Host 18.176.95.84
Japan
Software information
nginx
tcp/443 tcp/80
nginx 1.25.4
tcp/443 tcp/80
-
MySQL is publicly available
MySQL is currently open without authentication.
Additionally a ransom note has been found in the dataset which indicates it has been compromised
This results in all the database data made available publicly.
First seen 2023-10-16 13:54
Last seen 2024-06-17 20:17
Open for 245 days-
Severity: critical
Fingerprint: cf350410ecceb5fd7897a45d5313a3d33cbe119ee2e6b8abd8e12d3f9c6e7000Databases: 43, row count: 141170, size: 8.0 MB Found table RECOVER_YOUR_DATA.RECOVER_YOUR_DATA with 2 records Found table mysql.columns_priv with 0 records Found table mysql.component with 0 records Found table mysql.db with 2 records Found table mysql.default_roles with 0 records Found table mysql.engine_cost with 2 records Found table mysql.func with 0 records Found table mysql.general_log with 2 records Found table mysql.global_grants with 101 records Found table mysql.gtid_executed with 0 records Found table mysql.help_category with 53 records Found table mysql.help_keyword with 939 records Found table mysql.help_relation with 2633 records Found table mysql.help_topic with 683 records Found table mysql.innodb_index_stats with 35 records Found table mysql.innodb_table_stats with 7 records Found table mysql.ndb_binlog_index with 0 records Found table mysql.password_history with 0 records Found table mysql.plugin with 0 records Found table mysql.procs_priv with 0 records Found table mysql.proxies_priv with 1 records Found table mysql.replication_asynchronous_connection_failover with 0 records Found table mysql.replication_asynchronous_connection_failover_managed with 0 records Found table mysql.replication_group_configuration_version with 1 records Found table mysql.replication_group_member_actions with 2 records Found table mysql.role_edges with 0 records Found table mysql.server_cost with 6 records Found table mysql.servers with 0 records Found table mysql.slave_master_info with 0 records Found table mysql.slave_relay_log_info with 0 records Found table mysql.slave_worker_info with 0 records Found table mysql.slow_log with 2 records Found table mysql.tables_priv with 2 records Found table mysql.time_zone with 1826 records Found table mysql.time_zone_leap_second with 0 records Found table mysql.time_zone_name with 2160 records Found table mysql.time_zone_transition with 122161 records Found table mysql.time_zone_transition_type with 10529 records Found table mysql.user with 5 records Found table runaway.converters with 1 records Found table runaway.doctrine_migration_versions with 4 records Found table runaway.task_states with 5 records Found table runaway.tasks with 6 records
Found on 2024-06-17 20:178.0 MBytes 141170 rows -
Severity: high
Fingerprint: cf350410ecceb5fdd893208b6bcdb781de34accdd572df14f3189365c85da57aDatabases: 55, row count: 143172, size: 8.3 MB Found table jam.activity_log with 0 records Found table jam.container with 230 records Found table jam.container_type with 3 records Found table jam.design with 72 records Found table jam.email with 0 records Found table jam.internal_lot with 0 records Found table jam.manufacturing with 64 records Found table jam.manufacturing_item with 72 records Found table jam.material with 146 records Found table jam.migration_versions with 67 records Found table jam.option_manufacturing_item with 68 records Found table jam.order_summary with 18 records Found table jam.outsource with 0 records Found table jam.outsource_for_manufacturing with 0 records Found table jam.outsource_item with 0 records Found table jam.outsource_payment with 0 records Found table jam.outsource_payment_item with 0 records Found table jam.outsourced_worker with 5 records Found table jam.outsourced_worker_material_preset with 0 records Found table jam.reserve_type with 3 records Found table jam.shipping_unit with 21 records Found table jam.transportation_means with 3 records Found table jam.user with 0 records Found table jam.work with 81 records Found table mysql.columns_priv with 0 records Found table mysql.db with 2 records Found table mysql.engine_cost with 2 records Found table mysql.event with 0 records Found table mysql.func with 0 records Found table mysql.general_log with 2 records Found table mysql.gtid_executed with 0 records Found table mysql.help_category with 50 records Found table mysql.help_keyword with 962 records Found table mysql.help_relation with 2460 records Found table mysql.help_topic with 536 records Found table mysql.innodb_index_stats with 239 records Found table mysql.innodb_table_stats with 26 records Found table mysql.ndb_binlog_index with 0 records Found table mysql.plugin with 0 records Found table mysql.proc with 48 records Found table mysql.procs_priv with 0 records Found table mysql.proxies_priv with 1 records Found table mysql.server_cost with 6 records Found table mysql.servers with 0 records Found table mysql.slave_master_info with 0 records Found table mysql.slave_relay_log_info with 0 records Found table mysql.slave_worker_info with 0 records Found table mysql.slow_log with 2 records Found table mysql.tables_priv with 2 records Found table mysql.time_zone with 1539 records Found table mysql.time_zone_leap_second with 0 records Found table mysql.time_zone_name with 1672 records Found table mysql.time_zone_transition with 125248 records Found table mysql.time_zone_transition_type with 9518 records Found table mysql.user with 4 records
Found on 2023-10-16 13:548.3 MBytes 143172 rows
-
-
Symfony developement panel enabled
The application has Symfony profiling enabled.
It enables an attacker to access the following sensitive content :
- System configuration
- Request log, including POST request with credentials and/or api keys
IP: 18.176.95.84
Domain: jamtest.dev.secondpress.us
Port: 443
URL: https://jamtest.dev.secondpress.us/_profiler/empty/search/resultsFirst seen 2023-09-22 06:47
Last seen 2024-03-28 07:41
Open for 188 days-
Fingerprint: 407cf4363b0e62fafca67e074d74cd214d74cd214d74cd214d74cd214d74cd21
Symfony profiler enabled: https://jamtest.dev.secondpress.us/_profiler/empty/search/results
Found on 2024-03-28 07:41
-
Open service 18.176.95.84:3306
2024-06-17 20:17
MySQL detected
Found 3 days ago by tcpidCreate report
-
Open service 18.176.95.84:80
2024-06-15 23:27
HTTP/1.1 503 Service Temporarily Unavailable Server: nginx Date: Sat, 15 Jun 2024 23:27:20 GMT Content-Type: text/html Content-Length: 592 Connection: close Page title: 503 Service Temporarily Unavailable <html> <head><title>503 Service Temporarily Unavailable</title></head> <body> <center><h1>503 Service Temporarily Unavailable</h1></center> <hr><center>nginx</center> </body> </html> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page -->
Found 2024-06-15 by HttpPluginCreate report
-
Open service 18.176.95.84:3306
2024-06-15 14:30
MySQL detected
Found 2024-06-15 by tcpidCreate report
-
Open service 18.176.95.84:22
2024-06-13 10:45
Found 2024-06-13 by SSHOpenPluginCreate report
-
Open service 18.176.95.84:443
2024-06-13 06:03
HTTP/1.1 503 Service Temporarily Unavailable Server: nginx Date: Thu, 13 Jun 2024 06:03:08 GMT Content-Type: text/html Content-Length: 592 Connection: close Page title: 503 Service Temporarily Unavailable <html> <head><title>503 Service Temporarily Unavailable</title></head> <body> <center><h1>503 Service Temporarily Unavailable</h1></center> <hr><center>nginx</center> </body> </html> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page -->
Found 2024-06-13 by HttpPluginCreate report
-
Open service 18.176.95.84:80 · pekorunaway.dev.secondpress.us
2024-06-10 08:10
HTTP/1.1 302 Found Server: nginx/1.25.4 Date: Mon, 10 Jun 2024 08:10:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.6 Cache-Control: max-age=0, must-revalidate, private Location: /login X-Robots-Tag: noindex Expires: Mon, 10 Jun 2024 08:10:29 GMT Set-Cookie: PHPSESSID=e885616411514bca9e388771ceb6acfb; expires=Tue, 11 Jun 2024 08:10:29 GMT; Max-Age=86400; path=/; httponly; samesite=lax Page title: Redirecting to /login <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/login'" /> <title>Redirecting to /login</title> </head> <body> Redirecting to <a href="/login">/login</a>. </body> </html>Found 2024-06-10 by HttpPluginCreate report
-
Open service 18.176.95.84:443 · pekorunaway.dev.secondpress.us
2024-06-10 08:10
HTTP/1.1 302 Found Server: nginx/1.25.4 Date: Mon, 10 Jun 2024 08:10:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.6 Cache-Control: max-age=0, must-revalidate, private Location: /login X-Robots-Tag: noindex Expires: Mon, 10 Jun 2024 08:10:34 GMT Set-Cookie: PHPSESSID=d970564daa1ca3030288168691c68f70; expires=Tue, 11 Jun 2024 08:10:34 GMT; Max-Age=86400; path=/; httponly; samesite=lax Page title: Redirecting to /login <!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/login'" /> <title>Redirecting to /login</title> </head> <body> Redirecting to <a href="/login">/login</a>. </body> </html>Found 2024-06-10 by HttpPluginCreate report