-1510715118 | 2024-07-13T11:24:49.624607
22 /
tcp
SSH-2.0-OpenSSH_7.4
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQCpMifpJfxC8mkI0PT3a/Bcf5+kaQBmz2ROySKxOdhH5dU2
S1Zam6Ynlg8CNFywMDJl0Ag+9eM1WItaA/twaSerJAMTvSv1q6L63/N1sL7KJG+KAMUDtp3M5oxa
nnCUnbsUqwh/l59ciC3RXbdvDaCXthiwTITspEcJxgwiTVc/dPlVupx3gei4VOLbNt3nRvzQ8tn3
2vs1GdX7c4/BOoNJnJVEwcepSxsSEY+baPdWNukKjRtAvmtiNPSkzt4pjq1TaGlEY9i2BbVmJeL3
resMWhh8d3MpMUhK3DqVFofhoK2AEPvjLKpDX4PdQ9cQXdbgHdQsMjzymhI+XZfeQzzf
Fingerprint: 19:40:cf:fe:06:05:08:39:ff:f4:2f:85:5e:04:67:b2
Kex Algorithms:
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
Server Host Key Algorithms:
ssh-rsa
rsa-sha2-512
rsa-sha2-256
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
3des-cbc
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
-931697787 | 2024-07-13T01:26:52.809430
23 /
tcp
-1109295821 | 2024-07-13T05:43:18.145966
80 /
tcp
HTTP/1.1 404 Not Found
Date: Sat, 13 Jul 2024 05:43:17 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 155.94.204.114,/push
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 80
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 93268dee78908eb08c9763f15bcbc895
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 155.94.204.114,/cx
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 80
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 93268dee78908eb08c9763f15bcbc895
sleeptime: 60000
useragent_header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)
uses_cookies: 1
watermark: 987654321
1227855557 | 2024-07-13T08:25:13.011124
443 /
tcp
HTTP/1.1 404 Not Found
Date: Sat, 13 Jul 2024 08:25:12 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTPS
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 155.94.204.114,/IE9CompatViewList.xml
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 443
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 93268dee78908eb08c9763f15bcbc895
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTPS
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 155.94.204.114,/cx
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 443
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 93268dee78908eb08c9763f15bcbc895
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser)
uses_cookies: 1
watermark: 987654321
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 146473198 (0x8bb00ee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=, ST=, L=, O=, OU=, CN=
Validity
Not Before: May 20 18:26:24 2015 GMT
Not After : May 17 18:26:24 2025 GMT
Subject: C=, ST=, L=, O=, OU=, CN=
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:98:d7:1a:93:71:8e:6f:7b:62:8c:09:53:13:32:
33:f4:01:8c:64:e7:c9:4a:8c:5e:dd:48:b1:70:2b:
55:da:29:dc:5f:df:19:d8:6c:99:69:04:c5:3b:7c:
01:f8:d6:9b:d4:cb:d8:8d:ca:09:52:aa:06:14:3d:
53:cf:96:fa:5d:c9:00:f3:5a:a8:b9:ce:a9:14:9f:
79:0f:92:43:4b:66:2e:e5:67:d4:05:50:b7:54:4a:
61:91:a8:fa:8e:f4:1b:fc:80:5c:13:70:09:0d:e6:
52:2b:0b:7b:a2:e7:f7:6e:84:de:c7:99:33:a8:1b:
f0:77:ac:17:fc:3e:da:c0:9c:43:65:1a:a8:b6:37:
84:a5:48:0d:8b:e5:7a:73:5a:34:cc:6d:6b:0f:bc:
03:fd:ee:75:3f:a9:21:7d:49:ca:b9:48:96:dd:12:
0e:0e:58:6b:6a:29:c1:84:c5:24:ce:b8:29:bb:b2:
0c:a9:0a:db:5d:c0:e5:2c:f4:d1:18:75:dc:f5:51:
29:69:69:7d:5b:60:a2:1f:41:36:ea:73:24:e1:bf:
18:4f:f1:d1:79:97:09:80:0e:20:6a:e6:f2:eb:a3:
02:d5:16:27:99:e4:6d:a7:33:7f:69:5d:9c:84:c9:
07:0f:b7:89:0a:ed:13:52:c4:33:c6:94:25:e2:91:
09:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:6B:5E:DB:CF:C9:19:1D:5B:D0:1F:8C:E3:AB:56:38:18:9F:02:4F
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
54:f5:2f:a8:f5:84:45:05:3c:dc:09:e6:78:a6:18:a9:9b:02:
7d:3e:c2:05:2a:88:9d:82:44:de:91:bb:77:13:3c:8b:f9:0f:
a7:c9:24:3f:1a:7e:19:5d:d9:62:15:8c:4a:35:c4:66:c5:b4:
96:09:af:63:5f:aa:89:6f:ab:7b:81:c2:c1:3f:c1:e9:ee:45:
8b:b0:d7:5b:93:5f:7e:89:20:e9:85:57:ce:e9:47:4b:e9:95:
48:6c:8c:b4:bc:d3:b4:fc:b8:04:29:58:bb:b7:31:3c:e1:e9:
5c:69:2e:39:65:23:d8:f8:79:f2:48:5d:ac:3f:74:85:d2:7f:
62:17:f6:d6:77:36:0e:8c:b7:0f:a6:06:af:b1:3e:ba:28:ba:
e2:95:e5:e4:62:30:96:14:e5:ee:7e:76:60:a5:fd:75:a4:67:
77:c1:32:44:21:e9:d2:69:b7:3d:d0:b4:38:ac:0b:c1:24:f8:
9c:63:f0:1f:84:8b:61:fe:0e:06:88:31:be:33:50:e6:ce:55:
7e:d4:5d:27:36:bd:ca:b8:d1:a3:7a:08:4b:55:e8:0a:a1:1a:
bf:6f:93:c5:fb:49:29:48:ae:c7:53:02:1d:ae:06:6c:ab:3d:
4e:46:c3:13:a0:4c:af:f0:bb:f1:23:22:f4:0d:30:8b:04:94:
87:9a:02:72
-1255326477 | 2024-07-13T00:22:33.851657
4433 /
tcp
HTTP/1.1 404 Not Found
Content-Type: text/plain
Date: Sat, 13 Jul 2024 00:22:33 GMT
Content-Length: 18
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
de:71:01:b5:59:13:62:ad
Signature Algorithm: sha512WithRSAEncryption
Issuer: C=XX, L=Default City, O=Default Company Ltd
Validity
Not Before: Sep 21 07:44:29 2022 GMT
Not After : Sep 20 07:44:29 2024 GMT
Subject: C=XX, L=Default City, O=Default Company Ltd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:df:ec:e2:78:2b:7f:7c:c6:bd:fa:b1:30:d7:d6:
34:92:a5:cf:b4:a6:54:7e:8c:90:b2:20:0d:c2:eb:
5e:80:7c:e0:5e:9c:05:f1:18:4d:ff:0e:b1:aa:1f:
b6:d1:bc:28:5a:81:b7:23:c1:90:db:80:6a:fa:67:
02:29:81:70:e7:40:e2:b5:3e:a5:e5:8c:d5:be:61:
6f:e9:3b:ab:f9:08:40:dd:c1:66:69:37:38:d4:cb:
dd:59:69:02:c2:bf:56:4f:2e:e8:97:bb:1e:c7:98:
de:98:97:c4:b9:91:2b:9b:46:4c:73:3c:7d:ab:02:
14:08:73:b4:e7:2f:4b:22:01:2f:9b:72:d4:1a:8c:
8e:de:46:e7:db:b6:26:3a:68:25:83:59:0f:e5:62:
be:74:72:da:56:2e:2e:de:af:b6:a0:5c:97:f9:c9:
2c:89:24:bb:75:b5:c7:47:87:64:ba:c6:0b:04:65:
b8:8a:20:74:33:38:9f:a7:60:d8:f2:b6:7f:58:a0:
53:56:28:f9:5f:53:8d:45:4d:2d:c0:6e:3f:69:aa:
3c:19:c5:4d:d5:e4:92:29:44:04:70:8b:04:53:1e:
12:8a:e2:63:c5:6a:4f:d6:92:f4:65:61:48:c3:4f:
eb:6c:49:9d:0c:2b:d9:d2:cf:7c:2f:ac:5b:3f:4d:
1e:7a:b6:fd:08:3a:fe:bc:16:f1:8a:33:ef:68:67:
53:6d:b7:b9:05:c0:31:23:ec:b2:ea:a6:77:52:5b:
1b:db:db:c3:fa:5a:47:81:42:1d:99:29:88:38:79:
ec:26:58:1d:29:0e:28:8b:8f:43:bd:37:b9:77:01:
4b:3c:4d:16:ee:25:ce:3f:ba:55:fd:0a:a5:19:80:
04:79:55:19:21:d2:d4:19:52:9e:80:f2:95:1e:a0:
c4:58:9f:b1:7a:79:b2:7a:00:af:f8:93:db:47:e2:
57:4c:17:15:71:34:a7:f9:73:32:3a:e0:e6:48:92:
fa:b5:fa:6a:83:80:fd:69:05:75:43:45:57:92:f6:
0e:34:d8:a8:4c:9e:9f:b2:04:23:be:ad:f2:6d:c3:
b9:1c:84:e4:ab:de:f9:aa:c7:79:bd:61:fa:43:13:
dc:17:5a:20:19:fe:71:4f:db:36:02:cc:47:71:e2:
cf:17:15:b9:c7:30:4e:f5:10:db:6f:f3:08:52:4f:
41:1a:b9:6a:bf:13:10:81:07:f9:ef:26:6a:57:02:
7d:bb:4e:86:54:fd:e3:f4:fa:3c:2e:ca:f1:4f:c9:
9f:9d:1f:0c:f4:67:46:be:ca:d4:15:71:84:d8:fb:
ab:c9:21:ef:19:3a:f9:58:40:9c:ce:ef:47:15:18:
8a:df:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:3C:DB:6B:99:C9:22:16:BF:04:D8:99:CE:A7:F9:46:F4:AE:28:1B
X509v3 Authority Key Identifier:
1E:3C:DB:6B:99:C9:22:16:BF:04:D8:99:CE:A7:F9:46:F4:AE:28:1B
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha512WithRSAEncryption
Signature Value:
b9:af:b6:57:5e:c8:20:38:cf:c2:64:fa:bb:ba:89:f8:21:f0:
fe:5d:05:b4:fd:91:78:1d:1c:32:fb:8f:b9:b7:25:7f:2d:81:
3b:a3:d9:dc:4a:3a:c0:cb:00:82:e5:92:86:7f:64:9d:aa:96:
c7:21:cc:46:32:c8:66:06:78:e9:ce:6c:b2:34:57:4b:ae:31:
d9:3a:fb:fc:4b:57:7f:c0:46:13:67:0e:9a:72:fd:65:b4:96:
bf:0d:8c:d9:45:4e:be:b6:86:21:75:48:6e:e7:0f:97:d6:b1:
30:9a:12:b9:84:3f:ed:d6:09:db:99:a0:1a:bd:f1:84:77:c0:
39:cc:38:3e:69:b7:c6:51:ef:a0:e8:dc:e6:53:76:19:aa:e3:
e1:23:9e:d3:25:fa:e0:74:8d:80:c8:58:ad:64:8d:7e:3a:db:
08:22:b1:81:ed:c0:cd:b3:30:81:24:d7:0e:97:50:77:3b:57:
c5:7a:dc:db:28:b1:fc:56:15:5f:e2:47:ee:05:de:82:0c:ac:
ef:61:32:70:bc:20:2b:73:b1:e7:0f:fa:8f:44:e2:b7:72:ba:
b9:c9:6c:5a:4f:73:08:c8:21:ca:13:6f:6d:28:0d:16:13:5d:
7b:f7:d5:f6:56:53:2c:80:a4:25:10:8c:ef:be:60:26:cd:28:
6c:84:3d:51:8e:8f:28:69:21:ae:4b:33:63:7d:44:39:a6:9f:
0c:32:ba:d5:b6:6f:8c:03:39:96:2c:ed:6b:32:d3:05:56:0b:
9d:f3:ff:f1:c1:80:d1:bd:b9:3d:33:2d:17:52:0c:dc:58:8d:
32:13:35:a5:9b:76:34:b5:1d:13:83:07:39:f7:55:d9:6a:2a:
4c:42:88:ac:ee:89:41:75:9d:92:90:8f:f2:af:e0:f9:70:de:
c0:7a:9a:51:ea:b0:3a:7b:6d:f9:da:ff:f7:3a:e3:5a:f2:7d:
f0:69:55:fe:45:ac:4f:c4:d3:18:62:69:07:59:fd:a5:ea:87:
29:93:cc:97:70:45:bd:1d:49:de:c3:af:32:3e:6b:88:5d:2e:
95:15:99:25:4d:d1:4d:07:ec:bf:0e:2c:f3:46:13:d8:4d:b1:
55:1f:8e:d1:1f:c1:1e:03:7a:20:4c:66:a0:d5:d2:dc:29:78:
82:f8:14:ef:8a:3e:85:fb:f5:15:0f:c0:02:cc:01:06:75:28:
a9:20:28:ba:8a:a5:e7:f3:e9:00:72:fc:ed:ec:c8:03:9a:f0:
e5:bf:11:01:cf:f0:a3:32:e0:4c:1e:f9:e3:31:13:60:bd:ad:
dd:6f:9c:71:0b:52:3a:4d:67:2e:ba:be:ec:1d:e3:8d:c2:63:
11:80:6d:fc:4f:5c:8a:f1
41341329 | 2024-07-13T06:56:03.625126
6379 /
tcp
ok
# Keys
# Connected Clients
ok
272230336 | 2024-07-13T09:57:23.624113
9000 /
tcp
HTTP/1.1 200 OK
Content-Md5: ewYgOfkpfrRrjtPTgEle
Content-Type: text/html; charset=utf-8
Ohc-Cache-Hit: pfsMq
Server: JSP3/2.0.14
Set-Cookie: session=607decf37ff94f5fa375b39296ca17f6; Expires=Sun, 14 Jul 2024 09:57:23 GMT; HttpOnly
Timing-Allow-Origin: *
Date: Sat, 13 Jul 2024 09:57:23 GMT
Transfer-Encoding: chunked
853372109 | 2024-07-13T10:11:26.205359
9200 /
tcp
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Set-Cookie: session=48feebc35fd64350aa52b487dee2ed88; Expires=Sun, 14 Jul 2024 10:11:25 GMT; HttpOnly
Date: Sat, 13 Jul 2024 10:11:25 GMT
Content-Length: 369