GeneralInformation

Hostnames	epic.ecfmgepic.org
Domains	ecfmgepic.org
Country	United States
City	Philadelphia
Organization	ECFMG
ISP	Cogent Communications
ASN	AS174
Operating System	Windows

WebTechnologies

JavaScript frameworks

Stimulus

JavaScript graphics

spin.js

JavaScript libraries

jQuery1.11.0

UI frameworks

Bootstrap3.3.5

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(1)

CVE-2024-6484

6.4A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

2020(2)

CVE-2020-11023

6.9In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-11022

6.9In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

2019(2)

CVE-2019-11358

6.1jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2019-8331

6.1In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

2018(4)

CVE-2018-20677

6.1In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

CVE-2018-20676

6.1In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

CVE-2018-14042

6.1In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

CVE-2018-14040

6.1In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

2016(1)

CVE-2016-10735

6.1In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

2015(1)

CVE-2015-9251

6.1jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

2010(3)

CVE-2010-3972

10Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

CVE-2010-2730

9.3Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

CVE-2010-1899

4.3Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

OpenPorts

80 443

80 / tcp

1489525118 | 2025-04-10T16:09:13.350692

Hashes

hash

288506948

http.dom_hash

1386055181

http.html_hash

1489525118

http.server_hash

-761617706

http.title_hash

1009235027

Not Found

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 10 Apr 2025 16:09:12 GMT
Connection: close
Content-Length: 315

443 / tcp

-795969951 | 2025-04-13T00:05:39.868810

Hashes

hash

388167542

http.dom_hash

1269872356

http.favicon.hash

-470524501

http.html_hash

-795969951

http.robots_hash

-679569054

http.server_hash

-1390970405

http.title_hash

-1699023440

Electronic Portfolio of International Credentials (EPIC) - Physician Portal

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=garun1ddsihtubgwrb452cqu; path=/; secure; HttpOnly
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: EPICSessionInfo=; expires=Fri, 11-Apr-2025 04:00:00 GMT; path=/; secure; HttpOnly
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Date: Sun, 13 Apr 2025 00:05:39 GMT
Content-Length: 12351

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:93:15:91:75:f1:f3:db:b3:21:06:96:2c:58:ba:c5
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, CN=DigiCert EV RSA CA G2
        Validity
            Not Before: Feb 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2026 GMT
        Subject: jurisdictionC=US/jurisdictionST=Pennsylvania/businessCategory=Private Organization/serialNumber=601879, C=US, ST=Pennsylvania, L=Philadelphia, O=Intealth, CN=epic.ecfmgepic.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b9:8b:70:64:b9:05:86:fc:c7:3e:5a:22:f3:a1:
                    42:1b:d6:c1:93:c5:dc:0e:fe:19:a3:d6:a2:9a:e6:
                    17:f2:ac:d4:1e:ba:c9:7b:20:f0:cf:e5:72:95:ac:
                    5e:e1:f6:f0:b9:38:cb:75:f6:ed:4b:c2:36:27:7d:
                    e7:4b:97:91:c3:69:54:b3:ec:ac:89:58:08:1f:0e:
                    71:02:d2:d3:7a:34:1d:49:3b:24:15:0b:49:3e:15:
                    94:72:c9:99:af:c8:f0:c9:66:b9:1a:42:de:9f:25:
                    79:69:c6:21:0d:28:b8:17:ba:96:f6:e9:ac:0d:e7:
                    d7:cc:88:00:88:fb:28:81:41:30:3f:a1:d9:63:9e:
                    6e:89:51:ad:b3:be:1d:62:af:fe:2b:39:c3:dd:e8:
                    71:8c:4e:41:e2:b3:13:82:51:4a:d0:cf:94:67:16:
                    64:83:e6:19:03:2e:7c:60:38:6a:95:69:a0:20:ba:
                    66:39:3a:41:9d:66:03:af:db:73:a1:c9:de:10:0f:
                    28:2d:45:dc:6d:ae:ad:49:a2:1d:37:ba:58:bb:46:
                    7f:a0:cf:ee:55:70:3d:aa:85:d4:66:b0:fa:e9:b9:
                    3a:3d:6a:ab:4b:e5:a8:b9:7d:40:7f:b8:d4:84:84:
                    b2:4a:7a:26:fa:3f:93:6d:38:b4:03:80:e4:6d:63:
                    77:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                6A:4E:50:BF:98:68:9D:5B:7B:20:75:D4:59:01:79:48:66:92:32:06
            X509v3 Subject Key Identifier: 
                79:1D:E7:4A:E6:15:12:47:56:B5:D2:5D:C9:77:FE:C4:AC:60:02:E8
            X509v3 Subject Alternative Name: 
                DNS:epic.ecfmgepic.org
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.114412.2.1
                Policy: 2.23.140.1.1
                  CPS: http://www.digicert.com/CPS
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl3.digicert.com/DigiCertEVRSACAG2.crl
                Full Name:
                  URI:http://crl4.digicert.com/DigiCertEVRSACAG2.crl
            Authority Information Access: 
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertEVRSACAG2.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:
                                DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21
                    Timestamp : Feb 28 16:29:07.718 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:4C:9C:8E:2B:54:48:10:99:F8:D5:10:E3:
                                71:CC:AF:32:B9:C9:4D:17:43:72:53:B1:73:80:EC:F6:
                                6D:15:EB:4A:02:21:00:98:74:49:A9:19:0F:AF:FB:C9:
                                0E:AB:65:4D:82:70:C2:1F:27:CF:D1:42:E5:9E:1C:BA:
                                4F:12:D9:11:9F:89:AA
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
                                4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
                    Timestamp : Feb 28 16:29:07.782 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:C6:7F:9A:25:50:AF:F9:E7:2B:1B:1F:
                                D6:F8:99:2E:6F:BB:59:50:68:D0:82:B5:85:28:87:2C:
                                41:BD:F7:05:A8:02:21:00:EF:BC:F5:B3:30:08:4F:9F:
                                3F:F7:9E:22:B3:D2:57:3A:90:20:E9:48:60:EF:BA:E0:
                                45:70:63:3E:C5:39:82:F3
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:
                                5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3
                    Timestamp : Feb 28 16:29:07.800 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:33:B3:D8:58:F6:6F:79:42:EA:97:8C:94:
                                E7:9D:77:17:60:17:CC:E6:7F:5C:98:DB:2C:49:4C:1E:
                                93:EA:96:19:02:21:00:BF:9B:A6:08:2F:2A:EB:7A:1B:
                                5E:7A:63:98:92:53:34:17:3D:4D:19:43:39:D2:EF:D2:
                                13:1D:32:C7:8C:C7:F3
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        49:44:5d:65:81:45:bb:f2:a2:94:d3:f4:8e:4a:16:53:c4:ca:
        d4:3b:53:ca:db:ce:11:6f:1d:09:14:41:67:8e:c2:9d:84:da:
        22:7d:0b:3f:77:c9:08:2d:89:1b:cb:c9:03:f4:e6:9f:b0:4c:
        04:1a:33:e9:3a:f5:00:04:9c:ea:e1:09:e5:ad:22:3b:6b:c6:
        98:63:9a:7c:d0:89:4d:5d:23:32:7e:3c:b3:e5:0d:d4:5f:45:
        34:48:fe:4f:1e:ea:50:2c:53:0b:ac:4c:e0:95:d8:1f:d4:80:
        83:a2:2b:9f:a9:b0:a8:f7:bc:76:04:41:c8:66:74:fe:3a:32:
        5d:3f:5d:8c:d6:36:53:83:ee:7a:d7:fa:be:cb:29:ac:68:4d:
        6c:a7:c8:47:39:21:9d:3f:c7:e8:96:b2:e5:ca:40:ce:f1:3a:
        59:0a:99:be:c1:61:5d:32:0e:f3:b7:59:1b:f8:6c:e4:4a:8f:
        df:18:18:45:ae:d7:65:d1:2b:6e:37:58:9b:d6:13:4f:f8:45:
        3c:d3:34:20:21:c5:46:b8:15:f6:76:bf:99:b6:04:7a:94:41:
        44:8e:67:33:13:4a:28:1e:5b:85:2b:0b:f1:66:7e:8c:aa:20:
        8e:f2:f1:e4:e9:86:26:79:ea:1b:5f:f7:71:09:fe:94:8c:fb:
        bd:7b:b6:cc

Vulnerabilities

38.98.200.23

Last Seen: 2025-04-13

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

80 / tcp

1489525118 | 2025-04-10T16:09:13.350692

Hashes

Microsoft HTTPAPI httpd2.0

443 / tcp

-795969951 | 2025-04-13T00:05:39.868810

Hashes

Microsoft IIS httpd7.5

Products

Pricing

Contact Us

38.98.200.23

Last Seen: 2025-04-13

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 443 Latest CVSS

OpenPorts

80 / tcp 1489525118 | 2025-04-10T16:09:13.350692

Hashes

Microsoft HTTPAPI httpd2.0

443 / tcp -795969951 | 2025-04-13T00:05:39.868810

Hashes

Microsoft IIS httpd7.5

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

1489525118 | 2025-04-10T16:09:13.350692

443 / tcp

-795969951 | 2025-04-13T00:05:39.868810