LeakIX - Host 39.100.138.107

Host 39.100.138.107

China

Hangzhou Alibaba Advertising Co.,Ltd.

Linux x86_64

MySQL is publicly available

MySQL is currently open without authentication.

Additionally a ransom note has been found in the dataset which indicates it has been compromised

This results in all the database data made available publicly.

IP: 39.100.138.107
Port: 3307

First seen 2024-01-09 06:47
Last seen 2024-09-19 21:56
Open for 254 days

Severity: critical
Fingerprint: cf350410ecceb5fd2946996ee1f89ef752e6e4d22bab8920878da4dedf9c76c5

Databases: 32, row count: 139430, size: 7.8 MB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.db with 2 records
Found table mysql.engine_cost with 2 records
Found table mysql.event with 0 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.gtid_executed with 0 records
Found table mysql.help_category with 40 records
Found table mysql.help_keyword with 798 records
Found table mysql.help_relation with 696 records
Found table mysql.help_topic with 602 records
Found table mysql.innodb_index_stats with 10 records
Found table mysql.innodb_table_stats with 3 records
Found table mysql.ndb_binlog_index with 0 records
Found table mysql.plugin with 0 records
Found table mysql.proc with 48 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 1 records
Found table mysql.server_cost with 6 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 2 records
Found table mysql.time_zone with 2074 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 1600 records
Found table mysql.time_zone_transition with 124366 records
Found table mysql.time_zone_transition_type with 9166 records
Found table mysql.user with 8 records

Found on 2024-09-19 21:56

7.8 MBytes 139430 rows

Severity: high
Fingerprint: cf350410ecceb5fdebd6b760d92c9051d92c9051d92c9051d92c9051d92c9051
```
Databases: 1, row count: 2, size: 16.4 kB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
```
Found on 2024-05-25 07:20

16.4 kBytes 2 rows

Create report

Kafka instance is public

The Kafka instance is available to the public without authentication.

An attacker could connect to the queue to extract private/confidential information in real-time.

IP: 39.100.138.107
Port: 9092

First seen 2022-08-06 19:01
Last seen 2024-09-19 21:55
Open for 775 days
- Fingerprint: 43224224eeda9da960defeaa3b588febc521de95ebd502b4d21aed14d21aed14
```
NoAuth
Found topic recordMessage
Found topic topic.test
Found topic hello_human
Found topic __consumer_offsets
```
  Found on 2024-09-19 21:55
- Fingerprint: 43224224eeda9da960defeaa0231df24005e5fff369f7f6775e3cfa875e3cfa8
```
NoAuth
Found topic topic.test
Found topic hello_human
Found topic __consumer_offsets
Found topic recordMessage
```
  Found on 2024-09-17 22:20
- Fingerprint: 43224224eeda9da960defeaa0efe442a6696a86b896953153d439c343d439c34
```
NoAuth
Found topic __consumer_offsets
Found topic recordMessage
Found topic topic.test
Found topic hello_human
```
  Found on 2024-08-23 20:39
- Fingerprint: 43224224eeda9da960defeaac88332710b2d6db13214e0ce8652009086520090
```
NoAuth
Found topic hello_human
Found topic __consumer_offsets
Found topic recordMessage
Found topic topic.test
```
  Found on 2024-08-21 20:05
- Fingerprint: 43224224eeda9da960defeaa0231df24049f4dc1b28782c1b28782c1b28782c1
```
NoAuth
Found topic topic.test
Found topic recordMessage
Found topic __consumer_offsets
```
  Found on 2024-05-29 22:00
- Fingerprint: 43224224eeda9da960defeaa0efe442a2be458a4c8e6c241c8e6c241c8e6c241
```
NoAuth
Found topic __consumer_offsets
Found topic topic.test
Found topic recordMessage
```
  Found on 2024-02-14 18:24
- Fingerprint: 43224224eeda9da960defeaa3b588feb46ce63335673e5ad5673e5ad5673e5ad
```
NoAuth
Found topic recordMessage
Found topic __consumer_offsets
Found topic topic.test
```
  Found on 2024-01-25 08:52
Create report

Open service 39.100.138.107:3307

2024-09-15 20:28
```
MySQL detected
```
Found 2024-09-15 by tcpid
Create report
Open service 39.100.138.107:3307

2024-09-13 20:37
```
MySQL detected
```
Found 2024-09-13 by tcpid
Create report
Open service 39.100.138.107:3307

2024-09-07 20:24
```
MySQL detected
```
Found 2024-09-07 by tcpid
Create report
Open service 39.100.138.107:3307

2024-08-17 22:58
```
MySQL detected
```
Found 2024-08-17 by tcpid
Create report
Open service 39.100.138.107:3307

2024-08-15 22:43
```
MySQL detected
```
Found 2024-08-15 by tcpid
Create report
Open service 39.100.138.107:3307

2024-08-13 22:24
```
MySQL detected
```
Found 2024-08-13 by tcpid
Create report
Open service 39.100.138.107:3307

2024-08-11 21:11
```
MySQL detected
```
Found 2024-08-11 by tcpid
Create report

Data leak

Size

7.8 MB

Collections

Rows

139430

Domain summary

No record

Host 39.100.138.107

China

MySQL is publicly available

Kafka instance is public

Create report

Create report

Create report

Create report

Create report

Create report

Create report

Data leak

Domain summary