EWS-NIC4 13.40
tcp/9092
LiteSpeed 5.2.8
tcp/8021
cisco-IOS
tcp/5010
nginx
tcp/8111
openresty
tcp/87
The application has Laravel development panel enabled.
It enables an attacker to access the following sensitive content :
Fingerprint: 3ae8115d762f12d00c1b4c410c1b4c410c1b4c410c1b4c410c1b4c410c1b4c41
Laravel Telescope enabled at https://15.156.203.21:8111
Open service 15.156.203.21:8111
2024-04-26 01:16
HTTP/1.1 200 OK Connection: close Date: Fri, 26 Apr 2024 01:16:14 GMT Server: nginx Content-Type: text/html X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1 Expires: Thu, 01 Jan 1970 00:00:00 UTC Cache-Control: no-cache Set-Cookie: JSESSIONID=node001qmo6m6ltcmtzd7c76uvgumdgvdzwmguc0s3u83.node0; Path=/; Secure; HttpOnly Content-Length: 13222 Page title: PaperCut Login <!DOCTYPE HTML> <!-- Application: app-server --> <!-- Page: Home --> <!-- Generated: Mon Nov 20 12:34:06 EST 2023 --> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> <title>PaperCut Login</title> <link rel="shortcut icon" href="/images/icons3/favicon.ico" type="image/vnd.microsoft.icon"/> <meta http-equiv="X-UA-Compatible" content="IE=Edge"/> <meta name="description" content="PaperCut MF is a print management system. Log in to manage your print quotas, see your print history and configure your system."/> <meta name="keywords" content="print quota, print control, print management, print accounting, software"/> <meta name="viewport" content="width=device-width, initial-scale=0.8"/> <link rel="stylesheet" type="text/css" href="/css/style.css?66961papercut-mf" /> <link rel="stylesheet" type="text/css" href="/css/style-override.css?66961papercut-mf" /> <link rel="stylesheet" type="text/css" href="/css/refresh.css?66961papercut-mf" /> <!--[if IE 9]><link rel="stylesheet" type="text/css" href="/css/style-ie9.css?66961papercut-mf" /> <![endif]--> <!--[if IE 8]><link rel="stylesheet" type="text/css" href="/css/style-ie8.css?66961papercut-mf" /> <![endif]--> <!--[if IE 7]><link rel="stylesheet" type="text/css" href="/css/style-ie7.css?66961papercut-mf" /> <![endif]--> <!--[if IE 6]><link rel="stylesheet" type="text/css" href="/css/style-ie6.css?66961papercut-mf" /> <![endif]--> <script type="text/javascript">var CacheParam = "66961papercut-mf";</script> <script type="text/javascript" src="/js/jquery/jquery-3.5.1.min.js?66961papercut-mf"></script> <script type="text/javascript" src="/js/jquery/jquery-migrate-3.3.1.min.js?66961papercut-mf"></script> <script type="text/javascript" src="/js/jquery/config.js?66961papercut-mf"></script> <script type="text/javascript" src="/js/lib/underscore/underscore-min.js?66961papercut-mf"></script> <script type="text/javascript" src="/js/common.js?66961papercut-mf"></script> <script type="text/javascript" src="/js/lib/require.js?66961papercut-mf"></script> <script type="text/javascript" src="/js/pages/configure.js?66961papercut-mf"></script> <script type="text/javascript" src="/js/refresh.js?66961papercut-mf"></script> </head> <body id="loginBody"> <script language="JavaScript" type="text/javascript"><!-- window.onload = function () { document.Form0.inputUsername.focus(); document.Form0.inputUsername.select(); } // --></script> <div class="wrap"> <script type="text/javascript"> insertScript('/js/pages/Home.js'); insertScript('/js/pages/LoginPages.js'); </script> <svg viewBox="0 0 280.7 198.5" class="pc-shards"> <polygon points="96.3,136.3 140.4,198.5 162.4,198.5 183.9,130.1 134.9,95.4 "/> <polygon points="45,63.6 74.9,53 0,0 "/> <polygon points="134.9,95.4 96.3,136.3 45,63.6 74.9,53 "/> <polygon points="74.9,53 224.8,0 134.9,95.4 "/> <polygon points="224.8,0 183.9,130.1 134.9,95.4 "/> <polygon points="224.8,0 224.8,0 224.8,159 183.9,130.1 "/> <polygon points="162.4,198.5 224.8,198.5 224.8,159 183.9,130.1 "/> <polygon points="37.7,198.5 140.4,198.5 96.3,136.3 "/> <polygon points="0,79.5 0,198.5 37.7,198.5 96.3,136.3 45,63.6 "/> <polygon points="0,79.5 45,63.6 0,0 "/> <polygon points="0,79.5 0,79.5 0,79.5 "/> <polygon points="262.3,198.5 280.7,198.5 265.7,187.9 "/> <polygon points="224.8,198.5 262.3,198.5 265.7,187.9 224.8,159 "/> </svg> <form method="post" name="Form0" action="/app" onsubmit="recordLocale()" autocomplete="off"> <input type="hidden" name="service" value="direct/1/Home/$Form"/> <input type="hidden" name="sp" value="S0"/> <input type="hidden" name="Form0" value="$Hidden$0,$Hidden$1,inputUsername,inputPassword,$Submit$0,$PropertySelection"/> <input type="hidden" name="$Hidden$0" id="javascript-enabled" value="F"/> <input type="hidden" name="$Hidden$1" value="X"/> <div class="login" role="main"> <div class="box"> <table class="box-table" title="Login" role="presentation"> <tr role="row"> <th class="box-nw" aria-label="No value" role="columnheader" scope="col"></th> <th cla
Open service 15.156.203.21:5010
2024-04-26 00:21
HTTP/1.1 200 OK Connection: close Date: Fri, 26 Apr 2024 00:21:04 GMT Server: cisco-IOS X-Powered-By: Servlet/2.4 Content-Length: 514 Content-Type: text/html Page title: AppServ Open Project 9.3.0 <html><head><link rel="icon" href="/favicon_d0efe37b-f71b-487e-9578-838249414927.ico"><title>AppServ Open Project 9.3.0</title></head><body><div>kkeoa4xqjl5pt6slsm0rr6</div><div>75diw</div><div>1hx51myhbvw3s6gmrtc5n6wb0ystbj</div><h3>h0fh0d9zhoi315byy6yy</h3><h2>mzu8mgz</h2><h3>dt4w5q5r1jj</h3><h3>9hsvf2l2g80y8l0oc20ysx6nclca</h3><div>a4qip4zz7jkbllnxwetgyas0be</div><h3>j677pa</h3><p>2x553jufgyjdqxfsg</p><span>ni0le6m</span><p>plrlgdbe2f9y6ty254exufptzu5ha</p><div>qvr8f553ksfcenij8d8o3h40d</div></body></html>
Open service 15.156.203.21:87
2024-04-26 00:18
HTTP/1.1 200 OK Connection: keep-alive Date: Fri, 26 Apr 2024 00:18:29 GMT Server: openresty Content-Type: text/html; charset=utf-8 Expires: Fri, 26 Apr 2024 00:18:29 GMT Last-Modified: Fri, 26 Apr 2024 00:18:29 GMT Cache-Control: no-store, no-cache, must-revalidate Accept-Ranges: none X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=7884000 Content-Length: 84 <script>window.onload=function(){ url ='/webui/';window.location.href=url;}</script>
Open service 15.156.203.21:8021
2024-04-25 09:35
HTTP/1.1 302 Found Connection: close Date: Thu, 25 Apr 2024 09:35:29 GMT Server: LiteSpeed/5.2.8 Enterprise X-Powered-By: ASP.NET Location: http://209.97.180.8:8021/ Content-Length: 0
Open service 15.156.203.21:5008
2024-04-25 09:10
HTTP/1.1 200 OK Connection: close Date: Thu, 25 Apr 2024 09:10:54 GMT Content-Length: 4680 Content-Type: text/html Page title: Ivanti Connect Secure <html lang="en"> <head> <meta http-equiv="Content-Language"> <meta http-equiv="Content-Type" content="text/html"> <meta name="robots" content="none"> <link rel="icon" href="/Product_favicon.png" type="image/png"> <title>Ivanti Connect Secure</title> </head> <body onload="FinishLoad(1);hideJSWarn();setWin11();" bgcolor="#FFFFFF" color="#000000" link="#3366CC" vlink="#CC6699" alink="#3366CC" leftmargin="0" topmargin="0" rightmargin="0" marginwidth="0" marginheight="0"> <table id="table_LoginPage_1" border="0" width="100%" cellspacing="0" cellpadding="3"> <tr> <td bgcolor="#FFFFFF"></td> <td bgcolor="#FFFFFF" align="right"> </td> </tr> </table> <table id="table_LoginPage_2" cellpadding="0" cellspacing="0" border="0" width="100%"> <tr> <td bgcolor="#000000" colspan="2"></td> </tr> </table> <blockquote> <form id="frmLogin_4" name="frmLogin" action="login.cgi" method="POST" autocomplete="off" onsubmit="return Login(1)"> <input id="tz_offset_5" type="hidden" name="tz_offset"> <input id="win11" type="hidden" name="win11" value=""> <input id="uach" type="hidden" name="uach" value=""> <input id="client_mac" type="hidden" name="clientMAC" value=""> <input id="xsauth_token" type="hidden" name="xsauth_token" value="58fefe3c1b2717c8845c0d630ab035c3"> <table id="table_LoginPage_3" border="0" cellpadding="2" cellspacing="0"> <tr> <td nowrap colspan="3"><b>Welcome to</b></td> </tr> <tr> <td nowrap colspan="3"><span class="cssLarge"><b>Ivanti Connect Secure</b></span></td> </tr> <tr> <td colspan="3"> </td> </tr> <tr> <td valign="top"> <table id="table_LoginPage_6" border="0" cellspacing="0" cellpadding="2"> <tr> <td><label for="username">Username</label></td> <td> </td> <td><input id="username" type="text" name="username" size="20"></td> </tr> <tr> <td><label for="password">Password</label></td> <td> </td> <td><input id="password" type="password" name="password" size="20"></td> </tr> <tr> <input id="realm_16" type="hidden" name="realm" value="OTS User Realm"> </tr> <tr> <td colspan="3"> </td> </tr> <tr> <td> </td> <td> </td> <td><input id="btnSubmit_6" type="submit" value="Sign In" name="btnSubmit"> </td> </tr> </table> </td> <td valign="top"> </td> <td valign="top"> <table tabindex="1" aria-label="instructions for user login page FILTER verbatim" role="alert" id="TABLE_LoginPage_1" border="0" cellspacing="0" cellpadding="2"> <tr> <td> Please sign in to begin your secure session.<br><br> <noscript>Note: Javascript is disabled on your browser.</noscript> </tr> </td> </table> </td> </tr> </table> </form> </blockquote> <table id="table_LoginPage_9" border="0" cellspacing="0" cellpadding="0" width="100%"> <tr> <td>
Open service 15.156.203.21:9092
2024-04-25 08:06
HTTP/1.1 200 OK Connection: close Date: Thu, 25 Apr 2024 08:06:12 GMT Server: EWS-NIC4/13.40 X-Powered-By: ASP.NET Content-Length: 514 Content-Type: text/html Page title: onyphe.io <html><head><link rel="icon" href="/favicon_c34ca2f8-0e80-4ff7-bcf1-bb5b171eb046.ico"><title>onyphe.io</title></head><body><h1>z7lmyg9</h1><p>0nbz9y6h0grnntebaf0qxfb6tlu5m5</p><h1>oarwvafald0dj</h1><p>d22of2bcw0k4ncm7j9p58sfby8</p><div>yzh7k0kx0k4pc9ab8q77z71j1cyt</div><span>saj74lpwhl1n5cfzmq1fgq</span><h2>vwqz983yx1ab0mesq</h2><h1>okim29e1o7j7r2</h1><p>wiq6tzm2avq</p><h1>la57vhmc5xtqaeayujbipsx8spkoa</h1><div>119vmrnen6e16o99ogiyz</div><h3>wphz89evftz</h3><h3>hbsivtwyzsps1s0mr613is0s2p0xh</h3></body></html>