GeneralInformation

Hostnames	139-162-135-184.ip.linodeusercontent.com cpanel.v-linc.com
Domains	linodeusercontent.com v-linc.com
Cloud Provider	Linode
Cloud Region	de-he
Country	Germany
City	Frankfurt am Main
Organization	139.162.0.0/16
ISP	Akamai Connected Cloud
ASN	AS63949
Operating System	Ubuntu

WebTechnologies

CDN

BootstrapCDN3.4.1

Google Hosted Libraries

Cloudflare

cdnjs

JavaScript frameworks

AngularJS1.5.3

JavaScript libraries

jQuery3.6.3

DataTables

UI frameworks

Bootstrap3.4.1

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(6)

CVE-2024-21490

7.5This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).

CVE-2024-8373

4.8Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

CVE-2024-8372

4.8Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

CVE-2024-8184

5.9There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

CVE-2024-6763

3.7Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.

CVE-2024-6484

6.4A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

2023(1)

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

2021(2)

CVE-2021-23017

7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVE-2021-3618

7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

2020(1)

CVE-2020-7676

5.4angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.

2019(1)

CVE-2019-10768

7.5In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.

OpenPorts

22 80 443 8075 8080

22 / tcp

-754317736 | 2025-03-19T11:30:29.105442

SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.11
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGGesHsmbGvh0cHsXO0tPKnR
QXqozHLOeOEpagcgv1A9WZQ2l2WNCepXyDz5x95qvVEMyvVlmd1aeyge8We7+dQ=
Fingerprint: 0a:8a:1e:77:56:b6:1a:90:01:e1:ea:92:d2:a5:43:da

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	sntrup761x25519-sha512@openssh.com
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

80 / tcp

296718681 | 2025-03-28T17:31:12.975908

Hashes

hash

1986013539

http.dom_hash

-1722071003

http.html_hash

296718681

http.server_hash

967792298

http.title_hash

1323730868

V-Linc

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 28 Mar 2025 17:31:12 GMT
Content-Type: text/html
Content-Length: 734
Last-Modified: Thu, 05 Sep 2024 09:14:13 GMT
Connection: keep-alive
ETag: "66d97665-2de"
Accept-Ranges: bytes

Vulnerabilities

3 1

443 / tcp

881482655 | 2025-03-28T17:34:08.274983

Hashes

hash

-1080014882

http.dom_hash

410492989

http.favicon.hash

-1082207076

http.html_hash

881482655

http.server_hash

967792298

http.title_hash

1948085084

V-LINC CMS

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 28 Mar 2025 17:34:08 GMT
Content-Type: text/html
Content-Length: 5195
Last-Modified: Thu, 05 Sep 2024 14:11:25 GMT
Connection: keep-alive
ETag: "66d9bc0d-144b"
Accept-Ranges: bytes

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:96:67:5d:e0:85:e8:52:bb:4f:25:b2:1b:ad:c4:21:81:e4
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=Let's Encrypt, CN=E6
        Validity
            Not Before: Mar  4 19:21:23 2025 GMT
            Not After : Jun  2 19:21:22 2025 GMT
        Subject: CN=cpanel.v-linc.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:14:e7:3b:0b:2c:12:30:7d:9e:e7:38:7d:76:7c:
                    0d:8d:e0:e9:8d:3a:32:6a:f7:99:8c:55:df:41:46:
                    8e:de:9d:c7:45:97:81:6d:fd:5c:00:82:a0:e7:4b:
                    59:ba:3b:5b:d0:49:19:2e:ae:f6:ef:cd:e8:91:48:
                    c9:aa:31:fb:cd
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                87:9E:B1:F4:EE:4A:F7:F5:EB:DD:E5:88:64:1B:75:74:44:19:49:DC
            X509v3 Authority Key Identifier: 
                93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2
            Authority Information Access: 
                OCSP - URI:http://e6.o.lencr.org
                CA Issuers - URI:http://e6.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:cpanel.v-linc.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
                                D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
                    Timestamp : Mar  4 20:19:53.406 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:99:09:7B:88:7C:FB:B3:F3:91:1D:18:
                                82:5E:DE:27:B2:9F:22:9A:9A:BC:95:47:E6:B0:53:40:
                                C1:2E:7D:0D:90:02:21:00:D2:AA:6B:76:92:8E:F1:86:
                                C0:0F:08:A2:14:D1:B6:FD:36:E7:5B:40:E1:B4:D3:36:
                                E2:7E:27:F2:39:A8:03:AC
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
                                1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
                    Timestamp : Mar  4 20:19:53.396 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:AB:19:A0:9E:D6:CB:C6:7F:BD:78:2E:
                                F0:8B:E6:55:1E:59:1A:8E:09:5E:2E:4E:C0:A3:87:70:
                                C3:2A:37:8B:3A:02:20:6C:D2:95:47:C1:52:8B:3D:38:
                                A2:69:73:06:5F:AE:4A:DD:89:4B:AD:C6:58:BA:7E:AA:
                                22:8A:E5:EC:05:54:9E
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:65:02:31:00:fc:49:f8:f7:3f:46:55:ea:6d:ae:14:cf:9a:
        50:1c:c3:8b:63:88:18:1d:84:14:bf:e8:b0:b6:bd:98:82:29:
        87:3b:4d:bd:19:30:28:01:80:b7:a7:df:86:95:2c:e5:7d:02:
        30:03:de:ec:af:e9:6f:b9:51:0f:30:6a:e9:c1:c6:4a:8a:6e:
        1c:7e:4d:07:c4:7f:ab:ee:50:5d:11:50:f7:4c:9e:48:dd:67:
        ad:1a:d9:c1:f2:8e:30:ae:67:54:e4:b9:fa

Vulnerabilities

5 3

8075 / tcp

1410504108 | 2025-03-19T22:58:49.889886

Hashes

hash

-554261791

http.dom_hash

-2006505642

http.html_hash

1410504108

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
Content-Length: 29
ETag: W/"1d-Bd5fx8O3kTZcZlgxXnv8jm/ZaYk"
Date: Wed, 19 Mar 2025 22:58:39 GMT
Connection: keep-alive
Keep-Alive: timeout=5

8080 / tcp

1172415183 | 2025-03-26T21:22:42.559239

Hashes

hash

726685768

http.dom_hash

1844292774

http.favicon.hash

81586312

http.html_hash

1172415183

http.server_hash

-957717146

HTTP/1.1 403 Forbidden
Date: Wed, 26 Mar 2025 21:22:42 GMT
X-Content-Type-Options: nosniff
Set-Cookie: JSESSIONID.31372206=node0yzfnnwvq9cw110txqkhcfar0439433.node0; Path=/; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=utf-8
X-Hudson: 1.395
X-Jenkins: 2.462.2
X-Jenkins-Session: 1492be40
Content-Length: 589
Server: Jetty(10.0.20)

Vulnerabilities

1 1

139.162.135.184

Last Seen: 2025-03-28

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

22 / tcp

-754317736 | 2025-03-19T11:30:29.105442

OpenSSH8.9p1 Ubuntu 3ubuntu0.11

80 / tcp

296718681 | 2025-03-28T17:31:12.975908

Hashes

nginx1.18.0

443 / tcp

881482655 | 2025-03-28T17:34:08.274983

Hashes

nginx1.18.0

8075 / tcp

1410504108 | 2025-03-19T22:58:49.889886

Hashes

8080 / tcp

1172415183 | 2025-03-26T21:22:42.559239

Hashes

Jenkins2.462.2

Products

Pricing

Contact Us

139.162.135.184

Last Seen: 2025-03-28

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 80 Port 443 Port 8080 Latest CVSS

OpenPorts

22 / tcp -754317736 | 2025-03-19T11:30:29.105442

OpenSSH8.9p1 Ubuntu 3ubuntu0.11

80 / tcp 296718681 | 2025-03-28T17:31:12.975908

Hashes

nginx1.18.0

443 / tcp 881482655 | 2025-03-28T17:34:08.274983

Hashes

nginx1.18.0

8075 / tcp 1410504108 | 2025-03-19T22:58:49.889886

Hashes

8080 / tcp 1172415183 | 2025-03-26T21:22:42.559239

Hashes

Jenkins2.462.2

Products

Pricing

Contact Us

Vulnerabilities

22 / tcp

-754317736 | 2025-03-19T11:30:29.105442

80 / tcp

296718681 | 2025-03-28T17:31:12.975908

443 / tcp

881482655 | 2025-03-28T17:34:08.274983

8075 / tcp

1410504108 | 2025-03-19T22:58:49.889886

8080 / tcp

1172415183 | 2025-03-26T21:22:42.559239