GeneralInformation

Hostnames	panel.motuscorp.co.za
Domains	motuscorp.co.za
Country	South Africa
City	Johannesburg
Organization	xneelo-tscolo
ISP	Xneelo (Pty) Ltd
ASN	AS37153

WebTechnologies

JavaScript libraries

jQuery1.11.2

UI frameworks

Bootstrap3.3.4

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-8331	4.3In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2018-20677	4.3In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVE-2018-20676	4.3In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVE-2018-14042	4.3In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CVE-2018-14040	4.3In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CVE-2016-10735	4.3In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

OpenPorts

21 80 443 3306 27017

1736048858 | 2024-05-18T16:20:06.277068

21 / tcp

220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 18:22. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
530 Login authentication failed
214-The following SITE commands are recognized
 ALIAS
 CHMOD
 IDLE
 UTIME
214 Pure-FTPd - http://pureftpd.org/
211-Extensions supported:
 UTF8
 EPRT
 IDLE
 MDTM
 SIZE
 MFMT
 REST STREAM
 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
 MLSD
 PRET
 AUTH TLS
 PBSZ
 PROT
 TVFS
 ESTA
 PASV
 EPSV
 SPSV
 ESTP
211 End.

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:1a:d0:f3:17:88:af:03:6a:6f:13:ae:e5:7e:a9:4b:d5:7e:fb:f4
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=Guangdong, L=Dongguan, O=BT-PANEL, OU=BT, CN=156.38.136.27/emailAddress=admin@bt.cn
        Validity
            Not Before: Nov 21 15:07:10 2019 GMT
            Not After : Aug 20 15:07:10 2029 GMT
        Subject: C=CN, ST=Guangdong, L=Dongguan, O=BT-PANEL, OU=BT, CN=156.38.136.27/emailAddress=admin@bt.cn
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:be:15:b4:6a:e5:37:9a:7b:0b:d0:25:e2:10:d1:
                    b7:39:b0:49:86:18:64:98:0c:01:3b:6f:28:3f:c7:
                    e8:2a:95:cb:54:b8:18:50:a7:28:83:49:8c:aa:d9:
                    d2:d5:74:d4:58:c5:d1:c3:69:37:01:f2:80:f1:56:
                    ad:c9:2f:7b:e6:3d:49:8e:54:22:2e:ab:04:f1:98:
                    74:d3:b1:4d:98:b6:b2:c9:5d:06:22:46:64:84:a2:
                    7b:39:9e:86:ef:3e:70:95:c2:29:ff:dc:7b:92:c9:
                    e7:94:a3:d9:91:33:ef:81:4b:48:04:8d:4f:0c:dd:
                    11:72:16:ed:4a:24:31:06:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                25:22:3D:F5:1D:A6:92:DD:1A:C3:D7:8F:C1:AC:AE:32:EE:01:4D:2E
            X509v3 Authority Key Identifier: 
                25:22:3D:F5:1D:A6:92:DD:1A:C3:D7:8F:C1:AC:AE:32:EE:01:4D:2E
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        7a:e9:e2:85:19:01:a1:07:a3:f4:4e:02:98:0c:d7:3e:0a:42:
        54:42:4c:8c:fa:2f:8e:16:53:0c:f2:5d:3a:18:0d:cd:55:92:
        71:8c:fb:ab:30:03:54:7b:81:2a:71:7c:aa:da:fe:fc:ec:98:
        4b:51:a9:fb:bf:c8:0a:2c:6d:8b:dd:00:14:7b:a2:da:49:ab:
        c1:74:79:a0:d0:ef:b1:08:d8:f0:d8:de:3a:6b:44:1f:05:6d:
        56:96:f9:f7:f9:da:e0:42:d9:b3:b3:7a:a3:84:c7:99:3a:fe:
        5b:5c:c2:80:7b:c4:cd:f1:50:49:af:37:78:fd:1a:ad:8d:07:
        08:98

1214086484 | 2024-05-19T03:02:13.737160

80 / tcp

HTTP/1.1 200 OK
Date: Sun, 19 May 2024 03:05:16 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Thu, 21 Nov 2019 14:49:52 GMT
ETag: "535-597dc68e76177"
Accept-Ranges: bytes
Content-Length: 1333
Vary: Accept-Encoding
Content-Type: text/html

-1225945184 | 2024-05-20T02:26:49.505237

443 / tcp

HTTP/1.1 200 OK
Date: Mon, 20 May 2024 02:29:52 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Fri, 22 Nov 2019 08:04:45 GMT
ETag: "460-597eaddf86042"
Accept-Ranges: bytes
Content-Length: 1120
Vary: Accept-Encoding
Content-Type: text/html

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:17:50:8f:cb:cb:4f:38:89:f2:24:71:ff:82:d8:d4:10:ef
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar 28 06:57:24 2024 GMT
            Not After : Jun 26 06:57:23 2024 GMT
        Subject: CN=panel.motuscorp.co.za
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:9b:96:64:0a:fe:0b:11:f5:e4:00:36:9e:df:bb:
                    16:8e:0b:1e:f9:96:7c:84:2e:df:b4:ae:bf:ea:b4:
                    3d:fe:92:e6:19:e4:8f:59:ea:d8:da:5b:cb:36:2f:
                    b4:3c:26:26:71:a4:5d:b5:f8:a1:fe:43:49:61:37:
                    b9:54:db:51:4e:ed:c3:12:f1:f3:34:2b:ae:1b:be:
                    65:c8:19:2e:09:a4:b0:4f:17:e2:44:ed:27:ba:4a:
                    df:8c:9f:c1:47:e8:d4:35:53:f2:c6:fe:86:70:09:
                    07:26:d7:0e:7f:ed:0b:d3:b5:36:19:05:64:be:6d:
                    2e:ae:be:ed:e7:c3:4c:68:7e:1d:93:9b:bd:5b:33:
                    a5:b8:1d:c2:20:d9:55:0c:43:cd:d8:ac:b5:5c:a0:
                    10:e3:7e:e2:11:7c:43:d5:26:e5:f2:8f:6e:ef:42:
                    a2:43:eb:d6:d0:36:26:4e:6d:f4:63:bf:c9:7e:32:
                    63:e5:bf:77:3a:ae:d3:5e:6b:d6:bd:dc:f6:37:17:
                    29:b6:33:fe:e7:ed:b2:82:ad:d6:35:bd:4c:b4:c8:
                    df:17:6b:37:ec:4d:a6:b1:48:c4:7a:16:68:ea:a1:
                    97:55:83:f0:b6:64:92:9e:cd:54:52:e5:55:a8:ba:
                    12:4f:bb:02:78:9b:e0:d8:18:56:80:21:f1:5a:c9:
                    39:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                77:4D:A6:29:FB:85:14:62:84:B5:AD:CE:52:F3:6D:B9:91:F9:DC:25
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:panel.motuscorp.co.za
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
                                65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
                    Timestamp : Mar 28 07:57:24.928 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:E8:AD:A6:2A:49:A9:69:01:6D:0C:F9:
                                89:62:07:34:F7:1B:F6:24:ED:5E:7A:DA:A4:10:BD:74:
                                DC:E8:E4:D4:9B:02:20:58:AB:D4:ED:82:51:B5:BD:18:
                                4E:F9:F3:A0:51:53:CC:7F:A8:EC:6F:3A:0F:93:01:71:
                                60:5C:37:69:89:52:1E
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Mar 28 07:57:24.924 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:B8:C3:AA:3F:F0:06:96:96:43:AD:20:
                                58:EB:68:C7:71:5C:54:D9:F8:3F:36:22:3B:B4:00:B3:
                                F8:B7:B3:02:B0:02:20:2A:08:84:7D:AF:7C:D4:9B:A7:
                                B1:6E:9D:86:06:BF:5C:BC:A7:A1:CB:D6:0F:B1:F3:76:
                                FA:21:F3:F0:EE:95:CE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        3e:59:ad:a7:ba:4c:30:55:35:67:82:ef:6e:86:c7:c6:cd:e1:
        91:1e:b6:7e:dc:9a:8f:1d:6f:fa:53:cc:0d:cd:17:75:0f:ce:
        1c:17:14:34:a7:0a:ea:88:59:43:79:62:41:9e:10:d8:df:43:
        51:44:cb:95:93:6d:e1:b4:a8:3a:1a:5b:eb:3a:34:d1:57:d4:
        5d:40:0f:65:8d:e0:16:cf:14:b2:2a:16:d4:93:1a:c5:88:f5:
        96:65:fb:69:45:92:54:8b:3a:a7:f6:a1:5c:b4:f7:74:ff:18:
        92:26:ed:78:50:bd:a8:82:c0:e7:82:93:63:41:7e:cb:1e:29:
        fd:20:a4:cc:c0:2f:fb:b7:d6:04:09:a4:fc:db:62:db:c7:71:
        e4:d1:e2:9e:4e:44:b9:ef:04:a0:68:b1:67:40:b6:86:48:83:
        25:8b:57:7f:98:fe:9e:78:69:f5:ac:e0:fd:80:76:a7:e4:3b:
        c0:e7:ff:cb:13:2e:ef:c1:ad:07:6f:56:b9:a3:db:94:ec:7b:
        43:aa:77:ee:f2:a6:45:fd:d4:9d:21:ca:f5:72:a7:66:52:87:
        e6:f9:ee:bd:03:8f:8b:0c:53:d0:ab:68:2f:33:1c:70:40:74:
        b0:77:9e:ff:d5:cc:5e:01:b5:99:ae:c9:f1:c2:5f:78:5e:00:
        8b:c3:89:d1

1973354496 | 2024-05-19T18:58:25.092709

3306 / tcp

MariaDB:
  Protocol Version: 10
  Version: 10.3.20-MariaDB-log
  Capabilities: 63486
  Server Language: 45
  Server Status: 2
  Extended Server Capabilities: 33215
  Authentication Plugin: mysql_native_password

-532740044 | 2024-05-14T21:43:42.635145

27017 / tcp

MongoDB Server Information
Authentication partially enabled
{
    "storageEngines": [
        "devnull", 
        "ephemeralForTest", 
        "mmapv1", 
        "wiredTiger"
    ], 
    "buildEnvironment": {
        "distarch": "x86_64", 
        "cc": "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", 
        "cxxflags": "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", 
        "linkflags": "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", 
        "ccflags": "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", 
        "target_arch": "x86_64", 
        "distmod": "", 
        "target_os": "linux", 
        "cxx": "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0"
    }, 
    "ok": 1.0, 
    "sysInfo": "deprecated", 
    "modules": [], 
    "openssl": {
        "compiled": "disabled", 
        "running": "disabled"
    }, 
    "javascriptEngine": "mozjs", 
    "version": "4.0.10", 
    "allocator": "tcmalloc", 
    "versionArray": [
        4, 
        0, 
        10, 
        0
    ], 
    "debug": false, 
    "maxBsonObjectSize": 16777216, 
    "bits": 64, 
    "gitVersion": "c389e7f69f637f7a1ac3cc9fae843b635f20b766"
}

156.38.136.27

Last Seen: 2024-05-20

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1736048858 | 2024-05-18T16:20:06.277068
21 / tcp

Pure-FTPd

1214086484 | 2024-05-19T03:02:13.737160
80 / tcp

Apache httpd

-1225945184 | 2024-05-20T02:26:49.505237
443 / tcp

Apache httpd

1973354496 | 2024-05-19T18:58:25.092709
3306 / tcp

MariaDB10.3.20-MariaDB-log

-532740044 | 2024-05-14T21:43:42.635145
27017 / tcp

MongoDB4.0.10

Products

Pricing

Contact Us

156.38.136.27

Last Seen: 2024-05-20

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1736048858 | 2024-05-18T16:20:06.277068 21 / tcp

Pure-FTPd

1214086484 | 2024-05-19T03:02:13.737160 80 / tcp

Apache httpd

-1225945184 | 2024-05-20T02:26:49.505237 443 / tcp

Apache httpd

1973354496 | 2024-05-19T18:58:25.092709 3306 / tcp

MariaDB10.3.20-MariaDB-log

-532740044 | 2024-05-14T21:43:42.635145 27017 / tcp

MongoDB4.0.10

Products

Pricing

Contact Us

1736048858 | 2024-05-18T16:20:06.277068
21 / tcp

1214086484 | 2024-05-19T03:02:13.737160
80 / tcp

-1225945184 | 2024-05-20T02:26:49.505237
443 / tcp

1973354496 | 2024-05-19T18:58:25.092709
3306 / tcp

-532740044 | 2024-05-14T21:43:42.635145
27017 / tcp