3.214.219.227

Regular View Raw Data Timeline
Last Seen: 2025-02-16

GeneralInformation

Hostnames ec2-3-214-219-227.compute-1.amazonaws.com
es-fanatics.splunkcloud.com
fanatics.splunkcloud.com
postal-service.sportngin.com
postal-service.sportsengine.com
Domains amazonaws.com splunkcloud.com sportngin.com sportsengine.com 
Cloud Provider Amazon
Cloud Region us-east-1
Cloud Service EC2
Country United States
City Ashburn
Organization Amazon Data Services NoVa
ISP Amazon.com, Inc.
ASN AS14618

WebTechnologies

Programming languages
Web frameworks

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2023
CVE-2023-44487
7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
2021
CVE-2021-23017
7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2021-3618
7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
2019
CVE-2019-20372
5.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
CVE-2019-9516
7.5Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
CVE-2019-9513
7.5Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9511
7.5Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

OpenPorts

80 / tcp
1433934275 | 2025-02-16T16:41:20.652680
443 / tcp
400135434 | 2025-02-06T22:33:41.867236
8089 / tcp
741682797 | 2025-01-18T14:01:27.437103



Contact Us

Shodan ® - All rights reserved