GeneralInformation

Hostnames	vmi2147876.contaboserver.net demo.mechconnect.app
Domains	contaboserver.net mechconnect.app
Country	Germany
City	Frankfurt am Main
Organization	Contabo GmbH
ISP	Contabo GmbH
ASN	AS51167
Operating System	Ubuntu

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2023(1)

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

2021(2)

CVE-2021-23017

7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVE-2021-3618

7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

OpenPorts

22 80 443 4000 5672

22 / tcp

-644902288 | 2025-03-12T23:34:06.850349

SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAACAQC42FAGiC/Y8s7H+dEFBUxj064FLp+lLkHH9Fh6iuT1n9Am
/vTJmPghzZMlfz1iZTtKtdtRUF7qVG4MtexC5niEnbqW8OQTLkKMIDsT2b+U5IGvkDe/a3gd0VxB
TjQlBeMjK/JucjeZuksPQR0vXnDR5qICB+SgMiPjblGawAUvtwCaJQn2W2IlA2yXi7YGwE3h4DQS
Syyt6eCNa1s+mjhj/G0Cq21EghnuOsGm+ih/7xHTiYfiC1V3Ii6KC83OyLu9cjULjcJ1Hx8OYjuq
MMYB2rpT51lOWEkrsQkJLpNGUZP8QQ/ygTUERJ9fzXNAeFqb38broQ9iBnn1Se9m2abrtKtGnSg7
Pdp6rdiXVrB82ujCXp2WbAROh7lNHc0S7GgOejKTmzAYBS2EMZ5fnW9+fJJqQYNdIpMtEuDyQeO3
wO6VSGTZrtHwKAQfdzqK+UXLLSC/qmiE20Gv23VwNwIflQf+9v+IO7qo3k+euYUIGQLK/hE8kKV4
WA7S9gir6Jeiw+IsQaVYcBhk8AfYQaZ5CvBxgLTTLo9AMcNxL54t9UAdnccFq6FBLKjo8jS/XMdb
zI0LJdyW6toQ6Mg4Tk3eIBLC6nJymQKdiiETVbqnEO8bzyG9cFqnNH5m8mHUe9/kqz5lAHiu3VE4
ynP/gQ6SZjstJMu7LIzskit7tKeAFQ==
Fingerprint: bc:10:bb:d9:25:c1:78:9b:7e:4d:de:61:7a:d7:fc:fd

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

80 / tcp

1651973090 | 2025-03-21T22:25:48.678702

Hashes

hash

-1530378076

http.dom_hash

-2049760045

http.html_hash

1651973090

http.server_hash

967792298

http.title_hash

911614014

Welcome to nginx!

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 21 Mar 2025 22:25:48 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 18 Sep 2024 19:25:26 GMT
Connection: keep-alive
ETag: "66eb2926-264"
Accept-Ranges: bytes

Vulnerabilities

443 / tcp

724607881 | 2025-03-22T15:57:36.145610

Hashes

hash

632990879

http.dom_hash

1534820118

http.favicon.hash

-1356086851

http.html_hash

724607881

http.server_hash

967792298

http.title_hash

1948664557

Mechconnect | Garage Management System (GMS)

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 22 Mar 2025 15:57:36 GMT
Content-Type: text/html
Content-Length: 1798
Connection: keep-alive
Last-Modified: Fri, 14 Feb 2025 03:09:28 GMT
ETag: "67aeb3e8-706"
Accept-Ranges: bytes

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:56:81:39:b5:22:ac:86:a8:64:7f:00:1e:4b:2b:e9:de:cb
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R11
        Validity
            Not Before: Jan 28 20:40:44 2025 GMT
            Not After : Apr 28 20:40:43 2025 GMT
        Subject: CN=demo.mechconnect.app
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b9:bb:91:a2:79:8d:2d:72:09:c7:fe:66:6e:6a:
                    c6:e0:e1:21:f8:92:2e:ce:f1:f4:ef:7b:23:52:c5:
                    8a:8f:3a:b2:05:37:99:9a:38:12:46:b1:ec:15:50:
                    05:e4:80:ac:ae:79:d1:72:af:28:b2:54:cb:1b:e5:
                    80:ff:0f:e1:c4:59:59:c5:4f:a5:0f:e1:b2:74:bd:
                    32:86:21:a0:76:7a:a4:c8:dc:36:9f:9a:78:ec:4c:
                    b1:b3:1d:ab:f3:61:32:fe:b3:f5:51:41:e6:1a:d0:
                    2e:28:5b:de:c0:16:74:3c:07:36:32:55:ab:77:ec:
                    55:98:f9:76:34:33:fa:03:4f:10:53:71:4e:d0:4d:
                    5e:cd:3c:76:f8:47:47:0f:cd:29:3e:8a:3d:07:29:
                    7a:ca:22:d2:e5:f9:e5:c1:5e:f0:6b:73:ae:88:ac:
                    af:37:68:d7:66:36:d9:74:f0:88:c5:9c:c0:8e:5e:
                    d8:36:f1:32:7b:f6:16:46:91:c2:f6:5d:18:ed:51:
                    ce:9a:21:37:76:af:0a:db:bf:51:52:de:06:dc:b3:
                    c5:84:d3:15:70:d9:50:9f:a6:71:7d:ca:1b:60:a8:
                    66:36:75:00:68:a9:f1:98:ac:32:3e:22:64:d0:68:
                    aa:65:19:84:9b:dc:3e:8f:b1:51:89:24:83:56:91:
                    71:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                C3:1C:D8:97:6F:2D:27:57:6E:F3:D1:84:C7:E4:A3:4C:78:95:23:08
            X509v3 Authority Key Identifier: 
                C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
            Authority Information Access: 
                OCSP - URI:http://r11.o.lencr.org
                CA Issuers - URI:http://r11.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:demo.mechconnect.app
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
                                87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
                    Timestamp : Jan 28 21:39:14.087 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:58:DC:6F:CF:54:25:A5:4F:7C:F9:6F:B0:
                                18:56:38:81:F4:B1:6E:CC:AA:26:B5:BF:AB:D6:42:EA:
                                B3:9A:AD:C9:02:20:34:01:A3:C0:51:1D:F4:76:40:4C:
                                13:9A:07:F6:29:87:70:56:CF:7C:64:BA:84:2D:1E:E3:
                                EC:DB:24:7B:B4:AF
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 13:4A:DF:1A:B5:98:42:09:78:0C:6F:EF:4C:7A:91:A4:
                                16:B7:23:49:CE:58:57:6A:DF:AE:DA:A7:C2:AB:E0:22
                    Timestamp : Jan 28 21:39:14.468 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:00:D6:54:4C:A6:28:4B:60:36:27:A6:27:
                                F2:CB:3A:CD:B2:45:F0:19:08:B2:9F:16:8F:A3:1D:58:
                                87:EE:AF:43:02:20:00:90:47:90:40:6E:CF:2D:19:3D:
                                F9:4E:8E:7C:86:6B:40:94:F0:77:C6:AF:6E:FB:A9:53:
                                C2:90:3B:B7:2D:B0
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        89:53:d5:5a:f2:a9:ba:e0:59:45:18:f3:be:2a:9e:8c:fd:8f:
        4d:54:a3:5d:7c:da:b5:66:d3:78:da:25:ce:21:8f:44:b5:f7:
        e8:aa:5e:d9:b8:b9:0b:f7:be:77:b4:a1:c2:34:34:d3:b7:93:
        26:2b:5d:2c:54:8d:57:3e:cf:bf:11:90:f9:f1:c8:6d:b5:31:
        2b:2f:4c:3f:b2:a0:68:68:12:8c:84:be:8a:02:8a:53:1c:82:
        1e:9f:95:c8:5b:c5:89:50:53:33:95:c7:47:ce:2d:2b:60:fb:
        31:d0:45:60:b6:5f:4f:f7:12:fa:2e:2c:b1:fb:97:3e:e2:5c:
        3b:97:91:44:15:fb:79:26:40:75:74:bc:09:5a:0e:3c:4d:fd:
        37:81:eb:38:bd:85:f9:29:dc:87:80:e2:7e:6f:d4:25:7a:8a:
        94:0f:7d:0c:ea:b2:fd:5f:d2:d8:cf:d0:5a:20:8d:3a:5c:a7:
        31:4b:e0:ec:4c:8f:c8:4f:17:20:53:9d:d3:89:de:58:5e:b6:
        04:d6:d2:21:b5:62:6c:9e:b7:d8:fe:cc:49:86:4a:5f:73:94:
        28:56:5f:ee:71:ad:36:10:c0:e7:82:f1:f0:40:6b:2a:a8:b3:
        86:44:34:db:d9:d2:fc:68:d6:4d:fe:fb:f3:eb:47:04:57:29:
        50:56:aa:92

Vulnerabilities

4000 / tcp

-1246004407 | 2025-03-17T14:22:42.415973

HTTP/1.1 400 Bad Request
Connection: close

5672 / tcp

497099920 | 2025-03-20T03:28:25.523192

AMQP:
  Protocol Version: 0-9
  Product: RabbitMQ
  Product Version: 3.13.7
  Platform: Erlang/OTP 26.2.5.8
  Capabilities:
    Exchange Exchange Bindings: True
    Connection.blocked: True
    Authentication Failure Close: True
    Direct Reply To: True
    Basic.nack: True
    Per Consumer Qos: True
    Consumer Priorities: True
    Consumer Cancel Notify: True
    Publisher Confirms: True

45.90.121.178

Last Seen: 2025-03-22

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

22 / tcp

-644902288 | 2025-03-12T23:34:06.850349

OpenSSH8.2p1 Ubuntu 4ubuntu0.11

80 / tcp

1651973090 | 2025-03-21T22:25:48.678702

Hashes

nginx1.18.0

443 / tcp

724607881 | 2025-03-22T15:57:36.145610

Hashes

nginx1.18.0

4000 / tcp

-1246004407 | 2025-03-17T14:22:42.415973

5672 / tcp

497099920 | 2025-03-20T03:28:25.523192

RabbitMQ3.13.7

Products

Pricing

Contact Us

45.90.121.178

Last Seen: 2025-03-22

Tags:

GeneralInformation

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

OpenPorts

22 / tcp -644902288 | 2025-03-12T23:34:06.850349

OpenSSH8.2p1 Ubuntu 4ubuntu0.11

80 / tcp 1651973090 | 2025-03-21T22:25:48.678702

Hashes

nginx1.18.0

443 / tcp 724607881 | 2025-03-22T15:57:36.145610

Hashes

nginx1.18.0

4000 / tcp -1246004407 | 2025-03-17T14:22:42.415973

5672 / tcp 497099920 | 2025-03-20T03:28:25.523192

RabbitMQ3.13.7

Products

Pricing

Contact Us

Vulnerabilities

22 / tcp

-644902288 | 2025-03-12T23:34:06.850349

80 / tcp

1651973090 | 2025-03-21T22:25:48.678702

443 / tcp

724607881 | 2025-03-22T15:57:36.145610

4000 / tcp

-1246004407 | 2025-03-17T14:22:42.415973

5672 / tcp

497099920 | 2025-03-20T03:28:25.523192