1522179681 | 2024-07-08T13:57:22.078593
135 /
tcp
Microsoft RPC Endpoint Mapper
9b008953-f195-4bf9-bde0-4471971e58ed
version: v1.0
ncalrpc: dabrpc
ncalrpc: LRPC-453fabb02e469297ac
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
697dcda9-3ba9-4eb2-9247-e11f1901b0d2
version: v1.0
ncalrpc: LRPC-453fabb02e469297ac
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e
version: v1.0
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
c605f9fb-f0a3-4e2a-a073-73560f8d9e3e
version: v1.0
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0
version: v1.0
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
8bfc3be1-6def-4e2d-af74-7c47cd0ade4a
version: v1.0
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
2d98a740-581d-41b9-aa0d-a88b9d5ce938
version: v1.0
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760
version: v1.0
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
3b338d89-6cfa-44b8-847e-531531bc9992
version: v1.0
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
8782d3b9-ebbd-4644-a3d8-e8725381919b
version: v1.0
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
085b0334-e454-4d91-9b8c-4134f9e793f3
version: v1.0
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9
version: v1.0
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\LSM_API_service
ncalrpc: LSMApi
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-d9af6ee86c5968dfc4
ncalrpc: actkernel
ncalrpc: umpo
ncalrpc: LRPC-784b5cec3e86a4e1c1
ncalrpc: DeviceSetupManager
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\srvsvc
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncalrpc: LRPC-966fbb61d8c2580ce1
ncacn_ip_tcp: 178.215.236.247:49153
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\eventlog
ncalrpc: eventlog
58e604e8-9adb-4d2e-a464-3b0683fb1480
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\SessEnvPublicRpc
ncalrpc: SessEnvPrivateRpc
ncalrpc: LRPC-784b5cec3e86a4e1c1
ncalrpc: DeviceSetupManager
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\srvsvc
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\SessEnvPublicRpc
ncalrpc: SessEnvPrivateRpc
ncalrpc: LRPC-784b5cec3e86a4e1c1
ncalrpc: DeviceSetupManager
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\srvsvc
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
5f54ce7d-5b79-4175-8584-cb65313a0e98
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\SessEnvPublicRpc
ncalrpc: SessEnvPrivateRpc
ncalrpc: LRPC-784b5cec3e86a4e1c1
ncalrpc: DeviceSetupManager
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\srvsvc
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
201ef99a-7fa0-444c-9399-19ba84f12a1a
version: v1.0
annotation: AppInfo
provider: appinfo.dll
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\SessEnvPublicRpc
ncalrpc: SessEnvPrivateRpc
ncalrpc: LRPC-784b5cec3e86a4e1c1
ncalrpc: DeviceSetupManager
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\srvsvc
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
c36be077-e14b-4fe9-8abc-e856ef4f048b
version: v1.0
annotation: Proxy Manager client server endpoint
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\srvsvc
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
2e6035b2-e8f1-41a7-a044-656b439c4c34
version: v1.0
annotation: Proxy Manager provider server endpoint
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\srvsvc
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1
version: v1.0
annotation: Adh APIs
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\srvsvc
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
1a0d010f-1c33-432c-b0f5-8cf4e8053099
version: v1.0
annotation: IdSegSrv service
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
98716d03-89ac-44c7-bb8c-285824e51c4a
version: v1.0
annotation: XactSrv service
provider: srvsvc.dll
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
552d076a-cb29-4e44-8b6a-d15e59e2c0af
version: v1.0
annotation: IP Transition Configuration endpoint
provider: iphlpsvc.dll
ncacn_ip_tcp: 178.215.236.247:49154
ncalrpc: ubpmtaskhostchannel
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE5D863C26E36545E6480ABDCD1497
ncalrpc: IUserProfile2
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
ncalrpc: LRPC-c54da3efeb081af176
ncalrpc: OLE80D81F6DDAE090E0054C4BCC759F
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-c54da3efeb081af176
ncalrpc: OLE80D81F6DDAE090E0054C4BCC759F
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-9460f92b29315af70a
ncalrpc: LRPC-b51d59671b8a349a64
f47433c3-3e9d-4157-aad4-83aa1f5c2d4c
version: v1.0
annotation: Fw APIs
ncalrpc: LRPC-9460f92b29315af70a
ncalrpc: LRPC-b51d59671b8a349a64
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-9460f92b29315af70a
ncalrpc: LRPC-b51d59671b8a349a64
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-b51d59671b8a349a64
7f1343fe-50a9-4927-a778-0c5859517bac
version: v1.0
annotation: DfsDs service
ncacn_np: \\WIN-4TTI4DH7SGH\PIPE\wkssvc
ncalrpc: LRPC-8779f5c0f6adffb7eb
ncalrpc: DNSResolver
eb081a0d-10ee-478a-a1dd-50995283e7a8
version: v3.0
annotation: Witness Client Test Interface
ncalrpc: LRPC-8779f5c0f6adffb7eb
ncalrpc: DNSResolver
f2c9b409-c1c9-4100-8639-d8ab1486694a
version: v1.0
annotation: Witness Client Upcall Server
ncalrpc: LRPC-8779f5c0f6adffb7eb
ncalrpc: DNSResolver
76f03f96-cdfd-44fc-a22c-64950a001209
version: v1.0
protocol: [MS-PAR]: Print System Asynchronous Remote Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 178.215.236.247:49155
ncalrpc: LRPC-ba9bdd65a0342cfcbf
4a452661-8290-4b36-8fbe-7f4093a94978
version: v1.0
provider: spoolsv.exe
ncacn_ip_tcp: 178.215.236.247:49155
ncalrpc: LRPC-ba9bdd65a0342cfcbf
ae33069b-a2a8-46ee-a235-ddfd339be281
version: v1.0
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 178.215.236.247:49155
ncalrpc: LRPC-ba9bdd65a0342cfcbf
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
version: v1.0
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 178.215.236.247:49155
ncalrpc: LRPC-ba9bdd65a0342cfcbf
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncacn_ip_tcp: 178.215.236.247:49155
ncalrpc: LRPC-ba9bdd65a0342cfcbf
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 178.215.236.247:49156
b2507c30-b126-494a-92ac-ee32b6eeb039
version: v1.0
ncalrpc: LRPC-215da12c234615eed8
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 178.215.236.247:49158
ncalrpc: samss lpc
ncalrpc: SidKey Local End Point
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSA_EAS_ENDPOINT
ncalrpc: lsacap
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncacn_np: \\WIN-4TTI4DH7SGH\pipe\lsass
-819843336 | 2024-07-07T06:54:08.439540
137 /
udp
NetBIOS Response:
MAC Address: BC:24:11:AA:83:93
MAC Addresses
BC:24:11:AA:83:93
OUI: BC:24:11
Organization: Proxmox Server Solutions GmbH
Assignment: MA-L
Registration Date: 2023-06-15
1645002812 | 2024-06-13T00:47:33.137782
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x1f\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
OS: Windows Server 2022
OS Build: 10.0.20348
Target Name: WIN-9QL4SDRB93L
NetBIOS Domain Name: WIN-9QL4SDRB93L
NetBIOS Computer Name: WIN-9QL4SDRB93L
DNS Domain Name: WIN-9QL4SDRB93L
FQDN: WIN-9QL4SDRB93L
; Administrator
SES
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:24:0c:ad:15:33:bd:84:40:3e:aa:9f:de:33:57:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=WIN-9QL4SDRB93L
Validity
Not Before: May 27 14:26:23 2024 GMT
Not After : Nov 26 14:26:23 2024 GMT
Subject: CN=WIN-9QL4SDRB93L
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c5:80:68:6b:a4:62:3d:f6:47:df:cd:9c:46:71:
e0:6e:8f:07:4a:e9:f7:11:c1:d1:5d:79:6e:de:53:
16:cf:7d:af:9e:95:24:3c:35:1e:4e:be:5c:dd:a1:
1a:b7:f7:bf:7d:61:01:96:bd:a3:c5:f6:10:a4:6e:
02:ad:5f:00:81:64:a6:72:a1:4e:e9:43:03:2e:fa:
a0:64:97:18:af:06:59:d2:dd:94:c0:35:4b:11:16:
8b:c4:63:a3:9d:c8:09:05:f9:ad:a0:c9:86:3d:61:
a6:99:4d:e6:b0:af:67:6f:23:f5:fb:50:4c:47:40:
3f:03:31:1a:95:85:67:0e:95:ac:e3:7d:05:c4:da:
cb:8b:8f:40:48:04:00:c3:0d:ae:56:27:3d:99:b3:
d2:26:ce:e8:3b:3a:ee:c5:ed:b5:fa:8b:5b:ce:e7:
04:94:9d:32:12:0c:b3:d9:b6:f9:7b:d0:c9:48:6f:
85:e1:48:4c:83:88:de:c3:4f:78:c7:bd:a7:3d:72:
0e:d2:81:42:dc:e3:f5:93:bd:5f:76:78:5c:4b:55:
e4:8f:15:6f:28:69:ac:a9:13:33:11:49:46:ad:35:
a4:22:01:8b:7c:8a:9a:eb:1f:5f:7b:1f:7c:32:51:
29:f5:50:3d:41:94:61:df:98:61:40:a4:80:da:fb:
d1:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Key Encipherment, Data Encipherment
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
60:d5:fb:8f:f8:3c:62:f8:5b:99:3d:22:5c:a4:3a:06:0d:1e:
3b:01:3b:77:89:9c:0c:dd:3f:4b:9a:f0:50:96:25:5a:e4:b5:
ed:fc:22:57:f2:b8:93:3c:d1:52:fa:7e:7f:1d:d5:ef:ad:b5:
42:38:46:d2:04:f3:c8:f8:4b:cc:66:49:46:84:b8:54:5d:c6:
77:ff:4c:97:2c:c3:b6:11:2a:33:9a:c6:c2:01:43:35:52:08:
76:86:5a:c5:21:51:b0:b1:9e:c9:84:a9:1e:cc:ea:d2:71:87:
e7:8b:f2:14:43:3b:f9:03:5b:72:f1:8f:8b:a7:d5:04:5f:f6:
35:d9:d3:8e:44:c7:dd:c4:36:be:04:87:7e:56:d5:28:d9:a8:
f2:de:45:49:c3:08:0e:05:d6:9f:e2:07:b0:3d:e6:fd:7f:00:
86:a8:08:e2:44:d4:d4:a6:68:3f:a2:af:53:6a:18:2c:0d:af:
d0:1e:c3:1e:f3:7c:e3:82:9b:93:19:fb:9b:3d:69:08:33:29:
cb:7d:c8:b4:94:bc:5c:6e:91:9f:17:3e:5a:2d:76:01:1f:cb:
9b:b0:44:d1:d4:69:11:17:de:77:b2:41:c0:f1:79:a5:6a:ec:
3a:3b:de:8c:97:d1:dd:4a:19:8e:bf:9d:ac:96:43:e1:fd:1b:
1c:a3:60:a0
-1684583448 | 2024-06-19T04:24:54.381552
5357 /
tcp
HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 19 Jun 2024 04:24:54 GMT
Connection: close
Content-Length: 326
1489525118 | 2024-07-03T21:58:51.356109
5985 /
tcp
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 03 Jul 2024 21:58:51 GMT
Connection: close
Content-Length: 315
WinRM NTLM Info:
OS: Windows Server 2012 R2
OS Build: 6.3.9600
Target Name: WIN-4TTI4DH7SGH
NetBIOS Domain Name: WIN-4TTI4DH7SGH
NetBIOS Computer Name: WIN-4TTI4DH7SGH
DNS Domain Name: WIN-4TTI4DH7SGH
FQDN: WIN-4TTI4DH7SGH
