GeneralInformation

Hostnames	botann.com
Domains	botann.com
Country	China
City	Hangzhou
Organization	Aliyun Computing Co., LTD
ISP	Hangzhou Alibaba Advertising Co.,Ltd.
ASN	AS37963

WebTechnologies

JavaScript libraries

jQuery1.11.3

Swiper

UI frameworks

Bootstrap3.3.5

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(1)

CVE-2024-6484

6.4A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

2023(1)

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

2020(2)

CVE-2020-11023

6.9In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-11022

6.9In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

2019(2)

CVE-2019-11358

6.1jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2019-8331

6.1In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

2018(4)

CVE-2018-20677

6.1In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

CVE-2018-20676

6.1In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

CVE-2018-14042

6.1In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

CVE-2018-14040

6.1In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

2016(1)

CVE-2016-10735

6.1In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

2015(1)

CVE-2015-9251

6.1jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

OpenPorts

21 80 443 8081

21 / tcp

-735099399 | 2025-03-11T18:07:44.828595

220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 2000 allowed.
220-Local time is now 02:07. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
530 Login authentication failed
214-The following SITE commands are recognized
 ALIAS
 CHMOD
 IDLE
 UTIME
214 Pure-FTPd - http://pureftpd.org/
211-Extensions supported:
 EPRT
 IDLE
 MDTM
 SIZE
 MFMT
 REST STREAM
 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
 MLSD
 AUTH TLS
 PBSZ
 PROT
 UTF8
 ESTA
 PASV
 EPSV
 SPSV
211 End.

80 / tcp

1376871135 | 2025-03-19T09:42:06.238135

Hashes

hash

1042714999

http.dom_hash

1239617585

http.html_hash

1376871135

http.server_hash

83761444

http.title_hash

1522695184

301 Moved Permanently

HTTP/1.1 301 Moved Permanently
Server: nginx/1.21.4
Date: Wed, 19 Mar 2025 09:42:05 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://218.244.137.33/

Vulnerabilities

443 / tcp

-667577742 | 2025-03-19T12:12:04.069135

Hashes

hash

-237441322

http.dom_hash

-1482766739

http.favicon.hash

62417358

http.html_hash

-667577742

http.server_hash

83761444

换电站-分箱换电-换电电动汽车实践者-杭州伯坦科技工程有限公司

HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Wed, 19 Mar 2025 12:12:02 GMT
Content-Type: text/html
Content-Length: 14234
Last-Modified: Mon, 20 Jun 2022 13:22:05 GMT
Connection: keep-alive
ETag: "62b0747d-379a"
Accept-Ranges: bytes

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:2a:42:ad:6c:3b:17:4d:62:dd:5e:aa:e9:76:2a:6f:5d:09
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=Let's Encrypt, CN=E5
        Validity
            Not Before: Feb  3 15:52:30 2025 GMT
            Not After : May  4 15:52:29 2025 GMT
        Subject: CN=botann.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:05:8f:48:48:df:09:b0:81:3d:b4:f7:83:86:9d:
                    77:bd:2b:ea:c4:f2:ad:b8:59:5d:a8:84:7a:a9:05:
                    ce:59:b9:57:af:c5:d0:01:6d:34:01:6b:d3:45:17:
                    75:1c:ba:25:af:cf:e0:74:61:2b:25:7e:b6:c6:30:
                    54:1e:de:1c:98
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                7A:45:F8:E9:63:EB:60:EB:65:05:B2:DE:53:54:9A:58:88:65:DD:5C
            X509v3 Authority Key Identifier: 
                9F:2B:5F:CF:3C:21:4F:9D:04:B7:ED:2B:2C:C4:C6:70:8B:D2:D7:0D
            Authority Information Access: 
                OCSP - URI:http://e5.o.lencr.org
                CA Issuers - URI:http://e5.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:*.botann.com, DNS:botann.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
                                87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
                    Timestamp : Feb  3 16:51:00.775 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:02:B0:60:AE:5E:7D:35:1B:23:2E:55:C1:
                                83:A6:E5:33:90:81:86:9D:F2:36:A1:80:43:21:9C:73:
                                FF:D6:1E:38:02:20:26:45:88:A7:77:C9:0A:F7:14:E2:
                                DA:EB:CE:4B:B6:E3:83:AE:CA:19:84:F8:D1:4C:C7:CF:
                                3D:CC:2C:B2:00:6D
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 13:4A:DF:1A:B5:98:42:09:78:0C:6F:EF:4C:7A:91:A4:
                                16:B7:23:49:CE:58:57:6A:DF:AE:DA:A7:C2:AB:E0:22
                    Timestamp : Feb  3 16:51:00.958 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:47:32:B3:48:CC:A4:55:EC:A7:F2:90:2F:
                                32:D7:92:78:8B:E5:55:2D:B5:19:88:07:86:7B:4F:5F:
                                4B:8F:6B:8B:02:20:6E:AF:20:2C:DA:BD:9E:CC:9A:F4:
                                3C:4E:F4:12:70:DA:7F:D4:02:C8:5C:4D:52:28:EE:71:
                                DD:19:5D:14:D0:BB
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:66:02:31:00:e9:45:2e:f0:98:b7:30:2f:fe:b2:a0:fc:ae:
        fe:4d:b8:ab:77:f6:00:7d:f1:ee:dd:f5:df:b8:f4:e6:cc:7c:
        e8:7d:5b:9f:ef:ea:3d:e4:a9:26:c4:dd:90:f8:0e:61:ae:02:
        31:00:e0:ac:53:91:42:56:e9:45:a8:92:9e:95:9c:62:83:b7:
        f8:8b:13:ea:0b:78:d8:2d:82:02:f2:bc:c3:96:0e:79:02:ca:
        3a:f9:51:ef:c6:86:ad:88:73:c6:9f:75:27:fe

Vulnerabilities

1 11

8081 / tcp

1451142757 | 2025-03-10T11:46:19.071789

HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=1A08DE6146FF4065278D3C90ADE6242E; Path=/; HttpOnly
Location: http://218.244.137.33/login
Content-Length: 0
Date: Mon, 10 Mar 2025 11:46:18 GMT

218.244.137.33

Last Seen: 2025-03-19

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

21 / tcp

-735099399 | 2025-03-11T18:07:44.828595

Pure-FTPd

80 / tcp

1376871135 | 2025-03-19T09:42:06.238135

Hashes

nginx1.21.4

443 / tcp

-667577742 | 2025-03-19T12:12:04.069135

Hashes

nginx1.21.4

8081 / tcp

1451142757 | 2025-03-10T11:46:19.071789

Apache Tomcat/Coyote JSP engine1.1

Products

Pricing

Contact Us

218.244.137.33

Last Seen: 2025-03-19

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

OpenPorts

21 / tcp -735099399 | 2025-03-11T18:07:44.828595

Pure-FTPd

80 / tcp 1376871135 | 2025-03-19T09:42:06.238135

Hashes

nginx1.21.4

443 / tcp -667577742 | 2025-03-19T12:12:04.069135

Hashes

nginx1.21.4

8081 / tcp 1451142757 | 2025-03-10T11:46:19.071789

Apache Tomcat/Coyote JSP engine1.1

Products

Pricing

Contact Us

Vulnerabilities

21 / tcp

-735099399 | 2025-03-11T18:07:44.828595

80 / tcp

1376871135 | 2025-03-19T09:42:06.238135

443 / tcp

-667577742 | 2025-03-19T12:12:04.069135

8081 / tcp

1451142757 | 2025-03-10T11:46:19.071789