

80 / tcp

589765266 | 2025-03-22T09:33:23.621192

Hashes

hash

2124951736

http.dom_hash

1239617585

http.html_hash

589765266

http.server_hash

967792298

http.title_hash

1522695184

301 Moved Permanently

HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 22 Mar 2025 09:33:23 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://140.238.135.134/

Vulnerabilities

443 / tcp

-1092571168 | 2025-03-22T22:04:31.780803

Hashes

hash

-1230151564

http.dom_hash

-2662602

http.favicon.hash

300081850

http.html_hash

-1092571168

http.robots_hash

-864765948

http.server_hash

-452923044

http.title_hash

-452923044

Mastodon

HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 22:04:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 23864
Connection: keep-alive
Vary: Accept-Encoding
Server: Mastodon
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: same-origin
Vary: Accept, Accept-Language, Cookie
link: <https://assets.cybersecurity.theater/packs/js/locale/en-json-422b73babd07f2e64a0c.chunk.js>; rel=preload; as=script; type=text/javascript; crossorigin=anonymous; integrity=sha256-UyVqnwsLcjvYQI3hJGuMa5WnRrRnX+z9xRbFTQW9jIM=
Cache-Control: max-age=15, public, stale-while-revalidate=30, stale-if-error=86400
ETag: W/"19b86ce3457cd1f5bb4af44397b3addc"
Content-Security-Policy: base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://assets.cybersecurity.theater; img-src 'self' data: blob: https://assets.cybersecurity.theater https://files.cybersecurity.theater; style-src 'self' https://assets.cybersecurity.theater 'nonce-w2dnyjz2fQGpIvQUGHNueg=='; media-src 'self' data: https://assets.cybersecurity.theater https://files.cybersecurity.theater; manifest-src 'self' https://assets.cybersecurity.theater; form-action 'none'; child-src 'self' blob: https://assets.cybersecurity.theater; worker-src 'self' blob: https://assets.cybersecurity.theater; connect-src 'self' data: blob: https://assets.cybersecurity.theater https://files.cybersecurity.theater wss://cybersecurity.theater; script-src 'self' https://assets.cybersecurity.theater 'wasm-unsafe-eval'; frame-src 'self' https:
X-Request-Id: bdbb370d-fb42-4389-a3d8-82d3a81a319c
X-Runtime: 0.010645
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Cached: STALE

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:93:82:75:07:64:2c:95:61:32:2e:dd:39:8b:f5:5a:a3:48
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R11
        Validity
            Not Before: Mar 10 21:26:36 2025 GMT
            Not After : Jun  8 21:26:35 2025 GMT
        Subject: CN=cybersecurity.theater
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b3:8e:22:cd:73:8b:20:bb:4b:ef:eb:62:93:ec:
                    86:e6:e6:d3:e2:f8:9e:b5:15:f0:df:48:11:57:35:
                    59:89:ad:84:78:40:31:af:b1:d0:e7:55:7d:0f:f7:
                    d1:c6:11:a8:05:b1:2c:02:51:be:1d:27:d8:48:e8:
                    fa:12:a6:76:ef:c2:f3:5d:db:c6:c9:07:eb:fb:c6:
                    79:84:8f:b4:b6:8b:85:ab:9f:65:36:4b:a2:9e:39:
                    22:72:a0:a7:21:24:26:65:31:8a:ae:bd:6b:e1:a4:
                    38:ba:11:e9:0e:5c:fd:37:22:ac:69:66:78:e9:be:
                    9f:76:be:be:c3:9b:78:35:0b:a3:33:f3:72:56:be:
                    9e:d0:8b:ae:b1:98:c6:5b:00:42:3a:bf:1f:c6:84:
                    5b:ec:29:7a:d9:70:e5:26:1c:ec:be:af:db:ab:b2:
                    d4:4a:de:0c:11:9a:cd:37:44:a0:ba:44:0e:54:22:
                    b2:c7:2e:05:b3:22:b3:5b:9b:99:99:8b:09:8a:cd:
                    e5:b3:52:a7:54:b4:29:23:f2:79:79:73:83:06:e5:
                    c6:63:73:b9:1f:2a:ad:e0:3a:21:2d:dc:0e:dd:5e:
                    df:02:a7:89:ce:ed:00:72:65:23:70:01:a8:a6:e5:
                    ac:22:34:aa:ba:e5:67:2d:f3:7f:39:58:f1:72:41:
                    f9:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                E6:6C:C6:6A:D7:6E:03:C0:27:6B:16:BA:E8:28:50:AD:F7:F1:DD:5E
            X509v3 Authority Key Identifier: 
                C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
            Authority Information Access: 
                OCSP - URI:http://r11.o.lencr.org
                CA Issuers - URI:http://r11.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:cybersecurity.theater
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
                                22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
                    Timestamp : Mar 10 22:25:06.840 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:92:95:20:2D:65:95:60:66:78:ED:32:
                                C8:CC:38:01:D0:3A:2E:8C:E3:11:F6:72:BB:A7:45:94:
                                2A:25:E4:A3:88:02:21:00:D6:21:76:53:94:28:FE:24:
                                07:5A:8E:B2:94:D0:01:BD:F1:6D:22:1B:CA:A7:1F:24:
                                EE:C4:CA:30:96:5C:8B:D3
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 13:4A:DF:1A:B5:98:42:09:78:0C:6F:EF:4C:7A:91:A4:
                                16:B7:23:49:CE:58:57:6A:DF:AE:DA:A7:C2:AB:E0:22
                    Timestamp : Mar 10 22:25:07.266 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:9C:36:35:90:49:37:84:C2:DB:5F:82:
                                B1:EF:BB:35:E2:32:9E:9C:FE:BD:A8:95:EB:94:5C:E7:
                                EF:CD:A5:B6:F6:02:21:00:FF:1B:FD:FD:C8:6B:50:71:
                                E9:DE:0D:2C:3B:DC:9C:F1:7A:A1:17:CD:FA:BA:85:21:
                                FD:78:07:E9:96:B7:9D:2E
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        90:6d:eb:74:41:88:69:b5:b1:59:eb:a3:b6:13:8a:45:ee:9a:
        9b:5e:da:ba:8c:36:c3:16:56:6c:fa:02:62:14:7e:cb:06:95:
        a1:81:8f:33:cb:b4:2e:3c:01:8f:eb:de:ee:38:da:82:8e:09:
        7a:84:87:00:e3:f9:37:26:d1:fd:cc:00:43:7a:7b:70:84:d9:
        aa:9d:75:a3:b2:e8:f3:a7:d1:61:79:69:39:8c:8a:d3:1f:0a:
        97:17:52:53:a1:5b:17:a5:8b:6c:5e:24:44:0d:f3:e6:44:4f:
        e5:04:fb:d9:c6:e1:66:d2:1f:15:a9:48:ed:98:1c:27:bd:16:
        9a:23:df:1e:44:77:2a:cb:c8:68:d6:da:49:3f:52:a7:a4:6a:
        64:1d:4b:c1:6d:2d:4c:86:ae:08:b8:b1:33:b3:d6:6e:40:9c:
        dd:03:3b:59:f0:19:89:93:0f:d3:04:38:34:9b:07:7d:5a:f5:
        b9:cf:a6:15:7c:8b:7b:2f:7c:6e:44:1c:2b:57:21:c7:c4:74:
        da:dc:9e:42:11:d1:77:ac:3f:ae:dc:6c:e6:b7:74:2e:43:c2:
        d4:38:22:3b:16:0f:90:96:57:c9:e1:1b:35:65:df:c0:b0:65:
        fc:7a:0a:23:6e:53:64:25:b3:8c:e9:56:12:b8:8a:a3:bf:ee:
        d8:e9:a0:95

140.238.135.134

Last Seen: 2025-03-22

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

22 / tcp

1378895638 | 2025-03-21T21:44:47.956727

OpenSSH8.9p1 Ubuntu 3ubuntu0.11

80 / tcp

589765266 | 2025-03-22T09:33:23.621192

Hashes

nginx1.18.0

443 / tcp

-1092571168 | 2025-03-22T22:04:31.780803

Hashes

Products

Pricing

Contact Us

140.238.135.134

Last Seen: 2025-03-22

Tags:

GeneralInformation

Vulnerabilities All ports Port 80 Latest CVSS

OpenPorts

22 / tcp 1378895638 | 2025-03-21T21:44:47.956727

OpenSSH8.9p1 Ubuntu 3ubuntu0.11

80 / tcp 589765266 | 2025-03-22T09:33:23.621192

Hashes

nginx1.18.0

443 / tcp -1092571168 | 2025-03-22T22:04:31.780803

Hashes

Products

Pricing

Contact Us

Vulnerabilities

22 / tcp

1378895638 | 2025-03-21T21:44:47.956727

80 / tcp

589765266 | 2025-03-22T09:33:23.621192

443 / tcp

-1092571168 | 2025-03-22T22:04:31.780803