LeakIX - Host 38.242.222.161

Host 38.242.222.161

Germany

Contabo GmbH

debian-linux-gnu x86_64

Software information

nginx nginx

tcp/443 tcp/80

MySQL is publicly available

MySQL is currently open without authentication.

Additionally a ransom note has been found in the dataset which indicates it has been compromised

This results in all the database data made available publicly.

IP: 38.242.222.161
Port: 3306

First seen 2024-09-11 07:34
Last seen 2024-10-31 23:22
Open for 50 days

Severity: critical
Fingerprint: cf350410ecceb5fdb9b638fe983864bffd3d1ff5f1ef733e07b7da983ee634b7

Databases: 32, row count: 128836, size: 8.7 MB
Found table mysql.plugin with 0 records
Found table mysql.help_keyword with 16 records
Found table mysql.time_zone_transition_type with 9823 records
Found table mysql.help_category with 44 records
Found table mysql.procs_priv with 0 records
Found table mysql.column_stats with 0 records
Found table mysql.help_topic with 735 records
Found table mysql.time_zone with 1787 records
Found table mysql.proc with 50 records
Found table mysql.user with 50 records
Found table mysql.tables_priv with 1 records
Found table mysql.index_stats with 0 records
Found table mysql.time_zone_transition with 114486 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.table_stats with 0 records
Found table mysql.db with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.servers with 0 records
Found table mysql.innodb_index_stats with 7 records
Found table mysql.columns_priv with 0 records
Found table mysql.time_zone_name with 1787 records
Found table mysql.roles_mapping with 0 records
Found table mysql.general_log with 2 records
Found table mysql.event with 0 records
Found table mysql.proxies_priv with 1 records
Found table mysql.transaction_registry with 0 records
Found table mysql.help_relation with 36 records
Found table mysql.global_priv with 5 records
Found table mysql.gtid_slave_pos with 0 records
Found table mysql.innodb_table_stats with 2 records
Found table mysql.func with 0 records
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records

Found on 2024-10-31 23:22

8.7 MBytes 128836 rows

Create report

Open service 38.242.222.161:3306

2024-10-31 23:22
```
MySQL detected
```
Found 2 hours ago by tcpid
Create report
Open service 38.242.222.161:3306

2024-10-21 23:25
```
MySQL detected
```
Found 2024-10-21 by tcpid
Create report

Open service 38.242.222.161:443 · jenkins.jiyaaddolly.com

2024-10-21 12:43

HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 21 Oct 2024 12:43:11 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Set-Cookie: JSESSIONID.097dc8c9=node0vb92acdweoxe1g4zpbu65rvt916183.node0; Path=/; Secure; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Hudson: 1.395
X-Jenkins: 2.462.1
X-Jenkins-Session: caeed826
Strict-Transport-Security: max-age=2592000; includeSubDomains


<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2F'/><script id='redirect' data-redirect-url='/login?from=%2F' src='/static/caeed826/scripts/redirect.js'></script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
-->

</body></html>

Found 2024-10-21 by HttpPlugin

Create report

Open service 38.242.222.161:80 · jenkins.jiyaaddolly.com

2024-10-21 12:43

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 21 Oct 2024 12:43:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://jenkins.jiyaaddolly.com/
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self';
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=2592000; includeSubDomains

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2024-10-21 by HttpPlugin

Create report

Open service 38.242.222.161:3306

2024-10-19 23:19
```
MySQL detected
```
Found 2024-10-19 by tcpid
Create report
Open service 38.242.222.161:3306

2024-10-17 22:04
```
MySQL detected
```
Found 2024-10-17 by tcpid
Create report
Open service 38.242.222.161:3306

2024-10-15 21:37
```
MySQL detected
```
Found 2024-10-15 by tcpid
Create report
Open service 38.242.222.161:3306

2024-10-01 23:47
```
MySQL detected
```
Found 2024-10-01 by tcpid
Create report
Open service 38.242.222.161:3306

2024-09-29 23:50
```
MySQL detected
```
Found 2024-09-29 by tcpid
Create report
Open service 38.242.222.161:3306

2024-09-27 23:40
```
MySQL detected
```
Found 2024-09-27 by tcpid
Create report

jenkins.jiyaaddolly.com

Fingerprint:

16432349112e551007ae61954061adb42ca52805a18c37dad26c5333c38669b0

CN:

jenkins.jiyaaddolly.com

Key:

ECDSA-256

Issuer:

Not before:

2024-10-21 11:44

Not after:

2025-01-19 11:44

Data leak

Size

8.7 MB

Collections

Rows

128836

Domain summary

jenkins.jiyaaddolly.com 1

1 recorded