LeakIX - Host 13.209.18.171

Host 13.209.18.171

South Korea

AMAZON-02

Linux x86_64

MySQL is publicly available

MySQL is currently open without authentication.

Additionally a ransom note has been found in the dataset which indicates it has been compromised

This results in all the database data made available publicly.

IP: 13.209.18.171
Port: 3306

First seen 2022-01-15 03:25
Last seen 2022-04-05 12:57
Open for 80 days

Severity: high
Fingerprint: cf350410ecceb5fdebd6b760d92c9051d92c9051d92c9051d92c9051d92c9051
```
Databases: 1, row count: 2, size: 16.4 kB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
```
Found on 2022-04-05 12:57

16.4 kBytes 2 rows

Severity: critical
Fingerprint: cf350410ecceb5fdaadf9f5361ebb35ea08b56c246a88cf6302ada80ee00f0d3

Databases: 30, row count: 49294, size: 427.9 MB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Found table crawler.encarecode with 3048 records
Found table crawler.encarlist with 30831 records
Found table crawler.hansung with 13352 records
Found table crawler.hibernate_sequence with 1 records
Found table crawler.test with 4 records
Found table mysql.column_stats with 0 records
Found table mysql.db with 2 records
Found table mysql.event with 0 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.help_category with 39 records
Found table mysql.help_keyword with 464 records
Found table mysql.help_relation with 1028 records
Found table mysql.help_topic with 508 records
Found table mysql.host with 0 records
Found table mysql.ndb_binlog_index with 0 records
Found table mysql.plugin with 0 records
Found table mysql.proc with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 2 records
Found table mysql.servers with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 0 records
Found table mysql.time_zone with 0 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 0 records
Found table mysql.time_zone_transition with 0 records
Found table mysql.time_zone_transition_type with 0 records
Found table mysql.user with 9 records

Found on 2022-01-15 03:25

427.9 MBytes 49294 rows

Create report

Open service 13.209.18.171:2222

2024-04-25 14:13
Found 2024-04-25 by SSHOpenPlugin
Create report

Open service 13.209.18.171:2023

2024-04-25 14:01

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 25 Apr 2024 14:01:14 GMT
Server: WebLogic Server 10.3.6.0.0
Content-Type: text/html
Content-Length: 1766

Page title: Error 404--Not Found

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
    <HEAD>
        <TITLE>Error 404--Not Found</TITLE>
    </HEAD>
    <BODY bgcolor="white">
        <FONT FACE=Helvetica><BR CLEAR=all>
        <TABLE border=0 cellspacing=5>
            <TR>
                <TD>
                    <BR CLEAR=all>
                    <FONT FACE="Helvetica" COLOR="black" SIZE="3">
                        <H2>Error 404--Not Found</H2>
                    </FONT>
                </TD>
            </TR>
        </TABLE>
        <TABLE border=0 width=100% cellpadding=10>
            <TR>
                <TD VALIGN=top WIDTH=100% BGCOLOR=white>
                    <FONT FACE="Courier New">
                        <FONT FACE="Helvetica" SIZE="3">
                            <H3>From RFC 2068 <i>Hypertext Transfer Protocol -- HTTP/1.1</i>:</H3>
                        </FONT>
                        <FONT FACE="Helvetica" SIZE="3">
                            <H4>10.4.5 404 Not Found</H4>
                        </FONT>
                        <P>
                            <FONT FACE="Courier New">
                                The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
                        </p>
                        <p>If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.</FONT></P>
                    </FONT>
                </TD>
            </TR>
        </TABLE>
    </BODY>
</HTML>

Found 2024-04-25 by HttpPlugin

Create report

Open service 13.209.18.171:8008

2024-04-25 13:09

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 25 Apr 2024 13:10:07 GMT
Content-Type: text/html
Pragma: private
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
Content-Length: 188


<script LANGUAGE=JavaScript>
    window.location = "/global-protect/login.esp"; 
</script>
<html>

<head></head>

<body>
    <p>JavaScript must be enabled to continue!</p>
</body>

</html>

Found 2024-04-25 by HttpPlugin

Create report

Fingerprint:

94be084a7558956aea274ea64e352d2671f3e366a2ef94495ebe7062fd22f7aa

CN:

yokogawa.aero-bright.org

Key:

RSA-2048

Issuer:

yokogawa.aero-bright.org

Not before:

2024-04-25 13:25

Not after:

2026-04-25 13:25

Fingerprint:

6dc691eab73fc102c96f67439abcde0c251a99f7e6d9d6c75f1cd6e194cf6d1f

CN:

prototype.eastairforce.gov

Key:

RSA-2048

Issuer:

prototype.eastairforce.gov

Not before:

2024-04-25 13:10

Not after:

2026-04-25 13:10

Data leak

Size

427.9 MB

Collections

Rows

49294

Domain summary

No record