LeakIX - Host 81.199.19.221

Host 81.199.19.221

Uganda

Gilat Telecom Ltd.

Software information

MiniServ 1.979

tcp/10000

TwistedWeb 20.3.0dev0

tcp/443

Open SMB file sharing detected

Malicious users exploiting this vulnerability may be able to read and/or write information to shared directories.

This may also include IPC services and lead to remote code execution.

IP: 81.199.19.221
Port: 445

First seen 2022-06-13 19:08
Last seen 2024-09-19 23:42
Open for 829 days
- Severity: high
  Fingerprint: 22420ce026fa767de22ea8c3df372350d4001392847ba6ad0ddef8cc519d7d85
```
Found open SMB shares with NT AUTHORITY/ANONYMOUS LOGON
print$
IPC$
HP_LaserJet_400_M401dn_ECDC61_24
HP_LaserJet_Pro_MFP_M125nw_06D97E_
mn
```
  Found on 2024-09-19 23:42
- Severity: high
  Fingerprint: 22420ce026fa767de22ea8c3df372350d4001392847ba6ad0ddef8cc5d001d53
```
Found open SMB shares with NT AUTHORITY/ANONYMOUS LOGON
print$
IPC$
HP_LaserJet_400_M401dn_ECDC61_24
HP_LaserJet_Pro_MFP_M125nw_06D97E_
reception_MAC_UGSH0_NEWS_MPOOZA
mn
```
  Found on 2024-09-12 01:30
- Severity: high
  Fingerprint: 22420ce026fa767de22ea8c3df372350d4001392b57f700fb57f700fb57f700f
```
Found open SMB shares with NT AUTHORITY/ANONYMOUS LOGON
print$
IPC$
mn
```
  Found on 2022-06-13 19:08
Create report

Open service 81.199.19.221:445

2024-09-15 23:52
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-09-15 by SmbPlugin
Create report
Open service 81.199.19.221:445

2024-09-13 23:39
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-09-13 by SmbPlugin
Create report
Open service 81.199.19.221:445

2024-09-12 01:30
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-09-12 by SmbPlugin
Create report

Open service 81.199.19.221:10000

2024-09-11 04:43

HTTP/1.0 200 Document follows
Date: Wed, 11 Sep 2024 04:43:50 GMT
Server: MiniServ/1.979
Connection: close
Auth-type: auth-required=1
Set-Cookie: redirect=1; path=/; secure; httpOnly
Set-Cookie: testing=1; path=/; secure; httpOnly
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; child-src 'self'
X-Content-Type-Options: nosniff
X-no-links: 1
Content-type: text/html; Charset=UTF-8

Page title: Login to Webmin

<!DOCTYPE HTML>
<html data-bgs="gainsboro" class="session_login">
<head>
 <noscript> <style> html[data-bgs="gainsboro"] { background-color: #d6d6d6; } html[data-bgs="nightRider"] { background-color: #1a1c20; } html[data-bgs="nightRider"] div[data-noscript] { color: #979ba080; } html[data-slider-fixed='1'] { margin-right: 0 !important; } body > div[data-noscript] ~ * { display: none !important; } div[data-noscript] { visibility: hidden; animation: 2s noscript-fadein; animation-delay: 1s; text-align: center; animation-fill-mode: forwards; } @keyframes noscript-fadein { 0% { opacity: 0; } 100% { visibility: visible; opacity: 1; } } </style> <div data-noscript> <div class="fa fa-3x fa-exclamation-triangle margined-top-20 text-danger"></div> <h2>JavaScript is disabled</h2> <p>Please enable javascript and refresh the page</p> </div> </noscript>
<meta charset="utf-8">
 <link data-link-ref rel="apple-touch-icon" sizes="180x180" href="/images/favicons/webmin/apple-touch-icon.png">
 <link data-link-ref rel="icon" type="image/png" sizes="32x32" href="/images/favicons/webmin/favicon-32x32.png">
 <link data-link-ref rel="icon" type="image/png" sizes="192x192" href="/images/favicons/webmin/android-chrome-192x192.png">
 <link data-link-ref rel="icon" type="image/png" sizes="16x16" href="/images/favicons/webmin/favicon-16x16.png">
 <link data-link-ref crossorigin="use-credentials" rel="manifest" href="/images/favicons/webmin/manifest.json">
 <link data-link-ref rel="mask-icon" href="/images/favicons/webmin/safari-pinned-tab.svg" color="">
 <meta data-link-ref name="msapplication-TileImage" content="/images/favicons/webmin/mstile-144x144.png">
 <meta name="msapplication-TileColor" content="">
 <meta name="theme-color" content="">
<title>Login to Webmin</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="/unauthenticated/css/bundle.min.css?19819999999999901" rel="stylesheet">
<script>document.addEventListener("DOMContentLoaded", function(event) {var a=document.querySelectorAll('input[type="password"]');i=0;
for(length=a.length;i<length;i++){var b=document.createElement("span"),d=30<a[i].offsetHeight?1:0;b.classList.add("input_warning_caps");b.setAttribute("title","Caps Lock");d&&b.classList.add("large");a[i].classList.add("use_input_warning_caps");a[i].parentNode.insertBefore(b,a[i].nextSibling);a[i].addEventListener("blur",function(){this.nextSibling.classList.remove("visible")});a[i].addEventListener("keydown",function(c){"function"===typeof c.getModifierState&&((state=20===c.keyCode?!c.getModifierState("CapsLock"):
c.getModifierState("CapsLock"))?this.nextSibling.classList.add("visible"):this.nextSibling.classList.remove("visible"))})};});function spinner() {var x = document.querySelector('button i.fa-sign-in:not(.invisible)') || document.querySelector('button i.fa-qrcode:not(.invisible)'),s = '<span class="cspinner_container"><span class="cspinner"><span class="cspinner-icon white small"></span></span></span>';if(x){x.classList.add("invisible"); x.insertAdjacentHTML('afterend', s);x.parentNode.classList.add("disabled");x.parentNode.disabled=true}}setTimeout(function(){if(navigator&&navigator.oscpu){var t=navigator.oscpu,i=document.querySelector("html"),e="data-platform";t.indexOf("Linux")>-1?i.setAttribute(e,"linux"):t.indexOf("Windows")>-1&&i.setAttribute(e,"windows")}});</script> <link href="/unauthenticated/css/fonts-roboto.min.css?19819999999999901" rel="stylesheet">
</head>
<body class="session_login" >
<div class="container session_login" data-dcontainer="1">

<form class="form-signin session_login clearfix" action="/session_login.cgi" method="post" role="form" onsubmit="spinner()">
<i class="wbm-webmin"></i><h2 class="form-signin-heading"><span> Webmin</span></h2>
<p class="form-signin-paragraph">You must enter a username and password to login to the server on<strong> 81.199.19.221</strong></p>
<div class="input-group form-group">
<span class="input-group-addon"><i class="fa fa-fw fa-user"></i></span>
<input type="text" name="user" class="form-control session_login" placeholder="Username"

Found 2024-09-11 by HttpPlugin

Create report

Open service 81.199.19.221:443

2024-09-10 12:12

HTTP/1.1 302 Found
Connection: close
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Server: TwistedWeb/20.3.0dev0
Date: Tue, 10 Sep 2024 12:12:43 GMT
Location: https://81.199.19.221/__session_start__
Content-Length: 0
Set-Cookie: openvpn_sess_add0b45aaa9272005d6a816edb2abf50=27c24c8d4139a8bc30dc667c5dd3da40; Expires=Tue, 10 Sep 2024 12:42:43 GMT; Path=/; Secure; HttpOnly

Found 2024-09-10 by HttpPlugin

Create report

Open service 81.199.19.221:22

2024-09-10 07:19
Found 2024-09-10 by SSHOpenPlugin
Create report

Fingerprint:

3111fd77d300c4b236a4b0cd0eba1c17fae4e3f704d98d3db58077a242fb2bd1

CN:

Key:

RSA-2048

Issuer:

Not before:

2021-07-07 06:03

Not after:

2026-07-06 06:03

81.199.19.221

Fingerprint:

39d5721dc48356f2c4a0a6ef471f77c746c3f2d4615ce46b0f293fb850b00d45

CN:

81.199.19.221

Key:

RSA-2048

Issuer:

OpenVPN Web CA 2021.12.22 17:59:19 EAT fw-ntv

Not before:

2024-06-05 11:42

Not after:

2025-06-06 11:42

Domain summary

No record

Host 81.199.19.221

Uganda

Software information

Open SMB file sharing detected

Create report

Create report

Create report

Create report

Create report

Create report

81.199.19.221

Domain summary