Hundreds of thousands of payments to citizens in the traffic police and FSSP were in the public domain.
Medical data - there was data on loans - was , this time it was the turn of data on payments for traffic police fines and arrears of bailiff service.
The good news is that these payments are not related to the official site of state services. The bad news is that there is a lot of data, and they are more than “personal”.
: . . , . On April 12 (at night) the Elasticsearch server was discovered that does not require authentication to connect. About how open Elasticsearch bases are discovered, I wrote a note in a blog.
The Elasticsearch indexes contained logs of a certain information system (IS). An assumption was made about the connection of this server with sites that accept payment in favor of various state services: paypalibdd.rf , paygibdd.ru , gos-oplata.ru , fines.net and oplata-fssp.ru .
On the morning of April 13, 2019, I sent an alert to email addresses: support@gos-oplata.ru , support@oplata-fssp.ru , support@paygibdd.ru , but did not receive a reply (as is often the case). The server was quietly “covered” and disappeared from open access on 04/13/2019 around 15: 20-15: 45 (MSK).
At the time before closing the server, Elasticsearch indexes looked like this:
We now turn to the most interesting - directly to personal data. As I wrote above, the indexes contained some logs of some IP. And as it often happens the logs turned out to be very detailed, even too much.
Logs were stored, starting from 02.28.2019, and not for the entire duration of the IP. In some indices data was from 03/17/2019.
For example, using logs from the gosoplata index , one could get this (248365 total, excluding error logging):
{ "_index": "gosoplata", "_type": "log", "@timestamp": "2019-03-02T20:55:02+03:00", "message": " ", "extra": "[\n 'gis_info' => unserialize('O:34:\"app\\\\models\\\\payment\\\\api\\\\PenaltyInfo\":10:{s:10:\"billNumber\";s:20:\"021170025955001\";s:8:\"billDate\";s:10:\"2017-04-03\";s:10:\"validUntil\";s:10:\"2017-06-03\";s:6:\"amount\";s:9:\"146030.26\";s:7:\"addInfo\";s:1424:\" № /17/ - 03.04.2017 . ., ( )///32253021170025955001_0;: ( , / 05501845860);: ( , / 05501845860); : ; : 40302810400001000005;: 5321100670;: 532132002; : 044959001;: 49625000;: 0;idDebtsum:146540.26;ipPaymentAmount:0.00;ipOperationAmount:0.00;dataUnloadDate:2018-12-04T11:26:19.000;dataIdDate:2017-01-27;dataIdNumber:2-53/2017;dataIpRiseDate:2017-04-03;dataIpNumber: /17/-;dataIdDbtrFio: ;dataIdDbtrBorn:-09-03;dataIdDebtText: ( );\";s:7:\"docName\";s:3:\"inn\";s:9:\"docNumber\";s:12:\" 0819584\";s:9:\"payStatus\";s:1:\"0\";s:9:\"quittance\";s:1:\"3\";s:11:\"amountToPay\";s:9:\"146030.26\";}'),\n]", "context": "[\n '_GET' => [],\n '_POST' => [],\n]" } } I scored all sensitive data with an “X”. In reality, everything was stored in clear text.
From the oplata-fssp index (total 283958 excluding errors):
{ "_index": "oplata-fssp", "_type": "log", "@timestamp": "2019-02-28T22:17:24+03:00", "extra": "[\n 'request_data' => [\n 'MNT_ID' => '3280',\n 'MNT_TRANSACTION_ID' => ''0795c78337a5a308',\n 'MNT_OPERATION_ID' => '' 3232',\n 'MNT_AMOUNT' => '544.00',\n 'MNT_CURRENCY_CODE' => 'RUB',\n 'MNT_TEST_MODE' => '0',\n 'MNT_SIGNATURE' => '6435224cc10bbc970f6479787',\n 'paymentSystem_unitId' => '1686945',\n 'MNT_CORRACCOUNT' => '303',\n 'MNT_PAY_SYSTEM' => 'payanyway',\n 'MNT_IS_REGULAR' => '',\n 'MNT_FORM_METHOD' => 'POST',\n 'cardnumber' => '639002********7417',\n ],\n 'model_attributes' => [\n 'id' => 482137,\n 'parent_id' => null,\n 'name' => ' ',\n 'ur' => 0,\n 'birthdate' => '-06-06',\n 'doc_type' => null,\n 'doc_value' => null,\n 'hash' => ''795c78337a5a308',\n 'created_at' => '2019-02-28 22:16:10',\n 'form_url' => 'https://service.moneta.ru/assistant.widget? '&MNT_CURRENCY_CODE=RUB&MNT_AMOUNT=544.00&MNT_DESCRIPTION= . N482137 : 32223088190136500007 : /19/-&MNT_TEST_MODE=0&' &MNT_SUCCESS_URL=https://oplata-fssp.ru/payment/success&MNT_FAIL_URL=https://oplata-fssp.ru/payment/fail&MNT_PAY_SYSTEM=payanyway&MNT_IS_REGULAR=&MNT_FORM_METHOD=POST&followup=true',\n 'email' => ''@bk.ru',\n 'payment_system_id' => 'moneta',\n 'transaction_id' => '338533232',\n 'updated_at' => '2019-02-28 22:16:16',\n 'a3_order_hash' => null,\n 'receipt_send' => null,\n 'receipt_status_id' => null,\n 'payment_status_id' => 'callback_received',\n 'lead_source' => 'fssp',\n ],\n]", "context": "[\n '_GET' => [],\n '_POST' => [\n 'MNT_ID' => ''280',\n 'MNT_TRANSACTION_ID' => ''795c78337a5a308',\n 'MNT_OPERATION_ID' => ''3232',\n 'MNT_AMOUNT' => '544.00',\n 'MNT_CURRENCY_CODE' => 'RUB',\n 'MNT_TEST_MODE' => '0',\n 'MNT_SIGNATURE' => '6435224cc'10bbc970f6479787',\n 'paymentSystem_unitId' => ''45',\n 'MNT_CORRACCOUNT' => '303',\n 'MNT_PAY_SYSTEM' => 'payanyway',\n 'MNT_IS_REGULAR' => '',\n 'MNT_FORM_METHOD' => 'POST',\n 'cardnumber' => '639002********7417',\n ],\n]" } } It can be seen ( cardnumber value) that only the fact that the payment gateway (in this case, moneta.ru ) did not give this IC in the open form (only the first 6 and last 4 digits of the card number) prevented the leakage of full credit card numbers, their owners. ).
Also from the logs it was clear that the official website of the FSSP offers citizens to make payments through this IP: is.fssprus.ru/pay/?service=gosoplata&pay=/18/-IP . What is indirectly confirmed by the text at the very bottom of the site oplata-fssp.ru :
Now let's see what's wrong with the fines for traffic rules. Obviously, the indices shtrafov-net (4528 records excluding errors) and paygibdd ( 140666 records excluding errors) answer for this:
{ "_index": "shtrafov-net", "_type": "log", "@timestamp": "2019-03-17T17:16:51+03:00", "message": "INSERT INTO customer (doc_type, doc_value, licence_plate, vehicle_model) VALUES ('ctc', '99026', '', ' ')", "context": "[\n '_GET' => [],\n '_POST' => [\n 'postdate' => '10/03/2019',\n 'postnum' => '18810018180002',\n 'postsum' => '1000',\n 'divid' => '1194040',\n 'uin' => '18810018180002',\n 'regnum' => '',\n 'regreg' => '1',\n 'reg' => '34084',\n 'discount' => '1',\n 'discountdate' => '01/04/2019 23:59:59',\n 'allfines' => '[{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2019-03-10 09:05:00\",\"KoAPcode\":\"12.6\",\"DateDiscount\":\"01/04/2019 23:59:59\",\"VehicleModel\":\" \",\"KoAPtext\":\" , , , , , \",\"NumPost\":\"18810018180002\",\"kbk\":\"18811630020016000140\",\"Summa\":1000,\"Division\":1194040,\"enablePics\":false,\"id\":\"18#FF474785255\",\"SupplierBillID\":\"18810018180002\",\"DatePost\":\"10/03/2019\"},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2019-03-08 14:55:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"01/04/2019 23:59:59\",\"VehicleModel\":\" \",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"18810118190312\",\"kbk\":\"18811630020016000140\",\"Summa\":500,\"Division\":1194010,\"enablePics\":true,\"id\":\"18#18810118190312\",\"SupplierBillID\":\"18810118190312\",\"DatePost\":\"12/03/2019\"}]',\n ],\n]" } { "_index": "paygibdd", "_type": "log", "@timestamp": "2019-02-28T17:30:57+03:00", "message": " ", "extra": "[\n 'request_data' => [\n 'postdate' => '02.10.2017',\n 'postnum' => '188101161710029',\n 'postsum' => '500',\n 'divid' => '1192201',\n 'uin' => '188101161710029',\n 'regnum' => 'XCB',\n 'regreg' => '1',\n 'reg' => '16462',\n 'discount' => '1',\n 'discountdate' => '2017-10-23 23:59:59',\n 'allfines' => '[{\"Discount\":\"0\",\"DateDecis\":\"2016-12-17 02:30:00\",\"KoAPcode\":\"12.26.1\",\"KoAPtext\":\" \",\"NumPost\":\"188104121603000\",\"kbk\":\"18811630020016000140\",\"Summa\":\"30000\",\"Division\":1188030,\"enablePics\":false,\"id\":\"12#FF176064188\",\"SupplierBillID\":\"188104121603000\",\"DatePost\":\"2017-03-06\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-09-18 14:32:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-10-23 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"188101161710029\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#43522519023478911\",\"SupplierBillID\":\"188101161710029\",\"DatePost\":\"2017-10-02\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-11-01 04:23:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-11-24 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"18810116171104\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#44211639030358281\",\"SupplierBillID\":\"1881011617110\",\"DatePost\":\"2017-11-04\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-10-31 12:08:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-11-27 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"188101161711056\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#44236760030609331\",\"SupplierBillID\":\"188101161711056\",\"DatePost\":\"2017-11-05\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2018-01-27 23:46:00\",\"KoAPcode\":\"12.37.2\",\"DateDiscount\":\"2018-02-16 23:59:59\",\"KoAPtext\":\" , , \",\"NumPost\":\"188102161820027\",\"kbk\":\"18811630020016000140\",\"Summa\":\"800\",\"Division\":1192200,\"enablePics\":false,\"id\":\"16#4516501003986993\",\"SupplierBillID\":\"188102161820027\",\"DatePost\":\"2018-01-27\",\"DateSSP\":null}]',\n ],\n]", : \" { "_index": "shtrafov-net", "_type": "log", "@timestamp": "2019-03-17T17:16:51+03:00", "message": "INSERT INTO customer (doc_type, doc_value, licence_plate, vehicle_model) VALUES ('ctc', '99026', '', ' ')", "context": "[\n '_GET' => [],\n '_POST' => [\n 'postdate' => '10/03/2019',\n 'postnum' => '18810018180002',\n 'postsum' => '1000',\n 'divid' => '1194040',\n 'uin' => '18810018180002',\n 'regnum' => '',\n 'regreg' => '1',\n 'reg' => '34084',\n 'discount' => '1',\n 'discountdate' => '01/04/2019 23:59:59',\n 'allfines' => '[{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2019-03-10 09:05:00\",\"KoAPcode\":\"12.6\",\"DateDiscount\":\"01/04/2019 23:59:59\",\"VehicleModel\":\" \",\"KoAPtext\":\" , , , , , \",\"NumPost\":\"18810018180002\",\"kbk\":\"18811630020016000140\",\"Summa\":1000,\"Division\":1194040,\"enablePics\":false,\"id\":\"18#FF474785255\",\"SupplierBillID\":\"18810018180002\",\"DatePost\":\"10/03/2019\"},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2019-03-08 14:55:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"01/04/2019 23:59:59\",\"VehicleModel\":\" \",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"18810118190312\",\"kbk\":\"18811630020016000140\",\"Summa\":500,\"Division\":1194010,\"enablePics\":true,\"id\":\"18#18810118190312\",\"SupplierBillID\":\"18810118190312\",\"DatePost\":\"12/03/2019\"}]',\n ],\n]" } { "_index": "paygibdd", "_type": "log", "@timestamp": "2019-02-28T17:30:57+03:00", "message": " ", "extra": "[\n 'request_data' => [\n 'postdate' => '02.10.2017',\n 'postnum' => '188101161710029',\n 'postsum' => '500',\n 'divid' => '1192201',\n 'uin' => '188101161710029',\n 'regnum' => 'XCB',\n 'regreg' => '1',\n 'reg' => '16462',\n 'discount' => '1',\n 'discountdate' => '2017-10-23 23:59:59',\n 'allfines' => '[{\"Discount\":\"0\",\"DateDecis\":\"2016-12-17 02:30:00\",\"KoAPcode\":\"12.26.1\",\"KoAPtext\":\" \",\"NumPost\":\"188104121603000\",\"kbk\":\"18811630020016000140\",\"Summa\":\"30000\",\"Division\":1188030,\"enablePics\":false,\"id\":\"12#FF176064188\",\"SupplierBillID\":\"188104121603000\",\"DatePost\":\"2017-03-06\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-09-18 14:32:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-10-23 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"188101161710029\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#43522519023478911\",\"SupplierBillID\":\"188101161710029\",\"DatePost\":\"2017-10-02\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-11-01 04:23:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-11-24 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"18810116171104\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#44211639030358281\",\"SupplierBillID\":\"1881011617110\",\"DatePost\":\"2017-11-04\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-10-31 12:08:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-11-27 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"188101161711056\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#44236760030609331\",\"SupplierBillID\":\"188101161711056\",\"DatePost\":\"2017-11-05\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2018-01-27 23:46:00\",\"KoAPcode\":\"12.37.2\",\"DateDiscount\":\"2018-02-16 23:59:59\",\"KoAPtext\":\" , , \",\"NumPost\":\"188102161820027\",\"kbk\":\"18811630020016000140\",\"Summa\":\"800\",\"Division\":1192200,\"enablePics\":false,\"id\":\"16#4516501003986993\",\"SupplierBillID\":\"188102161820027\",\"DatePost\":\"2018-01-27\",\"DateSSP\":null}]',\n ],\n]", : \" { "_index": "shtrafov-net", "_type": "log", "@timestamp": "2019-03-17T17:16:51+03:00", "message": "INSERT INTO customer (doc_type, doc_value, licence_plate, vehicle_model) VALUES ('ctc', '99026', '', ' ')", "context": "[\n '_GET' => [],\n '_POST' => [\n 'postdate' => '10/03/2019',\n 'postnum' => '18810018180002',\n 'postsum' => '1000',\n 'divid' => '1194040',\n 'uin' => '18810018180002',\n 'regnum' => '',\n 'regreg' => '1',\n 'reg' => '34084',\n 'discount' => '1',\n 'discountdate' => '01/04/2019 23:59:59',\n 'allfines' => '[{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2019-03-10 09:05:00\",\"KoAPcode\":\"12.6\",\"DateDiscount\":\"01/04/2019 23:59:59\",\"VehicleModel\":\" \",\"KoAPtext\":\" , , , , , \",\"NumPost\":\"18810018180002\",\"kbk\":\"18811630020016000140\",\"Summa\":1000,\"Division\":1194040,\"enablePics\":false,\"id\":\"18#FF474785255\",\"SupplierBillID\":\"18810018180002\",\"DatePost\":\"10/03/2019\"},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2019-03-08 14:55:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"01/04/2019 23:59:59\",\"VehicleModel\":\" \",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"18810118190312\",\"kbk\":\"18811630020016000140\",\"Summa\":500,\"Division\":1194010,\"enablePics\":true,\"id\":\"18#18810118190312\",\"SupplierBillID\":\"18810118190312\",\"DatePost\":\"12/03/2019\"}]',\n ],\n]" } { "_index": "paygibdd", "_type": "log", "@timestamp": "2019-02-28T17:30:57+03:00", "message": " ", "extra": "[\n 'request_data' => [\n 'postdate' => '02.10.2017',\n 'postnum' => '188101161710029',\n 'postsum' => '500',\n 'divid' => '1192201',\n 'uin' => '188101161710029',\n 'regnum' => 'XCB',\n 'regreg' => '1',\n 'reg' => '16462',\n 'discount' => '1',\n 'discountdate' => '2017-10-23 23:59:59',\n 'allfines' => '[{\"Discount\":\"0\",\"DateDecis\":\"2016-12-17 02:30:00\",\"KoAPcode\":\"12.26.1\",\"KoAPtext\":\" \",\"NumPost\":\"188104121603000\",\"kbk\":\"18811630020016000140\",\"Summa\":\"30000\",\"Division\":1188030,\"enablePics\":false,\"id\":\"12#FF176064188\",\"SupplierBillID\":\"188104121603000\",\"DatePost\":\"2017-03-06\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-09-18 14:32:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-10-23 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"188101161710029\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#43522519023478911\",\"SupplierBillID\":\"188101161710029\",\"DatePost\":\"2017-10-02\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-11-01 04:23:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-11-24 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"18810116171104\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#44211639030358281\",\"SupplierBillID\":\"1881011617110\",\"DatePost\":\"2017-11-04\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-10-31 12:08:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-11-27 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"188101161711056\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#44236760030609331\",\"SupplierBillID\":\"188101161711056\",\"DatePost\":\"2017-11-05\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2018-01-27 23:46:00\",\"KoAPcode\":\"12.37.2\",\"DateDiscount\":\"2018-02-16 23:59:59\",\"KoAPtext\":\" , , \",\"NumPost\":\"188102161820027\",\"kbk\":\"18811630020016000140\",\"Summa\":\"800\",\"Division\":1192200,\"enablePics\":false,\"id\":\"16#4516501003986993\",\"SupplierBillID\":\"188102161820027\",\"DatePost\":\"2018-01-27\",\"DateSSP\":null}]',\n ],\n]", : { "_index": "shtrafov-net", "_type": "log", "@timestamp": "2019-03-17T17:16:51+03:00", "message": "INSERT INTO customer (doc_type, doc_value, licence_plate, vehicle_model) VALUES ('ctc', '99026', '', ' ')", "context": "[\n '_GET' => [],\n '_POST' => [\n 'postdate' => '10/03/2019',\n 'postnum' => '18810018180002',\n 'postsum' => '1000',\n 'divid' => '1194040',\n 'uin' => '18810018180002',\n 'regnum' => '',\n 'regreg' => '1',\n 'reg' => '34084',\n 'discount' => '1',\n 'discountdate' => '01/04/2019 23:59:59',\n 'allfines' => '[{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2019-03-10 09:05:00\",\"KoAPcode\":\"12.6\",\"DateDiscount\":\"01/04/2019 23:59:59\",\"VehicleModel\":\" \",\"KoAPtext\":\" , , , , , \",\"NumPost\":\"18810018180002\",\"kbk\":\"18811630020016000140\",\"Summa\":1000,\"Division\":1194040,\"enablePics\":false,\"id\":\"18#FF474785255\",\"SupplierBillID\":\"18810018180002\",\"DatePost\":\"10/03/2019\"},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2019-03-08 14:55:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"01/04/2019 23:59:59\",\"VehicleModel\":\" \",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"18810118190312\",\"kbk\":\"18811630020016000140\",\"Summa\":500,\"Division\":1194010,\"enablePics\":true,\"id\":\"18#18810118190312\",\"SupplierBillID\":\"18810118190312\",\"DatePost\":\"12/03/2019\"}]',\n ],\n]" } { "_index": "paygibdd", "_type": "log", "@timestamp": "2019-02-28T17:30:57+03:00", "message": " ", "extra": "[\n 'request_data' => [\n 'postdate' => '02.10.2017',\n 'postnum' => '188101161710029',\n 'postsum' => '500',\n 'divid' => '1192201',\n 'uin' => '188101161710029',\n 'regnum' => 'XCB',\n 'regreg' => '1',\n 'reg' => '16462',\n 'discount' => '1',\n 'discountdate' => '2017-10-23 23:59:59',\n 'allfines' => '[{\"Discount\":\"0\",\"DateDecis\":\"2016-12-17 02:30:00\",\"KoAPcode\":\"12.26.1\",\"KoAPtext\":\" \",\"NumPost\":\"188104121603000\",\"kbk\":\"18811630020016000140\",\"Summa\":\"30000\",\"Division\":1188030,\"enablePics\":false,\"id\":\"12#FF176064188\",\"SupplierBillID\":\"188104121603000\",\"DatePost\":\"2017-03-06\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-09-18 14:32:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-10-23 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"188101161710029\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#43522519023478911\",\"SupplierBillID\":\"188101161710029\",\"DatePost\":\"2017-10-02\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-11-01 04:23:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-11-24 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"18810116171104\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#44211639030358281\",\"SupplierBillID\":\"1881011617110\",\"DatePost\":\"2017-11-04\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2017-10-31 12:08:00\",\"KoAPcode\":\"12.9.2\",\"DateDiscount\":\"2017-11-27 23:59:59\",\"KoAPtext\":\" 20, 40 /\",\"NumPost\":\"188101161711056\",\"kbk\":\"18811630020016000140\",\"Summa\":\"500\",\"Division\":1192201,\"enablePics\":true,\"id\":\"16#44236760030609331\",\"SupplierBillID\":\"188101161711056\",\"DatePost\":\"2017-11-05\",\"DateSSP\":null},{\"Discount\":\"1\",\"enableDiscount\":false,\"DateDecis\":\"2018-01-27 23:46:00\",\"KoAPcode\":\"12.37.2\",\"DateDiscount\":\"2018-02-16 23:59:59\",\"KoAPtext\":\" , , \",\"NumPost\":\"188102161820027\",\"kbk\":\"18811630020016000140\",\"Summa\":\"800\",\"Division\":1192200,\"enablePics\":false,\"id\":\"16#4516501003986993\",\"SupplierBillID\":\"188102161820027\",\"DatePost\":\"2018-01-27\",\"DateSSP\":null}]',\n ],\n]", Summing up what was written above, all details of the payments were freely available: the number of the fine order, the state license plate of the car, the number of the enforcement proceedings when paying to the bailiff service, the first and last digits of the bank cards, through which payment gateway the payment was made, name and address payer email and more.
For one selected day (12.04) in indexes was (records):
shtrafov-net 251 paygibdd 3821 gosoplata 20676 oplata-fssp 15277 The search engine Shodan first discovered this server in the public domain 02.24.2019.
News about information leaks and insiders can always be found on my Information Leaks Telegram channel.
')
Source: https://habr.com/ru/post/448440/
All Articles