Host 119.28.67.239
Hong Kong
Software information
Source distribution 5.6.50-log
tcp/3306
nginx
tcp/80
-
MySQL is publicly available
MySQL is currently open without authentication.
Additionally a ransom note has been found in the dataset which indicates it has been compromised
This results in all the database data made available publicly.
First seen 2022-05-24 23:55
Last seen 2022-11-15 01:11
Open for 174 days-
Severity: high
Fingerprint: cf350410ecceb5fd3fa6f01a3fbebb8b32d38364957619c781e80735344e77f2Databases: 94, row count: 79, size: 1.4 MB Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records Found table mysql.columns_priv_godransom with 1 records Found table mysql.cpeoir with 1 records Found table mysql.cpeoir_godransom with 1 records Found table mysql.cqfnxq32 with 1 records Found table mysql.cqfnxq32_godransom with 1 records Found table mysql.cssuav32 with 1 records Found table mysql.cssuav32_godransom with 1 records Found table mysql.cxrgse with 1 records Found table mysql.cxrgse_godransom with 1 records Found table mysql.db_godransom with 1 records Found table mysql.event_godransom with 1 records Found table mysql.func_godransom with 1 records Found table mysql.general_log_godransom with 1 records Found table mysql.genhxk32 with 0 records Found table mysql.genhxk32_godransom with 1 records Found table mysql.gjiqgw with 1 records Found table mysql.gjiqgw_godransom with 1 records Found table mysql.gkahlf32 with 1 records Found table mysql.gkahlf32_godransom with 1 records Found table mysql.help_category_godransom with 1 records Found table mysql.help_keyword_godransom with 1 records Found table mysql.help_relation_godransom with 1 records Found table mysql.help_topic_godransom with 1 records Found table mysql.hlglcf32 with 1 records Found table mysql.hlglcf32_godransom with 1 records Found table mysql.iazsfw with 1 records Found table mysql.iazsfw_godransom with 1 records Found table mysql.innodb_index_stats_godransom with 1 records Found table mysql.innodb_table_stats_godransom with 1 records Found table mysql.jrdsaq32 with 1 records Found table mysql.jrdsaq32_godransom with 1 records Found table mysql.jubmrm with 1 records Found table mysql.jubmrm_godransom with 1 records Found table mysql.jvqmxx with 0 records Found table mysql.jvqmxx_godransom with 1 records Found table mysql.kcqozp with 0 records Found table mysql.kcqozp_godransom with 1 records Found table mysql.lexwgf with 1 records Found table mysql.lexwgf_godransom with 1 records Found table mysql.lokogo with 1 records Found table mysql.lokogo_godransom with 1 records Found table mysql.mrxnoq with 1 records Found table mysql.mrxnoq_godransom with 1 records Found table mysql.ndb_binlog_index_godransom with 1 records Found table mysql.nwrtsu with 1 records Found table mysql.nwrtsu_godransom with 1 records Found table mysql.ojmadl with 0 records Found table mysql.ojmadl_godransom with 1 records Found table mysql.osmhad with 1 records Found table mysql.osmhad_godransom with 1 records Found table mysql.pdptjn with 1 records Found table mysql.pdptjn_godransom with 1 records Found table mysql.pfnscp32 with 1 records Found table mysql.pfnscp32_godransom with 1 records Found table mysql.plugin_godransom with 1 records Found table mysql.proc_godransom with 1 records Found table mysql.proxies_priv with 2 records Found table mysql.pteavu32 with 1 records Found table mysql.qiygdj with 0 records Found table mysql.rqpqmx with 0 records Found table mysql.servers with 0 records Found table mysql.shvkzx with 1 records Found table mysql.sjqpob32 with 1 records Found table mysql.slave_master_info with 0 records Found table mysql.slave_relay_log_info with 0 records Found table mysql.slave_worker_info with 0 records Found table mysql.slow_log with 0 records Found table mysql.tables_priv with 0 records Found table mysql.tempMix with 0 records Found table mysql.tempMix4 with 0 records Found table mysql.time_zone with 0 records Found table mysql.time_zone_leap_second with 0 records Found table mysql.time_zone_name with 0 records Found table mysql.time_zone_transition with 0 records Found table mysql.time_zone_transition_type with 0 records Found table mysql.tlqwix32 with 0 records Found table mysql.tmrfgm32 with 1 records Found table mysql.trvdfb32 with 1 records Found table mysql.uhftep with 1 records Found table mysql.user with 10 records Found table mysql.utqnve32 with 0 records Found table mysql.vlkiye with 1 records Found table mysql.vlmzbf with 0 records Found table mysql.xeqcsn32 with 0 records Found table mysql.xfdnso with 1 records Found table mysql.xhjijw32 with 1 records Found table mysql.xkrjfc32 with 0 records Found table mysql.xtzlbi32 with 0 records Found table mysql.xyxxfw32 with 1 records Found table mysql.ydorwp with 0 records Found table mysql.ygwafx32 with 1 records Found table mysql.yondrz32 with 1 records Found table mysql.zbzivd32 with 1 records
Found on 2022-09-22 12:581.4 MBytes 79 rows -
Severity: high
Fingerprint: cf350410ecceb5fdebd6b760d92c9051d92c9051d92c9051d92c9051d92c9051Databases: 1, row count: 2, size: 16.4 kB Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Found on 2022-05-24 23:5516.4 kBytes 2 rows
-
-
Open service 119.28.67.239:80
2023-01-14 03:05
Server: nginx Date: Sat, 14 Jan 2023 03:05:29 GMT Content-Type: text/html; charset=utf-8 Content-Length: 100 Connection: close Cache-Control: no-cache Location: http://119.28.67.239/users/sign_in Pragma: no-cache X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 01GPQ3TGX7DR5MYBEVDNQKZ0BA X-Runtime: 0.115199 X-Ua-Compatible: IE=edge X-Xss-Protection: 1; mode=block Strict-Transport-Security: max-age=63072000 Referrer-Policy: strict-origin-when-cross-origin <html><body>You are being <a href="http://119.28.67.239/users/sign_in">redirected</a>.</body></html>
Found 2023-01-14 by HttpPluginCreate report
-
Open service 119.28.67.239:3306
2022-11-15 01:11
No or default MySQL authentication found.
Found 2022-11-15 by l9exploreCreate report
-
Open service 119.28.67.239:80
2022-11-15 18:41
Server: nginx Date: Tue, 15 Nov 2022 18:41:29 GMT Content-Type: text/html; charset=utf-8 Content-Length: 100 Connection: close Cache-Control: no-cache Location: http://119.28.67.239/users/sign_in Pragma: no-cache X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 01GHY9H8PKKXND95ZRXKDQD007 X-Runtime: 0.022118 X-Ua-Compatible: IE=edge X-Xss-Protection: 1; mode=block Strict-Transport-Security: max-age=63072000 Referrer-Policy: strict-origin-when-cross-origin <html><body>You are being <a href="http://119.28.67.239/users/sign_in">redirected</a>.</body></html>
Found 2022-11-15 by HttpPluginCreate report
-
Open service 119.28.67.239:3306
2022-12-21 07:49
Found 2022-12-21 by tcpidCreate report
-
Open service 119.28.67.239:3306
2023-01-20 07:09
Found 2023-01-20 by tcpidCreate report
-
Open service 119.28.67.239:80
2022-12-14 12:43
Server: nginx Date: Wed, 14 Dec 2022 12:43:01 GMT Content-Type: text/html; charset=utf-8 Content-Length: 100 Connection: close Cache-Control: no-cache Location: http://119.28.67.239/users/sign_in Pragma: no-cache X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 01GM8AHRDQXJBZVMR84V7WPW2A X-Runtime: 0.173496 X-Ua-Compatible: IE=edge X-Xss-Protection: 1; mode=block Strict-Transport-Security: max-age=63072000 Referrer-Policy: strict-origin-when-cross-origin <html><body>You are being <a href="http://119.28.67.239/users/sign_in">redirected</a>.</body></html>
Found 2022-12-14 by HttpPluginCreate report
-
Open service 119.28.67.239:80
2022-11-07 21:37
HTTP/1.1 302 Found Server: nginx Date: Mon, 07 Nov 2022 21:37:15 GMT Content-Type: text/html; charset=utf-8 Content-Length: 100 Connection: close Cache-Control: no-cache Location: http://119.28.67.239/users/sign_in Pragma: no-cache X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 01GHA0DCCFTJ31Z13G22PDQDEZ X-Runtime: 0.029288 X-Ua-Compatible: IE=edge X-Xss-Protection: 1; mode=block Strict-Transport-Security: max-age=63072000 Referrer-Policy: strict-origin-when-cross-origin <html><body>You are being <a href="http://119.28.67.239/users/sign_in">redirected</a>.</body></html>
Found 2022-11-07 by l9exploreCreate report
-
Open service 119.28.67.239:80
2022-11-07 14:44
Server: nginx Date: Mon, 07 Nov 2022 14:44:20 GMT Content-Type: text/html; charset=utf-8 Content-Length: 100 Connection: close Cache-Control: no-cache Location: http://119.28.67.239/users/sign_in Pragma: no-cache X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 01GH98SA05R231NS7VNG99A972 X-Runtime: 0.026850 X-Ua-Compatible: IE=edge X-Xss-Protection: 1; mode=block Strict-Transport-Security: max-age=63072000 Referrer-Policy: strict-origin-when-cross-origin <html><body>You are being <a href="http://119.28.67.239/users/sign_in">redirected</a>.</body></html>
Found 2022-11-07 by HttpPluginCreate report
-
Open service 119.28.67.239:80
2022-12-09 02:02
Server: nginx Date: Fri, 09 Dec 2022 02:02:55 GMT Content-Type: text/html; charset=utf-8 Content-Length: 100 Connection: close Cache-Control: no-cache Location: http://119.28.67.239/users/sign_in Pragma: no-cache X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 01GKT9Y3RKZRRXHG2PT53MW7DE X-Runtime: 0.070488 X-Ua-Compatible: IE=edge X-Xss-Protection: 1; mode=block Strict-Transport-Security: max-age=63072000 Referrer-Policy: strict-origin-when-cross-origin <html><body>You are being <a href="http://119.28.67.239/users/sign_in">redirected</a>.</body></html>
Found 2022-12-09 by HttpPluginCreate report
-
Open service 119.28.67.239:3306
2022-11-12 10:19
No or default MySQL authentication found.
Found 2022-11-12 by l9exploreCreate report