247londonescorts.co.uk

JWT token leaking tenant ID in DNS

$ dig TXT 247londonescorts.co.uk

;; QUESTION SECTION:

;247londonescorts.co.uk. IN TXT

;; ANSWER SECTION:

247londonescorts.co.uk. 3600 IN TXT "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkb21haW4iOiIyNDdsb25kb25lc2NvcnRzLmNvLnVrIiwiZXhwIjoxNjMxNDkxMjAwfQ.[SIGNATURE_REDACTED]"

What Happened

Another raw JWT in DNS. Decoding the payload reveals the domain, expiration timestamp (Unix epoch), and internal tenant/organisation identifiers. The algorithm is HS256—meaning the signature can potentially be brute-forced if the secret is weak.

Full TXT Record Value

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkb21haW4iOiIyNDdsb25kb25lc2NvcnRzLmNvLnVrIiwiZXhwIjoxNjMxNDkxMjAwfQ.[SIGNATURE_REDACTED]