GeneralInformation

Hostnames	2607-f1c0-100f-f000-0000-0000-0000-0288.elastic-ssl.ui-r.com wolpin.com
Domains	ui-r.com wolpin.com
Country	United States
City	Kansas City
Organization	IONOS Inc.
ISP	IONOS SE
ASN	AS8560

WebTechnologies

JavaScript libraries

jQuery1.4.2

jQuery UI1.7.2

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-7656	4.3jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2014-6071	4.3jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
CVE-2012-6708	4.3jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CVE-2011-4969	4.3Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

OpenPorts

80 443

303965858 | 2024-05-04T15:01:07.986904

80 / tcp

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Date: Sat, 04 May 2024 15:01:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=55c2c56410ee525694b0363b30d8f22b; path=/

-189333278 | 2024-05-05T07:48:40.532950

443 / tcp

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 3264
Connection: keep-alive
Keep-Alive: timeout=15
Date: Sun, 05 May 2024 07:48:40 GMT
Server: Apache
Last-Modified: Thu, 01 Mar 2012 23:55:27 GMT
ETag: "cc0-4ba3731b8b9c0"
Accept-Ranges: bytes

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:62:56:ba:e3:2b:aa:50:a8:9a:08:ae:ee:fc:ca:20
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G2
        Validity
            Not Before: Sep 26 00:00:00 2023 GMT
            Not After : Sep 25 23:59:59 2024 GMT
        Subject: CN=*.wolpin.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b7:27:16:cf:74:09:38:d2:94:df:62:a3:6f:78:
                    26:12:16:4b:cd:4c:07:73:d0:ac:9a:f9:d7:4f:66:
                    41:95:4f:f5:87:ed:ec:32:6a:47:c6:94:97:d4:f6:
                    04:b4:28:4b:27:02:a0:0a:f7:08:8e:fe:74:e0:be:
                    4a:76:02:0d:53:8c:36:68:05:de:cd:18:06:88:14:
                    49:97:38:ad:db:fb:fb:e5:f5:31:dc:e5:c4:09:61:
                    a5:d2:8e:54:6c:90:cf:47:82:e5:29:e1:82:5e:03:
                    40:fb:6b:26:5f:f0:8b:76:c8:f8:05:e0:00:86:1d:
                    1b:e2:30:c6:45:de:d1:de:ae:a6:54:92:91:33:ec:
                    e5:17:b1:bd:d0:66:d4:95:54:ef:71:43:fc:13:41:
                    26:bc:d2:76:d4:0d:65:9c:dd:85:73:85:e3:3f:d9:
                    fc:6a:75:b5:d5:8c:11:e1:7b:0b:6a:f2:77:be:48:
                    64:8a:eb:4b:20:2a:80:cd:ce:bc:ed:47:0f:e8:7b:
                    42:30:17:c3:1c:be:4f:04:28:12:3c:d7:59:24:b3:
                    dd:d1:96:4e:1c:f1:c1:42:ea:df:83:cb:3e:7b:47:
                    cf:8f:ec:09:78:aa:36:28:b5:75:8a:41:cf:2c:44:
                    4d:26:68:d1:50:81:bf:fb:6c:a4:e0:d1:86:11:90:
                    a3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                78:DF:91:90:5F:EE:DE:AC:F6:C5:75:EB:D5:4C:55:53:EF:24:4A:B6
            X509v3 Subject Key Identifier: 
                06:68:9A:AA:DF:60:FF:06:0F:DD:52:57:3E:3F:C8:71:C6:33:0C:19
            X509v3 Subject Alternative Name: 
                DNS:*.wolpin.com, DNS:wolpin.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                  CPS: http://www.digicert.com/CPS
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            Authority Information Access: 
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/EncryptionEverywhereDVTLSCA-G2.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Sep 26 22:43:41.827 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:03:2C:5A:CC:C4:64:53:F3:EE:D3:A6:46:
                                D6:AF:D9:9E:F0:0C:B3:AF:14:45:26:7C:C4:E1:55:5D:
                                EC:77:B7:DA:02:20:1E:B9:9C:BC:3D:4A:42:85:86:AE:
                                5B:F0:86:66:C6:68:28:DB:72:EC:D7:32:86:36:7E:6D:
                                22:E4:48:03:66:DD
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Sep 26 22:43:41.891 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:6A:2D:B2:B3:F2:DD:C9:17:3A:C5:94:90:
                                42:4F:A4:29:99:3D:7A:DE:28:9C:65:0C:42:1D:BB:C1:
                                A9:25:68:4D:02:20:33:4A:34:E4:18:08:BE:C8:F4:07:
                                EC:3F:E2:42:22:2B:2F:77:ED:1B:5D:60:51:0D:19:CA:
                                BE:33:F2:C7:4F:B6
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
                                91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
                    Timestamp : Sep 26 22:43:41.825 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:F4:6F:D1:0C:07:62:E3:40:4A:99:58:
                                2C:F9:C5:7A:00:10:60:2B:87:B5:ED:63:3D:C8:AC:16:
                                4E:E4:1B:7D:C1:02:21:00:C7:1F:2D:86:27:0C:02:A8:
                                91:00:D3:EB:E2:02:A8:17:5D:CE:A0:9B:40:3C:B9:50:
                                BB:1E:A1:05:66:39:FD:F9
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        82:7e:8d:fc:50:15:57:77:34:94:81:39:80:4a:d8:77:7e:40:
        00:e8:02:2d:74:1c:8f:bc:eb:de:0d:b5:ff:d9:6d:72:bb:98:
        28:bb:25:85:0e:1c:75:72:c8:13:aa:23:28:8f:1f:d1:0f:a6:
        ac:9d:a7:44:ab:50:4d:72:ee:67:cc:84:cd:65:93:33:48:8b:
        7c:2c:86:24:7b:44:f7:e0:c4:54:51:50:7c:35:7a:a1:62:c7:
        32:b1:bb:d3:a7:b9:86:36:4f:5f:a5:39:79:a2:25:46:d9:73:
        64:01:d2:d7:05:89:d7:84:e3:04:fa:a7:23:8c:3f:57:76:6d:
        97:88:22:8f:93:96:9d:e2:7b:03:eb:41:75:ac:84:b7:4b:7e:
        13:2b:8e:50:af:d0:90:82:99:db:a8:4f:ab:fc:87:92:a2:5a:
        72:23:5e:2c:60:29:f6:57:c0:4b:a0:30:c4:ec:76:85:bb:3b:
        68:90:a6:da:ad:f2:1a:aa:9a:37:d2:3d:63:bf:0e:bb:b4:38:
        77:ee:fe:2f:c7:63:3a:7e:d1:5b:55:8a:60:6f:98:69:de:48:
        03:78:f9:89:a6:5c:93:6e:9a:1d:b0:c1:8e:de:eb:7a:b6:0d:
        53:ec:66:ca:b1:cf:a7:fd:de:17:7a:b5:48:81:c2:56:28:54:
        47:e4:be:55

2607:f1c0:100f:f000::288

Last Seen: 2024-05-05

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

303965858 | 2024-05-04T15:01:07.986904
80 / tcp

-189333278 | 2024-05-05T07:48:40.532950
443 / tcp

Products

Pricing

Contact Us

2607:f1c0:100f:f000::288

Last Seen: 2024-05-05

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

303965858 | 2024-05-04T15:01:07.986904 80 / tcp

-189333278 | 2024-05-05T07:48:40.532950 443 / tcp

Products

Pricing

Contact Us

303965858 | 2024-05-04T15:01:07.986904
80 / tcp

-189333278 | 2024-05-05T07:48:40.532950
443 / tcp