Apache 2.4.54
tcp/80
Apache 2.4.53
tcp/8000
MySQL is currently open without authentication.
Additionally a ransom note has been found in the dataset which indicates it has been compromised
This results in all the database data made available publicly.
Severity: critical
Fingerprint: cf350410ecceb5fd8aa0cd9667fb29664c865317856fbf04398a6a0b42ad47c8
Databases: 32, row count: 128848, size: 8.2 MB Found table mysql.slow_log with 2 records Found table mysql.innodb_table_stats with 2 records Found table mysql.time_zone_name with 1787 records Found table mysql.time_zone_transition_type with 10003 records Found table mysql.global_priv with 4 records Found table mysql.time_zone_leap_second with 0 records Found table mysql.db with 1 records Found table mysql.event with 0 records Found table mysql.column_stats with 0 records Found table mysql.index_stats with 0 records Found table mysql.help_topic with 735 records Found table mysql.gtid_slave_pos with 0 records Found table mysql.innodb_index_stats with 7 records Found table mysql.proc with 50 records Found table mysql.roles_mapping with 0 records Found table mysql.user with 0 records Found table mysql.tables_priv with 1 records Found table mysql.table_stats with 0 records Found table mysql.help_relation with 36 records Found table mysql.servers with 0 records Found table mysql.columns_priv with 0 records Found table mysql.plugin with 0 records Found table mysql.help_category with 44 records Found table mysql.help_keyword with 16 records Found table mysql.time_zone with 1787 records Found table mysql.time_zone_transition with 114368 records Found table mysql.general_log with 2 records Found table mysql.proxies_priv with 1 records Found table mysql.transaction_registry with 0 records Found table mysql.func with 0 records Found table mysql.procs_priv with 0 records Found table README_TO_RECOVER_A.RECOVER_YOUR_DATA with 2 records
No description available
Fingerprint: 33fc8a384ee3c2e738e1ea3738e1ea37009ef99b22f1e08844969c8844969c88
Nuclei scan report for tags wordpress, php: CVE-2017-5487 : WordPress Core < 4.7.1 - Username Enumeration by Manas_Harsh,daffainfo ------------- wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
PHPinfo page has been found in this directory. The PHPinfo page outputs a large amount of information about the current state of PHP.
This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.
Environment variables may contain credentials.
Fingerprint: 2c44e2a6278fb0134173d6fa4b5c8d99162d97ab3818df3442a676fc721c3c17
Found PHP info page: _SERVER["USER"] = admin _SERVER["HOME"] = /home/admin _SERVER["FCGI_ROLE"] = RESPONDER _SERVER["REDIRECT_UNIQUE_ID"] = YLWOQHLBOEjS9EzpCFk9sgAAAMQ _SERVER["REDIRECT_SCRIPT_URL"] = /info.php _SERVER["REDIRECT_SCRIPT_URI"] = https://199.192.28.113/info.php _SERVER["REDIRECT_HTTPS"] = on _SERVER["REDIRECT_STATUS"] = 200 _SERVER["UNIQUE_ID"] = YLWOQHLBOEjS9EzpCFk9sgAAAMQ _SERVER["SCRIPT_URL"] = /info.php _SERVER["SCRIPT_URI"] = https://199.192.28.113/info.php _SERVER["HTTP_AUTHORIZATION"] = no value _SERVER["HTTPS"] = on _SERVER["proxy-nokeepalive"] = 1 _SERVER["HTTP_HOST"] = 199.192.28.113 _SERVER["HTTP_USER_AGENT"] = l9explore/1.0.0 _SERVER["HTTP_ACCEPT_ENCODING"] = gzip _SERVER["HTTP_CONNECTION"] = close _SERVER["HTTP_X_HTTPS"] = 1 _SERVER["PATH"] = /usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin _SERVER["SERVER_SIGNATURE"] = no value _SERVER["SERVER_SOFTWARE"] = Apache _SERVER["SERVER_NAME"] = 199.192.28.113 _SERVER["SERVER_ADDR"] = 199.192.28.113 _SERVER["SERVER_PORT"] = 443 _SERVER["REMOTE_ADDR"] = 167.71.13.196 _SERVER["DOCUMENT_ROOT"] = /home/admin/public_html _SERVER["REQUEST_SCHEME"] = https _SERVER["CONTEXT_PREFIX"] = no value _SERVER["CONTEXT_DOCUMENT_ROOT"] = /home/admin/public_html _SERVER["SERVER_ADMIN"] = webmaster@text-platform.com _SERVER["SCRIPT_FILENAME"] = /home/admin/public_html/app/webroot/info.php _SERVER["REMOTE_PORT"] = 55426 _SERVER["REDIRECT_URL"] = /info.php _SERVER["GATEWAY_INTERFACE"] = CGI/1.1 _SERVER["SERVER_PROTOCOL"] = HTTP/1.1 _SERVER["REQUEST_METHOD"] = GET _SERVER["QUERY_STRING"] = no value _SERVER["REQUEST_URI"] = /info.php _SERVER["SCRIPT_NAME"] = /app/webroot/info.php _SERVER["PHP_SELF"] = /app/webroot/info.php _SERVER["REQUEST_TIME_FLOAT"] = 1622511168.911 _SERVER["REQUEST_TIME"] = 1622511168 _SERVER["argv"] = Array ( ) _SERVER["argc"] = 0
Open service 199.192.28.113:3307
2024-09-15 23:51
MySQL detected
Open service 199.192.28.113:3307
2024-09-13 23:34
MySQL detected
Open service 199.192.28.113:3307
2024-09-12 01:09
MySQL detected
Open service 199.192.28.113:3307
2024-09-11 19:26
MySQL detected
Open service 199.192.28.113:22
2024-09-11 17:17
Open service 199.192.28.113:80
2024-09-10 09:58
HTTP/1.1 403 Forbidden Date: Tue, 10 Sep 2024 09:58:49 GMT Server: Apache/2.4.54 (Debian) Content-Length: 279 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 403 Forbidden <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access this resource.</p> <hr> <address>Apache/2.4.54 (Debian) Server at 199.192.28.113 Port 80</address> </body></html>
Open service 199.192.28.113:8000
2024-09-10 04:40
HTTP/1.1 200 OK Date: Tue, 10 Sep 2024 04:40:47 GMT Server: Apache/2.4.53 (Debian) X-Powered-By: PHP/8.0.19 Set-Cookie: phpMyAdmin=6d56084dab0617016ac85492ea823d80; path=/; HttpOnly; SameSite=Strict Expires: Tue, 10 Sep 2024 04:40:47 +0000 Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0 Last-Modified: Tue, 10 Sep 2024 04:40:47 +0000 Set-Cookie: phpMyAdmin=6d56084dab0617016ac85492ea823d80; path=/; HttpOnly; SameSite=Strict Set-Cookie: pma_lang=en; expires=Thu, 10-Oct-2024 04:40:47 GMT; Max-Age=2592000; path=/; HttpOnly; SameSite=Strict Set-Cookie: phpMyAdmin=7c1def53dc8450595d08d7813d9c11b2; path=/; HttpOnly; SameSite=Strict X-ob_mode: 1 X-Frame-Options: DENY Referrer-Policy: no-referrer Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; X-WebKit-CSP: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Robots-Tag: noindex, nofollow Pragma: no-cache Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Page title: phpMyAdmin <!doctype html> <html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="referrer" content="no-referrer"> <meta name="robots" content="noindex,nofollow"> <style id="cfs-style">html{display: none;}</style> <link rel="icon" href="favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"> <link rel="stylesheet" type="text/css" href="./themes/pmahomme/jquery/jquery-ui.css"> <link rel="stylesheet" type="text/css" href="js/vendor/codemirror/lib/codemirror.css?v=5.2.0"> <link rel="stylesheet" type="text/css" href="js/vendor/codemirror/addon/hint/show-hint.css?v=5.2.0"> <link rel="stylesheet" type="text/css" href="js/vendor/codemirror/addon/lint/lint.css?v=5.2.0"> <link rel="stylesheet" type="text/css" href="./themes/pmahomme/css/theme.css?v=5.2.0"> <title>phpMyAdmin</title> <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.min.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery-migrate.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/sprintf.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/ajax.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/keyhandler.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery-ui.min.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/name-conflict-fixes.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/bootstrap/bootstrap.bundle.min.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/js.cookie.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.validate.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery-ui-timepicker-addon.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.debounce-1.0.6.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/menu_resizer.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/cross_framing_protection.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/messages.php?l=en&v=5.2.0&lang=en"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/config.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/doclinks.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/functions.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/navigation.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/indexes.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/common.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/page_settings.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/lib/codemirror.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/mode/sql/sql.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/addon/runmode/runmode.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/addon/hint/show-hint.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/addon/hint/sql-hint.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/addon/lint/lint.js?v=5.2.0"></script> <script data-cfasync="false" type="text/javascript" src="js/dist/codemirror/addon/lint/sql-lint.js?v=5.2.0"></script>
Open service 199.192.28.113:3307
2024-09-09 23:04
MySQL detected
Open service 199.192.28.113:3307
2024-09-07 22:26
MySQL detected
Open service 199.192.28.113:3307
2024-08-17 22:47
MySQL detected
Open service 199.192.28.113:3307
2024-08-15 20:05
MySQL detected
Open service 199.192.28.113:3307
2024-08-11 23:15
MySQL detected
Open service 199.192.28.113:3307
2024-08-09 23:10
MySQL detected
Open service 199.192.28.113:3307
2024-08-07 20:09
MySQL detected