GeneralInformation

Hostnames	28679.co m.28679.co www.28679.co
Domains	28679.co
Country	Hong Kong
City	Hong Kong
Organization	HONG KONG Megalayer Technology Co.,Limited
ISP	HONG KONG Megalayer Technology Co.,Limited
ASN	AS139646

WebTechnologies

JavaScript libraries

jQuery3.3.1

Modernizr

UI frameworks

Bootstrap

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-46136	Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
CVE-2023-25577	Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
CVE-2023-23934	Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
CVE-2022-29361	7.5Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

OpenPorts

80 443 5000 5888 8888

1225748898 | 2024-06-03T13:46:58.802508

80 / tcp

HTTP/1.1 404 Not Found
Date: Mon, 03 Jun 2024 13:46:58 GMT
Content-Type: text/html
Content-Length: 568
Connection: keep-alive
Server: openresty

-862225614 | 2024-05-30T09:29:19.387363

443 / tcp

HTTP/1.1 200 OK
Date: Thu, 30 May 2024 09:29:19 GMT
Content-Type: text/html
Content-Length: 2244
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 25 Apr 2024 10:27:37 GMT
ETag: "662a3019-8c4"
Accept-Ranges: bytes
Server: openresty
Strict-Transport-Security: max-age=31536000;

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:5c:8c:16:e2:08:30:a4:b0:76:44:c5:62:bf:e8:f8:c9:10
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Apr 19 03:15:36 2024 GMT
            Not After : Jul 18 03:15:35 2024 GMT
        Subject: CN=28679.co
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e1:ca:08:ce:2f:1d:fb:e9:b8:ee:c5:31:47:93:
                    eb:31:e2:75:cd:e5:9f:9a:92:a8:73:e5:82:40:ea:
                    c4:67:73:2a:88:23:c9:0a:43:a1:8f:47:6c:3e:16:
                    9e:73:7e:dd:01:61:4f:ec:d1:80:b0:6c:09:13:a8:
                    5f:60:ec:da:40:19:ad:3c:86:c2:8a:01:e8:90:1c:
                    aa:3f:42:e8:22:cf:6d:8e:fd:f5:4a:ff:bd:ea:2b:
                    a4:7f:ca:d7:d0:b2:cc:59:22:80:8e:54:aa:f8:94:
                    ce:11:29:ca:01:28:1a:ff:48:77:a4:2c:54:b7:7a:
                    6c:f9:22:a9:c1:5d:4c:b1:2c:df:64:16:c9:28:79:
                    e7:48:7a:23:32:39:9c:55:65:58:7b:9c:f4:43:0f:
                    74:f5:a9:2a:f1:09:79:d5:30:4b:fd:f0:c7:2c:2d:
                    f4:aa:11:a5:d1:a2:e0:f6:1c:d5:cf:e8:86:a1:48:
                    93:1f:57:51:cd:b9:89:d6:a4:cc:e7:17:28:56:8a:
                    d7:07:6b:ca:65:23:fc:96:54:d1:2c:8d:40:1b:29:
                    fa:9e:d8:76:16:ff:96:b8:15:df:d9:0d:c8:5f:e9:
                    78:86:2e:02:9e:84:ed:01:ea:71:89:38:34:81:17:
                    41:81:b7:90:31:97:2c:6e:d3:71:42:1e:ef:93:d5:
                    97:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                4C:88:A6:41:25:AA:55:1C:C8:05:39:57:82:DA:7B:8E:6C:9F:D7:51
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:28679.co, DNS:m.28679.co, DNS:www.28679.co
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Apr 19 04:15:36.789 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:AE:E9:B2:31:E2:17:49:E1:2A:12:5E:
                                9B:35:E1:24:5B:EC:3A:87:7F:53:A3:B0:F2:43:7A:5A:
                                A5:D7:AC:26:A7:02:20:65:00:A5:82:B4:58:4C:B9:58:
                                06:01:F3:55:1B:95:65:61:67:2E:72:67:9F:F2:C6:BB:
                                AE:21:22:88:B1:3C:15
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DF:E1:56:EB:AA:05:AF:B5:9C:0F:86:71:8D:A8:C0:32:
                                4E:AE:56:D9:6E:A7:F5:A5:6A:01:D1:C1:3B:BE:52:5C
                    Timestamp : Apr 19 04:15:36.967 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:35:AA:05:7D:2E:43:47:9A:DE:58:E4:76:
                                AD:27:35:D9:9B:0A:FC:49:C4:49:DE:66:EC:D6:FE:85:
                                B7:9B:14:89:02:20:33:7C:36:03:BA:7C:1E:9A:51:A4:
                                77:7A:1A:69:81:8C:A5:71:5B:3E:B1:C4:48:54:E9:08:
                                04:49:9D:98:4D:6B
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        04:fa:8d:0f:4b:47:bd:a0:9a:b0:70:a7:03:41:55:88:69:62:
        37:c1:3f:ac:92:f8:a1:92:2a:eb:4b:61:37:eb:aa:b1:07:d8:
        62:64:ae:a6:33:c1:f6:b4:eb:75:55:3e:c6:23:53:69:60:e9:
        63:5e:f3:0e:14:03:26:39:b9:aa:52:10:d6:5b:56:f7:6b:db:
        c6:b3:8c:05:e1:a5:48:c7:35:eb:04:3f:e6:19:62:60:de:27:
        9c:86:f8:cd:e7:d6:38:71:a3:a8:70:80:bf:1f:d4:11:48:f7:
        45:71:bf:b1:48:46:dd:b2:6a:7e:e7:38:6b:6b:81:2c:21:99:
        1f:6b:b5:6f:47:71:58:48:2b:f9:d9:24:4f:70:be:ed:71:c2:
        89:5a:3f:9a:a7:36:c7:4f:b5:9a:76:e8:7e:56:34:64:1d:0a:
        7d:9b:e0:1d:2d:89:7b:0f:cd:c3:68:55:97:d9:3d:cc:a2:fe:
        5c:c6:1c:ca:ac:2a:c4:aa:06:33:60:2e:2f:ed:ad:66:33:01:
        a5:f6:f6:41:5d:45:9c:f2:b3:1f:cb:50:40:53:26:9b:28:db:
        81:73:1d:96:88:cc:d1:96:d7:2e:13:17:f9:82:d9:84:8f:c5:
        b7:51:c4:11:38:f0:4f:ee:3d:a1:82:3f:f2:db:14:94:0a:42:
        75:12:ae:c4

-1228618677 | 2024-05-23T05:46:01.030739

5000 / tcp

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9
Server: Werkzeug/0.16.1 Python/2.7.5
Date: Thu, 23 May 2024 05:46:00 GMT

623423915 | 2024-05-30T09:29:13.501292

5888 / tcp

HTTP/1.1 302 Moved Temporarily
Date: Thu, 30 May 2024 09:29:13 GMT
Content-Type: text/html
Content-Length: 158
Connection: close
Location: https://154.23.109.133:5888/
Server: openresty

623423915 | 2024-05-30T09:29:10.530473

8888 / tcp

HTTP/1.1 302 Moved Temporarily
Date: Thu, 30 May 2024 09:29:10 GMT
Content-Type: text/html
Content-Length: 158
Connection: close
Location: https://154.23.109.133:5888/
Server: openresty

154.23.109.133

Last Seen: 2024-06-03

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1225748898 | 2024-06-03T13:46:58.802508
80 / tcp

-862225614 | 2024-05-30T09:29:19.387363
443 / tcp

-1228618677 | 2024-05-23T05:46:01.030739
5000 / tcp

Werkzeug0.16.1

623423915 | 2024-05-30T09:29:13.501292
5888 / tcp

623423915 | 2024-05-30T09:29:10.530473
8888 / tcp

Products

Pricing

Contact Us

154.23.109.133

Last Seen: 2024-06-03

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1225748898 | 2024-06-03T13:46:58.802508 80 / tcp

-862225614 | 2024-05-30T09:29:19.387363 443 / tcp

-1228618677 | 2024-05-23T05:46:01.030739 5000 / tcp

Werkzeug0.16.1

623423915 | 2024-05-30T09:29:13.501292 5888 / tcp

623423915 | 2024-05-30T09:29:10.530473 8888 / tcp

Products

Pricing

Contact Us

1225748898 | 2024-06-03T13:46:58.802508
80 / tcp

-862225614 | 2024-05-30T09:29:19.387363
443 / tcp

-1228618677 | 2024-05-23T05:46:01.030739
5000 / tcp

623423915 | 2024-05-30T09:29:13.501292
5888 / tcp

623423915 | 2024-05-30T09:29:10.530473
8888 / tcp