GeneralInformation

Hostnames	vr.xvideo-jp.com 166.207.52.36.ap.yournet.ne.jp
Domains	xvideo-jp.com yournet.ne.jp
Country	Japan
City	Tokyo
Organization	FreeBit Co., Ltd.
ISP	FreeBit Co.,Ltd.
ASN	AS10013

WebTechnologies

CDN

Google Hosted Libraries

JavaScript libraries

jQuery1.3.2

Video players

YouTube

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-7656	4.3jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2013-2220	7.5Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
CVE-2012-6708	4.3jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CVE-2011-4969	4.3Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CVE-2007-3205	5.0The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

OpenPorts

21 80 111 443 3306 4949 8002 10000 11211

792679561 | 2024-04-27T03:15:24.748229

21 / tcp

421 Service not available.\r\n

-752556042 | 2024-04-01T21:35:20.636402

80 / tcp

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 01 Apr 2024 21:35:20 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 10
Last-Modified: Mon, 11 Jul 2022 06:03:57 GMT
Connection: keep-alive
ETag: "62cbbd4d-a"
Accept-Ranges: bytes

-1345205424 | 2024-04-15T04:34:33.464816

111 / tcp

Portmap
Program	Version	Protocol	Port
portmapper	4	tcp	111
portmapper	3	tcp	111
portmapper	2	tcp	111
portmapper	4	udp	111
portmapper	3	udp	111
portmapper	2	udp	111

-1345205424 | 2024-04-05T15:49:26.722913

111 / udp

Portmap
Program	Version	Protocol	Port
portmapper	4	tcp	111
portmapper	3	tcp	111
portmapper	2	tcp	111
portmapper	4	udp	111
portmapper	3	udp	111
portmapper	2	udp	111

-289359351 | 2024-04-27T10:26:15.059043

443 / tcp

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 27 Apr 2024 10:26:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.2.9

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:2e:10:ba:c0:37:04:b6:bc:16:70:a1:9c:2e:0f:b4:ec:63
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Feb 29 00:14:04 2024 GMT
            Not After : May 29 00:14:03 2024 GMT
        Subject: CN=vr.xvideo-jp.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ad:b2:be:65:5e:2e:61:0f:67:6f:b6:45:da:d2:
                    a2:f4:5a:28:cf:69:14:31:ae:b1:de:93:c7:2b:7f:
                    cc:07:4d:ff:7e:78:52:ca:8e:52:34:25:06:b4:c8:
                    c5:01:0a:92:82:15:f9:c2:76:d7:41:4c:18:1b:93:
                    11:dd:f4:6c:f2:f8:9f:ec:b9:47:80:4d:4d:4b:7b:
                    fc:60:92:a2:1a:2b:09:b8:cd:5d:a0:a0:3d:8d:66:
                    15:57:e8:5b:d0:c8:ee:70:4a:f2:61:7a:ec:64:eb:
                    87:d3:fc:25:a1:63:e2:62:4f:95:9a:3a:dd:63:72:
                    30:43:01:d7:2c:68:6d:8f:cb:41:dd:f4:c0:22:fe:
                    08:07:5f:25:2f:68:ce:2f:bc:4e:b9:43:13:15:55:
                    88:0b:5f:2c:5f:68:a5:aa:47:2d:fb:ed:af:35:43:
                    ab:8c:87:c2:58:5a:ff:43:99:4f:03:6c:64:ca:e0:
                    8e:7a:12:17:a9:50:46:2e:82:57:0c:c3:36:f2:04:
                    dc:7b:8a:54:e0:78:a2:08:72:82:01:25:91:42:85:
                    a9:58:3a:f0:8c:0b:9a:1e:f5:a3:2d:e7:bf:42:99:
                    9c:e3:b4:71:d7:40:c4:ed:ad:36:59:ce:fb:04:4d:
                    aa:6c:ae:a9:94:33:b7:f9:7b:3f:e2:b2:f0:00:3d:
                    e6:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                3C:82:1B:A5:85:2C:6A:77:F0:FD:70:71:C9:62:2C:C6:CB:A0:E3:01
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:vr.xvideo-jp.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
                                67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
                    Timestamp : Feb 29 01:14:04.519 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:63:61:D6:0B:CA:09:00:9B:AA:A3:AF:42:
                                55:BD:0A:3F:72:A1:B8:3B:B7:7A:E3:9A:B7:16:3F:C0:
                                23:C6:A3:72:02:21:00:CF:31:8F:FC:34:EE:97:FE:7D:
                                F6:07:59:92:00:8A:32:8D:E6:F8:86:36:A4:DD:89:62:
                                1A:15:C0:6B:51:39:2D
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Feb 29 01:14:05.100 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:0F:18:8B:04:1C:44:4F:F9:2A:5A:1E:8A:
                                DE:60:B7:EB:18:39:A1:B3:52:9F:D1:C2:67:C5:BF:97:
                                4C:8B:DF:9C:02:21:00:B8:60:12:88:89:F5:52:95:7F:
                                DA:DE:9F:77:1D:4E:78:6E:CB:4A:AD:E1:CB:14:FC:45:
                                41:29:69:85:B8:CB:9C
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        91:16:b0:bc:29:fe:3c:29:e4:f2:b6:12:f1:4e:45:3b:ba:9f:
        75:29:65:80:44:e0:9a:1a:a7:6f:fa:55:0d:44:53:6d:99:fd:
        08:51:87:99:db:6b:1f:09:c6:9a:a9:17:6d:76:17:3b:78:1c:
        47:85:d1:3c:18:57:1b:0e:8f:9c:c3:40:4b:1a:98:f0:f9:a6:
        33:24:04:ad:ee:40:f4:fa:77:3b:32:50:83:69:60:a0:e7:bb:
        bb:26:18:87:64:0b:33:9b:65:00:ba:10:53:16:dd:4a:d5:e0:
        16:b1:fc:81:9a:3a:f0:62:0e:25:28:9a:aa:44:24:ba:77:13:
        cf:14:4c:f5:f7:35:37:f3:c7:85:07:3a:1f:1b:53:37:78:f4:
        4c:c1:4a:2c:0b:2c:03:fa:7f:0c:77:e9:76:5c:fd:29:f8:21:
        76:c1:6d:c3:f0:0a:4c:81:fa:75:e8:cf:b4:1a:36:1c:2f:38:
        f2:2b:1e:5d:b2:a3:b4:e4:67:28:46:7c:88:43:e0:62:c3:c7:
        4e:97:11:4c:f2:ac:be:b2:09:44:42:f8:bd:8c:20:49:2b:14:
        39:92:4c:a8:ed:8d:27:29:3d:c5:a2:88:a6:a4:30:53:8b:36:
        52:18:e1:b4:66:41:bd:b7:3d:2a:c0:cc:d4:4a:72:66:9e:5a:
        06:5e:f8:ac

-1204841701 | 2024-04-23T04:59:29.901378

3306 / tcp

MariaDB:
  Protocol Version: 10
  Version: 10.8.8-MariaDB-log
  Capabilities: 63486
  Server Language: 33
  Server Status: 2
  Extended Server Capabilities: 33279
  Authentication Plugin: mysql_native_password

389466995 | 2024-03-30T03:25:36.074186

8002 / tcp

HTTP/1.1 404 Not Found
Content-Length: 0
Date: Sat, 30 Mar 2024 03:25:35 GMT
Server: Kestrel

-191320651 | 2024-04-26T06:05:07.136360

10000 / tcp

HTTP/1.0 200 Document follows
Date: Fri, 26 Apr 2024 06:05:06 GMT
Server: MiniServ
Connection: close
Set-Cookie: testing=1; path=/; secure; httpOnly
pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; child-src 'self'
X-Content-Type-Options: nosniff
Content-type: text/html; Charset=UTF-8

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c2:eb:1a:b3:10:3d:f0:50
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=Webmin Webserver on localhost.localdomain, CN=*/emailAddress=root@localhost.localdomain
        Validity
            Not Before: Jul  8 12:31:17 2022 GMT
            Not After : Jul  7 12:31:17 2027 GMT
        Subject: O=Webmin Webserver on localhost.localdomain, CN=*/emailAddress=root@localhost.localdomain
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:aa:48:4e:64:43:33:ca:fd:23:f6:60:1d:82:de:
                    7b:77:97:1e:a8:e1:0d:5d:88:37:36:94:c6:95:75:
                    b6:9f:13:61:6d:8b:2a:c3:af:3e:26:67:0f:6e:47:
                    99:e4:bc:1c:dc:59:fd:f4:e0:6d:d4:3f:cf:79:3b:
                    ed:de:7f:46:5e:e4:ce:d3:ee:86:c6:dd:9b:fb:e8:
                    db:e6:67:2a:aa:c5:5b:91:55:99:3b:24:b9:81:a7:
                    5b:3c:00:8d:5c:05:a6:36:0e:4b:a7:7f:a0:73:9a:
                    99:22:2d:11:7c:ed:3a:0d:ec:64:a3:bd:27:21:50:
                    7b:07:68:a5:89:e1:5c:50:6b:23:d7:82:37:20:ee:
                    d7:39:fd:b2:dc:b6:ca:a8:91:13:e8:ca:2f:47:9d:
                    32:38:46:57:aa:43:4b:02:3c:81:e7:7a:9a:b0:bf:
                    d0:70:a6:75:fd:40:56:13:1f:fb:be:2c:eb:3a:19:
                    08:2a:67:84:80:36:63:d7:9b:55:5d:e1:23:16:2a:
                    dd:64:d2:10:a1:64:3c:f5:69:44:ca:f5:65:ad:8f:
                    b9:02:b4:df:c1:69:a3:04:46:bc:c9:f9:4c:1d:6c:
                    98:33:be:49:ec:05:11:7f:16:ef:6e:51:bc:ef:be:
                    f8:ae:d9:5c:ca:55:ec:90:8b:9f:bf:34:51:2a:50:
                    e1:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                B6:DF:AB:E2:7C:E4:DB:41:DF:11:B5:2B:59:C1:C1:E1:09:B5:89:61
            X509v3 Authority Key Identifier: 
                B6:DF:AB:E2:7C:E4:DB:41:DF:11:B5:2B:59:C1:C1:E1:09:B5:89:61
            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        19:b2:65:14:c0:6a:f3:24:94:95:3c:32:1f:f6:45:7e:0b:03:
        5d:e0:b5:99:a0:de:8b:2f:05:e9:13:11:c3:68:ca:90:4f:4e:
        3c:68:dc:92:8e:86:76:cf:cb:ea:de:07:f3:c0:e3:bc:aa:8e:
        ac:03:b9:ed:65:36:17:17:36:f9:bc:af:49:72:4e:60:6e:43:
        59:20:36:66:0b:34:17:cd:59:6e:8f:e6:17:a5:61:3f:f5:61:
        67:28:a8:6d:0d:58:f2:a3:70:bc:8e:8d:88:46:7a:0f:69:d4:
        02:9b:31:87:3f:93:c4:34:7a:71:9d:a1:f8:29:7a:63:d5:60:
        fe:f2:85:1d:61:05:42:17:7c:ff:8e:2f:05:d6:b8:d4:5c:18:
        f1:0a:94:73:54:b8:06:be:36:4e:c8:d0:19:b3:a7:cd:fb:57:
        d5:86:60:ad:5d:20:ed:5f:9f:7c:f4:5e:5c:2c:11:35:21:cb:
        23:15:f1:63:14:fd:81:5d:cd:ec:f4:78:84:51:f7:d0:52:b0:
        80:f8:d0:74:c8:58:86:a5:5f:8e:03:37:e1:22:81:8d:b2:c5:
        6e:7d:34:fd:3c:63:6a:a0:8b:35:d5:8d:0a:b1:a7:f6:7b:29:
        f6:88:76:b1:69:6a:ff:2f:a4:87:3c:f9:84:bf:d5:e3:5b:c4:
        83:12:8a:a4

-1679139953 | 2024-04-12T01:03:13.538871

11211 / tcp

stats
STAT pid 2230
STAT uptime 6759520
STAT time 1712883791
STAT version 1.4.15
STAT libevent 2.0.21-stable
STAT pointer_size 64
STAT rusage_user 65.919452
STAT rusage_system 62.246711
STAT curr_connections 2
STAT total_connections 1261
STAT connection_structures 10
STAT reserved_fds 20
STAT cmd_get 2
STAT cmd_set 2
STAT cmd_flush 0
STAT cmd_touch 0
STAT get_hits 0
STAT get_misses 2
STAT delete_misses 0
STAT delete_hits 0
STAT incr_misses 0
STAT incr_hits 0
STAT decr_misses 0
STAT decr_hits 0
STAT cas_misses 0
STAT cas_hits 0
STAT cas_badval 0
STAT touch_hits 0
STAT touch_misses 0
STAT auth_cmds 0
STAT auth_errors 0
STAT bytes_read 58563
STAT bytes_written 803720
STAT limit_maxbytes 67108864
STAT accepting_conns 1
STAT listen_disabled_num 0
STAT threads 4
STAT conn_yields 0
STAT hash_power_level 16
STAT hash_bytes 524288
STAT hash_is_expanding 0
STAT bytes 106
STAT curr_items 1
STAT total_items 2
STAT expired_unfetched 1
STAT evicted_unfetched 0
STAT evictions 0
STAT reclaimed 1
END
stats settings
STAT maxbytes 67108864
STAT maxconns 1024
STAT tcpport 11211
STAT udpport 0
STAT inter NULL
STAT verbosity 0
STAT oldest 0
STAT evictions on
STAT domain_socket NULL
STAT umask 700
STAT growth_factor 1.25
STAT chunk_size 48
STAT num_threads 4
STAT num_threads_per_udp 4
STAT stat_key_prefix :
STAT detail_enabled no
STAT reqs_per_event 20
STAT cas_enabled yes
STAT tcp_backlog 1024
STAT binding_protocol auto-negotiate
STAT auth_enabled_sasl no
STAT item_size_max 1048576
STAT maxconns_fast no
STAT hashpower_init 0
STAT slab_reassign no
STAT slab_automove 0
END

36.52.207.166

Last Seen: 2024-04-27

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

792679561 | 2024-04-27T03:15:24.748229
21 / tcp

-752556042 | 2024-04-01T21:35:20.636402
80 / tcp

nginx

-1345205424 | 2024-04-15T04:34:33.464816
111 / tcp

-1345205424 | 2024-04-05T15:49:26.722913
111 / udp

-289359351 | 2024-04-27T10:26:15.059043
443 / tcp

nginx

-1204841701 | 2024-04-23T04:59:29.901378
3306 / tcp

MariaDB10.8.8-MariaDB-log

389466995 | 2024-03-30T03:25:36.074186
8002 / tcp

-191320651 | 2024-04-26T06:05:07.136360
10000 / tcp

Webmin

-1679139953 | 2024-04-12T01:03:13.538871
11211 / tcp

Memcached1.4.15

Products

Pricing

Contact Us

36.52.207.166

Last Seen: 2024-04-27

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

792679561 | 2024-04-27T03:15:24.748229 21 / tcp

-752556042 | 2024-04-01T21:35:20.636402 80 / tcp

nginx

-1345205424 | 2024-04-15T04:34:33.464816 111 / tcp

-1345205424 | 2024-04-05T15:49:26.722913 111 / udp

-289359351 | 2024-04-27T10:26:15.059043 443 / tcp

nginx

-1204841701 | 2024-04-23T04:59:29.901378 3306 / tcp

MariaDB10.8.8-MariaDB-log

389466995 | 2024-03-30T03:25:36.074186 8002 / tcp

-191320651 | 2024-04-26T06:05:07.136360 10000 / tcp

Webmin

-1679139953 | 2024-04-12T01:03:13.538871 11211 / tcp

Memcached1.4.15

Products

Pricing

Contact Us

792679561 | 2024-04-27T03:15:24.748229
21 / tcp

-752556042 | 2024-04-01T21:35:20.636402
80 / tcp

-1345205424 | 2024-04-15T04:34:33.464816
111 / tcp

-1345205424 | 2024-04-05T15:49:26.722913
111 / udp

-289359351 | 2024-04-27T10:26:15.059043
443 / tcp

-1204841701 | 2024-04-23T04:59:29.901378
3306 / tcp

389466995 | 2024-03-30T03:25:36.074186
8002 / tcp

-191320651 | 2024-04-26T06:05:07.136360
10000 / tcp

-1679139953 | 2024-04-12T01:03:13.538871
11211 / tcp