LeakIX - Host api.hamcall.ir

Domain api.hamcall.ir

Iran

Noyan Abr Arvan Co. ( Private Joint Stock)

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP: 185.143.234.122
Domain: api.hamcall.ir
Port: 443
URL: https://api.hamcall.ir

First seen 2023-02-06 13:06
Last seen 2023-06-07 04:14
Open for 120 days

Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba9188402754dcfae5b4a9852

[init]
	defaultBranch = none
[fetch]
	recurseSubmodules = false
[http "https://gitlab.azemco.ir"]
	sslCAInfo = /home/gitlab-runner/builds/Y7sZnxYy/0/saeedaliyan/hamcall-va-backend.tmp/CI_SERVER_TLS_CA_FILE
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:dyEg5VMdtqNYACE2c7i4@gitlab.azemco.ir/saeedaliyan/hamcall-va-backend.git
	fetch = +refs/heads/*:refs/remotes/origin/*

Found on 2023-04-07 15:40

465 Bytes

Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba9188402754dcfaeca5a4d1a

[init]
	defaultBranch = none
[fetch]
	recurseSubmodules = false
[http "https://gitlab.azemco.ir"]
	sslCAInfo = /home/gitlab-runner/builds/Y7sZnxYy/0/saeedaliyan/hamcall-va-backend.tmp/CI_SERVER_TLS_CA_FILE
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:vv6mDzwiQsGpzYonJW2z@gitlab.azemco.ir/saeedaliyan/hamcall-va-backend.git
	fetch = +refs/heads/*:refs/remotes/origin/*

Found on 2023-02-06 13:06

465 Bytes

Create report

Gitlab instance looks outdated
The following Gitlab instance is publicly accessible and looks out-dated :

It is critical to update to a safe version as soon as possible to avoid account takeover.

Severity is mitigated by the need of a valid email address.

Reference:

https://www.cvedetails.com/cve/CVE-2023-7028
IP: 185.143.234.120
Domain: api.hamcall.ir
Port: 443
URL: https://api.hamcall.ir

First seen 2024-02-03 04:58
Last seen 2024-03-08 08:19
Open for 34 days
- Severity: high
  Fingerprint: db64c48d331961cce5776b3a892edddd892edddd892edddd892edddd892edddd
```
Found vulnerable Gitlab instance
Affected by CVE-2023-7028
```
  Found on 2024-03-08 08:19
Create report

Domain summary

api.hamcall.ir 3

1 recorded

IP summary

185.143.234.122 1 62.106.95.65 1 185.143.234.120 1

3 recorded

Domain api.hamcall.ir

Iran

Git configuration and history exposed

Gitlab instance looks outdated

Domain summary

IP summary