GeneralInformation

Hostnames	sustrio-esg.com www.sustrio-esg.com
Domains	sustrio-esg.com
Country	United States
City	San Francisco
Organization	Cloudflare, Inc.
ISP	Cloudflare, Inc.
ASN	AS13335

WebTechnologies

CMS

Weebly

Databases

MySQL

JavaScript libraries

jQuery1.8.3

Programming languages

PHP

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-7656	4.3jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2012-6708	4.3jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

OpenPorts

80 443 2082 2083 2086 2087 2096 8080 8443 8880

-1439203396 | 2024-05-21T14:44:45.900286

80 / tcp

HTTP/1.1 403 Forbidden
Date: Tue, 21 May 2024 14:44:45 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5894
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 887558aadb1c6bcb-DFW

-270679723 | 2024-05-28T00:25:25.611056

443 / tcp

HTTP/1.1 200 OK
Date: Tue, 28 May 2024 00:25:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: is_mobile=0; path=/; domain=www.sustrio-esg.com
Vary: X-W-SSL,Accept-Encoding,User-Agent
Cache-Control: private
X-Host: blu86.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
X-W-DC: SFO
CF-Cache-Status: DYNAMIC
Set-Cookie: language=en; expires=Tue, 11-Jun-2024 00:25:25 GMT; Max-Age=1209600; path=/
Set-Cookie: sto-id-editor=OHGFBNAK; Domain=weebly.com; Path=/
Set-Cookie: __cf_bm=C.dPK7u12gG5e3KsPkDdmeYoBxnV7v8BfdQb9jZt6Ds-1716855925-1.0.1.1-ly5DuoZ3b9b8UyBiZ19L3OJXZGnOBQ7utOB9USnB_5PVI2qPMDg6rQ9A0N.W.RgiMI71RcwUI.VslvmIQR6Pog; path=/; expires=Tue, 28-May-24 00:55:25 GMT; domain=.www.sustrio-esg.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 88aa1b7db99f7abb-SJC

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:19:d6:2a:26:8d:a2:b3:25:48:3b:c1:81:0e:cc:89:88:1a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: May  5 10:50:59 2024 GMT
            Not After : Aug  3 10:50:58 2024 GMT
        Subject: CN=www.sustrio-esg.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d9:12:60:6c:23:1d:16:f7:cd:2e:c0:46:d4:07:
                    be:ab:4b:9d:0a:d1:2d:40:a6:47:ae:de:49:7b:c7:
                    58:c5:2b:d1:2f:19:c8:29:ab:19:7e:94:55:38:0f:
                    2c:48:48:1a:be:ab:19:bf:24:6e:9b:6e:39:34:2f:
                    bb:68:a7:22:28:73:4a:3c:ad:ba:f0:9f:5f:6c:82:
                    4b:72:85:95:4e:9e:cb:ff:81:6c:cd:00:c2:4f:46:
                    77:66:d2:10:5c:03:db:26:37:b8:8f:c8:ca:e7:fe:
                    ec:c6:b5:d7:c9:f6:ef:9e:dd:f3:d2:2c:6a:52:c0:
                    21:13:be:98:5e:a3:9d:0a:cb:5d:40:a8:10:f0:9e:
                    d9:95:46:3e:75:b3:c0:c5:c2:e4:00:da:2e:f2:74:
                    51:d8:bc:ea:3e:92:bb:71:71:9c:82:f8:78:2d:ce:
                    cb:49:7d:b0:48:a4:a7:29:0d:75:02:cc:3b:db:d3:
                    5b:f7:ac:3c:b2:ad:99:55:20:50:2e:2c:91:d5:fa:
                    6c:76:00:85:18:1d:9a:91:13:4f:53:0e:69:0b:a7:
                    d3:ed:00:ef:d9:59:64:b2:f4:d6:0c:a2:fd:d8:d3:
                    79:77:8f:71:26:5b:6b:77:28:f1:dc:24:59:5e:8b:
                    41:41:47:48:e3:4f:95:ce:82:98:ba:ed:00:8e:28:
                    97:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                79:2C:B2:9D:59:EA:12:74:77:4D:E8:01:84:0C:88:D8:A6:DC:DA:53
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:sustrio-esg.com, DNS:www.sustrio-esg.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 19:98:10:71:09:F0:D6:52:2E:30:80:D2:9E:3F:64:BB:
                                83:6E:28:CC:F9:0F:52:8E:EE:DF:CE:4A:3F:16:B4:CA
                    Timestamp : May  5 11:51:00.297 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:3D:AC:6C:04:EB:C0:18:22:D5:A6:73:01:
                                38:3F:87:95:04:05:AD:FF:C2:70:32:1D:99:6C:7D:CB:
                                35:B8:B3:CD:02:21:00:FF:32:0E:8B:4D:35:44:62:83:
                                90:5B:6C:12:7E:50:79:26:8B:92:8E:3E:EC:D7:95:B9:
                                13:CC:1D:69:DB:E9:3D
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
                                ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
                    Timestamp : May  5 11:51:00.273 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:F0:39:E5:8A:70:7F:7C:A6:9B:FF:0E:
                                78:CB:29:A3:17:4D:9E:D9:2A:AB:E3:43:92:F9:51:C8:
                                96:04:1E:FC:5F:02:21:00:AA:0C:B2:79:97:D1:45:CA:
                                6F:67:7C:C0:F9:ED:E4:9B:82:4F:D8:58:2C:BD:5B:CD:
                                14:0A:AC:01:C1:09:EE:5C
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        a0:cd:20:94:c0:7e:67:47:3b:73:4a:dc:d1:1e:e2:90:68:16:
        e8:f7:1b:65:46:d0:0c:f1:70:c9:e7:32:4e:b0:39:7a:d0:1f:
        39:c4:14:ea:39:2a:ee:3e:4b:3d:28:2f:9c:55:71:ab:d4:41:
        51:eb:2d:5d:1a:d0:d7:c6:1b:63:b8:e3:27:a9:38:ee:90:e7:
        68:9f:ed:9f:58:1e:23:0e:cc:3a:94:08:4a:a5:be:98:43:31:
        2d:4e:d7:2d:f5:1e:23:5b:9d:98:aa:41:2a:57:29:51:86:67:
        e5:10:95:bb:24:c9:7f:f9:b6:56:5d:83:55:9d:f1:c4:54:04:
        97:b9:2d:9b:33:c0:2b:fe:86:09:d1:f1:c4:bf:16:a7:f6:5b:
        ee:90:1a:56:46:ad:da:3a:b9:b9:a0:d1:e8:45:4a:21:b7:89:
        cd:89:40:01:e5:36:51:a3:4f:c5:d9:f4:d5:b1:0e:0d:c5:82:
        87:f6:90:80:f3:a1:a3:49:0f:e0:c5:3a:9f:5c:c8:d0:3a:25:
        ca:9e:c2:d9:df:d2:d2:13:e7:a7:ea:e6:d9:a0:b2:85:af:40:
        58:de:5a:c1:19:c4:52:97:38:07:9a:73:79:dc:ad:76:50:a9:
        c4:3a:aa:98:df:89:4c:bb:b0:b7:2f:be:34:7d:2d:bc:d9:36:
        94:87:ad:8a

812433277 | 2024-05-28T00:10:49.436966

2082 / tcp

HTTP/1.1 403 Forbidden
Date: Tue, 28 May 2024 00:10:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5893
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88aa061afb1d144b-DFW

141477257 | 2024-05-29T02:48:34.190251

2083 / tcp

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Wed, 29 May 2024 02:48:34 GMT
Content-Type: text/html
Content-Length: 655
Connection: close
CF-RAY: -

191208051 | 2024-05-18T13:52:48.689346

2086 / tcp

HTTP/1.1 403 Forbidden
Date: Sat, 18 May 2024 13:52:48 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5895
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 885c546f486a1007-LAX

300024681 | 2024-05-27T04:48:27.948981

2087 / tcp

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Mon, 27 May 2024 04:48:27 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

141477257 | 2024-05-15T03:03:52.464878

2096 / tcp

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Wed, 15 May 2024 03:03:52 GMT
Content-Type: text/html
Content-Length: 655
Connection: close
CF-RAY: -

-943552832 | 2024-05-18T21:49:46.417972

8080 / tcp

HTTP/1.1 403 Forbidden
Date: Sat, 18 May 2024 21:49:46 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5892
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 885f0f1d0f012ecc-LAX

141477257 | 2024-05-26T09:35:39.110654

8443 / tcp

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Sun, 26 May 2024 09:35:39 GMT
Content-Type: text/html
Content-Length: 655
Connection: close
CF-RAY: -

-862142483 | 2024-05-20T22:29:12.086274

8880 / tcp

HTTP/1.1 403 Forbidden
Date: Mon, 20 May 2024 22:29:11 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 16
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 886fc39d2a482f08-LAX

error code: 1003

172.67.208.67

Last Seen: 2024-05-29

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-1439203396 | 2024-05-21T14:44:45.900286
80 / tcp

CloudFlare

-270679723 | 2024-05-28T00:25:25.611056
443 / tcp

812433277 | 2024-05-28T00:10:49.436966
2082 / tcp

141477257 | 2024-05-29T02:48:34.190251
2083 / tcp

191208051 | 2024-05-18T13:52:48.689346
2086 / tcp

300024681 | 2024-05-27T04:48:27.948981
2087 / tcp

141477257 | 2024-05-15T03:03:52.464878
2096 / tcp

-943552832 | 2024-05-18T21:49:46.417972
8080 / tcp

CloudFlare

141477257 | 2024-05-26T09:35:39.110654
8443 / tcp

CloudFlare

-862142483 | 2024-05-20T22:29:12.086274
8880 / tcp

Products

Pricing

Contact Us

172.67.208.67

Last Seen: 2024-05-29

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-1439203396 | 2024-05-21T14:44:45.900286 80 / tcp

CloudFlare

-270679723 | 2024-05-28T00:25:25.611056 443 / tcp

812433277 | 2024-05-28T00:10:49.436966 2082 / tcp

141477257 | 2024-05-29T02:48:34.190251 2083 / tcp

191208051 | 2024-05-18T13:52:48.689346 2086 / tcp

300024681 | 2024-05-27T04:48:27.948981 2087 / tcp

141477257 | 2024-05-15T03:03:52.464878 2096 / tcp

-943552832 | 2024-05-18T21:49:46.417972 8080 / tcp

CloudFlare

141477257 | 2024-05-26T09:35:39.110654 8443 / tcp

CloudFlare

-862142483 | 2024-05-20T22:29:12.086274 8880 / tcp

Products

Pricing

Contact Us

-1439203396 | 2024-05-21T14:44:45.900286
80 / tcp

-270679723 | 2024-05-28T00:25:25.611056
443 / tcp

812433277 | 2024-05-28T00:10:49.436966
2082 / tcp

141477257 | 2024-05-29T02:48:34.190251
2083 / tcp

191208051 | 2024-05-18T13:52:48.689346
2086 / tcp

300024681 | 2024-05-27T04:48:27.948981
2087 / tcp

141477257 | 2024-05-15T03:03:52.464878
2096 / tcp

-943552832 | 2024-05-18T21:49:46.417972
8080 / tcp

141477257 | 2024-05-26T09:35:39.110654
8443 / tcp

-862142483 | 2024-05-20T22:29:12.086274
8880 / tcp