API tools faq
paste
Advertisement
Guest User

MongoDB example ransom logs - @gossithedog honeypot

a guest
Jan 25th, 2017
447
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.66 KB | None | 0 0
raw download clone embed print report
  1. 2017-01-20T02:50:26.125-0500 I NETWORK [initandlisten] connection accepted from 176.126.252.12:11471 #126 (2 connections now open)
  2. 2017-01-20T02:50:28.354-0500 I COMMAND [conn126] dropDatabase WARNING starting
  3. 2017-01-20T02:50:28.363-0500 I COMMAND [conn126] dropDatabase WARNING finished
  4. 2017-01-20T02:50:28.363-0500 I COMMAND [conn126] command WARNING command: dropDatabase { dropDatabase: 1 } keyUpdates:0 writeConflicts:0 numYields:0 reslen:
  5. 58 locks:{ Global: { acquireCount: { r: 2, w: 1, W: 1 } }, Database: { acquireCount: { W: 1 } } } protocol:op_query 9ms
  6. 2017-01-20T02:50:28.363-0500 I - [conn126] note: not profiling because db went away for WARNING
  7. 2017-01-20T02:50:28.877-0500 I COMMAND [conn126] command PLEASE_READ.PLEASE_READ command: insert { insert: "PLEASE_READ", ordered: true, documents: [ { _id:
  8. ObjectId('5881c143aff9bd4168077ab3'), Info: "Your DB is Backed up at our servers, to restore send 0.2 BTC to the Bitcoin Address then send an email with you
  9. r server ip", Bitcoin Address: "1J5ADzFv1gx3fsUPUY1AWktuJ6DF9P6hiF", Email: "kraken0@india.com" } ] } ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 r
  10. eslen:40 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, Database: { acquireCount: { w: 1, W: 1 } }, Collection: { acquireCount: { W: 1 } } } protocol:op_q
  11. uery 47ms
  12. 2017-01-20T02:50:28.877-0500 I - [conn126] Creating profile collection: PLEASE_READ.system.profile
  13. 2017-01-20T02:51:23.465-0500 I NETWORK [conn126] end connection 176.126.252.12:11471 (1 connection now open)
  14. 2017-01-20T02:52:03.212-0500 I NETWORK [conn125] end connection 176.126.252.12:20327 (0 connections now open)
  15. 2017-01-20T05:11:47.135-0500 I NETWORK [initandlisten] connection accepted from 199.254.238.44:47568 #127 (1 connection now open)
  16. 2017-01-20T05:11:50.747-0500 I NETWORK [initandlisten] connection accepted from 163.172.217.50:40226 #128 (2 connections now open)
  17. 2017-01-20T05:11:52.924-0500 I COMMAND [conn128] dropDatabase PLEASE_READ starting
  18. 2017-01-20T05:11:52.930-0500 I COMMAND [conn128] dropDatabase PLEASE_READ finished
  19. 2017-01-20T05:11:52.930-0500 I COMMAND [conn128] command PLEASE_READ command: dropDatabase { dropDatabase: 1 } keyUpdates:0 writeConflicts:0 numYields:0 res
  20. len:62 locks:{ Global: { acquireCount: { r: 2, w: 1, W: 1 } }, Database: { acquireCount: { W: 1 } } } protocol:op_query 5ms
  21. 2017-01-20T05:11:52.930-0500 I - [conn128] note: not profiling because db went away for PLEASE_READ
  22. 2017-01-20T05:11:53.351-0500 I COMMAND [conn128] command PLEASE_READ.PLEASE_READ command: insert { insert: "PLEASE_READ", ordered: true, documents: [ { _id:
  23. ObjectId('5881e268aff9bd4718d3fa59'), Info: "Your DB is Backed up at our servers, to restore send 0.2 BTC to the Bitcoin Address then send an email with you
  24. r server ip", Bitcoin Address: "1J5ADzFv1gx3fsUPUY1AWktuJ6DF9P6hiF", Email: "kraken0@india.com" } ] } ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 r
  25. eslen:40 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, Database: { acquireCount: { w: 1, W: 1 } }, Collection: { acquireCount: { W: 1 } } } protocol:op_q
  26. uery 13ms
  27. 2017-01-20T05:11:53.351-0500 I - [conn128] Creating profile collection: PLEASE_READ.system.profile
  28. 2017-01-20T05:11:55.780-0500 I NETWORK [conn127] end connection 199.254.238.44:47568 (1 connection now open)
  29. 2017-01-20T05:11:56.006-0500 I NETWORK [conn128] end connection 163.172.217.50:40226 (0 connections now open)
  30. 2017-01-20T06:53:16.942-0500 I NETWORK [initandlisten] connection accepted from 77.247.181.165:63965 #129 (1 connection now open)
  31. 2017-01-20T06:53:23.041-0500 I NETWORK [initandlisten] connection accepted from 94.242.246.23:15795 #130 (2 connections now open)
  32. 2017-01-20T06:53:26.337-0500 I COMMAND [conn130] dropDatabase PLEASE_READ starting
  33. 2017-01-20T06:53:26.338-0500 I COMMAND [conn130] dropDatabase PLEASE_READ finished
  34. 2017-01-20T06:53:26.338-0500 I - [conn130] note: not profiling because db went away for PLEASE_READ
  35. 2017-01-20T06:53:26.801-0500 I COMMAND [conn130] command PLEASE_READ.PLEASE_READ command: insert { insert: "PLEASE_READ", ordered: true, documents: [ { _id:
  36. ObjectId('5881fa35aff9bd1e90996e99'), Info: "Your DB is Backed up at our servers, to restore send 0.2 BTC to the Bitcoin Address then send an email with you
  37. r server ip", Bitcoin Address: "1J5ADzFv1gx3fsUPUY1AWktuJ6DF9P6hiF", Email: "kraken0@india.com" } ] } ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 r
  38. eslen:40 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, Database: { acquireCount: { w: 1, W: 1 } }, Collection: { acquireCount: { W: 1 } } } protocol:op_q
  39. uery 33ms
  40. 2017-01-20T06:53:26.801-0500 I - [conn130] Creating profile collection: PLEASE_READ.system.profile
  41. 2017-01-20T06:53:39.681-0500 I NETWORK [conn130] end connection 94.242.246.23:15795 (1 connection now open)
  42. 2017-01-20T06:53:39.946-0500 I NETWORK [conn129] end connection 77.247.181.165:63965 (0 connections now open)
  43. 2017-01-20T08:02:45.421-0500 I NETWORK [initandlisten] connection accepted from 66.240.236.119:37227 #131 (1 connection now open)
  44. 2017-01-20T08:02:46.205-0500 I NETWORK [conn131] end connection 66.240.236.119:37227 (0 connections now open)
  45. 2017-01-20T20:18:47.026-0500 I NETWORK [initandlisten] connection accepted from 54.153.51.96:44699 #132 (1 connection now open)
  46. 2017-01-20T20:18:47.302-0500 I NETWORK [initandlisten] connection accepted from 54.153.51.96:44753 #133 (2 connections now open)
  47. 2017-01-20T20:18:47.655-0500 I COMMAND [conn133] command admin.$cmd command: buildInfo { buildInfo: 1 } keyUpdates:0 writeConflicts:0 numYields:0 reslen:118
  48. 8 locks:{} protocol:op_query 3ms
  49. 2017-01-20T20:18:48.052-0500 I NETWORK [conn132] end connection 54.153.51.96:44699 (1 connection now open)
  50. 2017-01-20T20:18:48.052-0500 I NETWORK [conn133] end connection 54.153.51.96:44753 (0 connections now open)
  51. 2017-01-21T01:31:09.571-0500 I NETWORK [initandlisten] connection accepted from 184.105.247.194:5212 #134 (1 connection now open)
  52. 2017-01-21T01:31:09.668-0500 I NETWORK [conn134] end connection 184.105.247.194:5212 (0 connections now open)
  53. 2017-01-21T01:31:31.125-0500 I NETWORK [initandlisten] connection accepted from 184.105.247.194:11258 #135 (1 connection now open)
  54. 2017-01-21T01:31:31.190-0500 I NETWORK [conn135] end connection 184.105.247.194:11258 (0 connections now open)
  55. 2017-01-21T09:52:18.610-0500 I NETWORK [initandlisten] connection accepted from 196.52.43.66:47952 #136 (1 connection now open)
  56. 2017-01-21T09:52:50.408-0500 I NETWORK [conn136] end connection 196.52.43.66:47952 (0 connections now open)
  57. 2017-01-22T02:18:24.200-0500 I NETWORK [initandlisten] connection accepted from 74.82.47.5:36716 #137 (1 connection now open)
  58. 2017-01-22T02:18:24.267-0500 I NETWORK [conn137] end connection 74.82.47.5:36716 (0 connections now open)
  59. 2017-01-22T02:18:49.795-0500 I NETWORK [initandlisten] connection accepted from 74.82.47.5:39738 #138 (1 connection now open)
  60. 2017-01-22T02:18:49.859-0500 I NETWORK [conn138] end connection 74.82.47.5:39738 (0 connections now open)
  61. 2017-01-22T11:20:47.117-0500 I NETWORK [initandlisten] connection accepted from 146.185.131.158:51624 #139 (1 connection now open)
  62. 2017-01-22T11:20:47.331-0500 I NETWORK [initandlisten] connection accepted from 146.185.131.158:51802 #140 (2 connections now open)
  63. 2017-01-22T11:20:47.561-0500 I COMMAND [conn140] dropDatabase PLEASE_READ starting
  64. 2017-01-22T11:20:47.569-0500 I COMMAND [conn140] dropDatabase PLEASE_READ finished
  65. 2017-01-22T11:20:47.569-0500 I COMMAND [conn140] command PLEASE_READ command: dropDatabase { dropDatabase: 1 } keyUpdates:0 writeConflicts:0 numYields:0 res
  66. len:62 locks:{ Global: { acquireCount: { r: 2, w: 1, W: 1 } }, Database: { acquireCount: { W: 1 } } } protocol:op_query 7ms
  67. 2017-01-22T11:20:47.569-0500 I - [conn140] note: not profiling because db went away for PLEASE_READ
  68. 2017-01-22T11:20:47.675-0500 I COMMAND [conn140] command PLEASE_READ_ME.PLEASE_READ_ME command: insert { insert: "PLEASE_READ_ME", ordered: true, documents:
  69. [ { info: "Your DB is Backed up at our servers (that is true, check logs). To restore send 0.1 BTC to the Bitcoin Address then send an email with your serve
  70. r ip ...", Bitcoin Address: "1HjLh88AKNYz7s6p5b3XxLrPqEqKWs1PhS", amount: "0.1 BTC ($80-$90)", _id: ObjectId('5884dbdfa2c6b85e2e5d25ae'), Email: "kraken888@s
  71. igaint.org" } ] } ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 reslen:40 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, Database: { acquireCount:
  72. { w: 1, W: 1 } }, Collection: { acquireCount: { W: 1 } } } protocol:op_query 9ms
  73. 2017-01-22T11:20:47.675-0500 I - [conn140] Creating profile collection: PLEASE_READ_ME.system.profile
  74. 2017-01-22T11:20:47.776-0500 I NETWORK [conn140] end connection 146.185.131.158:51802 (1 connection now open)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!