LeakIX - Host 178.163.140.156

Host 178.163.140.156

Belarus

Unitary enterprise A1

Software information

Microsoft-IIS 7.5

tcp/80

Server accepting anonymous credentials

The server is accepting NTLM anonymous credentials.

This allows for authentication bypass to access the underlying application.

https://blog.leakix.net/2022/03/bypassing-ntlm-auth-over-http/

IP: 178.163.140.156
Port: 80
URL: http://178.163.140.156

First seen 2024-06-22 17:25
Last seen 2024-12-21 23:46
Open for 182 days

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9c86353eff9861a160b6d39ebe

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-G54D4YV3QV4
MsvAvNbDomainName: P7JX
MsvAvDNSComputerName: WIN-G54D4YV3QV4.P7JX.LOCAL
MsvAvDNSDomainName: P7JX.LOCAL
MsvAvDNSTreeName: P7JX.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Sun, 01 Dec 2024 13:27:13 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-12-21 23:46

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9cf90af2e9bfff2e6ac61dcb62

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-IDPMTMMOM30
MsvAvNbDomainName: TJVA
MsvAvDNSComputerName: WIN-IDPMTMMOM30.TJVA.LOCAL
MsvAvDNSDomainName: TJVA.LOCAL
MsvAvDNSTreeName: TJVA.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Fri, 18 Oct 2024 10:49:45 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-11-04 00:34

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9cabd9cdea23f916177b890ece

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-XA4VWAVFKT8
MsvAvNbDomainName: KKCR
MsvAvDNSComputerName: WIN-XA4VWAVFKT8.KKCR.LOCAL
MsvAvDNSDomainName: KKCR.LOCAL
MsvAvDNSTreeName: KKCR.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Tue, 15 Oct 2024 15:26:57 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-10-17 23:51

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9c6ed50c0ef51ae6d18fa222e6

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-HEIIMJ7X7BN
MsvAvNbDomainName: 4UHF
MsvAvDNSComputerName: WIN-HEIIMJ7X7BN.4UHF.LOCAL
MsvAvDNSDomainName: 4UHF.LOCAL
MsvAvDNSTreeName: 4UHF.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Fri, 20 Sep 2024 14:10:25 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-10-05 23:17

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9c9464be8d5bc242d585e64566

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-ZU474VGLYBK
MsvAvNbDomainName: DPNX
MsvAvDNSComputerName: WIN-ZU474VGLYBK.DPNX.LOCAL
MsvAvDNSDomainName: DPNX.LOCAL
MsvAvDNSTreeName: DPNX.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Wed, 11 Sep 2024 22:57:39 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-09-19 23:37

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9ce1f0c880e40c6df6cca54c82

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-RPOC1D5G5VZ
MsvAvNbDomainName: TKQ2
MsvAvDNSComputerName: WIN-RPOC1D5G5VZ.TKQ2.LOCAL
MsvAvDNSDomainName: TKQ2.LOCAL
MsvAvDNSTreeName: TKQ2.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Thu, 01 Aug 2024 10:51:15 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-09-07 21:29

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9c686f32db5c04e30e776bdf7a

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-8TPODXN57TH
MsvAvNbDomainName: QOAT
MsvAvDNSComputerName: WIN-8TPODXN57TH.QOAT.LOCAL
MsvAvDNSDomainName: QOAT.LOCAL
MsvAvDNSTreeName: QOAT.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Sat, 27 Jul 2024 11:39:06 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-07-31 20:25

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9cede51f9bc097027492794ee2

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-5ISOKHHSKV8
MsvAvNbDomainName: 1LIU
MsvAvDNSComputerName: WIN-5ISOKHHSKV8.1LIU.LOCAL
MsvAvDNSDomainName: 1LIU.LOCAL
MsvAvDNSTreeName: 1LIU.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Mon, 15 Jul 2024 14:10:38 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-07-25 20:35

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9c0df0d21a3bb039a44bcac1a2

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-ZTO0OETH9M9
MsvAvNbDomainName: QYWM
MsvAvDNSComputerName: WIN-ZTO0OETH9M9.QYWM.LOCAL
MsvAvDNSDomainName: QYWM.LOCAL
MsvAvDNSTreeName: QYWM.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Mon, 17 Jun 2024 11:16:16 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-07-01 21:46

Create report

SSH is potenitally vulnerable

WARNING: This plugin will generate false positive and is purely informative:

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)

IP: 178.163.140.156
Port: 22

First seen 2024-07-03 15:58
Last seen 2024-12-21 23:28
Open for 171 days
- Severity: info
  Fingerprint: 3f43e0ebb5dce37ab8b59eb51342acf14982af584982af584982af584982af58
```
Found potentially vulnerable SSH version:
SSH-2.0-OpenSSH_9.4p1 Debian-1
WARNING, RISK IS ESTIMATED FALSE POSITIVE ARE LIKELY
```
  Found on 2024-12-21 23:28
Create report

Server accepting anonymous credentials

The server is accepting NTLM anonymous credentials.

This allows for authentication bypass to access the underlying application.

https://blog.leakix.net/2022/03/bypassing-ntlm-auth-over-http/

IP: 178.163.140.156
Port: 443
URL: https://178.163.140.156

First seen 2024-09-12 03:09
Last seen 2024-10-15 20:34
Open for 33 days

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9cabd9cdea23f916177b890ece

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-XA4VWAVFKT8
MsvAvNbDomainName: KKCR
MsvAvDNSComputerName: WIN-XA4VWAVFKT8.KKCR.LOCAL
MsvAvDNSDomainName: KKCR.LOCAL
MsvAvDNSTreeName: KKCR.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Tue, 15 Oct 2024 15:26:57 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-10-15 20:34

Fingerprint: 40fea8e6a9bd2c3671ce48dbe86f199c655c5c9c9464be8d5bc242d585e64566

Server didn't refuse ANONYMOUS NTLM connection
Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-ZU474VGLYBK
MsvAvNbDomainName: DPNX
MsvAvDNSComputerName: WIN-ZU474VGLYBK.DPNX.LOCAL
MsvAvDNSDomainName: DPNX.LOCAL
MsvAvDNSTreeName: DPNX.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Wed, 11 Sep 2024 22:57:39 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found on 2024-09-12 03:09

Create report

Open service 178.163.140.156:80

2024-12-21 23:46

Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-G54D4YV3QV4
MsvAvNbDomainName: P7JX
MsvAvDNSComputerName: WIN-G54D4YV3QV4.P7JX.LOCAL
MsvAvDNSDomainName: P7JX.LOCAL
MsvAvDNSTreeName: P7JX.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Sun, 01 Dec 2024 13:27:13 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found 11 hours ago by HttpNTLM

Create report

Open service 178.163.140.156:80

2024-12-21 23:46

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.5
Date: Sun, 01 Dec 2024 13:27:13 GMT
Content-Type: text/html
WWW-Authenticate: NTLM
Content-Length: 0

Found 11 hours ago by HttpPlugin

Create report

Open service 178.163.140.156:22

2024-12-21 23:28
Found 11 hours ago by SSHOpenPlugin
Create report
Open service 178.163.140.156:22

2024-12-19 22:44
Found 2 days ago by SSHOpenPlugin
Create report

Open service 178.163.140.156:80

2024-12-19 21:23

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.5
Date: Sun, 01 Dec 2024 13:27:13 GMT
Content-Type: text/html
WWW-Authenticate: NTLM
Content-Length: 0

Found 3 days ago by HttpPlugin

Create report

Open service 178.163.140.156:80

2024-12-19 21:23

Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-G54D4YV3QV4
MsvAvNbDomainName: P7JX
MsvAvDNSComputerName: WIN-G54D4YV3QV4.P7JX.LOCAL
MsvAvDNSDomainName: P7JX.LOCAL
MsvAvDNSTreeName: P7JX.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Sun, 01 Dec 2024 13:27:13 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found 3 days ago by HttpNTLM

Create report

Open service 178.163.140.156:22

2024-12-17 23:41
Found 2024-12-17 by SSHOpenPlugin
Create report

Open service 178.163.140.156:80

2024-12-17 21:40

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.5
Date: Sun, 01 Dec 2024 13:27:13 GMT
Content-Type: text/html
WWW-Authenticate: NTLM
Content-Length: 0

Found 2024-12-17 by HttpPlugin

Create report

Open service 178.163.140.156:80

2024-12-17 21:40

Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-G54D4YV3QV4
MsvAvNbDomainName: P7JX
MsvAvDNSComputerName: WIN-G54D4YV3QV4.P7JX.LOCAL
MsvAvDNSDomainName: P7JX.LOCAL
MsvAvDNSTreeName: P7JX.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Sun, 01 Dec 2024 13:27:13 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found 2024-12-17 by HttpNTLM

Create report

Open service 178.163.140.156:22

2024-12-15 22:15
Found 2024-12-15 by SSHOpenPlugin
Create report

Open service 178.163.140.156:80

2024-12-15 21:59

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.5
Date: Sun, 01 Dec 2024 13:27:13 GMT
Content-Type: text/html
WWW-Authenticate: NTLM
Content-Length: 0

Found 2024-12-15 by HttpPlugin

Create report

Open service 178.163.140.156:80

2024-12-15 21:59

Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-G54D4YV3QV4
MsvAvNbDomainName: P7JX
MsvAvDNSComputerName: WIN-G54D4YV3QV4.P7JX.LOCAL
MsvAvDNSDomainName: P7JX.LOCAL
MsvAvDNSTreeName: P7JX.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Sun, 01 Dec 2024 13:27:13 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found 2024-12-15 by HttpNTLM

Create report

Open service 178.163.140.156:80

2024-12-13 22:53

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.5
Date: Sun, 01 Dec 2024 13:27:13 GMT
Content-Type: text/html
WWW-Authenticate: NTLM
Content-Length: 0

Found 2024-12-13 by HttpPlugin

Create report

Open service 178.163.140.156:80

2024-12-13 22:53

Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-G54D4YV3QV4
MsvAvNbDomainName: P7JX
MsvAvDNSComputerName: WIN-G54D4YV3QV4.P7JX.LOCAL
MsvAvDNSDomainName: P7JX.LOCAL
MsvAvDNSTreeName: P7JX.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Sun, 01 Dec 2024 13:27:13 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found 2024-12-13 by HttpNTLM

Create report

Open service 178.163.140.156:22

2024-12-13 21:29
Found 2024-12-13 by SSHOpenPlugin
Create report

Open service 178.163.140.156:80

2024-12-11 22:58

Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-G54D4YV3QV4
MsvAvNbDomainName: P7JX
MsvAvDNSComputerName: WIN-G54D4YV3QV4.P7JX.LOCAL
MsvAvDNSDomainName: P7JX.LOCAL
MsvAvDNSTreeName: P7JX.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Sun, 01 Dec 2024 13:27:13 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found 2024-12-11 by HttpNTLM

Create report

Open service 178.163.140.156:80

2024-12-11 22:58

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.5
Date: Sun, 01 Dec 2024 13:27:13 GMT
Content-Type: text/html
WWW-Authenticate: NTLM
Content-Length: 0

Found 2024-12-11 by HttpPlugin

Create report

Open service 178.163.140.156:22

2024-12-11 21:59
Found 2024-12-11 by SSHOpenPlugin
Create report

Open service 178.163.140.156:80

2024-12-01 22:58

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.5
Date: Sun, 01 Dec 2024 13:27:13 GMT
Content-Type: text/html
WWW-Authenticate: NTLM
Content-Length: 0

Found 2024-12-01 by HttpPlugin

Create report

Open service 178.163.140.156:80

2024-12-01 22:58

Found NTLM information:
Running Windows 5.2 build 3790
MsvAvNbComputerName: WIN-G54D4YV3QV4
MsvAvNbDomainName: P7JX
MsvAvDNSComputerName: WIN-G54D4YV3QV4.P7JX.LOCAL
MsvAvDNSDomainName: P7JX.LOCAL
MsvAvDNSTreeName: P7JX.LOCAL

200 OK
Content-Length: 90
Content-Type: text/html
Date: Sun, 01 Dec 2024 13:27:13 GMT
Server: Microsoft-IIS/7.5
Www-Authenticate: NTLM

<img src='file://///178.163.140.156/pictures/logo.jpg' alt='Loading' height='1' width='1'>

Found 2024-12-01 by HttpNTLM

Create report

Open service 178.163.140.156:22

2024-12-01 22:33
Found 2024-12-01 by SSHOpenPlugin
Create report
Open service 178.163.140.156:22

2024-11-29 23:51
Found 2024-11-29 by SSHOpenPlugin
Create report
Open service 178.163.140.156:22

2024-11-27 22:08
Found 2024-11-27 by SSHOpenPlugin
Create report

Domain summary

No record

Host 178.163.140.156

Belarus

Software information

Server accepting anonymous credentials

SSH is potenitally vulnerable

Server accepting anonymous credentials

Domain summary