LeakIX - Host 49.12.191.191

Host 49.12.191.191

Germany

Hetzner Online GmbH

Linux x86_64

SSH is potenitally vulnerable

WARNING: This plugin will generate false positive and is purely informative:

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)

IP: 49.12.191.191
Port: 22

First seen 2024-09-10 09:01
Last seen 2024-09-25 22:30
Open for 15 days
- Severity: info
  Fingerprint: 3f43e0ebb5dce37ab8b59eb50d52828c64fb433164fb433164fb433164fb4331
```
Found potentially vulnerable SSH version:
SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.4
WARNING, RISK IS ESTIMATED FALSE POSITIVE ARE LIKELY
```
  Found on 2024-09-25 22:30
- Severity: info
  Fingerprint: 3f43e0ebb5dce37ab8b59eb50d52828d37a3aa8437a3aa8437a3aa8437a3aa84
```
Found potentially vulnerable SSH version:
SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.5
WARNING, RISK IS ESTIMATED FALSE POSITIVE ARE LIKELY
```
  Found on 2024-09-15 21:47
Create report

MySQL is publicly available

MySQL is currently open without authentication.

Additionally a ransom note has been found in the dataset which indicates it has been compromised

This results in all the database data made available publicly.

IP: 49.12.191.191
Port: 3306

First seen 2024-09-12 07:23

Severity: critical
Fingerprint: cf350410ecceb5fd6526490cbb833076d2c5a925e5a4e3dfc35d550d97b04bef

Databases: 29, row count: 141527, size: 3.8 MB
Found table RECOVER_YOUR_DATA.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.db with 0 records
Found table mysql.event with 0 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.help_category with 47 records
Found table mysql.help_keyword with 825 records
Found table mysql.help_relation with 1660 records
Found table mysql.help_topic with 603 records
Found table mysql.innodb_index_stats with 3 records
Found table mysql.innodb_table_stats with 1 records
Found table mysql.ndb_binlog_index with 0 records
Found table mysql.plugin with 0 records
Found table mysql.proc with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 2 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 0 records
Found table mysql.time_zone with 1826 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 1826 records
Found table mysql.time_zone_transition with 124862 records
Found table mysql.time_zone_transition_type with 9864 records
Found table mysql.user with 2 records

Found on 2024-09-12 07:23

3.8 MBytes 141527 rows

Create report

Open service 49.12.191.191:22

2024-10-31 22:50
Found 3 hours ago by SSHOpenPlugin
Create report
Open service 49.12.191.191:22

2024-10-29 23:17
Found 2 days ago by SSHOpenPlugin
Create report

Open service 49.12.191.191:80

2024-10-29 07:19

HTTP/1.1 404 Not Found
Date: Tue, 29 Oct 2024 07:19:06 GMT
Content-Type: text/html
Content-Length: 548
Connection: close

Page title: 404 Not Found

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

Found 3 days ago by HttpPlugin

Create report

Open service 49.12.191.191:443

2024-10-28 20:51

HTTP/1.1 404 Not Found
Date: Mon, 28 Oct 2024 20:51:22 GMT
Content-Type: text/html
Content-Length: 548
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains

Page title: 404 Not Found

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

Found 2024-10-28 by HttpPlugin

Create report

Open service 49.12.191.191:22

2024-10-21 22:37
Found 2024-10-21 by SSHOpenPlugin
Create report
Open service 49.12.191.191:22

2024-10-19 22:48
Found 2024-10-19 by SSHOpenPlugin
Create report
Open service 49.12.191.191:22

2024-10-17 23:01
Found 2024-10-17 by SSHOpenPlugin
Create report
Open service 49.12.191.191:22

2024-10-15 23:42
Found 2024-10-15 by SSHOpenPlugin
Create report
Open service 49.12.191.191:22

2024-10-01 22:58
Found 2024-10-01 by SSHOpenPlugin
Create report
Open service 49.12.191.191:22

2024-09-29 22:07
Found 2024-09-29 by SSHOpenPlugin
Create report
Open service 49.12.191.191:22

2024-09-27 21:26
Found 2024-09-27 by SSHOpenPlugin
Create report

ingress.local

Fingerprint:

95d368f61c60327f767739cf9dcd5655d3ab0cbc913fd2c968742a938274435f

CN:

Kubernetes Ingress Controller Fake Certificate

Key:

RSA-2048

Issuer:

Kubernetes Ingress Controller Fake Certificate

Not before:

2024-10-02 12:51

Not after:

2025-10-02 12:51

Data leak

Size

3.8 MB

Collections

Rows

141527

Domain summary

No record

Host 49.12.191.191

Germany

SSH is potenitally vulnerable

MySQL is publicly available

ingress.local

Data leak

Domain summary