LeakIX - Host 49.232.140.111

Host 49.232.140.111

China

Shenzhen Tencent Computer Systems Company Limited

Linux x86_64

MySQL is publicly available

MySQL is currently open without authentication.

Additionally a ransom note has been found in the dataset which indicates it has been compromised

This results in all the database data made available publicly.

IP: 49.232.140.111
Port: 3306

First seen 2023-07-20 00:17
Last seen 2023-11-16 17:00
Open for 119 days

Severity: high
Fingerprint: cf350410ecceb5fdebd6b760d92c9051d92c9051d92c9051d92c9051d92c9051
```
Databases: 1, row count: 2, size: 16.4 kB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
```
Found on 2023-11-16 17:00

16.4 kBytes 2 rows

Severity: critical
Fingerprint: cf350410ecceb5fdf7086ef0717531e1286ec22c50006d6e9a93b0244e8f11a6

Databases: 29, row count: 3318, size: 907.8 kB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.db with 2 records
Found table mysql.event with 0 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.help_category with 47 records
Found table mysql.help_keyword with 825 records
Found table mysql.help_relation with 1660 records
Found table mysql.help_topic with 603 records
Found table mysql.innodb_index_stats with 140 records
Found table mysql.innodb_table_stats with 24 records
Found table mysql.ndb_binlog_index with 0 records
Found table mysql.plugin with 0 records
Found table mysql.proc with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 2 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 0 records
Found table mysql.time_zone with 0 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 0 records
Found table mysql.time_zone_transition with 0 records
Found table mysql.time_zone_transition_type with 0 records
Found table mysql.user with 9 records

Found on 2023-11-10 01:53

907.8 kBytes 3318 rows

Severity: critical
Fingerprint: cf350410ecceb5fdf7086ef0e13a440a3bed330931047d01a149369722918321

Databases: 29, row count: 3318, size: 907.8 kB
No or default MySQL authentication found.Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv with 0 records
Found table mysql.db with 2 records
Found table mysql.event with 0 records
Found table mysql.func with 0 records
Found table mysql.general_log with 2 records
Found table mysql.help_category with 47 records
Found table mysql.help_keyword with 825 records
Found table mysql.help_relation with 1660 records
Found table mysql.help_topic with 603 records
Found table mysql.innodb_index_stats with 140 records
Found table mysql.innodb_table_stats with 24 records
Found table mysql.ndb_binlog_index with 0 records
Found table mysql.plugin with 0 records
Found table mysql.proc with 0 records
Found table mysql.procs_priv with 0 records
Found table mysql.proxies_priv with 2 records
Found table mysql.servers with 0 records
Found table mysql.slave_master_info with 0 records
Found table mysql.slave_relay_log_info with 0 records
Found table mysql.slave_worker_info with 0 records
Found table mysql.slow_log with 2 records
Found table mysql.tables_priv with 0 records
Found table mysql.time_zone with 0 records
Found table mysql.time_zone_leap_second with 0 records
Found table mysql.time_zone_name with 0 records
Found table mysql.time_zone_transition with 0 records
Found table mysql.time_zone_transition_type with 0 records
Found table mysql.user with 9 records

Found on 2023-07-20 00:17

907.8 kBytes 3318 rows

Create report

Kafka instance is public

The Kafka instance is available to the public without authentication.

An attacker could connect to the queue to extract private/confidential information in real-time.

IP: 49.232.140.111
Port: 9092

First seen 2022-08-06 17:32
Last seen 2023-07-18 16:54
Open for 345 days
- Fingerprint: 43224224eeda9da960defeaa0876f6f5949d513e41ee574e18265efa8e55ac3a
```
NoAuth
Found topic test_topic
Found topic test
Found topic LIC_YIBIAO_3_SHI_LUZ
Found topic RTW_EXT_NUM_CHECK
Found topic __consumer_offsets
```
  Found on 2023-07-18 16:54
- Fingerprint: 43224224eeda9da960defeaa30e3fc825fefa906bc429a769ad67409a48ae272
```
NoAuth
Found topic LIC_YIBIAO_3_SHI_LUZ
Found topic RTW_EXT_NUM_CHECK
Found topic __consumer_offsets
Found topic test_topic
Found topic test
```
  Found on 2023-07-07 02:30
- Fingerprint: 43224224eeda9da960defeaa3db0e17ea5f18cfeede2108189e030ea3d0bcd42
```
NoAuth
Found topic RTW_EXT_NUM_CHECK
Found topic __consumer_offsets
Found topic test_topic
Found topic test
Found topic LIC_YIBIAO_3_SHI_LUZ
```
  Found on 2023-05-26 15:18
- Fingerprint: 43224224eeda9da960defeaa332522c51a7931b90a9ffcf717986e8fed88abfc
```
NoAuth
Found topic test
Found topic LIC_YIBIAO_3_SHI_LUZ
Found topic RTW_EXT_NUM_CHECK
Found topic __consumer_offsets
Found topic test_topic
```
  Found on 2022-12-22 06:08
- Fingerprint: 43224224eeda9da960defeaa30e3fc820716021d865ac606b87daf76b87daf76
```
NoAuth
Found topic LIC_YIBIAO_3_SHI_LUZ
Found topic test_topic
Found topic test
Found topic __consumer_offsets
```
  Found on 2022-08-06 17:32
Create report

Found php information file

PHPinfo page has been found in this directory. The PHPinfo page outputs a large amount of information about the current state of PHP.

This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.

Environment variables may contain credentials.

https://www.acunetix.com/vulnerabilities/web/phpinfo-page/

IP: 49.232.140.111
Port: 80
URL: http://49.232.140.111/info.php

First seen 2022-02-08 02:00

Fingerprint: 2c44e2a6278fb0134173d6fa918842e255c52656c03dfb8e74377ff0a7ae5883

Found PHP info page:
$_SERVER['HTTP_HOST'] = 49.232.140.111
$_SERVER['HTTP_USER_AGENT'] = l9explore/1.3.0
$_SERVER['HTTP_ACCEPT_ENCODING'] = gzip
$_SERVER['HTTP_CONNECTION'] = close
$_SERVER['PATH'] = /root/anaconda3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$_SERVER['LD_LIBRARY_PATH'] = /usr/local/httpd/lib
$_SERVER['SERVER_SIGNATURE'] = no value
$_SERVER['SERVER_SOFTWARE'] = Apache/2.4.52 (Unix) PHP/7.4.27
$_SERVER['SERVER_NAME'] = 49.232.140.111
$_SERVER['SERVER_ADDR'] = 172.17.0.2
$_SERVER['SERVER_PORT'] = 80
$_SERVER['REMOTE_ADDR'] = 143.198.136.88
$_SERVER['DOCUMENT_ROOT'] = /var/www/html
$_SERVER['REQUEST_SCHEME'] = http
$_SERVER['CONTEXT_PREFIX'] = no value
$_SERVER['CONTEXT_DOCUMENT_ROOT'] = /var/www/html
$_SERVER['SERVER_ADMIN'] = you@example.com
$_SERVER['SCRIPT_FILENAME'] = /var/www/html/info.php
$_SERVER['REMOTE_PORT'] = 44924
$_SERVER['GATEWAY_INTERFACE'] = CGI/1.1
$_SERVER['SERVER_PROTOCOL'] = HTTP/1.1
$_SERVER['REQUEST_METHOD'] = GET
$_SERVER['QUERY_STRING'] = no value
$_SERVER['REQUEST_URI'] = /info.php
$_SERVER['SCRIPT_NAME'] = /info.php
$_SERVER['PHP_SELF'] = /info.php
$_SERVER['REQUEST_TIME_FLOAT'] = 1644285657.0348
$_SERVER['REQUEST_TIME'] = 1644285657
$_SERVER['argv'] = Array
(
)
$_SERVER['argc'] = 0
$_ENV['HOSTNAME'] = 4d6ec12db9a1
$_ENV['TERM'] = xterm
$_ENV['LD_LIBRARY_PATH'] = /usr/local/httpd/lib
$_ENV['LS_COLORS'] = rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:
$_ENV['PATH'] = /root/anaconda3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$_ENV['PWD'] = /
$_ENV['LANG'] = zh_CN.UTF-8
$_ENV['HOME'] = /root
$_ENV['SHLVL'] = 2
$_ENV['_'] = /usr/local/httpd/bin/httpd

Found on 2022-02-08 02:00

Create report

Data leak

Size

907.8 kB

Collections

Rows

3318

Domain summary

No record