Rien de Caché en Équateur
Audit de l'infrastructure executive, militaire, policiere, telecom, fiscale et d'urgence de l'Equateur, avec des API exposees, des identifiants CMS partages, des serveurs de messagerie obsoletes et 26.25 Go de preuves sur plus de 55 domaines publics.
By ODINT Investigation Team — 2026
Views: ...
ECUADOR
STATE OF EMERGENCY
26.25 GB
OSINT Investigation
Campaign Statistics
The Ecuador drop combines target harvesting, passive reconnaissance, source code review, exposed credential analysis, public API mapping, and government source code review across civilian and critical infrastructure targets.
26.25 GBEvidence Mirrored
4,714Domains in Scope
27,272Files Catalogued
55+Government Domains
659Government Emails
691+National IDs
559+Phones
93IMEIs
Why Ecuador Matters
Ecuador is operating under an internal armed conflict framework while gangs, ports, prisons, and state institutions remain under pressure. That context makes exposed government infrastructure more consequential: telecom regulators, emergency systems, tax services, military mail, and executive branch sites all sit on the same national attack surface.
minka.gob.ec / sitio-32 / oraculo
Shared government CMS stack across executive and regulator infrastructure
Vector: Public source code and exposed WordPress patterns
Impact: Shared credentials, salts, and predictable deployments
Status: Publicly observable
sri.gob.ec
National Tax Authority
Vector: JSONWS API exposure
Impact: Full service catalog and attack mapping
Status: Reachable at /api/jsonws
ecu911.gob.ec / eppetroecuador.ec / arcotel.gob.ec
Emergency, energy, and telecom infrastructure
Vector: Legacy mail exposure and repeated admin pattern
Impact: User enumeration, internal hostnames, and mail surfaces
Status: Publicly fingerprintable
Critical Findings
The Sitio-32 government theme exposes the Oraculo password SNAPsitio30v and the salt ALRTOPER984TNMGDGFDH, enabling forgery or decryption of centralized CMS traffic.
SRI exposes its Liferay JSONWS catalog at /api/jsonws, providing a detailed map of document, organization, user, permission, and export services.
ECU911 and Petroecuador expose legacy Exchange infrastructure, while multiple security targets leak usernames, internal hostnames, and webmail surfaces.
ARCOTEL and Inclusion ministry datasets reveal cedulas, names, phones, emails, and IMEIs through public-facing endpoints and indexed dumps.
Raw Data & Downloads
All collected material has been reproduced as HTML annexes inside this repo so the publication keeps the same ODINT viewing flow as the other cyber tours.
Master Intelligence Report — Country-wide master report and severity ranking.
Open AnnexMilitary Infrastructure — Defense, Air Force, ISSFA, and .mil.ec findings.
Open AnnexEnergy, Oil and Telecom — CNEL, Petroecuador, ARCOTEL, CNT, CELEC, and EcuCERT.
Open AnnexExecutive Branch — Presidency, vice presidency, communication, and planning findings.
Open AnnexPolice and Security — ECU911, bomberos, police, prison, and transport findings.
Open AnnexFinance, Tax and Social Security — SRI, IESS, customs, finance, banking, and regulator findings.
Open AnnexMail Exchange Recon — Government mail server reconnaissance annex.
Open AnnexRaw User Enumeration — Consolidated user enumeration evidence.
Open Annex
OSINT Disclaimer
This report is based entirely on open-source intelligence (OSINT). No classified information was accessed. No confidential sources were used. No authentication mechanisms were bypassed.
The significance lies in connecting exposed tax services, military mail, telecom regulators, public GitLab code, and shared CMS credentials into one coherent picture of state weakness.
Compiled 2026 — Classification: OSINT — Open Source
Observatory for Digital Infrastructure and Network Transparency (ODINT)