LeakIX - Host 161.97.96.21

Host 161.97.96.21

Germany

Contabo GmbH

Ubuntu 20.04.4 LTS 6.5.7-x64v3-xanmod1

SSH is potenitally vulnerable

WARNING: This plugin will generate false positive and is purely informative:

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)

IP: 161.97.96.21
Port: 22

First seen 2024-07-03 18:15
Last seen 2024-08-05 23:17
Open for 33 days
- Severity: info
  Fingerprint: 3f43e0ebb5dce37ab8b59eb563aa8aacd8f3bb51d8f3bb51d8f3bb51d8f3bb51
```
Found potentially vulnerable SSH version:
SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
WARNING, RISK IS ESTIMATED FALSE POSITIVE ARE LIKELY
```
  Found on 2024-08-05 23:17
Create report

MongoDB is publicly available

MongoDB is currently open without authentication.

This results in all the database data made available publicly.

IP: 161.97.96.21
Port: 27017
URL: http://161.97.96.21:27017

First seen 2024-01-18 05:53
Last seen 2024-08-05 20:41
Open for 200 days

Severity: medium
Fingerprint: 436d217a47ab4258e084be0e164157f0e806268a435e6bb8fc3c905f9b11d4f4

Collections: 3, document count: 2, size: 438 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (379 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 0 documents (0 B)

Found on 2024-08-05 20:41

438 Bytes 2 rows

Severity: medium
Fingerprint: 436d217a47ab4258646bf6702d4742a2e67c2bc4f019d0d640633e89cdc64e60

Collections: 3, document count: 2, size: 436 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (377 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 0 documents (0 B)

Found on 2024-08-04 03:26

436 Bytes 2 rows

Severity: medium
Fingerprint: 436d217a47ab4258068738f79ff80ddffa51e633ad83fab9e0edf80638d633bb

Collections: 3, document count: 2, size: 439 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (380 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 0 documents (0 B)

Found on 2024-08-02 00:36

439 Bytes 2 rows

Severity: medium
Fingerprint: 436d217a47ab425871d9e9db5d919e93d6ef751f0ab6066dcb5062a2b2a9f0ca

Collections: 3, document count: 2, size: 440 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (381 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 0 documents (0 B)

Found on 2024-07-01 22:19

440 Bytes 2 rows

Severity: medium
Fingerprint: 436d217a47ab425893b405d5a2cea90d7531a469a28286230f151054fb7c181b

Collections: 3, document count: 3, size: 539 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (381 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 1 documents (99 B)

Found on 2024-06-23 22:12

539 Bytes 3 rows

Severity: medium
Fingerprint: 436d217a47ab4258fc75df94e9b383964ce909204e6f39da5748fae5dae2ada0

Collections: 3, document count: 2, size: 432 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (373 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 0 documents (0 B)

Found on 2024-06-17 19:59

432 Bytes 2 rows

Severity: medium
Fingerprint: 436d217a47ab4258e351092676fcaae8112181c2ab02ec00e2760ed7da24a4ea

Collections: 3, document count: 4, size: 630 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (373 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 2 documents (198 B)

Found on 2024-06-09 21:38

630 Bytes 4 rows

Severity: medium
Fingerprint: 436d217a47ab4258f95fe025449c003d59fd5d9988141f1346241d44aa3ad2cd

Collections: 3, document count: 6, size: 828 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (373 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 4 documents (396 B)

Found on 2024-05-12 18:20

828 Bytes 6 rows

Severity: medium
Fingerprint: 436d217a47ab4258555878dde4d2e695ecbb0e91438966fb6f2f56bcfe907316

Collections: 3, document count: 4, size: 633 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (376 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 2 documents (198 B)

Found on 2024-04-18 19:00

633 Bytes 4 rows

Severity: medium
Fingerprint: 436d217a47ab42587e69e0cb2efce52319e3286f62a5987dc924bef21375fe64

Collections: 3, document count: 2, size: 435 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (376 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 0 documents (0 B)

Found on 2024-04-10 14:52

435 Bytes 2 rows

Severity: medium
Fingerprint: 436d217a47ab42586f5662b4b118a2b6eaab9a00c0d9753aaabc7a451deb5202

Collections: 3, document count: 4, size: 632 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (375 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 2 documents (198 B)

Found on 2024-03-21 10:32

632 Bytes 4 rows

Severity: medium
Fingerprint: 436d217a47ab42580953838fba6a859751c7c60b3f3286611359313ea5142c76

Collections: 3, document count: 4, size: 631 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (374 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 2 documents (198 B)

Found on 2024-03-08 04:46

631 Bytes 4 rows

Severity: medium
Fingerprint: 436d217a47ab4258b1985e162144de78029d6c1259632d50a2563067b850f528

Collections: 3, document count: 3, size: 532 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (374 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 1 documents (99 B)

Found on 2024-03-07 15:54

532 Bytes 3 rows

Severity: medium
Fingerprint: 436d217a47ab42586278bebdd2164f75e41e1731e8ed331b78573d5c118ff400

Collections: 3, document count: 2, size: 433 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (374 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 0 documents (0 B)

Found on 2024-03-06 18:33

433 Bytes 2 rows

Severity: medium
Fingerprint: 436d217a47ab4258d35d65bc1284269e300e38888dff77b2e82df2ad7d4b348d

Collections: 3, document count: 6, size: 829 B
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85


It looks like you are trying to access MongoDB over HTTP on the native driver port.
Found collection READ__ME_TO_RECOVER_YOUR_DATA.README  with 1 documents (374 B)
Found collection admin.system.version  with 1 documents (59 B)
Found collection config.system.sessions  with 4 documents (396 B)

Found on 2024-02-16 03:20

829 Bytes 6 rows

Create report

ElasticSearch is publicly available

Elasticsearch and/or Kibana is currently open without authentication.

This results in all the database data made available publicly.

IP: 161.97.96.21
Port: 5601
URL: http://161.97.96.21:5601

First seen 2024-01-10 16:17
- Severity: high
  Fingerprint: 831cb76b8e05df46e9b27a76c9c64b06ddf6400c5621f8814c58d9ba4c58d9ba
```
Indices: 3, document count: 67, size: 40.5 MB
Through Kibana endpoint
Found index .geoip_databases with 41 documents (40.4 MB)
Found index read-me with 1 documents (4.5 kB)
Found index curieaccesslog with 25 documents (79.4 kB)
```
  Found on 2024-01-10 16:17
  
  40.5 MBytes 67 rows
Create report

ElasticSearch is publicly available

Elasticsearch and/or Kibana is currently open without authentication.

Additionaly a ransom note has been found in the dataset which indicates it has been compromised

This results in all the database data made available publicly.

IP: 161.97.96.21
Port: 9200
URL: http://161.97.96.21:9200

First seen 2023-11-08 19:23
Last seen 2024-01-06 22:12
Open for 59 days

Severity: high
Fingerprint: 831cb76b8e05df466b2d6bd05a2984463a7ea5d352796a6852796a6852796a68

Indices: 3, document count: 50, size: 40.5 MB
Found index .geoip_databases with 41 documents (40.4 MB)
Found index read-me with 1 documents (4.5 kB)
Found index curieaccesslog with 8 documents (92.4 kB)

Found on 2024-01-06 22:12

40.5 MBytes 50 rows

Severity: high
Fingerprint: 831cb76b8e05df46f72ddb6535416a071e97aa9cd32ba07cd32ba07cd32ba07c

Indices: 3, document count: 44, size: 40.5 MB
Found index .geoip_databases with 41 documents (40.4 MB)
Found index read-me with 1 documents (4.5 kB)
Found index curieaccesslog with 2 documents (23.3 kB)

Found on 2024-01-05 14:16

40.5 MBytes 44 rows

Severity: high
Fingerprint: 831cb76b8e05df464dabae970371bd3280324b738fb8b4d88fb8b4d88fb8b4d8

Indices: 3, document count: 335, size: 41.9 MB
Found index .geoip_databases with 42 documents (41.5 MB)
Found index curieaccesslog-2023.12.12-000001 with 292 documents (400.4 kB)
Found index read-me with 1 documents (4.5 kB)

Found on 2023-12-23 19:38

41.9 MBytes 335 rows

Severity: high
Fingerprint: 831cb76b8e05df4628a66f7a58dae9dd8d0c897d996277ab71757b6b66916ecd

Indices: 8, document count: 136, size: 82.9 MB
Found index .geoip_databases with 41 documents (41.0 MB)
Found index .apm-custom-link with 0 documents (226 B)
Found index .kibana_task_manager_7.17.6_001 with 17 documents (39.4 MB)
Found index .apm-agent-configuration with 0 documents (226 B)
Found index read-me with 1 documents (4.5 kB)
Found index curieaccesslog with 63 documents (68.4 kB)
Found index .kibana_7.17.6_001 with 13 documents (2.5 MB)
Found index .kibana_1 with 1 documents (7.1 kB)

Found on 2023-12-11 11:43

82.9 MBytes 136 rows

Severity: medium
Fingerprint: 831cb76b8e05df467d4e69ca3b923ac8013550edb4230617b4230617b4230617

Indices: 3, document count: 65, size: 42.5 MB
Found index .geoip_databases with 40 documents (42.3 MB)
Found index read_me_to_restore_base with 1 documents (4.6 kB)
Found index curieaccesslog with 24 documents (119.9 kB)

Found on 2023-11-16 17:31

42.5 MBytes 65 rows

Severity: medium
Fingerprint: 831cb76b8e05df4651c762de43e2857cccf5184746e2bffe46e2bffe46e2bffe

Indices: 3, document count: 41, size: 39.5 MB
Found index .geoip_databases with 40 documents (39.5 MB)
Found index read_me_to_restore_data with 1 documents (4.7 kB)
Found index curieaccesslog with 0 documents (226 B)

Found on 2023-11-08 19:23

39.5 MBytes 41 rows

Create report

Data leak

Size

41.9 MB

Collections

Rows

335

Domain summary

No record

Host 161.97.96.21

Germany

SSH is potenitally vulnerable

MongoDB is publicly available

ElasticSearch is publicly available

ElasticSearch is publicly available

Data leak

Domain summary