LeakIX - Host 206.189.1.146

Host 206.189.1.146

The Netherlands

DIGITALOCEAN-ASN

Linux x86_64

Software information

nginx nginx 1.24.0

tcp/443 tcp/80

SSH is potenitally vulnerable

WARNING: This plugin will generate false positive and is purely informative:

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)

IP: 206.189.1.146
Port: 22

First seen 2024-07-03 21:33
Last seen 2024-09-19 21:39
Open for 78 days
- Severity: info
  Fingerprint: 3f43e0ebb5dce37ab8b59eb548797adcd8eb91e1d8eb91e1d8eb91e1d8eb91e1
```
Found potentially vulnerable SSH version:
SSH-2.0-OpenSSH_8.9p1
WARNING, RISK IS ESTIMATED FALSE POSITIVE ARE LIKELY
```
  Found on 2024-09-19 21:39
Create report

MySQL is publicly available

MySQL is currently open without authentication.

This results in all the database data made available publicly.

IP: 206.189.1.146
Port: 3306

First seen 2022-07-27 17:43

Severity: high
Fingerprint: cf350410ecceb5fd3f258e9e0550277d75b5e604a1c271ebeb5e841a4ddd7809

Databases: 43, row count: 138236, size: 7.9 MB
Found table mysql.columns_priv with 0 records
Found table mysql.component with 0 records
Found table mysql.db with 3 records
Found table mysql.default_roles with 0 records
Found table mysql.engine_cost with 2 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.global_grants with 88 records
Found table mysql.gtid_executed with 0 records
Found table mysql.help_category with 53 records
Found table mysql.help_keyword with 939 records
Found table mysql.help_relation with 1492 records
Found table mysql.help_topic with 617 records
Found table mysql.innodb_index_stats with 24 records
Found table mysql.innodb_table_stats with 8 records
Found table mysql.password_history with 0 records
Found table mysql.plugin with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 1 records
Found table mysql.replication_asynchronous_connection_failover with 0 records
Found table mysql.replication_asynchronous_connection_failover_managed with 0 records
Found table mysql.replication_group_configuration_version with 1 records
Found table mysql.replication_group_member_actions with 2 records
Found table mysql.role_edges with 0 records
Found table mysql.server_cost with 6 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 2 records
Found table mysql.time_zone with 2074 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 1243 records
Found table mysql.time_zone_transition with 121720 records
Found table mysql.time_zone_transition_type with 9521 records
Found table mysql.user with 6 records
Found table resme.clients with 2 records
Found table resme.events with 130 records
Found table resme.messages with 213 records
Found table resme.migrations with 5 records
Found table resme.triggers with 76 records
Found table resme.yourtable with 4 records

Found on 2022-07-27 17:43

7.9 MBytes 138236 rows

Create report

Open service 206.189.1.146:22

2024-09-15 21:29
Found 2024-09-15 by SSHOpenPlugin
Create report
Open service 206.189.1.146:22

2024-09-13 21:09
Found 2024-09-13 by SSHOpenPlugin
Create report
Open service 206.189.1.146:22

2024-09-12 00:30
Found 2024-09-12 by SSHOpenPlugin
Create report
Open service 206.189.1.146:22

2024-09-11 23:59
Found 2024-09-11 by SSHOpenPlugin
Create report

Open service 206.189.1.146:443

2024-09-10 09:05

HTTP/1.1 302 Found
Server: nginx/1.24.0
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache, private
Date: Tue, 10 Sep 2024 09:05:27 GMT
Location: https://206.189.1.146/login
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlpHdldDQnNzcklWREFScUttS3BldFE9PSIsInZhbHVlIjoibjFKNFZvSzJOQ1U5S1BOM2tFNjFrQW5KN3ozWGxOcW5nWkRqTlJBb1dZSDZEWGNIbHFDaWhsOGV1Q0lITkgwR2E0NnZDWFdKMXJwV3VtczdlY3pzRWpFTHczTGhDWE1jRHJnVTd6b3dtbWpUTEFCTTJmSXVHRzJ3TFA3bGQveE0iLCJtYWMiOiJmZGYwNjg5YWVkNTBkMTc2YWJhMzZkZmRkZDJjZGE5ZTdmNmM1MDA3NWQ2NmExNmRjNWQyNjYzNjQ5NWM0OGQxIiwidGFnIjoiIn0%3D; expires=Tue, 10 Sep 2024 11:05:27 GMT; Max-Age=7200; path=/; samesite=lax
Set-Cookie: abro_work_order_portal_session=eyJpdiI6ImlmOW91M3ExR1NteVdvT25rSEFRbmc9PSIsInZhbHVlIjoiL1pXTDQzU1hCaVFXV2FyeGJwZHpEUzZZL0J6QzJtRExUQ2tQMkZkT1VSSmE1MUVLVEtsTFBEOCtCMzk4MHVBOXUwMEp6R2pmME1zQ3hzMDk0cnFHRjJJeERJNlB6bUJUS3Z2ZGdURmNnSUNDN08vb3BTcnFvdWk3bUY1MG5KWGwiLCJtYWMiOiJiNDUwNzZjZGM2Mzg1ZTA4NmI5YTFmMDczYzVlYjNlYzViZGZjNmRhNDNmYjY3MjdjMzk3MDgwOTViZjYxYTlkIiwidGFnIjoiIn0%3D; expires=Tue, 10 Sep 2024 11:05:27 GMT; Max-Age=7200; path=/; httponly; samesite=lax

Page title: Redirecting to https://206.189.1.146/login

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='https://206.189.1.146/login'" />

        <title>Redirecting to https://206.189.1.146/login</title>
    </head>
    <body>
        Redirecting to <a href="https://206.189.1.146/login">https://206.189.1.146/login</a>.
    </body>
</html>

Found 2024-09-10 by HttpPlugin

Create report

Open service 206.189.1.146:22

2024-09-09 23:49
Found 2024-09-09 by SSHOpenPlugin
Create report

Open service 206.189.1.146:80

2024-09-09 16:42

HTTP/1.1 403 Forbidden
Server: nginx/1.24.0
Date: Mon, 09 Sep 2024 16:42:19 GMT
Content-Type: text/html
Content-Length: 555
Connection: close

Page title: 403 Forbidden

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.24.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

Found 2024-09-09 by HttpPlugin

Create report

Open service 206.189.1.146:22

2024-09-07 21:35
Found 2024-09-07 by SSHOpenPlugin
Create report
Open service 206.189.1.146:22

2024-08-17 22:25
Found 2024-08-17 by SSHOpenPlugin
Create report
Open service 206.189.1.146:22

2024-08-15 20:47
Found 2024-08-15 by SSHOpenPlugin
Create report
Open service 206.189.1.146:22

2024-08-13 22:40
Found 2024-08-13 by SSHOpenPlugin
Create report
Open service 206.189.1.146:22

2024-08-11 23:34
Found 2024-08-11 by SSHOpenPlugin
Create report
Open service 206.189.1.146:22

2024-08-09 23:38
Found 2024-08-09 by SSHOpenPlugin
Create report
Open service 206.189.1.146:22

2024-08-07 23:30
Found 2024-08-07 by SSHOpenPlugin
Create report

mijn.abroprojectafbouw.nl

Fingerprint:

8556939984d1ae54bcf155c3f4b9bdc07c3304940590de2d92dc7951a8de29be

CN:

mijn.abroprojectafbouw.nl

Key:

RSA-2048

Issuer:

R11

Not before:

2024-08-02 19:16

Not after:

2024-10-31 19:16

Data leak

Size

7.9 MB

Collections

Rows

138236

Domain summary

No record

Host 206.189.1.146

The Netherlands

Software information

SSH is potenitally vulnerable

MySQL is publicly available

mijn.abroprojectafbouw.nl

Data leak

Domain summary