By searching for results, you agree with our Terms of service
Found 69765 results for
+dataset.ransom_notes:btc

Looking for more results ? Register a free account

Countries

  • China 33389
  • United States 10595
  • Germany 3509
  • India 2428
  • France 2222
  • Singapore 2087
  • South Korea 1820
  • Hong Kong 1473
  • Russia 1224
  • United Kingdom 879

Sources

  • ElasticSearchOpenPlugin 43364
  • MysqlOpenPlugin 26401

Network

  • Hangzhou Alibaba Advertising Co.,Ltd. 15303
  • Shenzhen Tencent Computer Systems Company Limited 10503
  • AMAZON-02 5979
  • GOOGLE-CLOUD-PLATFORM 3234
  • DIGITALOCEAN-ASN 2178
  • OVH SAS 2175
  • Huawei Cloud Service data center 2063
  • AMAZON-AES 2058
  • Hetzner Online GmbH 1504
  • MICROSOFT-CORP-MSN-AS-BLOCK 1408

IP Ranges

  • 47.96.0.0/12 3380
  • 124.220.0.0/14 1351
  • 43.136.0.0/13 1199
  • 47.92.0.0/14 921
  • 39.104.0.0/14 920
  • 101.42.0.0/15 727
  • 121.40.0.0/14 710
  • 47.112.0.0/13 705
  • 134.236.0.0/16 682
  • 120.24.0.0/14 660

ASN: 22612
210 events in 682 days
Leak size: 4.6 kB
Open ports: 9200
Indices: 1, document count: 1, size: 4.6 kB
Found index read_me with 1 documents (4.6 kB)
Ransom notes :

{"message":"All your data is backed up. You must pay 0.0058 BTC to 1tpwVPxbRNtQuzKonhzdEsJL8n562uwAr In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://iplis.ru/data05)After paying send mail to us: rambler+4bo82@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 5BO82"}
            
Analysis helper :
                
estk --url=http://198.177.123.96:9200 list
            

ASN: 16276
202 events in 795 days
Leak size: 202.7 MB
Open ports: 9200
Indices: 5, document count: 172514, size: 202.7 MB
Found index .geoip_databases with 39 documents (38.5 MB)
Found index read_me with 1 documents ...
Ransom notes :

{"message":"All your data is backed up. You must pay 0.0045 BTC to bc1qfnu6j2n54k58uduufzuthhy7qn3sx7zalyuytz In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://2info.win/ela)After paying send mail to us: rambler+59t2b@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 59T2B"}
            
Analysis helper :
                
estk --url=http://51.79.228.180:9200 list
            

ASN: 4837
165 events in 476 days
Leak size: 11.1 MB
Open ports: 9200
Indices: 12, document count: 5664, size: 11.1 MB
Found index eb_management with 3923 documents (7.6 MB)
Found index .apm-custom-link with 0 docum...
Ransom notes :

{"message": "Your DB has been back up. The only way of recovery is you must send 0.01 BTC to bc1qaua9cwrp0g2nqg2txn86e7k376v0xm4m0yfcfq. Once paid please email dar0kmdb@tutanota.com with code: `WCR6wZ` and we will recover your database. please read https://paste.sh/u6JYxXwk#PwdBc7jVzqo9-h12zU5hyPYP for more information"}
            
Analysis helper :
                
estk --url=http://116.255.252.68:9200 list
            

ASN: 140810
199 events in 792 days
Leak size: 39.2 MB
Open ports: 9200
Indices: 3, document count: 65, size: 39.2 MB
Found index .geoip_databases with 39 documents (38.5 MB)
Found index read_me with 1 documents (4.5 ...
Ransom notes :

{"message":"All your data is backed up. You must pay 0.0052 BTC to bc1qfnu6j2n54k58uduufzuthhy7qn3sx7zalyuytz In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://2info.win/ela)After paying send mail to us: rambler+5b252@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 5B252"}
            
Analysis helper :
                
estk --url=http://103.141.140.253:9200 list
            

ASN: 14061
225 events in 1041 days
Leak size: 38.7 MB
Open ports: 9200
Indices: 3, document count: 53805, size: 38.7 MB
Found index meesus-url with 3920 documents (406.3 kB)
Found index read-me with 1 documents (5.1 ...
Ransom notes :

{"message": "Your DB has been back up. The only way of recovery is you must send 0.01 BTC to bc1qaua9cwrp0g2nqg2txn86e7k376v0xm4m0yfcfq. Once paid please email dar0kmdb@tutanota.com with code: `h7pEfd` and we will recover your database. please read https://paste.sh/u6JYxXwk#PwdBc7jVzqo9-h12zU5hyPYP for more information"}
            
Analysis helper :
                
estk --url=http://165.227.119.181:9200 list
            

ASN: 16276
177 events in 512 days
Leak size: 4.2 MB
Open ports: 9200
Indices: 8, document count: 1865, size: 4.2 MB
Found index .opensearch-observability with 0 documents (208 B)
Found index .plugins-ml-config with...
Ransom notes :

{"@timestamp": "2099-11-15T13:12:00", "message": "All indexs has been dropped. But we backup all indexs. The only method of recoveribing database is to pay 0,003 BTC. Transfer to this BTC address 19pNR4MGshpXAaWxgPYGYtfn79dppP6FEH . You can buy bitcoin here, does not take much time to buy https://localbitcoins.com or https://buy.moonpay.io/ . After paying write to me in the mail with your DB IP: mrserg@cock.li and you will receive a link to download your database dump.\n"}
            
Analysis helper :
                
estk --url=http://146.59.56.56:9200 list
            

ASN: 396982
182 events in 414 days
Leak size: 7.9 MB
Open ports: 3307
Databases: 39, row count: 136336, size: 7.9 MB
Found table README_TO_RECOVER.readme with 2 records
Found table mysql.columns_priv with 0 records
...
Ransom notes :

All your data is backed up. You must pay 0.0042 BTC to bc1qdnmc32yzdee4a2ygl34f7u5sr7552c2nh8r27m In 72 hours, your data will be publicly disclosed and deleted. More info: https://iplis.ru/dbrecover
            

ASN: 14061
223 events in 768 days
Leak size: 98.4 MB
Open ports: 9200
Indices: 6, document count: 36520, size: 98.4 MB
Found index .geoip_databases with 39 documents (38.8 MB)
Found index weekend-000002 with 2959 do...
Ransom notes :

{"message":"All your data is backed up. You must pay 0.0053 BTC to bc1q7xgc4zkf00yk4u4vrkfpc7m64h8ly5w4ap0cnx In 48 hours, your data will be publicly disclosed and deleted. (more information: go to https://is.gd/rudata5)After paying send mail to us: rambler+5bm03@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 5BM03"}
            
Analysis helper :
                
estk --url=http://157.230.202.76:9200 list
            

ASN: 197540
240 events in 1379 days
Leak size: 776.5 MB
Open ports: 9200
Indices: 19, document count: 1424113, size: 776.5 MB
Found index .monitoring-kibana-7-2025.04.02 with 8640 documents (1.9 MB)
Found index .tasks ...
Ransom notes :

{"readme":"Sorry, we have taken your files from this server and deleted your copy. If you wish to recover your files you will need to pay our price. You will need to make payment by bitcoin. If you do not know how to purchase bitcoin we suggest you google it, prominent exchanges that are easy to use are Kraken, Moonpay, ad Cashapp. You will need to send 250 US dollars worth of bitcoin to the following address: 16fnSdjwpPUNnphTvL4Nsw98uJDcETKr1v .Once you have sent the bitcoin send an email to ghostransom@onionmail.org with the bitcoin transaction id, and we will send you a copy of all of your data from this server. Any attempt to negotiate with us or contact us before payment will simply result in deletion of your data."}
            
Analysis helper :
                
estk --url=http://185.162.248.167:9200 list
            

ASN: 24940
13 events in 31 days
Leak size: 31.3 kB
Open ports: 9200
Indices: 2, document count: 5, size: 31.3 kB
Found index read_me with 1 documents (5.3 kB)
Found index myapp-logs-2025.04.02 with 4 documents (26...
Ransom notes :

{"message":"All your data is backed up. You must pay 0.0051 BTC to bc1qfnu6j2n54k58uduufzuthhy7qn3sx7zalyuytz In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://2info.win/ela)After paying send mail to us: rambler+55hd4@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 55HD4"}
            
Analysis helper :
                
estk --url=http://94.130.49.158:9200 list
            

ASN: 31898
204 events in 593 days
Leak size: 5.3 kB
Open ports: 9200
Indices: 1, document count: 1, size: 5.3 kB
Found index read-me with 1 documents (5.3 kB)
Ransom notes :

{"message": "Your DB has been back up. The only way of recovery is you must send 0.01 BTC to bc1qmheh2ukafmsa8y0hxj64lalddzxwj0sfaas7uu. Once paid please email dar0kmdb@tutanota.com with code: `aLEfI8` and we will recover your database. please read https://paste.sh/u6JYxXwk#PwdBc7jVzqo9-h12zU5hyPYP for more information"}
            
Analysis helper :
                
estk --url=http://129.151.252.128:9200 list
            

ASN: 9794
68 events in 156 days
Leak size: 38.7 MB
Open ports: 9200
Indices: 2, document count: 40, size: 38.7 MB
Found index .geoip_databases with 39 documents (38.6 MB)
Found index read_me with 1 documents (4.5 ...
Ransom notes :

{"message":"All your data is backed up. You must pay 0.0045 BTC to bc1q7xgc4zkf00yk4u4vrkfpc7m64h8ly5w4ap0cnx In 48 hours, your data will be publicly disclosed and deleted. (more information: go to https://is.gd/rudata5)After paying send mail to us: rambler+5dfo9@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 5DFO9"}
            
Analysis helper :
                
estk --url=http://203.201.164.98:9200 list
            

ASN: 49505
83 events in 794 days
Leak size: 5.3 kB
Open ports: 9200
Indices: 1, document count: 1, size: 5.3 kB
Found index read_me with 1 documents (5.3 kB)
Ransom notes :

{"message":"All your data is backed up. You must pay 0.005 BTC to 16w2xEN9pcjFgECWH1LDVps4xV9m3nUMBN In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://iplis.ru/data5)After paying send mail to us: rambler+4dcgp@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 5DCGP"}
            
Analysis helper :
                
estk --url=http://37.9.15.77:9200 list
            

ASN: 45102
192 events in 624 days
Leak size: 7.8 MB
Open ports: 3307
Databases: 32, row count: 142626, size: 7.8 MB
Found table README_TO_RECOVER_A.RECOVER_YOUR_DATA with 2 records
Found table mysql.columns_priv wi...
Ransom notes :

All your data is backed up. You must pay 0.0062 BTC to bc1qu5xyjmdeu374cqd2nyv7rt0aq9ep784rjzn9e0 In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://iplis.ru/data02)
            

ASN: 59624
108 events in 1086 days
Leak size: 4.3 kB
Open ports: 9200
Indices: 1, document count: 1, size: 4.3 kB
Found index read-me with 1 documents (4.3 kB)
Ransom notes :

{"message": "Your DB has been back up. The only way of recovery is you must send 0.01 BTC to bc1qaua9cwrp0g2nqg2txn86e7k376v0xm4m0yfcfq. Once paid please email dar0kmdb@tutanota.com with code: `WCR6wZ` and we will recover your database. please read https://paste.sh/u6JYxXwk#PwdBc7jVzqo9-h12zU5hyPYP for more information"}
            
Analysis helper :
                
estk --url=http://144.206.234.35:9200 list
            

ASN: 37963
51 events in 156 days
Leak size: 1.7 GB
Open ports: 9200
Indices: 26, document count: 1840463, size: 1.7 GB
Found index .monitoring-es-7-2025.04.03 with 220246 documents (144.4 MB)
Found index .internal...
Ransom notes :

{"message":"All your data is backed up. You must pay 0.0041 BTC to bc1qaateuj4jhlay6qcyu0uw4tt4sz6m6gqn37dxkk In 48 hours, your data will be publicly disclosed and deleted. (more information: go to https://is.gd/rudata5)After paying send mail to us: dzen+5bvxg@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 5BVXG"}
            
Analysis helper :
                
estk --url=http://39.106.94.192:9200 list
            

ASN: 47583
5 events in 33 days
Leak size: 7.3 GB
Open ports: 9200
Indices: 462, document count: 56444500, size: 7.3 GB
Found index zeebe-record_job_8.5.0_2025-03-18 with 2729 documents (2.3 MB)
Found index zeebe...
Ransom notes :

{"message":"All your data is backed up. You must pay 0.0052 BTC to bc1qm0v2r0mmx3py3h7fzkerd9a6rzdrpw5afqacen In 48 hours, your data will be publicly disclosed and deleted. (more information: go to https://is.gd/rudata5)After paying send mail to us: rambler+5tvmc@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 5TVMC"}
            
Analysis helper :
                
estk --url=http://194.164.76.209:9200 list
            

ASN: 8075
65 events in 134 days
Leak size: 10.7 kB
Open ports: 9200
Indices: 2, document count: 2, size: 10.7 kB
Found index internal with 1 documents (6.4 kB)
Found index read-me with 1 documents (4.3 kB)
Ransom notes :

{"message": "We delete all databases, but download a copy to our server. The only way of recovery is you must send 0.01 BTC to bc1qmaacz9fdvnkujqlf8m547mzzh0l5t0ajn699th. You have until 48 hours to pay or data will be inaccessible. Once paid please email incomings99112@onionmail.com with code: `9PDqED` and we will recover your database. please read https://paste.sh/UY6_vtGL#THGqRdL9oQqUc-28RPDOWSbB for more information"}
            
Analysis helper :
                
estk --url=http://52.169.142.130:9200 list
            

ASN: 42447
54 events in 929 days
Leak size: 411.3 MB
Open ports: 9200
Indices: 2, document count: 766185, size: 411.3 MB
Found index read_me with 1 documents (5.4 kB)
Found index filebeat-8.0.1 with 766184 documents...
Ransom notes :

{"text":"Your DB has been back up. The only way of recovery is you must send 0.0057 BTC to 127ZBzXyLJFc7ShMmzkYFDhSiXXSnR8Jfr. Once paid please email databaserestore32@onionmail.org with code: `omoRmq` and we will recover your database. please read https://cutmyurl.com/3caF8EkT for more information"}
            
Analysis helper :
                
estk --url=http://93.170.72.53:9200 list
            

ASN: 24940
194 events in 770 days
Leak size: 4.5 kB
Open ports: 80
Certificate domains:
elasticsearch.radiewcare-apps.es
Indices: 1, document count: 1, size: 4.5 kB
Found index read-me with 1 documents (4.5 kB)
Ransom notes :

{"message": "Your DB has been back up. The only way of recovery is you must send 0.01 BTC to bc1qaua9cwrp0g2nqg2txn86e7k376v0xm4m0yfcfq. Once paid please email dar0kmdb@tutanota.com with code: `5Xcpm5` and we will recover your database. please read https://paste.sh/u6JYxXwk#PwdBc7jVzqo9-h12zU5hyPYP for more information"}
            
Analysis helper :
                
estk --url=http://elasticsearch.radiewcare-apps.es list