LeakIX - Host 199.192.28.113

Host 199.192.28.113

United States

NAMECHEAP-NET

debian-linux-gnu x86_64

Software information

Apache Apache 2.4.54

tcp/80

Apache Apache 2.4.53

tcp/8000

MySQL is publicly available

MySQL is currently open without authentication.

Additionally a ransom note has been found in the dataset which indicates it has been compromised

This results in all the database data made available publicly.

IP: 199.192.28.113
Port: 3307

First seen 2024-07-17 03:02
Last seen 2024-09-19 23:39
Open for 64 days

Severity: critical
Fingerprint: cf350410ecceb5fd8aa0cd9667fb29664c865317856fbf04398a6a0b42ad47c8

Databases: 32, row count: 128848, size: 8.2 MB
Found table mysql.slow_log with 2 records
Found table mysql.innodb_table_stats with 2 records
Found table mysql.time_zone_name with 1787 records
Found table mysql.time_zone_transition_type with 10003 records
Found table mysql.global_priv with 4 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.db with 1 records
Found table mysql.event with 0 records
Found table mysql.column_stats with 0 records
Found table mysql.index_stats with 0 records
Found table mysql.help_topic with 735 records
Found table mysql.gtid_slave_pos with 0 records
Found table mysql.innodb_index_stats with 7 records
Found table mysql.proc with 50 records
Found table mysql.roles_mapping with 0 records
Found table mysql.user with 0 records
Found table mysql.tables_priv with 1 records
Found table mysql.table_stats with 0 records
Found table mysql.help_relation with 36 records
Found table mysql.servers with 0 records
Found table mysql.columns_priv with 0 records
Found table mysql.plugin with 0 records
Found table mysql.help_category with 44 records
Found table mysql.help_keyword with 16 records
Found table mysql.time_zone with 1787 records
Found table mysql.time_zone_transition with 114368 records
Found table mysql.general_log with 2 records
Found table mysql.proxies_priv with 1 records
Found table mysql.transaction_registry with 0 records
Found table mysql.func with 0 records
Found table mysql.procs_priv with 0 records
Found table README_TO_RECOVER_A.RECOVER_YOUR_DATA with 2 records

Found on 2024-09-19 23:39

8.2 MBytes 128848 rows

Create report

Leak detected by NucleiPlugin

No description available

IP: 199.192.28.113
Port: 443
URL: https://199.192.28.113

First seen 2021-06-30 03:42
Last seen 2021-07-01 23:47
Open for 1 days

Fingerprint: 33fc8a384ee3c2e738e1ea3738e1ea37009ef99b22f1e08844969c8844969c88

Nuclei scan report for tags wordpress, php:

CVE-2017-5487 : WordPress Core < 4.7.1 - Username Enumeration by Manas_Harsh,daffainfo
-------------
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.

Found on 2021-06-30 03:42

Create report

Found php information file

PHPinfo page has been found in this directory. The PHPinfo page outputs a large amount of information about the current state of PHP.

This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.

Environment variables may contain credentials.

https://www.acunetix.com/vulnerabilities/web/phpinfo-page/

IP: 199.192.28.113
Port: 443
URL: https://199.192.28.113/info.php

First seen 2021-06-01 01:32

Fingerprint: 2c44e2a6278fb0134173d6fa4b5c8d99162d97ab3818df3442a676fc721c3c17

Found PHP info page:
_SERVER["USER"] = admin
_SERVER["HOME"] = /home/admin
_SERVER["FCGI_ROLE"] = RESPONDER
_SERVER["REDIRECT_UNIQUE_ID"] = YLWOQHLBOEjS9EzpCFk9sgAAAMQ
_SERVER["REDIRECT_SCRIPT_URL"] = /info.php
_SERVER["REDIRECT_SCRIPT_URI"] = https://199.192.28.113/info.php
_SERVER["REDIRECT_HTTPS"] = on
_SERVER["REDIRECT_STATUS"] = 200
_SERVER["UNIQUE_ID"] = YLWOQHLBOEjS9EzpCFk9sgAAAMQ
_SERVER["SCRIPT_URL"] = /info.php
_SERVER["SCRIPT_URI"] = https://199.192.28.113/info.php
_SERVER["HTTP_AUTHORIZATION"] = no value
_SERVER["HTTPS"] = on
_SERVER["proxy-nokeepalive"] = 1
_SERVER["HTTP_HOST"] = 199.192.28.113
_SERVER["HTTP_USER_AGENT"] = l9explore/1.0.0
_SERVER["HTTP_ACCEPT_ENCODING"] = gzip
_SERVER["HTTP_CONNECTION"] = close
_SERVER["HTTP_X_HTTPS"] = 1
_SERVER["PATH"] = /usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin
_SERVER["SERVER_SIGNATURE"] = no value
_SERVER["SERVER_SOFTWARE"] = Apache
_SERVER["SERVER_NAME"] = 199.192.28.113
_SERVER["SERVER_ADDR"] = 199.192.28.113
_SERVER["SERVER_PORT"] = 443
_SERVER["REMOTE_ADDR"] = 167.71.13.196
_SERVER["DOCUMENT_ROOT"] = /home/admin/public_html
_SERVER["REQUEST_SCHEME"] = https
_SERVER["CONTEXT_PREFIX"] = no value
_SERVER["CONTEXT_DOCUMENT_ROOT"] = /home/admin/public_html
_SERVER["SERVER_ADMIN"] = webmaster@text-platform.com
_SERVER["SCRIPT_FILENAME"] = /home/admin/public_html/app/webroot/info.php
_SERVER["REMOTE_PORT"] = 55426
_SERVER["REDIRECT_URL"] = /info.php
_SERVER["GATEWAY_INTERFACE"] = CGI/1.1
_SERVER["SERVER_PROTOCOL"] = HTTP/1.1
_SERVER["REQUEST_METHOD"] = GET
_SERVER["QUERY_STRING"] = no value
_SERVER["REQUEST_URI"] = /info.php
_SERVER["SCRIPT_NAME"] = /app/webroot/info.php
_SERVER["PHP_SELF"] = /app/webroot/info.php
_SERVER["REQUEST_TIME_FLOAT"] = 1622511168.911
_SERVER["REQUEST_TIME"] = 1622511168
_SERVER["argv"] = Array
(
)
_SERVER["argc"] = 0

Found on 2021-06-01 01:32

Create report

Open service 199.192.28.113:3307

2024-09-15 23:51
```
MySQL detected
```
Found 2024-09-15 by tcpid
Create report
Open service 199.192.28.113:3307

2024-09-13 23:34
```
MySQL detected
```
Found 2024-09-13 by tcpid
Create report
Open service 199.192.28.113:3307

2024-09-12 01:09
```
MySQL detected
```
Found 2024-09-12 by tcpid
Create report
Open service 199.192.28.113:3307

2024-09-11 19:26
```
MySQL detected
```
Found 2024-09-11 by tcpid
Create report
Open service 199.192.28.113:22

2024-09-11 17:17
Found 2024-09-11 by SSHOpenPlugin
Create report

Open service 199.192.28.113:80

2024-09-10 09:58

HTTP/1.1 403 Forbidden
Date: Tue, 10 Sep 2024 09:58:49 GMT
Server: Apache/2.4.54 (Debian)
Content-Length: 279
Connection: close
Content-Type: text/html; charset=iso-8859-1

Page title: 403 Forbidden

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.54 (Debian) Server at 199.192.28.113 Port 80</address>
</body></html>

Found 2024-09-10 by HttpPlugin

Create report

Open service 199.192.28.113:8000

2024-09-10 04:40

HTTP/1.1 200 OK
Date: Tue, 10 Sep 2024 04:40:47 GMT
Server: Apache/2.4.53 (Debian)
X-Powered-By: PHP/8.0.19
Set-Cookie: phpMyAdmin=6d56084dab0617016ac85492ea823d80; path=/; HttpOnly; SameSite=Strict
Expires: Tue, 10 Sep 2024 04:40:47 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Tue, 10 Sep 2024 04:40:47 +0000
Set-Cookie: phpMyAdmin=6d56084dab0617016ac85492ea823d80; path=/; HttpOnly; SameSite=Strict
Set-Cookie: pma_lang=en; expires=Thu, 10-Oct-2024 04:40:47 GMT; Max-Age=2592000; path=/; HttpOnly; SameSite=Strict
Set-Cookie: phpMyAdmin=7c1def53dc8450595d08d7813d9c11b2; path=/; HttpOnly; SameSite=Strict
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Page title: phpMyAdmin

<!doctype html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <meta name="referrer" content="no-referrer">
  <meta name="robots" content="noindex,nofollow">
  <style id="cfs-style">html{display: none;}</style>
  <link rel="icon" href="favicon.ico" type="image/x-icon">
  <link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
  <link rel="stylesheet" type="text/css" href="./themes/pmahomme/jquery/jquery-ui.css">
  <link rel="stylesheet" type="text/css" href="js/vendor/codemirror/lib/codemirror.css?v=5.2.0">
  <link rel="stylesheet" type="text/css" href="js/vendor/codemirror/addon/hint/show-hint.css?v=5.2.0">
  <link rel="stylesheet" type="text/css" href="js/vendor/codemirror/addon/lint/lint.css?v=5.2.0">
  <link rel="stylesheet" type="text/css" href="./themes/pmahomme/css/theme.css?v=5.2.0">
  <title>phpMyAdmin</title>
    <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.min.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery-migrate.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/sprintf.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/ajax.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/keyhandler.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery-ui.min.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/name-conflict-fixes.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/bootstrap/bootstrap.bundle.min.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/js.cookie.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.validate.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery-ui-timepicker-addon.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/jquery/jquery.debounce-1.0.6.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/menu_resizer.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/cross_framing_protection.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/messages.php?l=en&v=5.2.0&lang=en"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/config.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/doclinks.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/functions.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/navigation.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/indexes.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/common.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/page_settings.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/lib/codemirror.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/mode/sql/sql.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/addon/runmode/runmode.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/addon/hint/show-hint.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/addon/hint/sql-hint.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/vendor/codemirror/addon/lint/lint.js?v=5.2.0"></script>
  <script data-cfasync="false" type="text/javascript" src="js/dist/codemirror/addon/lint/sql-lint.js?v=5.2.0"></script>

Found 2024-09-10 by HttpPlugin

Create report

Open service 199.192.28.113:3307

2024-09-09 23:04
```
MySQL detected
```
Found 2024-09-09 by tcpid
Create report
Open service 199.192.28.113:3307

2024-09-07 22:26
```
MySQL detected
```
Found 2024-09-07 by tcpid
Create report
Open service 199.192.28.113:3307

2024-08-17 22:47
```
MySQL detected
```
Found 2024-08-17 by tcpid
Create report
Open service 199.192.28.113:3307

2024-08-15 20:05
```
MySQL detected
```
Found 2024-08-15 by tcpid
Create report
Open service 199.192.28.113:3307

2024-08-11 23:15
```
MySQL detected
```
Found 2024-08-11 by tcpid
Create report
Open service 199.192.28.113:3307

2024-08-09 23:10
```
MySQL detected
```
Found 2024-08-09 by tcpid
Create report
Open service 199.192.28.113:3307

2024-08-07 20:09
```
MySQL detected
```
Found 2024-08-07 by tcpid
Create report

Data leak

Size

8.2 MB

Collections

Rows

128848

Domain summary

No record