GeneralInformation

Hostnames	ec2-3-114-233-90.ap-northeast-1.compute.amazonaws.com repy.me
Domains	amazonaws.com repy.me
Cloud Provider	Amazon
Cloud Region	ap-northeast-1
Cloud Service	EC2
Country	Japan
City	Tokyo
Organization	Amazon Data Services Japan
ISP	Amazon.com, Inc.
ASN	AS16509

WebTechnologies

CDN

BootstrapCDN3.3.6

Google Hosted Libraries

cdnjs

jsDelivr

Cloudflare

jQuery CDN

JavaScript frameworks

Socket.io

JavaScript libraries

Swiper

Programming languages

Node.js

Rich text editors

TinyMCE

UI frameworks

Bootstrap3.3.6

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(1)

CVE-2024-6484

6.4A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

2023(1)

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

2021(2)

CVE-2021-23017

7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVE-2021-3618

7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

2020(2)

CVE-2020-11023

6.9In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-11022

6.9In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

2019(2)

CVE-2019-11358

6.1jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2019-8331

6.1In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

2018(4)

CVE-2018-20677

6.1In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

CVE-2018-20676

6.1In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

CVE-2018-14042

6.1In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

CVE-2018-14040

6.1In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

2016(1)

CVE-2016-10735

6.1In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

2015(1)

CVE-2015-9251

6.1jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

OpenPorts

80 443

80 / tcp

1584412971 | 2025-02-25T18:21:20.110018

Hashes

hash

-1209811128

http.dom_hash

1239617585

http.html_hash

1584412971

http.server_hash

-1786963686

http.title_hash

1522695184

301 Moved Permanently

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Date: Tue, 25 Feb 2025 18:21:19 GMT
Location: https://3.114.233.90/
Server: nginx/1.18.0
Content-Length: 169
Connection: keep-alive

Vulnerabilities

443 / tcp

-1715887154 | 2025-02-25T21:19:28.088748

Hashes

hash

-1183818029

http.dom_hash

-2117898678

http.favicon.hash

-1257005470

http.html_hash

-1715887154

http.server_hash

-1786963686

http.title_hash

2001198335

INST Messenger

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html
Date: Tue, 25 Feb 2025 21:19:27 GMT
ETag: "656400ae-18e8"
Last-Modified: Mon, 27 Nov 2023 02:36:30 GMT
Server: nginx/1.18.0
Content-Length: 6376
Connection: keep-alive

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:f0:61:44:2b:35:6a:af:e8:c8:13:e0:fd:09:dd:c9
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Amazon, CN=Amazon RSA 2048 M02
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2026 GMT
        Subject: CN=*.inst-inc.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:9f:06:46:9e:67:6c:fc:14:d3:b0:b9:48:52:28:
                    75:1e:7c:68:77:6c:7f:07:36:19:b9:c1:f3:b0:a0:
                    9a:5d:fc:9a:8b:f2:85:c5:79:61:c5:6e:5b:5c:7e:
                    93:19:cd:c5:ac:3e:94:d3:13:c6:5f:ed:fa:72:20:
                    de:f7:93:d1:d8:2d:58:01:d8:57:3d:b9:d6:9e:d1:
                    8f:7f:f9:bc:97:7e:e5:73:d5:e8:0f:c7:3d:ab:f3:
                    ef:7d:f2:a9:a3:c3:9d:a4:a5:46:53:05:b2:f6:ad:
                    5e:7b:05:db:1d:c6:25:33:20:e3:16:4f:d6:6f:c9:
                    73:66:4d:30:02:aa:2e:a4:e0:cd:65:fd:6b:86:35:
                    ad:11:65:ca:a9:32:42:b5:b5:b2:59:5f:21:eb:ad:
                    dc:47:bf:d9:c0:46:de:ab:04:44:6a:96:a6:d3:75:
                    8e:70:b2:b2:ab:56:92:5c:3d:7b:02:fc:b7:fc:ed:
                    92:59:64:2b:f5:cc:9e:00:cb:04:0a:2a:d8:6e:dd:
                    35:ea:a5:16:27:eb:7d:03:40:df:07:14:4a:80:74:
                    34:c3:fe:d5:7f:ae:e5:ab:28:54:dc:e6:64:bd:55:
                    3a:d2:86:ec:4b:a4:30:7a:09:62:6c:37:f8:36:f3:
                    e2:b0:a6:8a:13:1e:14:bc:5a:22:0d:c8:88:b4:38:
                    fb:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                C0:31:52:CD:5A:50:C3:82:7C:74:71:CE:CB:E9:9C:F9:7A:EB:82:E2
            X509v3 Subject Key Identifier: 
                2A:F3:8B:AA:D5:8A:76:30:A1:28:25:84:47:B1:31:6B:86:33:61:35
            X509v3 Subject Alternative Name: 
                DNS:*.inst-inc.com, DNS:repy.me
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.r2m02.amazontrust.com/r2m02.crl
            Authority Information Access: 
                OCSP - URI:http://ocsp.r2m02.amazontrust.com
                CA Issuers - URI:http://crt.r2m02.amazontrust.com/r2m02.cer
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:
                                DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21
                    Timestamp : Dec 31 00:47:29.771 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:B2:EE:A1:7C:DB:EE:BB:84:21:1E:92:
                                8C:38:F4:E1:71:EC:CD:FE:BF:36:A9:2D:77:A2:AF:FD:
                                23:86:B3:25:04:02:21:00:E0:A1:7B:DD:56:00:D3:C9:
                                17:18:97:AB:3F:18:8E:99:D3:44:56:E1:0C:DE:31:CB:
                                FB:25:0E:5E:66:F5:CD:5E
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
                                4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
                    Timestamp : Dec 31 00:47:29.801 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:FC:C9:BD:4D:86:2F:38:6D:4A:FB:55:
                                B4:AC:E2:62:89:29:BD:91:3F:04:07:4C:92:DE:FD:84:
                                95:64:F9:DE:67:02:20:3B:6C:39:04:B5:C5:83:F8:B0:
                                8C:D3:2C:6F:EE:FA:73:3D:9D:48:AD:7A:A3:C9:E8:DC:
                                49:62:4E:F1:A8:6D:3C
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:
                                5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3
                    Timestamp : Dec 31 00:47:29.823 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:DC:65:E9:90:31:CE:C7:7B:26:C3:D6:
                                6D:82:E5:73:18:CD:85:C5:3E:79:3D:02:45:BB:77:5C:
                                FF:2E:0D:CD:8C:02:20:35:BD:B1:4F:9F:5B:18:C8:6E:
                                52:4A:6F:BA:40:97:FB:23:6F:8E:1B:A6:57:09:46:0E:
                                63:9C:80:6E:92:E4:4B
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        5f:1f:d5:2d:76:38:e8:de:26:62:bd:d0:7b:71:4e:e6:82:6d:
        b7:1f:63:9d:3b:b2:fe:9d:c4:7f:cc:a1:bf:bc:fa:07:24:5f:
        f5:62:14:5c:d5:f7:86:36:5b:30:b7:10:bd:20:59:b7:ba:41:
        16:26:55:0e:44:6c:29:09:fd:60:f9:49:e0:2a:30:7b:60:da:
        f0:0e:03:09:c7:21:61:03:b4:87:f5:01:82:69:5f:5d:57:79:
        47:50:da:cd:1c:e2:53:ec:a0:2d:2d:d2:94:a5:b2:ea:fc:80:
        40:79:54:8b:a8:49:26:3d:65:59:47:5e:0c:6d:cf:e1:1b:a6:
        59:df:21:54:4d:ee:24:48:69:45:13:a5:f7:88:a5:09:5e:b9:
        7e:e6:a8:ba:a7:d3:72:6d:50:94:d4:4b:e4:b1:fd:8b:57:c2:
        16:82:13:9e:5a:ec:cd:d3:7d:5a:b6:81:64:40:19:de:a9:29:
        b2:0f:7b:6f:59:76:74:9a:7a:3f:9c:b2:9e:5b:9f:0c:94:18:
        42:de:b2:cb:5f:e1:4d:c6:e5:f9:38:6e:9e:f7:24:73:4f:28:
        19:57:a9:c1:2f:62:b7:ea:52:5d:a2:42:e1:24:fa:09:a7:ac:
        6b:d8:78:ce:53:22:b2:90:60:96:ed:a0:4d:f0:38:fc:9d:e1:
        76:9d:2e:b7

Vulnerabilities

3 11

3.114.233.90

Last Seen: 2025-02-25

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

80 / tcp

1584412971 | 2025-02-25T18:21:20.110018

Hashes

nginx1.18.0

443 / tcp

-1715887154 | 2025-02-25T21:19:28.088748

Hashes

nginx1.18.0

Products

Pricing

Contact Us

3.114.233.90

Last Seen: 2025-02-25

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

OpenPorts

80 / tcp 1584412971 | 2025-02-25T18:21:20.110018

Hashes

nginx1.18.0

443 / tcp -1715887154 | 2025-02-25T21:19:28.088748

Hashes

nginx1.18.0

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

1584412971 | 2025-02-25T18:21:20.110018

443 / tcp

-1715887154 | 2025-02-25T21:19:28.088748