LeakIX - Host 47.238.226.250

Host 47.238.226.250

Hong Kong

Alibaba US Technology Co., Ltd.

Linux x86_64

Software information

nginx nginx

tcp/443 tcp/80

MySQL is publicly available

MySQL is currently open without authentication.

Additionally a ransom note has been found in the dataset which indicates it has been compromised

This results in all the database data made available publicly.

IP: 47.238.226.250
Port: 3307

First seen 2024-05-29 06:33
Last seen 2024-09-19 23:41
Open for 113 days

Severity: critical
Fingerprint: cf350410ecceb5fd2f533336459fa64ab1109cc9addf1338db1ea2df99d444cc

Databases: 39, row count: 140807, size: 7.9 MB
Found table README_TO_RECOVER_A.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.component with 0 records
Found table mysql.db with 3 records
Found table mysql.default_roles with 0 records
Found table mysql.engine_cost with 2 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.global_grants with 101 records
Found table mysql.gtid_executed with 0 records
Found table mysql.help_category with 53 records
Found table mysql.help_keyword with 1219 records
Found table mysql.help_relation with 1984 records
Found table mysql.help_topic with 1118 records
Found table mysql.innodb_index_stats with 9 records
Found table mysql.innodb_table_stats with 3 records
Found table mysql.ndb_binlog_index with 0 records
Found table mysql.password_history with 0 records
Found table mysql.plugin with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 1 records
Found table mysql.replication_asynchronous_connection_failover with 0 records
Found table mysql.replication_asynchronous_connection_failover_managed with 0 records
Found table mysql.replication_group_configuration_version with 1 records
Found table mysql.replication_group_member_actions with 2 records
Found table mysql.role_edges with 0 records
Found table mysql.server_cost with 6 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 2 records
Found table mysql.time_zone with 1443 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 2158 records
Found table mysql.time_zone_transition with 122161 records
Found table mysql.time_zone_transition_type with 10529 records
Found table mysql.user with 6 records

Found on 2024-09-19 23:41

7.9 MBytes 140807 rows

Severity: high
Fingerprint: cf350410ecceb5fdebd6b7609132601091326010913260109132601091326010
```
Databases: 1, row count: 2, size: 16.4 kB
Found table README_TO_RECOVER_A.RECOVER_YOUR_DATA with 2 records
```
Found on 2024-06-21 22:21

16.4 kBytes 2 rows

Severity: critical
Fingerprint: cf350410ecceb5fd24598a8776dfb0ed21080f18375c3709c796435cd9df4b8c

Databases: 39, row count: 140231, size: 7.9 MB
Found table RECOVER_YOUR_DATA.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.component with 0 records
Found table mysql.db with 3 records
Found table mysql.default_roles with 0 records
Found table mysql.engine_cost with 2 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.global_grants with 97 records
Found table mysql.gtid_executed with 0 records
Found table mysql.help_category with 53 records
Found table mysql.help_keyword with 939 records
Found table mysql.help_relation with 2190 records
Found table mysql.help_topic with 625 records
Found table mysql.innodb_index_stats with 9 records
Found table mysql.innodb_table_stats with 3 records
Found table mysql.ndb_binlog_index with 0 records
Found table mysql.password_history with 0 records
Found table mysql.plugin with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 1 records
Found table mysql.replication_asynchronous_connection_failover with 0 records
Found table mysql.replication_asynchronous_connection_failover_managed with 0 records
Found table mysql.replication_group_configuration_version with 1 records
Found table mysql.replication_group_member_actions with 2 records
Found table mysql.role_edges with 0 records
Found table mysql.server_cost with 6 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 2 records
Found table mysql.time_zone with 1443 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 2153 records
Found table mysql.time_zone_transition with 122161 records
Found table mysql.time_zone_transition_type with 10529 records
Found table mysql.user with 6 records

Found on 2024-06-19 22:06

7.9 MBytes 140231 rows

Create report

Open service 47.238.226.250:3307

2024-09-15 23:49
```
MySQL detected
```
Found 2024-09-15 by tcpid
Create report
Open service 47.238.226.250:3307

2024-09-13 23:19
```
MySQL detected
```
Found 2024-09-13 by tcpid
Create report

Open service 47.238.226.250:443

2024-09-12 03:50

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 12 Sep 2024 03:50:11 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Content-Language: 
Location: /list
Trace-Id: 5f9ee96fa362f4176e60395c93f61386
Strict-Transport-Security: max-age=31536000


Found

Found 2024-09-12 by HttpPlugin

Create report

Open service 47.238.226.250:3307

2024-09-11 23:22
```
MySQL detected
```
Found 2024-09-11 by tcpid
Create report

Open service 47.238.226.250:443 · api.xjai.cc

2024-09-10 07:15

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 10 Sep 2024 07:16:04 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1264
Connection: close
Vary: Accept-Encoding
Vary: Accept-Encoding
Accept-Ranges: bytes
Cache-Control: no-cache
X-Oneapi-Request-Id: 20240910151604516340294G3nWCdgG
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000

Page title: New API

<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <link rel="icon" href="/logo.png" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <meta name="theme-color" content="#ffffff" />
    <meta
      name="description"
      content="OpenAI 接口聚合管理，支持多种渠道包括 Azure，可用于二次分发管理 key，仅单可执行文件，已打包好 Docker 镜像，一键部署，开箱即用"
    />
    <title>New API</title>
    <script type="module" crossorigin src="/assets/index-B2YIG8my.js"></script>
    <link rel="modulepreload" crossorigin href="/assets/react-core-DZI3yyBa.js">
    <link rel="modulepreload" crossorigin href="/assets/semi-ui-DIp7qNKk.js">
    <link rel="modulepreload" crossorigin href="/assets/tools-BkrCZif-.js">
    <link rel="modulepreload" crossorigin href="/assets/react-components-BO-Z0JS4.js">
    <link rel="modulepreload" crossorigin href="/assets/semantic-DzZK5CjC.js">
    <link rel="stylesheet" crossorigin href="/assets/semi-ui-BHSGR6vC.css">
    <link rel="stylesheet" crossorigin href="/assets/index-CF9WWvgQ.css">
  </head>
  <body>
    <noscript>You need to enable JavaScript to run this app.</noscript>
    <div id="root"></div>
  </body>
</html>

Found 2024-09-10 by HttpPlugin

Create report

Open service 47.238.226.250:80 · api.xjai.cc

2024-09-10 07:15
Found 2024-09-10 by HttpPlugin
Create report
Open service 47.238.226.250:3307

2024-09-10 01:03
```
MySQL detected
```
Found 2024-09-10 by tcpid
Create report
Open service 47.238.226.250:3307

2024-09-10 00:08
```
MySQL detected
```
Found 2024-09-10 by tcpid
Create report
Open service 47.238.226.250:80 · dog.xjai.cc

2024-09-09 09:58
Found 2024-09-09 by HttpPlugin
Create report

Open service 47.238.226.250:443 · dog.xjai.cc

2024-09-09 09:58

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 09 Sep 2024 09:59:04 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Content-Language: 
Location: /list
Trace-Id: d8476d13078bf317c618b94fd3360ed0
Strict-Transport-Security: max-age=31536000


Found

Found 2024-09-09 by HttpPlugin

Create report

Open service 47.238.226.250:3307

2024-09-07 22:41
```
MySQL detected
```
Found 2024-09-07 by tcpid
Create report
Open service 47.238.226.250:3307

2024-08-17 22:33
```
MySQL detected
```
Found 2024-08-17 by tcpid
Create report
Open service 47.238.226.250:3307

2024-08-15 19:59
```
MySQL detected
```
Found 2024-08-15 by tcpid
Create report
Open service 47.238.226.250:3307

2024-08-13 20:35
```
MySQL detected
```
Found 2024-08-13 by tcpid
Create report

Open service 47.238.226.250:80 · f3.001.lat

2024-08-12 21:59

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 12 Aug 2024 21:59:21 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://f3.001.lat/
Strict-Transport-Security: max-age=31536000

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2024-08-12 by HttpPlugin

Create report

Open service 47.238.226.250:443 · f3.001.lat

2024-08-12 21:59

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 12 Aug 2024 21:59:26 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://all.xjai.top/
Strict-Transport-Security: max-age=31536000

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2024-08-12 by HttpPlugin

Create report

Open service 47.238.226.250:3307

2024-08-11 22:49
```
MySQL detected
```
Found 2024-08-11 by tcpid
Create report
Open service 47.238.226.250:3307

2024-08-09 21:08
```
MySQL detected
```
Found 2024-08-09 by tcpid
Create report

Open service 47.238.226.250:443 · m1.sbgpt.cc

2024-08-09 05:40

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 09 Aug 2024 05:40:25 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Content-Language: 
Location: /user-new/
Trace-Id: 30ffe607ecf8e917dd9b785ec77cdeb9
Strict-Transport-Security: max-age=31536000


Found