LeakIX - Host 124.222.11.154

Host 124.222.11.154

China

Shenzhen Tencent Computer Systems Company Limited

CentOS Linux 7 (Core) 3.10.0-1160.45.1.el7.x86_64

MySQL is publicly available

MySQL is currently open without authentication.

Additionally a ransom note has been found in the dataset which indicates it has been compromised

This results in all the database data made available publicly.

IP: 124.222.11.154
Port: 3306

First seen 2023-09-01 19:47
Last seen 2024-05-12 18:15
Open for 253 days

Severity: critical
Fingerprint: cf350410ecceb5fdcf5a871a37b1a266fd113c9535203faceb3446437682fbd4

Databases: 39, row count: 141975, size: 8.9 MB
Found table README_TO_RECOVER_A.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.component with 0 records
Found table mysql.db with 3 records
Found table mysql.default_roles with 0 records
Found table mysql.engine_cost with 2 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.global_grants with 100 records
Found table mysql.gtid_executed with 0 records
Found table mysql.help_category with 53 records
Found table mysql.help_keyword with 813 records
Found table mysql.help_relation with 1091 records
Found table mysql.help_topic with 384 records
Found table mysql.innodb_index_stats with 9 records
Found table mysql.innodb_table_stats with 3 records
Found table mysql.ndb_binlog_index with 0 records
Found table mysql.password_history with 0 records
Found table mysql.plugin with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 1 records
Found table mysql.replication_asynchronous_connection_failover with 0 records
Found table mysql.replication_asynchronous_connection_failover_managed with 0 records
Found table mysql.replication_group_configuration_version with 1 records
Found table mysql.replication_group_member_actions with 2 records
Found table mysql.role_edges with 0 records
Found table mysql.server_cost with 6 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 2 records
Found table mysql.time_zone with 1856 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 1794 records
Found table mysql.time_zone_transition with 125689 records
Found table mysql.time_zone_transition_type with 10153 records
Found table mysql.user with 7 records

Found on 2024-05-12 18:15

8.9 MBytes 141975 rows

Severity: high
Fingerprint: cf350410ecceb5fdebd6b7609132601091326010913260109132601091326010
```
Databases: 1, row count: 2, size: 16.4 kB
Found table README_TO_RECOVER_A.RECOVER_YOUR_DATA with 2 records
```
Found on 2024-04-30 19:48

16.4 kBytes 2 rows

Severity: critical
Fingerprint: cf350410ecceb5fda67b42e3bb486233568e657e1ded6f4b7069ed2aea7d5fe0

Databases: 39, row count: 141974, size: 8.9 MB
Found table README_TO_RECOVER_A.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.component with 0 records
Found table mysql.db with 3 records
Found table mysql.default_roles with 0 records
Found table mysql.engine_cost with 2 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.global_grants with 100 records
Found table mysql.gtid_executed with 0 records
Found table mysql.help_category with 53 records
Found table mysql.help_keyword with 813 records
Found table mysql.help_relation with 1091 records
Found table mysql.help_topic with 384 records
Found table mysql.innodb_index_stats with 9 records
Found table mysql.innodb_table_stats with 3 records
Found table mysql.ndb_binlog_index with 0 records
Found table mysql.password_history with 0 records
Found table mysql.plugin with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 1 records
Found table mysql.replication_asynchronous_connection_failover with 0 records
Found table mysql.replication_asynchronous_connection_failover_managed with 0 records
Found table mysql.replication_group_configuration_version with 1 records
Found table mysql.replication_group_member_actions with 2 records
Found table mysql.role_edges with 0 records
Found table mysql.server_cost with 6 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 2 records
Found table mysql.time_zone with 1856 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 1794 records
Found table mysql.time_zone_transition with 125689 records
Found table mysql.time_zone_transition_type with 10153 records
Found table mysql.user with 6 records

Found on 2024-01-17 21:31

8.9 MBytes 141974 rows

Severity: critical
Fingerprint: cf350410ecceb5fdaecabad154ba36ade6fc0658cc6860c99993979ce28ab1ac

Databases: 38, row count: 143662, size: 7.9 MB
Found table README_TO_RECOVER_A.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.component with 0 records
Found table mysql.db with 3 records
Found table mysql.default_roles with 0 records
Found table mysql.engine_cost with 2 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.global_grants with 77 records
Found table mysql.gtid_executed with 0 records
Found table mysql.help_category with 53 records
Found table mysql.help_keyword with 931 records
Found table mysql.help_relation with 1929 records
Found table mysql.help_topic with 625 records
Found table mysql.innodb_index_stats with 9 records
Found table mysql.innodb_table_stats with 3 records
Found table mysql.password_history with 0 records
Found table mysql.plugin with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 1 records
Found table mysql.replication_asynchronous_connection_failover with 0 records
Found table mysql.replication_asynchronous_connection_failover_managed with 0 records
Found table mysql.replication_group_configuration_version with 1 records
Found table mysql.replication_group_member_actions with 2 records
Found table mysql.role_edges with 0 records
Found table mysql.server_cost with 6 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 2 records
Found table mysql.time_zone with 1885 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 2279 records
Found table mysql.time_zone_transition with 125689 records
Found table mysql.time_zone_transition_type with 10153 records
Found table mysql.user with 6 records

Found on 2023-09-07 00:40

7.9 MBytes 143662 rows

Severity: critical
Fingerprint: cf350410ecceb5fdaecabad19a4fe6488f710f670f8fd08afb3f0c2d6b654ea1

Databases: 38, row count: 143662, size: 7.9 MB
No or default MySQL authentication found.Found table README_TO_RECOVER_A.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.component with 0 records
Found table mysql.db with 3 records
Found table mysql.default_roles with 0 records
Found table mysql.engine_cost with 2 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.global_grants with 77 records
Found table mysql.gtid_executed with 0 records
Found table mysql.help_category with 53 records
Found table mysql.help_keyword with 931 records
Found table mysql.help_relation with 1929 records
Found table mysql.help_topic with 625 records
Found table mysql.innodb_index_stats with 9 records
Found table mysql.innodb_table_stats with 3 records
Found table mysql.password_history with 0 records
Found table mysql.plugin with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 1 records
Found table mysql.replication_asynchronous_connection_failover with 0 records
Found table mysql.replication_asynchronous_connection_failover_managed with 0 records
Found table mysql.replication_group_configuration_version with 1 records
Found table mysql.replication_group_member_actions with 2 records
Found table mysql.role_edges with 0 records
Found table mysql.server_cost with 6 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 2 records
Found table mysql.time_zone with 1885 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 2279 records
Found table mysql.time_zone_transition with 125689 records
Found table mysql.time_zone_transition_type with 10153 records
Found table mysql.user with 6 records

Found on 2023-09-01 19:47

7.9 MBytes 143662 rows

Create report

Kafka instance is public

The Kafka instance is available to the public without authentication.

An attacker could connect to the queue to extract private/confidential information in real-time.

IP: 124.222.11.154
Port: 9092

First seen 2023-05-22 06:54
Last seen 2023-09-06 23:26
Open for 107 days
- Fingerprint: 43224224eeda9da960defeaa0efe442a6f0cd94620690dc5b2c9c545b2c9c545
```
NoAuth
Found topic __consumer_offsets
Found topic di-metric-event
Found topic di-metric-source
Found topic di-metric-log
```
  Found on 2023-08-20 21:19
- Fingerprint: 43224224eeda9da960defeaab5817789f342bdc10cf972c1fc465ee3fc465ee3
```
NoAuth
Found topic di-metric-source
Found topic di-metric-log
Found topic __consumer_offsets
Found topic di-metric-event
```
  Found on 2023-07-08 19:35
- Fingerprint: 43224224eeda9da960defeaae9e7ccc6aa778945162c9fc5e49791f5e49791f5
```
NoAuth
Found topic di-metric-event
Found topic di-metric-source
Found topic di-metric-log
Found topic __consumer_offsets
```
  Found on 2023-05-22 06:54
Create report

ElasticSearch is publicly available

Elasticsearch and/or Kibana is currently open without authentication.

This results in all the database data made available publicly.

IP: 124.222.11.154
Port: 5601
URL: http://124.222.11.154:5601

First seen 2022-05-12 12:46
Last seen 2022-06-10 11:33
Open for 28 days

Severity: high
Fingerprint: 831cb76b8e05df4655e3a320ce1e6c103119eeb941d9ea2c41d9ea2c41d9ea2c

Indices: 2, document count: 3, size: 13.4 kB
Through Kibana endpoint
Found index .kibana with 2 documents (8.9 kB)
Found index read_me with 1 documents (4.5 kB)

Found on 2022-06-10 11:33

13.4 kBytes 3 rows

Severity: medium
Fingerprint: 831cb76b8e05df46c55bada06400979098c966ecf38fd76356a81f777783d4c5

Indices: 6, document count: 26, size: 71.1 kB
Through Kibana endpoint
Found index stu_index with 1 documents (3.7 kB)
Found index product with 2 documents (5.5 kB)
Found index one_index with 1 documents (5.1 kB)
Found index .kibana_task_manager_1 with 2 documents (21.2 kB)
Found index .apm-agent-configuration with 0 documents (283 B)
Found index .kibana_1 with 20 documents (35.4 kB)

Found on 2022-06-09 09:38

71.1 kBytes 26 rows

Severity: medium
Fingerprint: 831cb76b8e05df46914b9efc62d65dbc026c8478629585c7459c7033becf93e3

Indices: 6, document count: 24, size: 72.8 kB
Through Kibana endpoint
Found index stu_index with 1 documents (3.7 kB)
Found index product with 2 documents (5.5 kB)
Found index one_index with 1 documents (5.1 kB)
Found index .kibana_task_manager_1 with 2 documents (21.2 kB)
Found index .apm-agent-configuration with 0 documents (283 B)
Found index .kibana_1 with 18 documents (37.1 kB)

Found on 2022-05-28 06:07

72.8 kBytes 24 rows

Severity: medium
Fingerprint: 831cb76b8e05df46ae4cb055e92716779f2fe925b492d605a7464f75421a6386

Indices: 5, document count: 19, size: 67.2 kB
Through Kibana endpoint
Found index stu_index with 1 documents (3.7 kB)
Found index one_index with 1 documents (5.1 kB)
Found index .kibana_task_manager_1 with 2 documents (21.1 kB)
Found index .apm-agent-configuration with 0 documents (283 B)
Found index .kibana_1 with 15 documents (37.0 kB)

Found on 2022-05-12 12:46

67.2 kBytes 19 rows

Create report

ElasticSearch is publicly available

Elasticsearch and/or Kibana is currently open without authentication.

This results in all the database data made available publicly.

IP: 124.222.11.154
Port: 9200
URL: http://124.222.11.154:9200

First seen 2022-05-12 08:26
- Severity: medium
  Fingerprint: 831cb76b8e05df46ae4cb0556445db8bea93f16f882dd19b7c6bfffed15a47b4
```
Indices: 5, document count: 19, size: 67.2 kB
Found index stu_index with 1 documents (3.7 kB)
Found index one_index with 1 documents (5.1 kB)
Found index .kibana_task_manager_1 with 2 documents (21.1 kB)
Found index .apm-agent-configuration with 0 documents (283 B)
Found index .kibana_1 with 15 documents (37.0 kB)
```
  Found on 2022-05-12 08:26
  
  67.2 kBytes 19 rows
Create report

Open service 124.222.11.154:3306

2024-05-12 18:15
```
MySQL detected
```
Found 2024-05-12 by tcpid
Create report
Open service 124.222.11.154:3306

2024-05-08 13:02
```
MySQL detected
```
Found 2024-05-08 by tcpid
Create report
Open service 124.222.11.154:3306

2024-04-30 19:48
```
MySQL detected
```
Found 2024-04-30 by tcpid
Create report
Open service 124.222.11.154:3306

2024-04-28 18:26
```
MySQL detected
```
Found 2024-04-28 by tcpid
Create report
Open service 124.222.11.154:3306

2024-04-23 19:29
```
MySQL detected
```
Found 2024-04-23 by tcpid
Create report
Open service 124.222.11.154:22

2024-04-22 20:16
Found 2024-04-22 by SSHOpenPlugin
Create report

Data leak

Size

7.9 MB

Collections

Rows

143662

Domain summary

No record

Host 124.222.11.154

China

MySQL is publicly available

Kafka instance is public

ElasticSearch is publicly available

ElasticSearch is publicly available

Create report

Create report

Create report

Create report

Create report

Create report

Data leak

Domain summary