HTTP/1.1 404 Not Found
Date: Mon, 8 Jul 2024 15:30:04 GMT
Content-Type: text/plain
Content-Length: 0
Server: Pagely Gateway/1.5.1
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: 79.110.49.175
Connection: close
wp_woocommerce_session_=
Cookie
fullname=true
http-get.uri: upshare.wimscp.net,/bg
http-get.verb: GET
http-post.client:
Host: 79.110.49.175
Connection: close
Content-Type: text/plain
__session__id=
Cookie
http-post.uri: /posting
http-post.verb: POST
jitter: 41
maxgetsize: 1864736
port: 80
post-ex.spawnto_x64: %windir%\sysnative\svchost.exe
post-ex.spawnto_x86: %windir%\syswow64\svchost.exe
process-inject.execute:
CreateThread
RtlCreateUserThread
CreateRemoteThread
process-inject.min_alloc: 26326
process-inject.startrwx: 4
process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
process-inject.userwx: 32
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: bc73fe103d6a02dad4435e4941f1ef9d
sleeptime: 60152
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: 79.110.49.175
Connection: close
wp_woocommerce_session_=
Cookie
fullname=true
http-get.uri: upshare.wimscp.net,/bg
http-get.verb: GET
http-post.client:
Host: 79.110.49.175
Connection: close
Content-Type: text/plain
__session__id=
Cookie
http-post.uri: /posting
http-post.verb: POST
jitter: 41
maxgetsize: 1864736
port: 80
post-ex.spawnto_x64: %windir%\sysnative\svchost.exe
post-ex.spawnto_x86: %windir%\syswow64\svchost.exe
process-inject.execute:
CreateThread
RtlCreateUserThread
CreateRemoteThread
process-inject.min_alloc: 26326
process-inject.startrwx: 4
process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
process-inject.userwx: 32
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: bc73fe103d6a02dad4435e4941f1ef9d
sleeptime: 60152
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
uses_cookies: 1
watermark: 987654321
HTTP/1.1 404 Not Found
Date: Mon, 8 Jul 2024 12:49:52 GMT
Content-Type: text/plain
Content-Length: 0
Server: Pagely Gateway/1.5.1
Cobalt Strike Beacon:
x86:
beacon_type: HTTPS
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: 79.110.49.175
Connection: close
Accept-Language: en-GB;q=0.9, *;q=0.7
woocommerce_cart_hash=
Cookie
lid=true
http-get.uri: upshare.wimscp.net,/eo
http-get.verb: GET
http-post.client:
Host: 79.110.49.175
Connection: close
Content-Type: text/plain
__session__id=
Cookie
http-post.uri: /hr
http-post.verb: POST
jitter: 41
maxgetsize: 1398446
port: 443
post-ex.spawnto_x64: %windir%\sysnative\svchost.exe
post-ex.spawnto_x86: %windir%\syswow64\svchost.exe
process-inject.execute:
CreateThread
RtlCreateUserThread
CreateRemoteThread
process-inject.min_alloc: 26326
process-inject.startrwx: 4
process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
process-inject.userwx: 32
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: bc73fe103d6a02dad4435e4941f1ef9d
sleeptime: 60152
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTPS
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: 79.110.49.175
Connection: close
Accept-Language: en-GB;q=0.9, *;q=0.7
woocommerce_cart_hash=
Cookie
lid=true
http-get.uri: upshare.wimscp.net,/tab_home_active
http-get.verb: GET
http-post.client:
Host: 79.110.49.175
Connection: close
Content-Type: text/plain
__session__id=
Cookie
http-post.uri: /mt
http-post.verb: POST
jitter: 41
maxgetsize: 1398446
port: 443
post-ex.spawnto_x64: %windir%\sysnative\svchost.exe
post-ex.spawnto_x86: %windir%\syswow64\svchost.exe
process-inject.execute:
CreateThread
RtlCreateUserThread
CreateRemoteThread
process-inject.min_alloc: 26326
process-inject.startrwx: 4
process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
process-inject.userwx: 32
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: bc73fe103d6a02dad4435e4941f1ef9d
sleeptime: 60152
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
uses_cookies: 1
watermark: 987654321
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2020856090 (0x7873d11a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=New York, O=Mracon, OU=, CN=79.110.49.175
Validity
Not Before: Jul 8 07:34:28 2024 GMT
Not After : Jul 8 07:34:28 2025 GMT
Subject: C=US, ST=CA, L=New York, O=Mracon, OU=, CN=79.110.49.175
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ad:84:4e:30:34:92:20:d2:30:6f:47:68:71:89:
10:c2:47:a3:7b:d6:0e:a4:69:6b:54:5b:f2:32:5b:
44:fb:86:17:2c:e1:24:14:2c:54:cf:82:51:71:13:
2b:ca:fa:ed:20:9d:ce:51:5a:db:e2:82:e1:c3:8c:
ad:a4:28:95:3c:66:96:c9:d1:03:b4:07:a8:5f:4b:
c3:23:65:52:b6:9a:f7:a0:95:6f:2e:60:b6:da:48:
4d:88:88:6a:da:77:f0:e7:6e:d1:36:6c:e1:3e:78:
b6:21:27:82:85:74:b4:cc:bd:39:6a:9a:d4:9b:11:
17:dc:3e:c3:2b:b5:dc:9b:ef:38:fb:07:dd:85:ba:
d2:35:c0:8d:e9:61:46:64:41:c3:84:18:9a:80:d7:
8f:d7:c5:26:d5:91:e6:13:d1:70:15:c6:2f:47:2c:
43:d2:46:45:41:5c:05:d7:ee:29:a4:d3:af:3a:98:
85:37:c3:9d:e4:13:c0:5c:ff:ae:27:df:de:11:d1:
ec:ce:c4:89:40:6c:77:39:22:56:83:7f:be:ec:b8:
a5:85:4a:22:57:89:0b:33:6f:80:a9:a8:93:92:e7:
4d:dd:b6:83:d2:dc:6f:94:8b:e5:64:fc:38:3b:41:
3c:38:b8:4a:0b:a3:89:9d:eb:6b:a6:83:c3:d5:a4:
45:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:75:E3:00:28:C0:D0:E0:2B:D7:BD:8B:E7:9B:BC:A3:95:19:0C:B1
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
1a:f1:6c:82:cd:65:d3:c5:cb:9f:55:ef:5b:e5:7d:40:15:b5:
de:de:32:7a:58:7b:9e:b4:2f:9a:d7:56:2b:8f:b4:1e:b5:36:
7a:8b:2a:b4:fc:6f:66:df:e9:e7:01:b9:75:b9:00:92:35:e1:
f1:7f:c8:3e:9a:2e:0a:3f:d4:9a:61:dd:d8:2a:ad:22:3b:69:
59:74:da:81:df:75:81:03:59:36:05:69:b3:f0:ad:51:cb:b6:
23:7a:b2:46:00:bf:29:c8:3e:cb:c7:85:22:a1:e2:22:b5:4f:
b2:11:e7:b7:4d:35:57:3d:95:5c:4b:7c:f5:ff:57:03:ae:ce:
ae:98:9c:0d:aa:80:fd:db:d0:f0:04:75:85:bf:37:24:7d:53:
08:9e:fa:56:54:16:86:02:38:54:86:5b:7f:eb:a2:64:3a:bc:
a4:e0:50:f0:78:d4:08:ed:9f:97:d8:81:4e:cc:62:51:cc:80:
90:88:62:17:c1:fb:80:34:04:3b:64:b6:04:35:f0:05:0b:9d:
bc:cc:7c:8d:cd:20:ee:92:ad:03:91:ee:fb:75:f4:a5:e5:0e:
f6:78:bc:07:ae:30:54:84:52:9d:29:99:9b:a2:43:05:46:27:
0c:ee:08:d8:cf:38:c9:83:68:d1:55:3b:0e:29:c0:39:53:2c:
13:63:22:68