Analisa Breached Data Indihome Database (metranet_log.csv)

md5sum dari file log dari data breach yang beredar di breached.to

Informasi awal terkait data breach:

filename: metranet_log.csv

md5sum: 07f8a996b23677c3d4f5f9f3d85dc19e

Ket: File di ekstrak terlebih dahulu kemudian dilakukan md5sum pada data yang mengandung data breach.

Entity data dalam metranet_log.csv

id
datetime
realm
meta_keyword
top_level_domain
platform
browser
url_access
google_text_search
ip_address
screen_res
geo_location
user_info

Contoh data dalam tabel:

datetime

realm

meta_keyword

top_level_domain

platform

browser

url_access

google_text_search

ip_address

screen_res

geo_location

user_info

f63d2c835ea1a22f1f18d3c97315xxx1af1bfed

2018-08-15T03:33:38

telkom.net

.lapindxxxkep.com

Mozilla/XXX (iPhone; CPU iPhone OS 10_3_3 like Mac OS X) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.0 Mobile/14G60 Safari/602.1]

http://lapindobxxxp.com/kategori/bxxxx-indo/7

10.74.4.155

{“”time_zone””:””””,””location””:[“”””,””””],””city””:””””,””country””:””””}

{“”email””:””42179891xxx@telkom.net””,””name””:””Mxxx ANDOKO””,””sex””:””LAKI-LAKI””,””nik””:1506xxx405930002}

Ket: x = masking

Analisis sementara yang bisa dilihat berdasarkan data:

Kolom id merupakan kolum unik yang mengidentifikasi data history browser pengguna
Kolom datetime merupakan data yang berisi informasi kapan pengguna mengakses situs
Kolom realm belum dapat disimpulkan maksud dan tujuanya.
Kolom meta_keyword belum dapat disimpulkan maksud dan tujuannya.
Kolom top_level_domain merupakan data yang berisi informasi nama domain yang diakses pengguna
Kolom platform belum dapat disimpulkan maksud dan tujuannya.
Kolom browser merupakan informasi terkait browser yang digunakan pengguna dalam mengakses sistem.
Kolom url_access merupakan informasi terkait url tautan yang diakses oleh user.
Kolom google_text_search belum dapat disimpulkan maksud dan tujuannya.
Kolom ip_address merupakan informasi terkait ip yang diassign sistem terhadap user.
Kolom screen_res merupakan informasi terkait resolusi layar yang digunakan oleh user
Kolom geo location merupakan informasi terkait geo lokasi pengguna yang terdiri atas array data yaitu time_zone, location, city, dan country.
Kolom User info merupakan informasi terkait pengguna yang mengakses situs, terdiri atas array data berupa email,name,sex, dan NIK.

Analisis kolom id:

Berdasarkan data pada kolom id, ketika dilakukan pemfilteran dan pengecekan data duplikat dengan menggunakan perintah sort dan uniq serta diurutkan dari data duplikat tertinggi, diketahui bahwa semua data pada row id tersebut merupakan data unique yang tidak memiliki kesamaan satu dan lainnya.

Berdasarkan hal tersebut penulis berasumsi bahwa row pada id bisa dipakai sebagai Primary Key untuk identifikasi history data user yang ada di dalam database.

Analisis kolom datetime:

Analisis kolom realm:

┌──(rootix㉿Rootix-PC)-[~/indihome]
└─$ cat realm | sort | uniq -c | sort -nr | head -30
21925646 telkom.net
2354443 ""
 903390 none
 677277 apps.telkom
 419194 freeMS
 219563 freeMS.pass
 139705 gold.telkom
  25453 freeMS.pass.soeta
  13321 violet
   9946 wifi.id
   7202 komunitas.infonusa
   5264 ut.ac.id@komunitas.ut
   2552 edu
   2546 freeMS.pass.ASIANGAMES
   1607 adibuana@freeMS.vmgmt
   1209 komunitas.umaha
   1082 yahoo.com|6c:3b:6b:d9:38:d3@telkom.net
   1053 komunitas.polije
    617 komunitas.unej
    528 gmail.com|02:e8:f8:a2:ab:58@telkom.net
    456 freeMS.pass.HLP
    438 gmail.com|88:28:b3:cd:8f:8d@telkom.net
    412 gmail.com|b0:10:41:c8:42:c7@telkom.net
    379 gmail.com@komunitas.smartbisnis
    353 gmail.com|24:00:ba:ab:6e:2f@telkom.net
    306 yahoo.co.id|18:a6:f7:ca:6e:b1@telkom.net
    301 gmail.com|02:24:be:b0:e7:5c@telkom.net
    280 komunitas.freelogin.SUZUKI
    264 gmail.com@komunitas.freelogin.lazone
    247 gmail.com|10:2a:b3:95:0d:71@telkom.net

Analisis kolom meta_keyword:

┌──(rootix㉿Rootix-PC)-[~/indihome]
└─$ cat meta_keyword | sort | uniq -c | sort -nr | head -30
24132729
2356388 ""
  18436 "bitcoin
  11448 Let's Get Rich
   9814 "
   7581 "tubemate
   7227 "Indonesia
   6953 "xvideos
   4403 "Bitcoin
   3998 "Best
   3719 "smadav
   3362 "pencarian
   2720 "porn
   2608 "gamelauncher rf
   2321 "the best apps
   2303 "H5 game
   2116 "moodle
   1839 "Nonton Streaming Gratis Online indonesia Full HD
   1796 "live stream
   1723 "alkitab
   1487 "Japanese
   1043 "livescore
   1038 "sbobet
    995 "image hosting
    976 "game
    913 "Panin
    855 xx
    768 "AKB48
    725 "Asian
    698 Grosir BajuSupplier BajuBaju FashionGrosir Baju MurahGrosir Baju ImportReseller DropshipSupplier Baju ImportToko Baju MurahBaju ImportWestern CollectionBaju Import Premium ZaraASOS

Analisis kolom top_level_domain:

┌──(rootix㉿Rootix-PC)-[~/indihome]
└─$ cat top_level_domain | sort | uniq -c | sort -nr | head -30
3563168 ads.mopub.com
1420616 .gadderduckweed.com
 992185 pss.pb.garena.co.id
 866234 .pituitosus.com
 817080 build.appsmillion.com
 682534 .bandlane.com
 590788 www.bt.co
 514661 m.micoworld.net
 342491 cdn.identies.com
 339620 ad.garenanow.com
 258853 myappbuilder.builderwebsite.info
 251293 cdn.mngappnf.com
 217834 playinfo.gomlab.com
 216703 .identies.com
 206399 www.bribinapps.com
 195073 cdn.mngepvra.com
 194176 stc.gammaplatform.com
 191477 landing6.wifi.id
 184199 apps.tashlik.org
 177194 whitead-adx-407762967.us-west-2.elb.amazonaws.com
 175062 www.google.com
 167096 telkomsel.playlive.mobi
 161422 internetpositif.uzone.id
 160010 welcome.indihome.co.id
 157793 www.stopplane.com
 145386 c.askad.com
 142469 www.gstatic.com
 140932 track.brucelead.com
 135456 www.newscat.com
 135400 .unicorbott.com

Analisis kolom platforms:

Baca Juga: Some Cheatsheet

┌──(rootix㉿Rootix-PC)-[~/indihome]
└─$ cat platform | sort | uniq -c | sort -nr | head -30
26528994 ""
  18166  crypto
   6619 Yulgang
   6396  x videos
   6299  Videos
   5160
   5145 .tubemate.net
   4395  ethereum
   3719  anti virus
   3664 Airports
   3433  Porn
   3362  tokopedia
   2708
   2608  rising force
   2321  free apps
   2125 free porn
   1839  Nonton Film Terbaru
   1796 video broadcast
   1701 n.tubemate.net
   1664  alkitab elektronik
   1509 "
   1155 html5.vipgamer.net
   1011  soccer
    991  photo sharing
    912 www.panin.co.id
    911  berita
    747 NMB48
    732 m.tubemate.net
    681 alkitab
    630  Lion Air

Analisis kolom browser:

┌──(rootix㉿Rootix-PC)-[~/indihome]
└─$ cat browser | sort | uniq -c | sort -nr | head -30
 822981 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML
 681179 "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML
 391685 "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML
 386584 "Mozilla/5.0 (Linux; Android 5.1; S5E_NXT Build/LMY47D; wv) AppleWebKit/537.36 (KHTML
 330473 "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML
 306137 "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML
 279793 "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.34 (KHTML
 272687 "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML
 237175 Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0]
 236474 "Mozilla/5.0 (Linux; Android 5.1; i5E Build/LMY47D; wv) AppleWebKit/537.36 (KHTML
 229659 "Mozilla/5.0 (Linux; Android 5.1; A1601 Build/LMY47I; wv) AppleWebKit/537.36 (KHTML
 227339 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)]
 213307 "Mozilla/5.0 (Linux; Android 6.0.1; SM-G532G Build/MMB29T; wv) AppleWebKit/537.36 (KHTML
 196417 "Mozilla/5.0 (Linux; Android 5.1.1; SM-J111F Build/LMY47V; wv) AppleWebKit/537.36 (KHTML
 194891 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)]
 190861 "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML
 186307 "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML
 184570 "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML
 178855 "Mozilla/5.0 (Linux; Android 5.1.1; A37f Build/LMY47V; wv) AppleWebKit/537.36 (KHTML
 174571 Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0]
 171698 Mozilla/5.0 (Windows NT 6.1; rv:59.0) Gecko/20100101 Firefox/59.0]
 155476 "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML
 143262 "Mozilla/5.0 (Linux; Android 7.0; SM-G610F Build/NRD90M; wv) AppleWebKit/537.36 (KHTML
 136870 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML
 134568 "Mozilla/5.0 (Linux; Android 7.0; 5062 Build/NRD90M; wv) AppleWebKit/537.36 (KHTML
 134124 "Mozilla/5.0 (Linux; Android 6.0; i5E Build/MRA58K; wv) AppleWebKit/537.36 (KHTML
 130206 "Mozilla/5.0 (Linux; Android 7.1.2; Redmi 5A Build/N2G47H; wv) AppleWebKit/537.36 (KHTML
 126345 "Mozilla/5.0 (Linux; Android 7.1.2; vivo 1719 Build/N2G47H; wv) AppleWebKit/537.36 (KHTML
 122965 "Mozilla/5.0 (Linux; Android 7.1.2; Redmi 4X Build/N2G47H; wv) AppleWebKit/537.36 (KHTML
 113692 "Mozilla/5.0 (Linux; Android 5.1; A75 Build/LMY47D; wv) AppleWebKit/537.36 (KHTML

Analisis kolom url_access:

┌──(rootix㉿Rootix-PC)-[~/indihome]
└─$ cat url_access | sort | uniq -c | sort -nr | head -30
5205260 ""
 469205 http://www.bt.co/network/index-mac-ut.html
 339583 http://ad.garenanow.com/showzone?name=gcpid_client_launch
 274628 http://gadderduckweed.com/?subid=2&fb=http%3A%2F%2F709266.redpop.pro%2Fd.php%3Fcampaing%3D879226%26link_id%3DEGobv%26source%3D2
 194112 http://stc.gammaplatform.com/mck.html?reref=
 191495 http://gadderduckweed.com/?subid=7&fb=http%3A%2F%2F709266.redpop.pro%2Fd.php%3Fcampaing%3D879226%26link_id%3DEGobv%26source%3D7
 143796 http://welcome.indihome.co.id/landing-page
 122433 http://www.gstatic.com/opa-android/oobe/11578a089acb7688/v1_omni_id_id.html
 117836 http://telkomsel.playlive.mobi/English/default.aspx?PId=796&OprId=38&Ctg=OF98IDTELUSSDPLNew&msisdn=
  85537 http://build.appsmillion.com/myapplications/sunaryo/BabySharkHarti1/index.html
  83548 http://cdn.mngepvra.com/index2.html?source=7829
  80349 http://gadderduckweed.com/?subid=3&fb=http%3A%2F%2F709266.redpop.pro%2Fd.php%3Fcampaing%3D879226%26link_id%3DEGobv%26source%3D2%0A
  77338 http://build.appsmillion.com/myapplications/videos/mrbean1/mainmenu.html
  45142 http://build.appsmillion.com/myapplications/satrio/asu/asuu.html
  43380 http://cdn-akamai.unityads.unity3d.com/impact/webview/production/impact/index.html?version=971af74365ea76f8a4cb47b9bbad87579b17d699
  39446 http://cdn.superplacid.com/?cid=4cd2a057-8788-435a-bccb-8df5a6e71556
  39026 http://gadderduckweed.com/?fb=http%3A%2F%2Ffalcoadserver2.com
  37305 http://internetpositif.uzone.id/page/?campaign&d=c3AucG9wY2FzaC5uZXQ%3D
  35189 http://www.bt.co/network/index-mac-ut.html?adt=5
  32705 http://www.gwarnet.com/flash/flash.php
  32576 http://lan3rd.line.me/web/v1/LGGRTH/android/document/notice?lang=id
  32097 http://gadderduckweed.com/?fb=http%3A%2F%2F709266.redpop.pro%2Fd.php%3Fcampaing%3D879226%26link_id%3DEGobv%26source%3D2%0A
  31689 http://accountmt.moonton.com/
  31643 http://telkomsel.playlive.mobi/English/default.aspx?PId=796&OprId=38&Ctg=OFD1IDTELUSSDPLNew&msisdn=
  31372 http://build.appsmillion.com/myapplications/satrio/traiini/sepur.html
  28599 http://build.appsmillion.com/myapplications/satrio/asu/index.html
  28175 http://yaigra.ru/
  25405 http://gadderduckweed.com/?fb=http%3A%2F%2F709266.redpop.pro%2Fd.php%3Fcampaing%3D879226%26link_id%3DEGobv%26source%3D2
  25193 http://cdn.kidoz.net/core/interstitial/ima_android1.0.0.html
  23921 http://www.bing.com/

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.