GeneralInformation

Hostnames	ec2-44-230-100-180.us-west-2.compute.amazonaws.com metabase.endlessm.com
Domains	amazonaws.com endlessm.com
Cloud Provider	Amazon
Cloud Region	us-west-2
Cloud Service	EC2
Country	United States
City	Boardman
Organization	Amazon.com, Inc.
ISP	Amazon.com, Inc.
ASN	AS16509

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(1)

CVE-2024-6763

3.7Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.

OpenPorts

80 443

80 / tcp

-1612590057 | 2025-03-12T19:53:45.999024

Hashes

hash

1180629036

http.dom_hash

-2006505642

http.html_hash

-1612590057

http.server_hash

-1340961475

HTTP/1.1 200 OK
Date: Wed, 12 Mar 2025 19:53:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
Server: nginx
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Vary: Origin
Access-Control-Allow-Credentials: true
ETag: W/"10-/joFRKz/gr6105uVVzyNqD3EVJg"

443 / tcp

-1961904759 | 2025-03-06T04:54:09.801315

Hashes

hash

-663925943

http.dom_hash

-976138552

http.favicon.hash

1953726032

http.html_hash

-1961904759

http.robots_hash

515203380

http.server_hash

1734832465

http.title_hash

-330179158

Metabase

HTTP/1.1 200 OK
Date: Thu, 06 Mar 2025 04:54:07 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: DENY
Access-Control-Allow-Headers: *
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 6 Mar 2025 04:54:07 GMT
Strict-Transport-Security: max-age=31536000
Set-Cookie: metabase.DEVICE=0e2adae9-8bc7-47b0-a0e4-ffe2d61bf80d; HttpOnly; Path=/; Expires=Mon, 6 Mar 2045 04:54:07 GMT; SameSite=None; Secure
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Access-Control-Expose-Headers: X-Metabase-Anti-CSRF-Token
X-Content-Type-Options: nosniff
Content-Security-Policy: font-src *; script-src 'self' https://maps.google.com https://accounts.google.com https://www.google-analytics.com   'sha256-9uFLu5CG8mWlvx0LK6lgendCxUX57TuWk3wkgZpBeWU=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE=' 'sha256-3N2Z+Nu++/yNMVHIl863JigVmt2Nr9gt2doEMJT2Wzk='; style-src 'self' 'nonce-13p9eEIJ2i'   https://accounts.google.com; manifest-src 'self'; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com https://sp.metabase.com  ; img-src * 'self' data:; frame-src 'self' youtube.com *.youtube.com youtu.be *.youtu.be loom.com *.loom.com vimeo.com *.vimeo.com docs.google.com calendar.google.com airtable.com *.airtable.com typeform.com *.typeform.com canva.com *.canva.com codepen.io *.codepen.io figma.com *.figma.com grafana.com *.grafana.com miro.com *.miro.com excalidraw.com *.excalidraw.com notion.com *.notion.com atlassian.com *.atlassian.com trello.com *.trello.com asana.com *.asana.com gist.github.com linkedin.com *.linkedin.com twitter.com *.twitter.com x.com *.x.com; default-src 'none'; child-src 'self' https://accounts.google.com;  frame-ancestors 'none';
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Access-Control-Allow-Methods: *
Server: Jetty(11.0.24)

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:74:43:91:21:56:64:45:4c:2f:0a:ac:f4:83:99:8d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Amazon, CN=Amazon RSA 2048 M03
        Validity
            Not Before: Jul 23 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2025 GMT
        Subject: CN=metabase.endlessm.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e3:91:e1:f6:be:70:0e:6b:40:c6:13:7a:9b:13:
                    35:b1:b1:a7:50:81:fc:b3:a7:8a:60:dc:52:5f:bd:
                    92:de:e0:a7:13:84:13:04:66:57:2f:82:60:40:13:
                    87:bc:f4:cd:59:55:62:7b:35:08:1d:2a:66:b9:f1:
                    5f:87:9e:c4:ca:85:c4:d0:62:dc:d8:ff:34:28:db:
                    c6:b7:32:75:42:86:fd:ea:19:23:7c:9a:a7:92:7c:
                    89:40:25:43:75:13:5c:cb:0b:57:dc:fa:17:c9:50:
                    ad:21:62:3a:cb:f0:e9:7f:03:b7:e6:43:45:d1:3f:
                    c4:ec:a8:2e:e6:fa:28:f2:c8:00:63:bb:3a:d1:66:
                    52:ce:43:03:72:53:b9:c0:31:06:ee:79:f2:b4:12:
                    4a:fa:5c:86:a2:cf:bf:d5:36:f7:1f:19:bb:06:65:
                    ef:99:4d:3e:14:45:6c:65:40:fa:e5:6f:60:a4:f9:
                    b8:fe:86:33:bb:b5:a2:94:ae:64:ce:a1:73:6e:48:
                    69:63:c4:40:7c:69:b2:0f:c4:44:92:51:e0:2a:68:
                    7e:d6:4f:14:9a:3d:b4:f9:bf:6f:a7:ba:c8:d3:5d:
                    27:24:ec:b8:0d:4e:39:f9:18:10:52:7a:a7:3a:af:
                    5b:e5:ed:c2:8a:04:26:55:ca:f6:c2:e5:84:16:4b:
                    97:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                55:D9:18:5F:D2:1C:CC:01:E1:58:B4:BE:AB:D9:55:42:01:D7:2E:02
            X509v3 Subject Key Identifier: 
                CD:37:6B:92:96:32:A3:CC:F6:E0:F8:71:A8:0E:F0:CA:29:96:98:59
            X509v3 Subject Alternative Name: 
                DNS:metabase.endlessm.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.r2m03.amazontrust.com/r2m03.crl
            Authority Information Access: 
                OCSP - URI:http://ocsp.r2m03.amazontrust.com
                CA Issuers - URI:http://crt.r2m03.amazontrust.com/r2m03.cer
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
                                F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
                    Timestamp : Jul 23 02:09:35.308 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:2A:1B:3B:02:03:86:00:49:FC:A2:69:AA:
                                B6:47:D1:B0:FE:D0:EF:A7:BF:79:35:3E:06:67:A8:34:
                                74:01:49:08:02:21:00:A6:69:4F:9D:6E:BC:75:20:81:
                                39:75:1B:28:ED:A8:55:B7:8C:43:74:55:86:6C:0E:2C:
                                9B:5B:26:62:C5:C6:F1
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
                                D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
                    Timestamp : Jul 23 02:09:35.201 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:45:76:1C:58:9D:C7:1F:98:50:E8:22:CC:
                                6F:A9:EA:13:CE:99:04:BB:1A:FC:62:B6:6A:D4:08:68:
                                84:04:95:C3:02:20:65:CD:CB:F1:63:B7:C4:29:5A:5D:
                                BF:94:7D:29:6C:DF:47:5E:C5:7E:0D:B0:E8:E6:84:5F:
                                0E:35:31:9B:0D:16
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
                                22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
                    Timestamp : Jul 23 02:09:35.133 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:3F:32:BB:12:21:9C:89:3E:66:51:56:EC:
                                27:F4:60:18:54:1D:1A:12:2D:40:23:EF:16:C0:00:5D:
                                BE:CA:BE:64:02:21:00:B6:CC:67:F4:C3:E6:B6:0B:89:
                                55:3C:E3:F5:2B:AA:FE:CD:20:E9:05:15:84:78:D5:2D:
                                C6:1C:75:0E:98:B0:39
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        73:5e:35:d1:a4:ee:23:71:c3:e9:04:dc:df:44:56:ea:f7:90:
        01:ed:99:42:31:20:b7:c3:1c:7c:c0:92:70:cd:90:8f:4b:2e:
        44:56:15:b3:b9:7d:68:51:45:23:3d:48:9b:ed:7c:e9:e5:41:
        80:2f:d4:48:47:80:4e:06:df:12:24:a9:8a:ca:6e:ca:89:18:
        61:96:33:b9:d1:03:75:ed:52:85:dd:88:4f:e4:a9:aa:50:4c:
        ee:93:d5:50:21:ce:08:3d:5d:ab:f5:ae:32:ac:83:bd:f3:47:
        88:c3:8b:21:d0:25:2b:51:fd:dd:f9:16:be:ef:0f:50:34:e8:
        e7:bf:7a:87:b9:b3:0d:e1:01:ed:cb:b6:8a:53:ae:b8:a9:f4:
        7f:25:1d:ee:5c:cf:06:c9:2e:43:67:41:24:73:a8:07:7c:e6:
        f5:34:f0:5d:ba:f8:26:ff:0f:a8:8d:85:99:87:c5:45:4f:08:
        c9:52:3d:2a:a1:86:67:54:d2:d9:6c:72:a0:1a:14:6e:f4:30:
        18:e0:66:66:38:9f:8d:8f:f1:12:cb:64:87:c7:9b:89:ab:05:
        b2:cc:01:fb:e0:f3:bb:21:3a:d1:d0:fa:f2:e4:03:00:9f:5d:
        14:16:32:a0:f6:26:73:10:25:ea:e6:79:0e:a3:b5:dd:cb:eb:
        ac:86:f1:8e

Vulnerabilities

44.230.100.180

Last Seen: 2025-03-12

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

80 / tcp

-1612590057 | 2025-03-12T19:53:45.999024

Hashes

nginx

443 / tcp

-1961904759 | 2025-03-06T04:54:09.801315

Hashes

Metabase

Products

Pricing

Contact Us

44.230.100.180

Last Seen: 2025-03-12

Tags:

GeneralInformation

Vulnerabilities All ports Port 443 Latest CVSS

OpenPorts

80 / tcp -1612590057 | 2025-03-12T19:53:45.999024

Hashes

nginx

443 / tcp -1961904759 | 2025-03-06T04:54:09.801315

Hashes

Metabase

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

-1612590057 | 2025-03-12T19:53:45.999024

443 / tcp

-1961904759 | 2025-03-06T04:54:09.801315