49068642 | 2024-07-03T18:49:09.404254
80 /
tcp
HTTP/1.1 200 OK
Content-Length: 1193
Content-Type: text/html
Content-Location: http://149.88.92.79/iisstart.htm
Last-Modified: Fri, 21 Feb 2003 12:15:52 GMT
Accept-Ranges: bytes
ETag: "0ce1f9a2d9c21:278"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 03 Jul 2024 18:48:58 GMT
577549285 | 2024-07-06T01:12:20.383074
135 /
tcp
Microsoft RPC Endpoint Mapper
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
version: v1.0
provider: schedsvc.dll
ncacn_np: \\HKMT67270N\PIPE\atsvc
ncalrpc: OLEFC49CF24E88243E5BDA9F01AB2F9
ncalrpc: wzcsvc
378e52b0-c0a9-11cf-822d-00aa0051e40f
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\HKMT67270N\PIPE\atsvc
ncalrpc: OLEFC49CF24E88243E5BDA9F01AB2F9
ncalrpc: wzcsvc
1ff70682-0a51-30e8-076d-740be8cee98b
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\HKMT67270N\PIPE\atsvc
ncalrpc: OLEFC49CF24E88243E5BDA9F01AB2F9
ncalrpc: wzcsvc
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC000003bc.00000001
ncalrpc: LRPC000003bc.00000001
ncalrpc: LRPC000003bc.00000001
ncalrpc: LRPC000003bc.00000001
ncalrpc: LRPC00000f48.00000001
ncalrpc: OLEC2FB29C6264646E199E9511956D6
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 10.0.11.22:1025
ncalrpc: dsrole
ncacn_np: \\HKMT67270N\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: securityevent
ncalrpc: audit
ncacn_np: \\HKMT67270N\PIPE\lsass
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
annotation: IPSec Policy agent endpoint
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncalrpc: dsrole
ncacn_np: \\HKMT67270N\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: securityevent
ncalrpc: audit
ncacn_np: \\HKMT67270N\PIPE\lsass
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\HKMT67270N\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
82ad4280-036b-11cf-972c-00aa006887b0
version: v2.0
protocol: [MS-IRP]: Internet Information Services (IIS) Inetinfo Remote
provider: infocomm.dll
ncacn_np: \\HKMT67270N\PIPE\INETINFO
ncacn_ip_tcp: 10.0.11.22:1701
ncalrpc: INETINFO_LPC
ncalrpc: OLEDC1E4D0A24674B8B8B37FC7009AF
1864369339 | 2024-07-03T05:50:26.508899
137 /
udp
NetBIOS Response:
Server Name: HKMT67270N
MAC Address: 08:06:1C:00:00:B5
Names:
HKMT67270N <0x0>
WORKGROUP <0x0>
HKMT67270N <0x20>
WORKGROUP <0x1e>
Additional Interfaces:
32.0.32.22MAC Addresses
08:06:1C:00:00:B5
Unknown
1196188685 | 2024-07-03T17:56:01.886928
445 /
tcp
SMB Status:
Authentication: enabled
SMB Version: 1
OS: Windows Server 2003 R2 3790 Service Pack 2
Software: Windows Server 2003 R2 5.2
Capabilities: dfs, extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, lwio, nt-find, nt-smb, nt-status, raw-mode, rpc-remote-api, unicode
1135973263 | 2024-06-30T22:05:40.202630
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x03\x00\x08\x00\x02\x00\x00\x00
TH)
