GeneralInformation

Hostnames	ec2-3-109-92-207.ap-south-1.compute.amazonaws.com ondc-magento.stagingshop.com
Domains	amazonaws.com stagingshop.com
Cloud Provider	Amazon
Cloud Region	ap-south-1
Cloud Service	EC2
Country	India
City	Mumbai
Organization	Amazon Data Services India
ISP	Amazon.com, Inc.
ASN	AS16509

WebTechnologies

JavaScript frameworks

JavaScript libraries

UI frameworks

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

OpenPorts

22 80 443 5000

-1052869111 | 2024-07-04T11:06:47.134571

22 / tcp

SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQC8rY2n+NaUry6w9ZOGBrYIvKIYwaFCIQEhaxuM/1PLsy5g
eaUoHzPUTD/2JVTH8jppufttbACpfeMuywb++G/QVFcgSvq4snLqAB6NizLGO6lk4E48lHXU5oS4
kSXTGy5r7yAA0bb4HyA7Ls888w68UmpouUxQ9mLS78zqUojXVyLjCk2m433641vMfo07WSFniHHf
DG2MmXMOPdeCRo8AZFGI+OM3J7abUTfOG6ZnMT5W9JOoVBdJw6awrQbdUeXnOhqWjVwYmvUkZXLl
yLfzFwUB6SSSye5bHdlINhV88C9KdmFtmJauEmaPstN6n1xKBSytidItBW7WcUKZ5QMF
Fingerprint: 40:3b:d2:3c:be:32:25:72:ec:4a:15:a9:6a:0e:a9:1f

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	diffie-hellman-group14-sha1

Server Host Key Algorithms:
	ssh-rsa
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

-1611589084 | 2024-07-09T03:59:00.851818

80 / tcp

301 Moved Permanently

HTTP/1.1 301 Moved Permanently
Date: Tue, 09 Jul 2024 03:56:55 GMT
Server: Apache/2.4.29 (Ubuntu)
Location: https://ondc-magento.stagingshop.com/
Content-Length: 339
Content-Type: text/html; charset=iso-8859-1

CVE-2022-31813 CVE-2022-23943 CVE-2022-22720 CVE-2021-44790 CVE-2021-39275 64 moreCVE-2021-26691 CVE-2019-9517 CVE-2019-0211 CVE-2013-4365 CVE-2011-2688 CVE-2007-4723 CVE-2022-30556 CVE-2022-29404 CVE-2022-28615 CVE-2022-28614 CVE-2022-28330 CVE-2022-26377 CVE-2022-22721 CVE-2022-22719 CVE-2021-44224 CVE-2021-40438 CVE-2021-34798 CVE-2021-33193 CVE-2021-32792 CVE-2021-32791 CVE-2021-32786 CVE-2021-32785 CVE-2021-26690 CVE-2020-35452 CVE-2020-11993 CVE-2020-9490 CVE-2020-1934 CVE-2020-1927 CVE-2019-17567 CVE-2019-10098 CVE-2019-10092 CVE-2019-10082 CVE-2019-10081 CVE-2019-0220 CVE-2019-0217 CVE-2019-0196 CVE-2018-17199 CVE-2018-17189 CVE-2018-11763 CVE-2018-1333 CVE-2018-1312 CVE-2018-1303 CVE-2018-1302 CVE-2018-1301 CVE-2017-15715 CVE-2017-15710 CVE-2013-2765 CVE-2013-0942 CVE-2012-4360 CVE-2012-4001 CVE-2012-3526 CVE-2011-1176 CVE-2009-2299 CVE-2024-27316 CVE-2023-45802 CVE-2023-31122 CVE-2023-25690 CVE-2022-37436 CVE-2022-36760 CVE-2020-13938 CVE-2018-1283 CVE-2013-0941 CVE-2009-0796 CVE-2006-20001

1721162197 | 2024-07-09T03:59:05.401539

443 / tcp

Old Login Page

HTTP/1.1 200 OK
Date: Tue, 09 Jul 2024 03:56:59 GMT
Server: Apache/2.4.29 (Ubuntu)
Set-Cookie: PHPSESSID=sfjkhkhjpmr47ut9nca9jed5fc; expires=Tue, 16-Jul-2024 03:56:59 GMT; Max-Age=604800; path=/; domain=ondc-magento.stagingshop.com; HttpOnly
Expires: Sun, 09 Jul 2023 03:56:59 GMT
Cache-Control: max-age=0, must-revalidate, no-cache, no-store
Pragma: no-cache
Set-Cookie: X-Magento-Vary=9e3ffb41bfb757d6150aefc5bc0625289145ee73; expires=Tue, 16-Jul-2024 03:56:59 GMT; Max-Age=604800; path=/; secure; HttpOnly
X-Magento-Cache-Control: max-age=0, must-revalidate, no-cache, no-store
X-Magento-Cache-Debug: MISS
X-Magento-Tags: FPC
Content-Security-Policy: font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com https://cdnjs.cloudflare.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net desk.zoho.in *.cashfree.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com sandbox.cashfree.com *.setu.co https://setu-enzo-prod-receipts.s3.ap-south-1.amazonaws.com *.youtube.com *.vimeo.com *.amazon-adsystem.com api.cashfree.com api.razorpay.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com cashfreelogo.cashfree.com *.media-amazon.com *.flixcart.com *.nykaa.com img.zohostatic.in *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com data: https://s.ytimg.com cdn.razorpay.com *.gyftr.com https://www.magezon.com https://cdn.klarna.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com sdk.cashfree.com *.hotjar.com *.clarity.ms js.zohostatic.in *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com *.googleapis.com graph.facebook.com widgets.pinterest.com 'self' data: checkout.razorpay.com *.avada.io *.moatads.com *.facebook.com *.pinterest.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com https://cdnjs.cloudflare.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.hotjar.com *.clarity.ms *.cloudflare.com *.twitter.com *.paypal.com *.google-analytics.com 'self' data: lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://get.geojs.io *.avada.io *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
X-UA-Compatible: IE=edge
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:9f:2e:3c:d7:32:3c:08:89:c8:12:e6:de:0d:a3:f4:de:90
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=Let's Encrypt, CN=E5
        Validity
            Not Before: Jun 10 18:31:55 2024 GMT
            Not After : Sep  8 18:31:54 2024 GMT
        Subject: CN=ondc-magento.stagingshop.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:92:63:5b:9c:c2:f5:cb:1e:3e:34:75:1f:a1:8f:
                    b1:56:89:3b:1e:f8:c7:a1:02:48:52:db:8e:f6:d0:
                    e5:ee:a6:8d:b1:77:ef:08:3a:e6:7c:bf:5c:04:9e:
                    7a:cd:8c:cd:3e:3b:96:9c:49:b8:ac:7e:45:11:46:
                    b6:0e:88:47:66
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                01:01:41:DD:83:8A:A2:7E:F9:87:46:CF:5A:5B:64:99:CD:96:CA:BE
            X509v3 Authority Key Identifier: 
                9F:2B:5F:CF:3C:21:4F:9D:04:B7:ED:2B:2C:C4:C6:70:8B:D2:D7:0D
            Authority Information Access: 
                OCSP - URI:http://e5.o.lencr.org
                CA Issuers - URI:http://e5.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:ondc-magento.stagingshop.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Jun 10 19:31:55.527 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:DD:F0:03:E7:F7:A5:FD:BF:1B:2D:16:
                                92:0C:8B:1C:57:29:82:38:DA:36:90:C0:DA:13:88:C7:
                                EE:35:FF:78:8F:02:21:00:8E:9A:1B:8B:65:FC:95:06:
                                2E:3A:F2:52:5D:70:AD:D4:4A:4B:29:1B:E2:B3:15:76:
                                68:DC:EC:9E:AE:E3:10:32
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Jun 10 19:31:55.531 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:03:D9:9B:EC:59:59:89:3C:29:9F:8A:BB:
                                4C:51:7F:58:26:60:58:C9:67:17:CD:BD:63:0E:F4:78:
                                BA:95:95:23:02:21:00:9A:69:87:11:2C:68:87:75:4C:
                                01:DC:97:D1:16:18:3F:09:FA:DA:46:43:37:92:03:DD:
                                6D:DC:89:62:50:E8:28
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:65:02:31:00:81:ed:23:b0:2a:b5:bc:70:64:37:c0:8e:46:
        55:03:3c:2e:ea:bc:41:18:34:3a:70:59:5a:eb:fe:9b:b1:7a:
        c8:44:d1:75:79:81:d3:12:90:2d:19:52:ec:72:a4:ea:d9:02:
        30:1d:8f:91:b7:a5:53:d4:2f:a4:ee:8e:b2:d6:e5:bb:b0:13:
        01:05:f9:08:3e:e0:5a:ea:54:f3:cd:20:f7:f1:d0:d8:e4:25:
        c8:9e:61:d0:1b:2b:dc:00:a4:46:b3:fb:f7

CVE-2022-31813 CVE-2022-23943 CVE-2022-22720 CVE-2021-44790 CVE-2021-39275 68 moreCVE-2021-26691 CVE-2019-9517 CVE-2019-0211 CVE-2013-4365 CVE-2011-2688 CVE-2007-4723 CVE-2022-30556 CVE-2022-29404 CVE-2022-28615 CVE-2022-28614 CVE-2022-28330 CVE-2022-26377 CVE-2022-22721 CVE-2022-22719 CVE-2021-44224 CVE-2021-40438 CVE-2021-34798 CVE-2021-33193 CVE-2021-32792 CVE-2021-32791 CVE-2021-32786 CVE-2021-32785 CVE-2021-26690 CVE-2020-35452 CVE-2020-11993 CVE-2020-9490 CVE-2020-1934 CVE-2020-1927 CVE-2019-17567 CVE-2019-10098 CVE-2019-10092 CVE-2019-10082 CVE-2019-10081 CVE-2019-0220 CVE-2019-0217 CVE-2019-0196 CVE-2018-17199 CVE-2018-17189 CVE-2018-14042 CVE-2018-14041 CVE-2018-14040 CVE-2018-11763 CVE-2018-1333 CVE-2018-1312 CVE-2018-1303 CVE-2018-1302 CVE-2018-1301 CVE-2017-15715 CVE-2017-15710 CVE-2016-10735 CVE-2013-2765 CVE-2013-0942 CVE-2012-4360 CVE-2012-4001 CVE-2012-3526 CVE-2011-1176 CVE-2009-2299 CVE-2024-27316 CVE-2023-45802 CVE-2023-31122 CVE-2023-25690 CVE-2022-37436 CVE-2022-36760 CVE-2020-13938 CVE-2018-1283 CVE-2013-0941 CVE-2009-0796 CVE-2006-20001

335330650 | 2024-07-09T13:51:58.572766

5000 / tcp

404 Not Found

HTTP/1.1 404 NOT FOUND
Server: gunicorn
Date: Tue, 09 Jul 2024 13:49:52 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 207

3.109.92.207

Last Seen: 2024-07-09

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-1052869111 | 2024-07-04T11:06:47.134571
22 / tcp

OpenSSH7.6p1 Ubuntu-4ubuntu0.7

-1611589084 | 2024-07-09T03:59:00.851818
80 / tcp

Apache httpd2.4.29

1721162197 | 2024-07-09T03:59:05.401539
443 / tcp

Apache httpd2.4.29

335330650 | 2024-07-09T13:51:58.572766
5000 / tcp

Products

Pricing

Contact Us

3.109.92.207

Last Seen: 2024-07-09

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

OpenPorts

-1052869111 | 2024-07-04T11:06:47.134571 22 / tcp

OpenSSH7.6p1 Ubuntu-4ubuntu0.7

-1611589084 | 2024-07-09T03:59:00.851818 80 / tcp

Apache httpd2.4.29

1721162197 | 2024-07-09T03:59:05.401539 443 / tcp

Apache httpd2.4.29

335330650 | 2024-07-09T13:51:58.572766 5000 / tcp

Products

Pricing

Contact Us

Vulnerabilities

-1052869111 | 2024-07-04T11:06:47.134571
22 / tcp

-1611589084 | 2024-07-09T03:59:00.851818
80 / tcp

1721162197 | 2024-07-09T03:59:05.401539
443 / tcp

335330650 | 2024-07-09T13:51:58.572766
5000 / tcp