GeneralInformation

Hostnames	tickets.hcsochi.ru
Domains	hcsochi.ru
Country	Russian Federation
City	Sochi
Organization	PJSC MegaFon
ISP	PJSC MegaFon
ASN	AS12714

WebTechnologies

JavaScript libraries

jQuery1.11.3

jQuery UI1.11.4

UI frameworks

Bootstrap

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

OpenPorts

80 443 8000 8001

-1427803479 | 2024-04-24T13:06:49.903103

80 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 24 Apr 2024 13:06:47 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://tickets.hcsochi.ru/
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

30299733 | 2024-04-24T13:10:14.059780

443 / tcp

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 13:10:11 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 138711
Last-Modified: Fri, 23 Feb 2024 20:06:00 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "65d8faa8-21dd7"
Expires: Wed, 24 Apr 2024 14:10:11 GMT
Cache-Control: max-age=3600
Pragma: public
Cache-Control: public
Accept-Ranges: bytes

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:96:c1:8b:74:43:1b:64:f2:9c:8a:d7:14:7d:52:64:31:cc
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar  6 08:06:45 2024 GMT
            Not After : Jun  4 08:06:44 2024 GMT
        Subject: CN=tickets.hcsochi.ru
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e7:f7:8e:4a:59:07:22:2e:31:c8:41:2a:dd:32:
                    c7:93:3d:22:ef:2e:9c:c7:e5:38:32:c6:97:18:e3:
                    fd:51:19:ee:6c:ee:62:47:57:94:7a:12:96:61:48:
                    6b:3f:9a:94:9d:96:6b:1c:f7:0d:f5:f9:9b:cc:24:
                    d6:f5:4f:11:84:22:01:4d:ae:4c:34:fd:13:16:ab:
                    5b:8f:18:f6:dc:19:ab:53:d7:23:cc:a0:3b:c6:a4:
                    e9:1e:4f:7e:5c:83:18:08:27:5b:99:ce:51:9f:e2:
                    22:16:4c:6e:4b:d3:88:99:08:55:35:3f:41:32:0a:
                    1b:d2:b3:5b:16:11:58:f4:53:e4:93:52:dd:04:f9:
                    de:8d:07:59:be:30:f9:52:2e:19:7f:02:3f:25:f8:
                    d1:7e:93:f8:48:db:9f:35:c7:77:4f:d9:8d:ce:5b:
                    e6:5f:b1:da:f1:c3:10:dc:0b:72:ce:2c:40:70:49:
                    dc:d9:ae:c6:36:a5:96:a4:f4:6e:a4:f9:cf:66:77:
                    19:13:16:a5:80:d7:de:74:c7:25:ab:54:6d:bf:79:
                    9d:ef:cf:61:66:0f:44:d9:15:03:6f:7e:50:ab:2e:
                    94:56:56:f5:5c:a3:96:29:81:ae:b2:97:90:7b:68:
                    ba:07:cd:75:96:be:47:b6:93:7f:7d:a2:4f:33:99:
                    73:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                3C:B8:95:F6:F2:14:27:99:CF:B0:B0:8D:0D:46:D1:F9:2E:E4:C3:9C
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:tickets.hcsochi.ru
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
                                65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
                    Timestamp : Mar  6 09:06:45.524 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:55:23:D0:41:F0:24:45:87:AC:C0:45:11:
                                69:34:80:15:96:C3:FA:CB:E8:FF:02:F0:51:A2:0E:4A:
                                47:63:38:17:02:21:00:E2:07:E9:AB:F7:D0:AD:36:19:
                                74:36:0E:86:5C:61:CF:25:DA:AA:83:9D:02:2B:78:1E:
                                40:19:BA:38:9D:60:63
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Mar  6 09:06:46.013 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:DB:CE:9A:DB:C6:A2:6F:21:A4:A5:59:
                                7D:C1:E4:E2:7F:EE:8A:BB:C7:40:3A:D9:CC:85:2B:F4:
                                E9:3E:EE:D8:0F:02:21:00:A2:F8:8F:38:A7:47:53:01:
                                AA:4A:2D:03:32:37:62:53:4F:E3:F7:20:8F:26:D8:07:
                                BB:88:5E:13:09:BF:47:F6
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        6e:f3:ee:af:18:c3:09:37:34:91:0b:89:0f:82:e6:2d:56:bb:
        96:87:f3:8d:9a:99:59:11:25:f5:e5:73:77:82:4e:3b:d0:91:
        c2:80:52:93:fd:32:d5:29:80:dc:d3:64:76:84:74:50:74:10:
        e8:3b:d3:ae:d6:05:5d:d6:33:0d:7b:9d:cf:f4:7e:6d:c1:d9:
        db:5b:a2:76:91:99:79:73:ca:cb:2a:69:cc:a1:6a:99:0c:41:
        84:c0:6c:f9:a1:d2:01:5c:c6:54:1a:0e:79:e4:d3:a3:96:4e:
        4f:6e:34:cf:77:f7:ce:16:92:bd:52:64:3a:fb:86:ff:30:58:
        ed:f5:0b:cd:d5:52:97:ad:0e:33:dc:79:3a:8a:8b:35:ca:cb:
        7c:df:54:cf:e4:d1:19:06:24:e5:6e:1f:f0:76:36:1f:cf:75:
        68:10:d6:36:13:46:1e:07:28:6f:fd:54:80:60:1e:bc:fb:b9:
        c7:cd:ee:c5:3e:d7:81:9c:9a:36:21:82:fc:87:e5:65:a3:b8:
        13:16:23:d3:62:95:c1:ff:c2:47:07:37:6f:63:cb:0c:d8:ae:
        42:de:be:cc:b5:7b:02:75:ae:c6:9d:89:66:47:b7:9a:79:8c:
        71:4c:da:a1:35:10:29:df:e1:bc:3a:25:02:8e:cd:09:44:45:
        31:68:6c:72

516025196 | 2024-04-26T06:16:25.823933

8000 / tcp

HTTP/1.1 401 Unauthorized
Server: nginx
Date: Fri, 26 Apr 2024 06:16:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 590
Connection: keep-alive
WWW-Authenticate: Basic realm="Secured section API"

512360695 | 2024-04-26T19:10:18.565258

8001 / tcp

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 19:10:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: WEB_MONITORING=sp3ujjkstdd18374pj4615fmg3; expires=Sun, 26-May-2024 19:10:17 GMT; Max-Age=2592000; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

109.170.92.101

Last Seen: 2024-04-26

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-1427803479 | 2024-04-24T13:06:49.903103
80 / tcp

nginx

30299733 | 2024-04-24T13:10:14.059780
443 / tcp

nginx

516025196 | 2024-04-26T06:16:25.823933
8000 / tcp

nginx

512360695 | 2024-04-26T19:10:18.565258
8001 / tcp

nginx

Products

Pricing

Contact Us

109.170.92.101

Last Seen: 2024-04-26

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-1427803479 | 2024-04-24T13:06:49.903103 80 / tcp

nginx

30299733 | 2024-04-24T13:10:14.059780 443 / tcp

nginx

516025196 | 2024-04-26T06:16:25.823933 8000 / tcp

nginx

512360695 | 2024-04-26T19:10:18.565258 8001 / tcp

nginx

Products

Pricing

Contact Us

-1427803479 | 2024-04-24T13:06:49.903103
80 / tcp

30299733 | 2024-04-24T13:10:14.059780
443 / tcp

516025196 | 2024-04-26T06:16:25.823933
8000 / tcp

512360695 | 2024-04-26T19:10:18.565258
8001 / tcp