LeakIX - Host 134.122.67.170

Host 134.122.67.170

Germany

DIGITALOCEAN-ASN

Linux x86_64

Software information

nginx nginx

tcp/443

MySQL is publicly available

MySQL is currently open without authentication.

Additionally a ransom note has been found in the dataset which indicates it has been compromised

This results in all the database data made available publicly.

IP: 134.122.67.170
Port: 3306

First seen 2021-07-07 08:13
Last seen 2021-08-04 08:18
Open for 28 days

Severity: critical
Fingerprint: cf350410ecceb5fd30cf2be0e7741479464632299775825009f935ff4b616d15

Databases: 45, row count: 143593, size: 8.0 MB
Found table PLEASE_READ_ME_XMG.WARNING with 0 records
Found table README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Found table mysql.bjmngd with 1 records
Found table mysql.columns_priv with 0 records
Found table mysql.component with 0 records
Found table mysql.db with 5 records
Found table mysql.default_roles with 0 records
Found table mysql.ejrllj with 1 records
Found table mysql.engine_cost with 2 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.global_grants with 67 records
Found table mysql.gtid_executed with 0 records
Found table mysql.hcdtoc with 1 records
Found table mysql.help_category with 51 records
Found table mysql.help_keyword with 1029 records
Found table mysql.help_relation with 2249 records
Found table mysql.help_topic with 709 records
Found table mysql.iivwbk with 1 records
Found table mysql.innodb_index_stats with 19 records
Found table mysql.innodb_table_stats with 6 records
Found table mysql.itidah32 with 1 records
Found table mysql.itijof32 with 1 records
Found table mysql.pafyvm32 with 1 records
Found table mysql.password_history with 0 records
Found table mysql.plugin with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 1 records
Found table mysql.replication_asynchronous_connection_failover with 0 records
Found table mysql.replication_asynchronous_connection_failover_managed with 0 records
Found table mysql.role_edges with 0 records
Found table mysql.server_cost with 6 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 2 records
Found table mysql.time_zone with 2074 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 1703 records
Found table mysql.time_zone_transition with 126130 records
Found table mysql.time_zone_transition_type with 9518 records
Found table mysql.user with 8 records
Found table mysql.xeipkg32 with 1 records

Found on 2021-08-04 08:18

8.0 MBytes 143593 rows

Fingerprint: cf350410ecceb5fdfe7c708262c9602f7cee55d44d6e7cb57e1801fe36af8295

Databases: 39, row count: 143587, size: 7.9 MB
Found table mysql.innodb_table_stats with 6 records
Found table mysql.innodb_index_stats with 19 records
Found table mysql.db with 5 records
Found table mysql.user with 8 records
Found table mysql.default_roles with 0 records
Found table mysql.role_edges with 0 records
Found table mysql.global_grants with 67 records
Found table mysql.password_history with 0 records
Found table mysql.func with 0 records
Found table mysql.plugin with 0 records
Found table mysql.help_topic with 709 records
Found table mysql.help_category with 51 records
Found table mysql.help_relation with 2249 records
Found table mysql.servers with 0 records
Found table mysql.tables_priv with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.help_keyword with 1029 records
Found table mysql.time_zone_name with 1703 records
Found table mysql.time_zone with 2074 records
Found table mysql.time_zone_transition with 126130 records
Found table mysql.time_zone_transition_type with 9518 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.general_log with 2 records
Found table mysql.slow_log with 2 records
Found table mysql.component with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.gtid_executed with 0 records
Found table mysql.replication_asynchronous_connection_failover with 0 records
Found table mysql.replication_asynchronous_connection_failover_managed with 0 records
Found table mysql.server_cost with 6 records
Found table mysql.engine_cost with 2 records
Found table mysql.proxies_priv with 1 records
Found table readme.WARNING with 1 records
Found table mysql.hcdtoc with 1 records
Found table mysql.itidah32 with 1 records
Found table PLEASE_READ_ME_XMG.WARNING with 1 records

Found on 2021-07-07 08:13

7.9 MBytes 143587 rows

Create report

Open service 134.122.67.170:443

2024-06-14 03:04

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 14 Jun 2024 03:04:45 GMT
Content-Type: text/html
Content-Length: 1703
Last-Modified: Wed, 08 May 2024 12:21:54 GMT
Connection: close
ETag: "663b6e62-6a7"
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Content-Security-Policy: default-src 'self'; script-src 'self' blob: https://downloads-global.3cx.com https://127.0.0.1:32018 'sha256-RCMl7PJ3K2nMoGZppLZeArO5M70Pbu1k+t6RIHZO7gE=' 'sha256-v6MhWrgXnOZrJTw+mK9MqEYevK8vvSmRZFjINsy76Mw=' 'sha256-Tui7QoFlnLXkJCSl1/JvEZdIXTmBttnWNxzJpXomQjg='; worker-src 'self' blob:; connect-src 'self' https://wmr-cdn.3cx.net https://downloads-global.3cx.com https://www.gravatar.com https://127.0.0.1:32018 https://platform-lookaside.fbsbx.com ws: wss:; img-src * data: blob:; frame-src 'self' docs.3cx.cloud tcx+app:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; media-src 'self' data:; object-src 'none'; form-action 'self'; base-uri 'self'
Strict-Transport-Security: max-age=15768000
Referrer-Policy: no-referrer
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: credentialless
Cache-Control: no-cache
Permissions-Policy: geolocation=(),accelerometer=(),gamepad=(),magnetometer=(),midi=(),payment=(),serial=(),xr-spatial-tracking=()
Accept-Ranges: bytes

Page title: 3CX Webclient

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta http-equiv="x-ua-compatible" content="ie=edge">
  <meta name="theme-color" content="#363535">
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.6, minimum-scale=1.0">
  <meta name="description" content="3CX">
  <title>3CX Webclient</title>

    <style media="screen" type="text/css">
        .loading {
            opacity: 1;
            position: fixed;
            height: 100%;
            width: 100%;
            top: 0;
            left: 0;
            background-color: var(--bg-tertiary, #363535);
            z-index: 1100;
        }
        .loading-finished {
            transition: opacity .3s, z-index .3s;
            opacity: 0;
            z-index: -1;
        }
        .loading img {
            position:absolute;
            top:0;
            left:0;
            right:0;
            bottom:0;
            margin:auto;
        }
    </style>

  <!-- CSS will be injected by webpack here -->
  <!-- Preload link tags will be injected by webpack here -->
  <link rel="manifest" href="manifest.webmanifest">
  <link rel="apple-touch-icon" href="assets/manifest/icon_192x192.png">
<link rel="stylesheet" href="styles.824513c1de9f464f.css"></head>

<body>

  <app>
  </app>

<div class="loading" id="splash-screen">
    <img src="assets/img/logo.png">
</div>

  <!-- Scripts will be injected by webpack here -->
<script src="runtime.3f19ce339f409ac9.js" type="module"></script><script src="polyfills.0cfb4cfed7fb04eb.js" type="module"></script><script src="vendor.06c4a6b6703bc320.js" type="module"></script><script src="main.2251acee3604078d.js" type="module"></script></body>
</html>

Found 2024-06-14 by HttpPlugin

Create report

Open service 134.122.67.170:443

2024-06-02 11:45

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Jun 2024 11:45:55 GMT
Content-Type: text/html
Content-Length: 1703
Last-Modified: Wed, 08 May 2024 12:21:54 GMT
Connection: close
ETag: "663b6e62-6a7"
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Content-Security-Policy: default-src 'self'; script-src 'self' blob: https://downloads-global.3cx.com https://127.0.0.1:32018 'sha256-RCMl7PJ3K2nMoGZppLZeArO5M70Pbu1k+t6RIHZO7gE=' 'sha256-v6MhWrgXnOZrJTw+mK9MqEYevK8vvSmRZFjINsy76Mw=' 'sha256-Tui7QoFlnLXkJCSl1/JvEZdIXTmBttnWNxzJpXomQjg='; worker-src 'self' blob:; connect-src 'self' https://wmr-cdn.3cx.net https://downloads-global.3cx.com https://www.gravatar.com https://127.0.0.1:32018 https://platform-lookaside.fbsbx.com ws: wss:; img-src * data: blob:; frame-src 'self' docs.3cx.cloud tcx+app:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; media-src 'self' data:; object-src 'none'; form-action 'self'; base-uri 'self'
Strict-Transport-Security: max-age=15768000
Referrer-Policy: no-referrer
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: credentialless
Cache-Control: no-cache
Permissions-Policy: geolocation=(),accelerometer=(),gamepad=(),magnetometer=(),midi=(),payment=(),serial=(),xr-spatial-tracking=()
Accept-Ranges: bytes

Page title: 3CX Webclient

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta http-equiv="x-ua-compatible" content="ie=edge">
  <meta name="theme-color" content="#363535">
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.6, minimum-scale=1.0">
  <meta name="description" content="3CX">
  <title>3CX Webclient</title>

    <style media="screen" type="text/css">
        .loading {
            opacity: 1;
            position: fixed;
            height: 100%;
            width: 100%;
            top: 0;
            left: 0;
            background-color: var(--bg-tertiary, #363535);
            z-index: 1100;
        }
        .loading-finished {
            transition: opacity .3s, z-index .3s;
            opacity: 0;
            z-index: -1;
        }
        .loading img {
            position:absolute;
            top:0;
            left:0;
            right:0;
            bottom:0;
            margin:auto;
        }
    </style>

  <!-- CSS will be injected by webpack here -->
  <!-- Preload link tags will be injected by webpack here -->
  <link rel="manifest" href="manifest.webmanifest">
  <link rel="apple-touch-icon" href="assets/manifest/icon_192x192.png">
<link rel="stylesheet" href="styles.824513c1de9f464f.css"></head>

<body>

  <app>
  </app>

<div class="loading" id="splash-screen">
    <img src="assets/img/logo.png">
</div>

  <!-- Scripts will be injected by webpack here -->
<script src="runtime.3f19ce339f409ac9.js" type="module"></script><script src="polyfills.0cfb4cfed7fb04eb.js" type="module"></script><script src="vendor.06c4a6b6703bc320.js" type="module"></script><script src="main.2251acee3604078d.js" type="module"></script></body>
</html>

Found 2024-06-02 by HttpPlugin

Create report

dicash.on3cx.de

Fingerprint:

a828726128467d24e193dcb14f74cbcb042d37766e3abb15a50b90ed79ec18e3

CN:

dicash.on3cx.de

Key:

RSA-2048

Issuer:

Not before:

2024-04-19 09:40

Not after:

2024-07-18 09:40

Data leak

Size

8.0 MB

Collections

Rows

143593

Domain summary

No record