GeneralInformation

Hostnames	3donlinejsc.com static.vnpt.vn
Domains	3donlinejsc.com vnpt.vn
Country	Viet Nam
City	Hanoi
Organization	Vietnam Posts and Telecommunications Group
ISP	VIETNAM POSTS AND TELECOMMUNICATIONS GROUP
ASN	AS135905

WebTechnologies

Database managers

Databases

JavaScript libraries

Programming languages

PHP

UI frameworks

Bootstrap

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-25727	In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
CVE-2022-0813	5.0PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2020-26935	7.5An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
CVE-2020-26934	4.3phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
CVE-2020-22452	SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
CVE-2020-22278	6.8phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.
CVE-2020-11441	4.3phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.
CVE-2019-20372	4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

OpenPorts

21 22 80 82 443 3306

-371650500 | 2024-05-07T00:22:55.085487

21 / tcp

220 (vsFTPd 3.0.2)
530 Login incorrect.
530 Please login with USER and PASS.
211-Features:
 EPRT
 EPSV
 MDTM
 PASV
 REST STREAM
 SIZE
 TVFS
 UTF8
211 End

1044627129 | 2024-05-05T21:49:49.476524

22 / tcp

SSH-2.0-OpenSSH_6.6.1
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQCv6McrHEU/vFGMf2zsC2v0si0ek5n8Q6tIF/r68PSUYYO2
wP3HUnUX16SAESayLD0uGsVAEU+vMPn/ULIyXX/ubIaHe7DIjnlU+TL0aNzDDB8ph4UUBuM9qNa1
WxhzsL+ai8AhUqkwsx/M2peFC6gjvDg0zWJq7rftEvrnI29Nwepvo2U+3nTYiUakx7Iz266G3dMJ
clM8M4vHlasQNawA1nYlRS9zOiVlwW9hnxlZlAs6fsJiaUdeN6Wr98GQoBR5tlpUuEdXu2ycn8nm
+YRnoNtMd4yunMBaMLZxt4rwXDEjoM+ZIPk3alyq5wgbROvgrZ8BirJbcV5DBnFOOIof
Fingerprint: c7:20:9a:a9:b5:ff:61:08:db:e9:fc:08:8d:d0:9e:e7

Kex Algorithms:
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group-exchange-sha1
	diffie-hellman-group14-sha1
	diffie-hellman-group1-sha1

Server Host Key Algorithms:
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	aes128-ctr
	aes192-ctr
	aes256-ctr
	arcfour256
	arcfour128
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com
	chacha20-poly1305@openssh.com
	aes128-cbc
	3des-cbc
	blowfish-cbc
	cast128-cbc
	aes192-cbc
	aes256-cbc
	arcfour
	rijndael-cbc@lysator.liu.se

MAC Algorithms:
	hmac-md5-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-ripemd160-etm@openssh.com
	hmac-sha1-96-etm@openssh.com
	hmac-md5-96-etm@openssh.com
	hmac-md5
	hmac-sha1
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-ripemd160
	hmac-ripemd160@openssh.com
	hmac-sha1-96
	hmac-md5-96

Compression Algorithms:
	none
	zlib@openssh.com

98551956 | 2024-05-07T04:54:19.083686

80 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.16.1
Date: Tue, 07 May 2024 04:55:30 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

125761684 | 2024-05-03T07:44:46.092955

82 / tcp

HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 03 May 2024 07:45:57 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.33
Set-Cookie: goto=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: back=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: pma_lang=en; expires=Sun, 02-Jun-2024 07:45:57 GMT; Max-Age=2592000; path=/; HttpOnly
Set-Cookie: phpMyAdmin=efa39lnp9d6s13r533jbfp4k4t; path=/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Expires: Fri, 03 May 2024 07:45:57 +0000
Cache-Control: no-store, no-cache, must-revalidate,  pre-check=0, post-check=0, max-age=0
Pragma: no-cache
Last-Modified: Fri, 03 May 2024 07:45:57 +0000
Vary: Accept-Encoding

-554746519 | 2024-05-02T13:45:09.962155

443 / tcp

HTTP/1.1 404 Not Found
Server: nginx/1.16.1
Date: Thu, 02 May 2024 13:46:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.33

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:2a:5c:30:47:e5:ce:14:14:35:0c:31:51:ed:c3:2b:a5:d9
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Jan 16 14:42:02 2022 GMT
            Not After : Apr 16 14:42:01 2022 GMT
        Subject: CN=3donlinejsc.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c9:48:f5:f6:fc:47:c7:6f:14:95:c4:60:28:90:
                    e5:2a:b4:6d:fc:87:58:54:49:7a:8e:8b:5b:5a:68:
                    b4:bd:37:2e:66:27:9b:aa:4f:1e:9c:e7:bb:27:b7:
                    15:64:82:c7:1f:ee:5d:4e:51:52:56:1d:bf:bf:e9:
                    5d:ac:f9:1e:4e:9b:7c:f9:6b:d3:51:97:b5:c1:da:
                    ec:62:1d:d8:37:2a:33:9f:c7:b8:68:20:c3:5e:5c:
                    4b:a4:30:8a:27:0b:73:ad:a6:4c:c5:91:e6:e6:9e:
                    37:ef:cd:3c:0f:5e:90:2c:5f:a5:67:5c:a5:ab:63:
                    55:26:65:6a:cf:fa:1d:e2:a4:83:1f:34:91:2c:a3:
                    a1:36:9b:9a:50:61:20:63:97:e3:cf:e0:95:c8:ca:
                    fb:be:c0:39:d1:8c:c8:c2:1f:53:fd:94:58:46:48:
                    0f:47:41:83:39:51:8e:c7:c3:7b:44:85:8d:ba:29:
                    ef:2b:8d:1f:5e:08:20:90:c4:8c:91:fa:1a:36:86:
                    51:28:52:df:8d:f7:03:8d:6c:e7:65:8c:ad:6b:bc:
                    ec:97:f4:96:19:0e:2c:32:c9:1a:6b:31:08:2a:32:
                    9b:2d:a5:4a:7a:12:7f:f8:96:d6:ff:c5:d5:f9:b4:
                    19:93:ed:36:d4:98:31:1c:be:66:cd:c3:85:a8:4d:
                    a1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                6A:E0:84:D6:45:51:20:D1:12:CE:19:14:A7:B6:97:C5:C1:2A:F7:68
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:3donlinejsc.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
                                4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
                    Timestamp : Jan 16 15:42:02.220 2022 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:4A:27:56:BD:3E:FE:81:72:42:B1:A7:FE:
                                92:48:25:ED:53:82:ED:12:07:80:4C:1B:D8:8E:A8:46:
                                E1:D1:03:93:02:21:00:8B:25:27:1A:FE:F3:72:C0:B2:
                                85:BD:79:E1:1F:5C:1F:9B:D2:66:48:D2:8A:10:C6:CA:
                                F4:DC:DC:17:5A:7D:0C
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:
                                11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
                    Timestamp : Jan 16 15:42:02.258 2022 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:23:E6:AF:31:B7:72:15:35:63:18:F5:B4:
                                9D:02:EC:DA:92:93:9E:06:0E:AE:F8:8D:EB:F4:16:A4:
                                70:3F:2D:1C:02:20:1C:6B:6B:EA:06:90:64:3E:14:D4:
                                C2:E1:7A:94:3E:64:47:13:73:73:1A:7F:7C:F0:29:DF:
                                A8:6B:BF:B3:53:60
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        8e:f5:a6:55:5f:eb:bc:64:19:5c:a1:ee:19:04:e4:da:17:7a:
        8a:ba:92:b0:9a:5d:85:48:73:24:3b:e6:03:71:3c:fa:e0:7f:
        3e:e2:60:21:80:fb:c0:6c:06:42:c4:60:ae:18:3f:04:f7:6a:
        f3:8a:08:e9:86:75:5b:24:68:bc:23:06:ff:21:ef:29:a0:a6:
        e1:f1:ce:81:be:ce:30:15:24:36:49:a4:65:e2:8b:f9:36:f3:
        6a:57:50:fa:21:ac:1b:24:69:7c:2f:58:e7:27:f7:e2:76:5d:
        17:95:4b:c6:7a:74:42:c8:91:23:72:76:4e:23:2f:23:39:c3:
        6e:1e:47:5d:67:32:15:b7:b0:9a:52:f2:e2:c4:3b:39:ea:c0:
        69:42:21:6c:12:a8:b1:03:6a:62:68:fc:20:14:ee:fc:c1:69:
        72:be:8d:7f:18:31:ba:ec:93:8d:c9:22:96:d7:2d:1b:7a:87:
        f2:93:4f:d1:b9:d0:2e:a9:44:eb:40:ae:ec:08:d4:fc:c7:92:
        25:be:91:cc:26:17:1f:81:f2:9a:f9:fb:ff:f4:70:70:4e:2e:
        68:1a:cc:76:d3:dd:1a:30:be:4c:d3:78:bc:9e:53:22:12:f8:
        0e:4b:b6:3b:c0:11:b5:44:12:86:2f:13:fb:20:7e:4e:f0:b0:
        82:e2:24:7d

-99433405 | 2024-04-22T19:56:47.988949

3306 / tcp

MariaDB:
  Protocol Version: 10
  Version: 10.4.8-MariaDB
  Capabilities: 63486
  Server Language: 8
  Server Status: 2
  Extended Server Capabilities: 33279
  Authentication Plugin: mysql_native_password

123.31.41.38

Last Seen: 2024-05-07

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-371650500 | 2024-05-07T00:22:55.085487
21 / tcp

1044627129 | 2024-05-05T21:49:49.476524
22 / tcp

OpenSSH6.6.1

98551956 | 2024-05-07T04:54:19.083686
80 / tcp

nginx1.16.1

125761684 | 2024-05-03T07:44:46.092955
82 / tcp

nginx1.16.1

-554746519 | 2024-05-02T13:45:09.962155
443 / tcp

nginx1.16.1

-99433405 | 2024-04-22T19:56:47.988949
3306 / tcp

MariaDB10.4.8-MariaDB

Products

Pricing

Contact Us

123.31.41.38

Last Seen: 2024-05-07

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-371650500 | 2024-05-07T00:22:55.085487 21 / tcp

1044627129 | 2024-05-05T21:49:49.476524 22 / tcp

OpenSSH6.6.1

98551956 | 2024-05-07T04:54:19.083686 80 / tcp

nginx1.16.1

125761684 | 2024-05-03T07:44:46.092955 82 / tcp

nginx1.16.1

-554746519 | 2024-05-02T13:45:09.962155 443 / tcp

nginx1.16.1

-99433405 | 2024-04-22T19:56:47.988949 3306 / tcp

MariaDB10.4.8-MariaDB

Products

Pricing

Contact Us

-371650500 | 2024-05-07T00:22:55.085487
21 / tcp

1044627129 | 2024-05-05T21:49:49.476524
22 / tcp

98551956 | 2024-05-07T04:54:19.083686
80 / tcp

125761684 | 2024-05-03T07:44:46.092955
82 / tcp

-554746519 | 2024-05-02T13:45:09.962155
443 / tcp

-99433405 | 2024-04-22T19:56:47.988949
3306 / tcp