GeneralInformation

Hostnames	aleasing.pl www.aleasing.pl static-ajw104.rev.nazwa.pl
Domains	aleasing.pl nazwa.pl
Country	Poland
City	Warsaw
Organization	VPS and dedicated servers
ISP	Nazwa.pl Sp.z.o.o.
ASN	AS15967

WebTechnologies

CDN

Google Hosted Libraries

JavaScript libraries

jQuery1.8.0

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-7656	4.3jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2012-6708	4.3jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

OpenPorts

80 443

-362124906 | 2024-05-14T19:33:38.188647

80 / tcp

HTTP/1.1 200 OK
Date: Tue, 14 May 2024 19:33:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-CDN-nazwa.pl-location: WAW
X-CDN-nazwa.pl-policyused: cdn=1209600
X-CDN-nazwa.pl-cache: MISS
Server: Apache/2

896182359 | 2024-05-14T19:14:55.858860

443 / tcp

HTTP/1.1 200 OK
Date: Tue, 14 May 2024 19:14:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-CDN-nazwa.pl-location: WAW
X-CDN-nazwa.pl-policyused: cdn=1209600
X-CDN-nazwa.pl-cache: MISS
Server: Apache/2

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:0d:97:2a:eb:3c:4b:92:fc:fa:28:0e:e9:2c:00:f3
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=PL, O=nazwa.pl sp. z o.o., OU=http:\/\/nazwa.pl, CN=nazwaSSL
        Validity
            Not Before: Mar 19 00:15:06 2024 GMT
            Not After : Mar 19 00:00:00 2025 GMT
        Subject: CN=aleasing.pl
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ed:f7:23:3d:db:fc:69:b8:7f:6c:64:c4:ba:fe:
                    9f:4a:61:cf:4d:97:60:d9:0f:7a:73:58:e9:d1:5e:
                    7a:25:7c:29:c2:46:b5:31:65:0e:03:c7:67:a9:7d:
                    75:2b:82:56:73:d7:32:a6:c4:7a:6b:47:50:60:8b:
                    ad:44:26:5e:ed:34:bc:fc:45:00:d5:29:ba:f4:86:
                    d4:e2:e7:03:8e:70:13:8f:14:eb:9d:bf:a4:c4:1d:
                    97:de:da:b0:03:16:a8:1f:f1:69:3f:d4:c6:7f:6a:
                    f3:71:8c:7b:b2:29:a6:44:f8:af:bd:d9:97:1a:4c:
                    d7:1c:c6:f7:a3:56:94:22:d2:73:dd:be:0a:0d:13:
                    99:83:ee:de:b7:f3:da:2c:51:ca:4e:cd:e9:a4:34:
                    3b:1b:2a:7a:43:f6:22:fb:dc:23:87:fe:77:30:8b:
                    2f:e6:a9:c2:68:e2:83:28:4c:95:fe:0d:a5:d3:7b:
                    8f:5c:03:bb:66:e5:c3:3a:b8:05:f2:db:a8:d6:19:
                    a1:f9:76:8c:46:5f:0d:1b:4e:7f:3f:23:4d:db:98:
                    74:4b:d9:dd:0a:78:98:2d:5b:82:f2:48:33:db:06:
                    cc:b6:c2:12:55:b7:92:87:f3:51:57:b1:0b:83:8d:
                    69:ba:57:b7:9f:7b:af:05:aa:5c:fd:27:d5:01:d8:
                    16:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.certum.pl/nazwassl2sha2.crl
            Authority Information Access: 
                OCSP - URI:http://nazwassl2sha2.ocsp-certum.com
                CA Issuers - URI:http://repository.certum.pl/nazwassl2sha2.cer
            X509v3 Authority Key Identifier: 
                54:DC:90:BB:9D:47:19:51:C3:79:68:2C:84:ED:2E:DF:5F:46:BA:C7
            X509v3 Subject Key Identifier: 
                C4:0F:7D:08:EF:A2:9E:18:0F:0C:84:88:94:FA:96:95:B6:92:78:C3
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                Policy: 1.2.616.1.113527.2.5.1.9.2.3
                  CPS: https://www.certum.pl/CPS
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:aleasing.pl, DNS:www.aleasing.pl
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
                                D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
                    Timestamp : Mar 19 00:15:25.662 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:76:96:B4:F9:AD:86:37:78:A8:D3:50:E4:
                                5C:0B:F9:3E:0C:3C:20:0A:A6:73:12:0C:44:C8:79:5D:
                                44:8F:99:4D:02:21:00:FB:AC:C1:02:F6:0A:67:7E:F2:
                                D1:FE:47:9A:DD:50:8D:8C:C9:8F:6C:E5:6B:70:1D:98:
                                83:EF:31:C6:AF:1C:75
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
                                1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
                    Timestamp : Mar 19 00:15:25.665 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:68:AE:62:22:55:69:AA:3F:A3:1A:16:34:
                                8D:51:CA:D6:51:14:A8:36:F2:D3:D4:74:08:A7:1B:BE:
                                08:F7:04:44:02:20:34:2D:47:1E:7A:06:09:34:FC:75:
                                7A:1E:22:0A:87:CB:93:04:99:3F:6D:FF:93:7E:8F:90:
                                4B:FA:0D:5D:EA:41
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
                                87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
                    Timestamp : Mar 19 00:15:25.692 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:26:F2:EE:20:69:37:B0:07:EC:2D:3F:B9:
                                53:67:F1:F6:9C:61:B4:33:95:23:86:08:8F:B5:55:5C:
                                3E:58:67:E2:02:20:2C:44:03:9E:E9:61:75:A4:CE:EF:
                                AD:DB:87:FC:4E:E3:0D:7C:B6:2C:27:9E:CA:E0:93:AD:
                                99:56:61:1A:90:D4
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        b4:63:45:4a:6d:da:1c:bd:a5:30:24:72:c5:66:72:8e:07:26:
        2e:38:2e:1a:72:7c:9f:42:34:5d:b6:2d:c4:38:00:f9:df:90:
        3a:a3:52:6d:97:a6:ee:f8:f0:78:4a:a0:24:a9:2d:ed:2b:b5:
        d6:78:3a:ed:da:28:1a:cc:36:1f:49:66:41:3d:64:c4:69:8a:
        ea:1e:77:ca:0a:fe:a2:b5:12:71:fd:a5:96:12:30:fd:41:32:
        b7:78:a3:f6:fa:87:43:df:e1:e1:67:a4:65:3e:2f:62:43:36:
        de:82:8b:c0:3f:f0:e9:4b:02:56:08:2d:44:90:4b:87:99:70:
        b8:f1:62:27:15:90:52:07:9b:07:d1:9e:f4:49:1e:5f:9c:b4:
        28:ae:5c:ae:03:7d:52:32:48:28:a8:21:b7:76:d5:e7:1e:da:
        ce:ee:0a:a8:81:12:d0:74:be:86:22:0a:cd:7b:e7:eb:bd:cc:
        04:b9:dc:66:2c:9f:75:24:2e:ac:71:54:02:5c:77:32:c0:af:
        93:c0:8c:9e:79:e4:40:5a:78:e8:ff:94:93:96:73:2c:5d:c9:
        d2:5b:92:6b:97:9a:67:5c:1b:3b:c2:af:df:06:ec:e6:ef:f4:
        ef:40:50:d7:da:5a:5d:d0:19:4c:e1:d6:14:d0:79:e0:46:6f:
        dc:9e:c4:3f

85.128.128.104

Last Seen: 2024-05-14

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-362124906 | 2024-05-14T19:33:38.188647
80 / tcp

Apache httpd2

896182359 | 2024-05-14T19:14:55.858860
443 / tcp

Apache httpd2

Products

Pricing

Contact Us

85.128.128.104

Last Seen: 2024-05-14

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-362124906 | 2024-05-14T19:33:38.188647 80 / tcp

Apache httpd2

896182359 | 2024-05-14T19:14:55.858860 443 / tcp

Apache httpd2

Products

Pricing

Contact Us

-362124906 | 2024-05-14T19:33:38.188647
80 / tcp

896182359 | 2024-05-14T19:14:55.858860
443 / tcp