LeakIX - Host 61.220.40.181

Host 61.220.40.181

Taiwan

Data Communication Business Group

Software information

Sophos Firewall

tcp/443

xxxx

tcp/443

Sophos firewall outdated
The following Sophos firewall is publicly accessible and looks out-dated :

It is critical to update to a safe version as soon as possible since multiple CVEs allow remote attackers to DoS or achieve RCE (Remote code execution) on the firewall. Those vulnerabilities are currently used in ransomware campaign and could damage your network.

Reference:

https://www.cvedetails.com/cve/CVE-2022-1040
IP: 61.220.40.181
Port: 443
URL: https://61.220.40.181

First seen 2022-05-10 19:04
Last seen 2024-05-12 18:03
Open for 732 days
- Severity: critical
  Fingerprint: 0b25d4f0a9de5b4d45769e527b15558e7b15558e7b15558e7b15558e7b15558e
```
Found SOPHOS firewall user portal
Vulnerable to CVE-2022-1040
```
  Found on 2024-05-12 18:03
Create report
Open SMB file sharing detected

Malicious users exploiting this vulnerability may be able to read and/or write information to shared directories.

This may also include IPC services and lead to remote code execution.

IP: 61.220.40.181
Port: 445

First seen 2022-06-13 20:34
Last seen 2022-12-23 17:52
Open for 192 days
- Severity: high
  Fingerprint: 22420ce026fa767de22ea8c31731519cff1ee3f68f4335c6efda8cfbd6223e07
```
Found open SMB shares with NT AUTHORITY/ANONYMOUS LOGON
Public
Web
Download
Music
Video
Eva
Photo
Archive
X
Software
Misc
Media
Biztelli
Time Machine
Plex
IPC$
```
  Found on 2022-06-13 20:34
Create report

Open service 61.220.40.181:443

2024-05-12 18:03
```
Found SOPHOS firewall user portal
```
Found 2024-05-12 by SophosPlugin
Create report

Open service 61.220.40.181:443

2024-05-12 18:03

HTTP/1.1 302 Found
Date: Fri, 22 Oct 2021 07:49:02 GMT
Server: xxxx
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp
Cache-Control: max-age=2592000
Expires: Sun, 21 Nov 2021 07:49:02 GMT
Content-Length: 245
Connection: close
Content-Type: text/html; charset=iso-8859-1

Page title: 302 Found

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p>
</body></html>

Found 2024-05-12 by HttpPlugin

Create report

Open service 61.220.40.181:443

2024-05-08 12:59

HTTP/1.1 302 Found
Date: Mon, 18 Oct 2021 02:44:17 GMT
Server: xxxx
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp
Cache-Control: max-age=2592000
Expires: Wed, 17 Nov 2021 02:44:17 GMT
Content-Length: 245
Connection: close
Content-Type: text/html; charset=iso-8859-1

Page title: 302 Found

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p>
</body></html>

Found 2024-05-08 by HttpPlugin

Create report

Open service 61.220.40.181:443

2024-05-08 12:59
```
Found SOPHOS firewall user portal
```
Found 2024-05-08 by SophosPlugin
Create report

Open service 61.220.40.181:443

2024-04-30 19:30

HTTP/1.1 302 Found
Date: Sun, 10 Oct 2021 09:15:22 GMT
Server: xxxx
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp
Cache-Control: max-age=2592000
Expires: Tue, 09 Nov 2021 09:15:22 GMT
Content-Length: 245
Connection: close
Content-Type: text/html; charset=iso-8859-1

Page title: 302 Found

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p>
</body></html>

Found 2024-04-30 by HttpPlugin

Create report

Open service 61.220.40.181:443

2024-04-30 19:30
```
Found SOPHOS firewall user portal
```
Found 2024-04-30 by SophosPlugin
Create report

Open service 61.220.40.181:443

2024-04-28 18:39

HTTP/1.1 302 Found
Date: Fri, 08 Oct 2021 08:24:26 GMT
Server: xxxx
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp
Cache-Control: max-age=2592000
Expires: Sun, 07 Nov 2021 08:24:26 GMT
Content-Length: 245
Connection: close
Content-Type: text/html; charset=iso-8859-1

Page title: 302 Found

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p>
</body></html>

Found 2024-04-28 by HttpPlugin

Create report

Open service 61.220.40.181:443

2024-04-28 18:39
```
Found SOPHOS firewall user portal
```
Found 2024-04-28 by SophosPlugin
Create report

Open service 61.220.40.181:443

2024-04-25 00:32

HTTP/1.1 302 Found
Date: Mon, 04 Oct 2021 14:18:01 GMT
Server: xxxx
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp
Cache-Control: max-age=2592000
Expires: Wed, 03 Nov 2021 14:18:01 GMT
Content-Length: 245
Connection: close
Content-Type: text/html; charset=iso-8859-1

Page title: 302 Found

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p>
</body></html>

Found 2024-04-25 by HttpPlugin

Create report

Open service 61.220.40.181:443

2024-04-25 00:32
```
Found SOPHOS firewall user portal
```
Found 2024-04-25 by SophosPlugin
Create report
Open service 61.220.40.181:443

2024-04-24 17:30
```
Found SOPHOS firewall user portal
```
Found 2024-04-24 by SophosPlugin
Create report

Open service 61.220.40.181:443

2024-04-24 17:30

HTTP/1.1 302 Found
Date: Mon, 04 Oct 2021 07:16:08 GMT
Server: xxxx
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Location: https://61.220.40.181/userportal/webpages/myaccount/login.jsp
Cache-Control: max-age=2592000
Expires: Wed, 03 Nov 2021 07:16:08 GMT
Content-Length: 245
Connection: close
Content-Type: text/html; charset=iso-8859-1

Page title: 302 Found

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://61.220.40.181/userportal/webpages/myaccount/login.jsp">here</a>.</p>
</body></html>

Found 2024-04-24 by HttpPlugin

Create report

Fingerprint:

637985cc14e11330f8472cce2bfa01f45a222dd9cac1e73166b419ff51eb83bf

CN:

SophosApplianceCertificate_C180A08MPPDF4F0

Key:

RSA-2048

Issuer:

Sophos_CA_C180A08MPPDF4F0

Not before:

2015-08-01 00:00

Not after:

2036-12-31 23:59

Domain summary

No record

Host 61.220.40.181

Taiwan

Software information

Sophos firewall outdated

Open SMB file sharing detected

Domain summary