GeneralInformation

Hostnames	45-56-111-244.ip.linodeusercontent.com dampy.xeroxer.com
Domains	linodeusercontent.com xeroxer.com
Cloud Provider	Linode
Cloud Region	us-nj
Country	United States
City	Morris Plains
Organization	Linode
ISP	Akamai Connected Cloud
ASN	AS63949

WebTechnologies

CDN

Google Hosted Libraries

JavaScript libraries

jQuery1.8.3

Modernizr

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2020-7656	4.3jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2012-6708	4.3jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

OpenPorts

443

-622461449 | 2024-04-29T22:29:21.027674

443 / tcp

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 29 Apr 2024 22:29:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=hit8oo8396g3o9rfe8qkddr487; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-UA-Compatible: IE=Edge

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:fb:7d:db:3d:5a:a6:6c:bd:1f:7b:9e:b8:49:fa:38:61:5f
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar 25 20:33:33 2024 GMT
            Not After : Jun 23 20:33:32 2024 GMT
        Subject: CN=dampy.xeroxer.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:4e:96:e7:3f:ed:64:37:4a:b6:85:65:0f:a6:1f:
                    23:d7:c6:15:3f:ce:3d:d2:70:c4:c1:64:5d:59:bf:
                    01:d0:2c:8b:1d:50:75:be:dc:12:81:15:8b:93:3e:
                    3c:0a:a6:76:76:2e:4a:b1:8c:51:38:07:89:9e:7b:
                    c8:81:a7:05:48
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                8C:3C:B0:37:D6:2C:37:7E:5C:44:00:8C:83:8D:A2:B9:64:12:7B:B3
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:dampy.xeroxer.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
                                ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
                    Timestamp : Mar 25 21:33:33.416 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:0A:88:3E:6D:DA:96:42:E0:FF:53:92:86:
                                F8:FA:B2:0B:EA:57:A7:09:BC:43:25:6D:AB:D2:44:67:
                                09:78:72:DE:02:20:3C:81:A3:E6:72:54:41:2F:03:BD:
                                52:32:01:F1:AD:7B:31:52:5A:38:D9:72:2B:8B:A3:5A:
                                9E:10:13:0C:78:27
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Mar 25 21:33:33.431 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:B3:36:73:34:F1:36:EA:34:BD:6B:89:
                                A3:CA:5B:C1:75:3F:A1:EE:EC:AC:D6:58:43:0F:A6:C2:
                                9F:98:76:EE:7D:02:20:4B:5A:C8:F9:CF:0E:C1:AF:A9:
                                FC:FA:2E:94:2B:05:B5:1F:AB:6E:35:E2:C0:2C:7D:EB:
                                11:C1:E9:8B:E3:02:5B
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        58:42:ef:a2:6a:ee:28:ef:e8:12:ad:3e:de:65:19:df:28:08:
        df:17:b1:e4:99:c3:a8:5f:18:7c:66:8c:24:21:55:d5:f9:ff:
        5e:0f:39:02:b1:88:26:68:5a:6d:6f:0a:b2:e5:44:1e:a0:be:
        63:8c:26:bd:c5:0c:62:6a:f1:5c:60:11:fc:11:f1:ef:f0:b8:
        cf:0f:22:11:f2:25:44:f4:eb:0f:86:ba:d9:1a:de:11:bc:e3:
        1f:37:61:4c:07:0b:41:15:ec:ca:33:ec:2a:2c:5b:2c:1c:35:
        2d:43:d7:e4:cf:d1:76:e9:a5:6e:fd:61:b2:1a:f6:d8:e3:2d:
        08:8b:44:4b:b0:22:0f:32:14:c7:0e:f4:a5:52:a7:3b:ce:92:
        6b:f5:a9:bc:43:f4:8e:48:6b:00:90:1e:db:3a:1a:93:55:c9:
        15:46:2b:bd:4f:b3:68:67:f6:f3:1d:1d:39:b2:4f:44:51:72:
        89:12:c7:e0:a9:94:4b:3e:d7:84:c7:ef:2e:d5:77:d3:9b:44:
        d5:9c:48:c1:d6:24:06:08:65:93:0a:9e:27:b3:ae:61:02:fe:
        b9:e4:a1:35:c4:16:db:96:a3:2e:b4:fd:b3:c0:bd:19:97:65:
        b8:29:70:b9:20:53:b4:f7:25:55:d5:3b:9b:10:31:c4:d7:04:
        0d:f2:87:e9

45.56.111.244

Last Seen: 2024-04-29

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-622461449 | 2024-04-29T22:29:21.027674
443 / tcp

nginx1.20.1

Products

Pricing

Contact Us

45.56.111.244

Last Seen: 2024-04-29

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-622461449 | 2024-04-29T22:29:21.027674 443 / tcp

nginx1.20.1

Products

Pricing

Contact Us

-622461449 | 2024-04-29T22:29:21.027674
443 / tcp