135 /
tcp
1105805581 | 2025-03-15T13:20:35.227387
Microsoft RPC Endpoint Mapper
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 43.252.231.96:49152
ncalrpc: WindowsShutdown
ncacn_np: \\CLOUDSERVER\PIPE\InitShutdown
ncalrpc: WMsgKRpc05E230
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\CLOUDSERVER\PIPE\InitShutdown
ncalrpc: WMsgKRpc05E230
ncalrpc: WMsgKRpc05E541
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-60eec1f07fe2d04e84
ncacn_np: \\CLOUDSERVER\PIPE\srvsvc
ncacn_ip_tcp: 43.252.231.96:49154
ncacn_np: \\CLOUDSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
ncalrpc: senssvc
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 43.252.231.96:49153
ncacn_np: \\CLOUDSERVER\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 43.252.231.96:49153
ncacn_np: \\CLOUDSERVER\pipe\eventlog
ncalrpc: eventlog
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncacn_ip_tcp: 43.252.231.96:49153
ncacn_np: \\CLOUDSERVER\pipe\eventlog
ncalrpc: eventlog
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 43.252.231.96:49153
ncacn_np: \\CLOUDSERVER\pipe\eventlog
ncalrpc: eventlog
30b044a5-a225-43f0-b3a4-e060df91f9c1
version: v1.0
provider: certprop.dll
ncacn_np: \\CLOUDSERVER\PIPE\srvsvc
ncacn_ip_tcp: 43.252.231.96:49154
ncacn_np: \\CLOUDSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
98716d03-89ac-44c7-bb8c-285824e51c4a
version: v1.0
annotation: XactSrv service
provider: srvsvc.dll
ncacn_ip_tcp: 43.252.231.96:49154
ncacn_np: \\CLOUDSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
552d076a-cb29-4e44-8b6a-d15e59e2c0af
version: v1.0
annotation: IP Transition Configuration endpoint
provider: iphlpsvc.dll
ncacn_ip_tcp: 43.252.231.96:49154
ncacn_np: \\CLOUDSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
a398e520-d59a-4bdd-aa7a-3c1e0303a511
version: v1.0
annotation: IKE/Authip API
provider: IKEEXT.DLL
ncacn_ip_tcp: 43.252.231.96:49154
ncacn_np: \\CLOUDSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
86d35949-83c9-4044-b424-db363231fd0c
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: schedsvc.dll
ncacn_ip_tcp: 43.252.231.96:49154
ncacn_np: \\CLOUDSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
378e52b0-c0a9-11cf-822d-00aa0051e40f
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\CLOUDSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
1ff70682-0a51-30e8-076d-740be8cee98b
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\CLOUDSERVER\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
version: v1.0
provider: schedsvc.dll
ncalrpc: senssvc
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
2eb08e3e-639f-4fba-97b1-14f878961076
version: v1.0
provider: gpsvc.dll
ncalrpc: OLEC613B50E2EA145BFBF3EA60261E6
ncalrpc: IUserProfile2
24019106-a203-4642-b88d-82dae9158929
version: v1.0
provider: authui.dll
ncalrpc: LRPC-01003e6e7f1da9994e
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\CLOUDSERVER\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
ncalrpc: LRPC-60830e9ed6e230e3f2
ncalrpc: OLE190F73A03DE14F8C9052908EBCD7
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-60830e9ed6e230e3f2
ncalrpc: OLE190F73A03DE14F8C9052908EBCD7
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-8a3dde569fdf68b760
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-8a3dde569fdf68b760
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-8a3dde569fdf68b760
4a452661-8290-4b36-8fbe-7f4093a94978
version: v1.0
annotation: Spooler function endpoint
provider: spoolsv.exe
ncalrpc: spoolss
ae33069b-a2a8-46ee-a235-ddfd339be281
version: v1.0
annotation: Spooler base remote object endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
version: v1.0
annotation: Spooler function endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
f763c91c-2ab1-47fa-868f-7de7efd42194
version: v1.0
annotation: VM Allow-List Provider RPC
ncalrpc: RdvVmAllowListRpc
ncalrpc: OLEFC56291ABA684868BEE774EEAF5A
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 43.252.231.96:49155
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 43.252.231.96:49156
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\CLOUDSERVER\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-5af8f861c979c8702c
ncacn_np: \\CLOUDSERVER\pipe\lsass
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
annotation: IPSec Policy agent endpoint
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncalrpc: LRPC-d91223e3f2458fd98e
ncacn_ip_tcp: 43.252.231.96:49158
6b5bdd1e-528c-422c-af8c-a4079be4fe48
version: v1.0
annotation: Remote Fw APIs
protocol: [MS-FASP]: Firewall and Advanced Security Protocol
provider: FwRemoteSvr.dll
ncacn_ip_tcp: 43.252.231.96:49158
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC-12af8e25d244caaa77
ncalrpc: LRPC-12af8e25d244caaa77
ncalrpc: LRPC-12af8e25d244caaa77
ncalrpc: LRPC-12af8e25d244caaa77
2f5f6521-cb55-1059-b446-00df0bce31db
version: v1.0
annotation: Unimodem LRPC Endpoint
ncalrpc: unimdmsvc
ncalrpc: tapsrvlpc
ncacn_np: \\CLOUDSERVER\pipe\tapsrv
1489525118 | 2025-03-19T08:31:09.712218
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 19 Mar 2025 08:31:15 GMT
Connection: close
Content-Length: 315
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:31:63:de:1d:2f:63:bf:42:38:54:ac:e0:f5:7a:85
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=WMSvc-WIN-25US8G3F849
Validity
Not Before: Mar 18 06:47:25 2016 GMT
Not After : Mar 16 06:47:25 2026 GMT
Subject: CN=WMSvc-WIN-25US8G3F849
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ab:84:9f:5f:4d:f0:a9:75:78:41:8f:90:8d:c4:
77:c7:ac:89:94:76:39:66:5d:6c:d9:a0:85:0f:40:
2f:57:1a:d3:cb:16:4f:25:65:98:61:cc:f1:fa:81:
54:c2:e6:ac:bd:ca:d8:04:f7:ca:d7:6e:2a:c0:7a:
6b:4d:76:59:37:fd:a2:cd:86:44:fe:dd:8d:6a:09:
84:be:67:f5:b9:dd:bd:a8:0a:5a:f4:19:e6:0d:d5:
c7:22:c4:13:e4:da:b5:90:cf:39:c2:97:e4:84:38:
f0:bd:28:26:2b:51:72:83:0b:20:1b:2b:6d:a5:1a:
e6:25:0e:d4:91:5e:31:7f:a8:8f:30:e2:07:8c:69:
c9:a9:b0:85:19:64:ee:33:5c:dc:6d:62:0c:be:6b:
5c:8a:82:56:c1:54:03:ab:64:08:58:a3:8b:8d:3b:
40:77:97:1b:bc:ed:10:82:89:1f:c0:8c:d3:a9:47:
50:6c:02:af:94:62:84:ea:86:b5:97:e2:3c:06:96:
85:e7:3b:33:bb:22:2b:f7:cb:5f:93:a9:6f:19:07:
27:7f:9f:77:65:15:ea:b7:63:7f:8d:c3:e2:20:f7:
2d:e2:37:d9:6b:9e:4f:79:93:46:26:97:fc:95:10:
f7:00:d1:20:cd:f0:5e:3c:89:c7:e5:3f:b1:01:d8:
e4:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment, Data Encipherment
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
4b:39:4a:39:1a:83:7a:5c:b9:f1:52:7e:ed:d3:62:31:2d:0c:
27:15:8e:ff:d0:70:dd:32:63:0b:9c:17:c2:dc:98:b1:43:f9:
c7:e8:39:d5:75:32:ac:a6:be:c8:ef:0d:82:82:62:d0:4a:30:
fe:fd:83:89:f5:5b:6c:69:ee:07:4e:1c:e0:10:e6:c6:f7:2d:
b7:c3:d6:1f:85:b9:dd:32:0d:51:9d:82:52:70:a9:ad:62:52:
6c:27:24:55:48:8b:44:a4:29:5a:7a:8a:b1:f5:5d:c3:34:56:
f3:37:1a:0b:a1:46:27:cb:40:5a:c5:8f:ee:6c:cb:de:8f:05:
ec:14:c4:4d:73:d9:cd:ee:fd:d1:fc:4d:b5:8f:d3:23:94:1e:
cb:cb:67:00:5b:22:69:c1:18:1f:47:fe:5e:9c:ed:8a:ff:26:
14:06:ae:9f:1b:4c:76:ea:a4:3b:a5:f0:a4:07:ea:c2:9c:5b:
bf:eb:87:e3:0a:8c:9d:d5:79:52:8b:d4:fb:18:62:f9:f4:ab:
01:5a:e9:f3:0b:0b:ec:c9:66:99:38:fe:aa:8b:90:42:02:d1:
5d:78:b0:07:79:d8:74:40:5b:df:a0:f9:e7:56:fe:37:e3:86:
7d:24:c6:30:e0:72:f4:43:ad:3c:f8:29:c9:70:c9:1a:20:b8:
e3:ec:4a:fd
445 /
tcp
2074933174 | 2025-03-16T02:37:58.430664
SMB Status:
Authentication: enabled
SMB Version: 1
OS: Windows Server 2008 R2 Enterprise 7601 Service Pack 1
Software: Windows Server 2008 R2 Enterprise 6.1
Capabilities: extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, lwio, nt-find, nt-smb, nt-status, rpc-remote-api, unicode
1723 /
tcp
941448006 | 2025-02-27T20:39:06.829001
PPTP:
Firmware: 0
Hostname:
Vendor: Microsoft
1298793639 | 2025-03-18T11:50:10.082953
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 18 Mar 2025 11:50:12 GMT
Connection: close
Content-Length: 334
