GeneralInformation

Hostnames	95-130-253-13.reverse.cust.as47215.net tdv-immobilien.de www.tdv-immobilien.de tdvimmobilien.de www.tdvimmobilien.de
Domains	as47215.net tdv-immobilien.de tdvimmobilien.de
Country	Germany
City	Frankfurt am Main
Organization	OnOffice Software AG
ISP	dogado GmbH
ASN	AS47215

WebTechnologies

CDN

JavaScript libraries

Maps

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-7656	4.3jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2012-6708	4.3jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

OpenPorts

80 443

-1982240759 | 2024-04-28T18:14:17.474382

80 / tcp

HTTP/1.1 200 OK
Date: Sun, 28 Apr 2024 18:14:15 GMT
Server: Apache
Last-Modified: Fri, 19 Apr 2019 07:37:36 GMT
ETag: "6a-586dd3152d30f"
Accept-Ranges: bytes
Content-Length: 106
Vary: Accept-Encoding
Content-Type: text/html

-1956472533 | 2024-04-29T01:29:43.953461

443 / tcp

HTTP/1.1 200 OK
Date: Mon, 29 Apr 2024 01:29:43 GMT
Server: Apache
Set-Cookie: PROFICMS_SESSION_02bcd2e920f82aa209ce70cbbb2d64604bf8052d=81d969ab89a821092b2bfd8d9de9987f; path=/; domain=www.tdv-immobilien.de; SameSite=None; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:29:9c:c4:68:c3:fa:3e:f4:28:01:fc:c9:d3:70:ab:aa:21
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Apr 16 20:24:36 2024 GMT
            Not After : Jul 15 20:24:35 2024 GMT
        Subject: CN=tdv-immobilien.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ea:eb:56:ba:98:4d:7e:ca:82:15:43:90:25:af:
                    43:36:dc:13:94:d7:d2:16:fa:2e:fe:21:be:c3:1d:
                    dc:a2:5c:cd:f6:c8:29:4f:45:ac:28:0d:44:7f:f3:
                    a9:82:a1:7b:f6:5b:66:73:56:ac:a5:7b:e6:38:00:
                    33:5c:32:5d:fb:8e:cb:23:a0:60:7d:6f:b0:f3:ae:
                    36:89:a2:30:7a:c2:36:ff:3a:f8:22:91:3b:0c:9a:
                    63:d4:e8:16:2a:d8:ef:25:89:1c:a5:3a:2d:e7:89:
                    0a:66:85:aa:e6:d5:89:2c:66:79:8b:85:a4:8c:2d:
                    5a:46:55:af:05:9a:fc:f5:bf:4b:e6:2f:49:e1:35:
                    62:6b:00:2f:44:01:7f:78:5e:1d:01:97:73:e1:9f:
                    4f:85:bf:02:97:5b:74:ed:1e:ca:57:55:3b:78:45:
                    3d:5b:cd:70:13:3e:66:35:c9:93:f0:79:4e:8e:2c:
                    d5:ae:a0:11:eb:1b:4c:11:4e:aa:1d:00:77:e2:cf:
                    21:43:89:b4:1f:e8:5a:fe:02:12:47:e0:f8:33:a7:
                    99:4b:4e:19:8c:43:e8:7b:fc:1d:23:88:0f:58:ac:
                    a1:24:ba:33:a3:22:0a:10:35:71:43:c3:b8:30:d7:
                    72:cb:50:1d:56:9c:e3:38:6f:48:25:be:01:27:86:
                    21:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                64:34:DE:BB:83:5A:36:0F:6F:00:D9:F0:90:DD:5B:79:84:17:71:65
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:tdv-immobilien.de, DNS:tdvimmobilien.de, DNS:www.tdv-immobilien.de, DNS:www.tdvimmobilien.de
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Apr 16 21:24:36.874 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:D7:AD:EB:F8:F8:FC:02:BF:40:E7:6D:
                                BB:C5:74:60:16:1C:40:D1:C5:C0:6A:FE:5C:1B:50:9C:
                                9C:53:8B:33:47:02:21:00:F0:D4:6F:43:A4:AC:2B:77:
                                E9:6D:03:07:F1:30:3C:22:81:38:B8:0A:0F:9D:25:72:
                                9E:67:C1:36:63:7C:B8:B0
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Apr 16 21:24:36.872 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:59:8B:D1:CE:BC:A9:4B:8B:15:09:13:55:
                                41:33:F0:C6:71:B2:07:9B:18:42:C7:BA:57:1A:16:B1:
                                60:C1:C1:7F:02:21:00:D4:A6:16:81:9F:F0:45:9F:A8:
                                F6:1F:DF:EA:29:01:CF:48:0A:66:0C:B5:80:2D:F4:53:
                                F6:BC:17:E7:DA:1C:19
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        97:d8:b8:9e:98:2c:c6:97:cd:45:58:62:68:26:b3:b8:97:af:
        e5:39:a1:8c:93:62:c3:c6:34:29:27:14:64:d8:1b:12:42:4f:
        32:86:fe:88:85:e2:fc:b1:e9:68:dd:fa:17:81:53:1c:02:7a:
        89:93:00:cd:e9:45:9e:2e:cb:df:5d:47:ee:e1:5f:99:4a:b2:
        80:e2:22:53:34:24:a8:41:4b:b4:dc:c2:6f:d0:7f:4d:1b:23:
        7c:0e:a7:18:bc:4e:8a:ba:61:bd:b7:2b:89:97:77:87:2e:59:
        0d:13:b4:50:11:f8:99:7e:a5:ce:a6:d9:2d:aa:57:46:c0:0f:
        a6:24:0f:28:7f:78:b0:fb:f4:88:f5:37:13:63:d9:22:32:b8:
        14:c1:96:e0:26:31:62:4f:68:ee:77:bf:5b:d0:7f:c6:7a:59:
        d0:25:39:c9:f2:6c:32:f3:dd:4e:87:1f:cd:99:39:33:e8:7c:
        78:cd:b6:ac:4d:17:3a:cd:6b:48:b6:3b:f6:9b:96:7c:84:ce:
        cf:80:b9:0b:dd:56:66:c8:c6:87:51:a8:90:1c:fe:95:ab:02:
        b4:3a:fb:7f:53:54:09:fd:84:21:da:f8:df:86:12:ca:26:24:
        52:b6:2b:92:8f:ae:e5:cb:9e:08:0d:45:7e:6e:36:ac:f2:59:
        a3:38:f9:8f

95.130.253.13

Last Seen: 2024-04-29

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-1982240759 | 2024-04-28T18:14:17.474382
80 / tcp

Apache httpd

-1956472533 | 2024-04-29T01:29:43.953461
443 / tcp

Apache httpd

Products

Pricing

Contact Us

95.130.253.13

Last Seen: 2024-04-29

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-1982240759 | 2024-04-28T18:14:17.474382 80 / tcp

Apache httpd

-1956472533 | 2024-04-29T01:29:43.953461 443 / tcp

Apache httpd

Products

Pricing

Contact Us

-1982240759 | 2024-04-28T18:14:17.474382
80 / tcp

-1956472533 | 2024-04-29T01:29:43.953461
443 / tcp