GeneralInformation

Hostnames	ec2-13-59-139-117.us-east-2.compute.amazonaws.com cantiumvdr.qedfind.com
Domains	amazonaws.com qedfind.com
Cloud Provider	Amazon
Cloud Region	us-east-2
Cloud Service	EC2
Country	United States
City	Columbus
Organization	Amazon Technologies Inc.
ISP	Amazon.com, Inc.
ASN	AS16509

WebTechnologies

CDN

JavaScript graphics

JavaScript libraries

UI frameworks

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-7656	4.3jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-8331	4.3In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2018-20677	4.3In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVE-2018-20676	4.3In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVE-2018-14042	4.3In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CVE-2018-14040	4.3In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CVE-2016-10735	4.3In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2012-6708	4.3jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

OpenPorts

80 443

1949896279 | 2024-03-24T17:26:08.762700

80 / tcp

HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Sun, 24 Mar 2024 17:26:08 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://13.59.139.117:443/

2120150519 | 2024-04-21T19:24:00.269941

443 / tcp

HTTP/1.1 200 OK
Date: Sun, 21 Apr 2024 19:23:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7497
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Cookie
Set-Cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiZWQ2YjQ1YjFiOTBmYTE0YzY5OWMzNDAyYzQ0YjE4MDFkYThmN2NjNyJ9.ZiVnzg.iXcRPCycSJ0-jTFiMNMe1PV_njY; HttpOnly; Path=/
Server: Werkzeug/2.0.2 Python/3.6.7

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:91:b2:21:f8:4b:cd:45:fb:80:57:05:f6:28:56:bb
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon
        Validity
            Not Before: Nov  4 00:00:00 2021 GMT
            Not After : Dec  3 23:59:59 2022 GMT
        Subject: CN=cantiumvdr.qedfind.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c3:a2:60:d0:98:42:4f:a7:a1:ca:cd:56:2a:65:
                    eb:62:bb:47:81:7b:33:e7:8f:41:4a:05:d2:84:a5:
                    34:37:04:5d:ea:38:21:b4:bd:e6:b2:eb:f7:60:c4:
                    d2:77:a3:b5:47:27:9c:66:84:b6:e7:e6:df:f1:13:
                    22:ea:7b:13:3a:b7:9d:78:db:ef:ad:e7:d1:bc:6a:
                    9f:06:f1:03:f1:55:0d:02:b4:5f:f3:c2:73:04:0e:
                    e7:54:35:12:54:b1:77:6c:68:87:6b:c1:b0:ba:09:
                    52:b3:40:ad:e3:75:d9:e9:0a:33:f6:ae:3b:fc:ef:
                    13:1a:90:5b:4f:fc:08:85:44:af:9a:fd:86:92:fa:
                    8e:2a:c5:9b:6e:1d:16:28:89:b9:aa:c5:84:63:9c:
                    fe:31:49:6a:53:c5:0e:c0:24:05:c0:5b:c3:13:5a:
                    d5:ab:30:34:ab:d8:06:37:b8:61:e1:a0:f8:ed:40:
                    52:d9:95:45:f6:f5:2b:40:e5:04:3f:22:bb:68:b0:
                    f7:27:ba:5a:a6:ac:0d:67:91:f8:69:45:04:00:2f:
                    10:3c:13:44:77:60:6c:2e:bd:66:75:80:84:d4:f8:
                    1e:bf:c7:18:3c:9e:5f:34:c3:68:39:5d:47:7c:ca:
                    6a:94:d7:fa:0a:9b:2f:59:60:7b:15:02:ef:5a:66:
                    bf:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                59:A4:66:06:52:A0:7B:95:92:3C:A3:94:07:27:96:74:5B:F9:3D:D0
            X509v3 Subject Key Identifier: 
                AF:6D:81:3E:1F:AD:8F:06:52:43:4D:73:59:19:79:F8:63:FE:D7:81
            X509v3 Subject Alternative Name: 
                DNS:cantiumvdr.qedfind.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.sca1b.amazontrust.com/sca1b-1.crl
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            Authority Information Access: 
                OCSP - URI:http://ocsp.sca1b.amazontrust.com
                CA Issuers - URI:http://crt.sca1b.amazontrust.com/sca1b.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
                                BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
                    Timestamp : Nov  4 15:15:47.812 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:14:21:06:BB:51:B8:1E:7F:4A:07:72:0E:
                                9E:1A:45:E9:CB:E0:92:4F:DA:DB:00:EA:73:B7:46:05:
                                F9:E4:70:7F:02:21:00:83:FF:78:36:FC:A0:C7:51:83:
                                F5:05:57:D8:E5:E5:2B:ED:9B:91:D0:95:A8:38:21:F4:
                                58:C3:1E:A0:AB:53:49
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 51:A3:B0:F5:FD:01:79:9C:56:6D:B8:37:78:8F:0C:A4:
                                7A:CC:1B:27:CB:F7:9E:88:42:9A:0D:FE:D4:8B:05:E5
                    Timestamp : Nov  4 15:15:47.810 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:5C:38:8F:7B:FF:9C:57:6A:63:7D:37:13:
                                73:48:AD:B0:F5:12:66:09:75:63:56:55:71:4A:44:24:
                                80:A3:A9:A0:02:21:00:F6:52:8C:BF:32:BE:30:4F:1B:
                                C3:BD:B4:DE:1E:E5:54:03:6A:29:BA:B1:80:25:03:44:
                                6C:94:D7:56:94:AE:F0
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
                                4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
                    Timestamp : Nov  4 15:15:47.713 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:75:0F:01:C5:63:7D:16:91:BC:7E:D7:12:
                                4F:1C:8F:46:1E:10:6E:90:B4:D0:DB:C1:50:1B:7F:98:
                                25:BC:6E:68:02:20:4B:F9:69:1C:D4:11:DB:9F:10:2C:
                                FE:4D:CD:5B:FE:86:00:E7:F5:6C:28:47:CC:F2:9A:20:
                                3A:75:25:38:E6:33
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        51:b5:92:47:25:85:7d:52:0b:b6:34:97:95:06:4f:71:e1:d3:
        c3:f6:88:04:49:54:11:b7:4f:98:4d:14:90:7f:48:92:b3:79:
        de:6d:27:fe:28:2b:6d:2d:06:c9:2c:04:9c:75:c8:28:2c:fe:
        fb:7d:e2:a5:09:d0:41:e6:c9:eb:94:ed:fe:a8:83:ef:86:1a:
        db:35:5f:84:bb:63:47:e5:f2:01:99:65:3b:12:fd:75:40:66:
        a4:70:0a:96:dc:19:7a:01:50:77:f5:dc:c7:ee:cf:65:a7:30:
        93:c2:10:9d:5c:81:25:86:2f:ca:39:82:54:25:8c:43:c5:4f:
        78:65:1c:1b:c7:e0:67:12:9b:53:e9:38:9e:f4:44:74:d3:6a:
        c7:c1:fa:b3:64:15:36:82:aa:e9:08:d1:c1:3c:fa:35:6c:03:
        fe:56:f3:e1:b1:58:5b:50:ac:1e:03:c6:0b:95:32:fe:09:fe:
        6c:70:1f:66:ea:83:e3:93:94:27:59:df:03:0e:14:85:af:de:
        6f:88:a4:79:7f:dc:ec:90:e4:7c:91:60:24:2d:b6:6b:cf:cf:
        5f:a7:86:40:3e:06:92:61:07:da:16:b9:52:bb:50:03:43:2a:
        77:73:e8:5e:10:24:d7:7d:03:40:db:5a:78:bf:88:c7:7b:99:
        3f:e1:93:49

13.59.139.117

Last Seen: 2024-04-21

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1949896279 | 2024-03-24T17:26:08.762700
80 / tcp

AWS ELB2.0

2120150519 | 2024-04-21T19:24:00.269941
443 / tcp

Products

Pricing

Contact Us

13.59.139.117

Last Seen: 2024-04-21

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1949896279 | 2024-03-24T17:26:08.762700 80 / tcp

AWS ELB2.0

2120150519 | 2024-04-21T19:24:00.269941 443 / tcp

Products

Pricing

Contact Us

1949896279 | 2024-03-24T17:26:08.762700
80 / tcp

2120150519 | 2024-04-21T19:24:00.269941
443 / tcp