772258679 | 2024-04-27T22:21:44.033520
80 /
tcp
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Sat, 27 Apr 2024 22:21:42 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://119.29.38.124/
-664455378 | 2024-04-08T07:05:30.270770
135 /
tcp
Microsoft RPC Endpoint Mapper
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 10.104.140.63:49152
ncalrpc: WindowsShutdown
ncacn_np: \\10_104_140_63\PIPE\InitShutdown
ncalrpc: WMsgKRpc0492E0
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\10_104_140_63\PIPE\InitShutdown
ncalrpc: WMsgKRpc0492E0
ncalrpc: WMsgKRpc04BBF1
ncalrpc: WMsgKRpc058BE72
ncalrpc: WMsgKRpc0A496437114
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-1980823b2d694046a2
ncacn_np: \\10_104_140_63\PIPE\srvsvc
ncacn_ip_tcp: 10.104.140.63:49154
ncacn_np: \\10_104_140_63\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE56BFE95B551C4D528715606E7FC0
ncalrpc: IUserProfile2
ncalrpc: senssvc
ncalrpc: OLE56BFE95B551C4D528715606E7FC0
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 10.104.140.63:49153
ncacn_np: \\10_104_140_63\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncacn_ip_tcp: 10.104.140.63:49153
ncacn_np: \\10_104_140_63\pipe\eventlog
ncalrpc: eventlog
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncacn_ip_tcp: 10.104.140.63:49153
ncacn_np: \\10_104_140_63\pipe\eventlog
ncalrpc: eventlog
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 10.104.140.63:49153
ncacn_np: \\10_104_140_63\pipe\eventlog
ncalrpc: eventlog
30b044a5-a225-43f0-b3a4-e060df91f9c1
version: v1.0
provider: certprop.dll
ncacn_np: \\10_104_140_63\PIPE\srvsvc
ncacn_ip_tcp: 10.104.140.63:49154
ncacn_np: \\10_104_140_63\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE56BFE95B551C4D528715606E7FC0
ncalrpc: IUserProfile2
98716d03-89ac-44c7-bb8c-285824e51c4a
version: v1.0
annotation: XactSrv service
provider: srvsvc.dll
ncacn_ip_tcp: 10.104.140.63:49154
ncacn_np: \\10_104_140_63\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE56BFE95B551C4D528715606E7FC0
ncalrpc: IUserProfile2
552d076a-cb29-4e44-8b6a-d15e59e2c0af
version: v1.0
annotation: IP Transition Configuration endpoint
provider: iphlpsvc.dll
ncacn_ip_tcp: 10.104.140.63:49154
ncacn_np: \\10_104_140_63\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE56BFE95B551C4D528715606E7FC0
ncalrpc: IUserProfile2
a398e520-d59a-4bdd-aa7a-3c1e0303a511
version: v1.0
annotation: IKE/Authip API
provider: IKEEXT.DLL
ncacn_ip_tcp: 10.104.140.63:49154
ncacn_np: \\10_104_140_63\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE56BFE95B551C4D528715606E7FC0
ncalrpc: IUserProfile2
86d35949-83c9-4044-b424-db363231fd0c
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: schedsvc.dll
ncacn_ip_tcp: 10.104.140.63:49154
ncacn_np: \\10_104_140_63\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE56BFE95B551C4D528715606E7FC0
ncalrpc: IUserProfile2
378e52b0-c0a9-11cf-822d-00aa0051e40f
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\10_104_140_63\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE56BFE95B551C4D528715606E7FC0
ncalrpc: IUserProfile2
1ff70682-0a51-30e8-076d-740be8cee98b
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\10_104_140_63\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE56BFE95B551C4D528715606E7FC0
ncalrpc: IUserProfile2
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
version: v1.0
provider: schedsvc.dll
ncalrpc: senssvc
ncalrpc: OLE56BFE95B551C4D528715606E7FC0
ncalrpc: IUserProfile2
2eb08e3e-639f-4fba-97b1-14f878961076
version: v1.0
provider: gpsvc.dll
ncalrpc: IUserProfile2
24019106-a203-4642-b88d-82dae9158929
version: v1.0
provider: authui.dll
ncalrpc: LRPC-2ffc7d746e06fe6534
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\10_104_140_63\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
ncalrpc: LRPC-01936ecb494dcb30d4
ncalrpc: OLEF04CB7870143433FA2E43444937E
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-01936ecb494dcb30d4
ncalrpc: OLEF04CB7870143433FA2E43444937E
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-9ebb690f0b31a32f36
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-9ebb690f0b31a32f36
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-9ebb690f0b31a32f36
7f1343fe-50a9-4927-a778-0c5859517bac
version: v1.0
annotation: DfsDs service
ncacn_np: \\10_104_140_63\PIPE\wkssvc
ncalrpc: DNSResolver
b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86
version: v1.0
annotation: KeyIso
provider: keyiso.dll
ncacn_ip_tcp: 10.104.140.63:49156
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\10_104_140_63\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-5604fd17af9e9e5f68
ncacn_np: \\10_104_140_63\pipe\lsass
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 10.104.140.63:49156
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\10_104_140_63\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-5604fd17af9e9e5f68
ncacn_np: \\10_104_140_63\pipe\lsass
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
annotation: IPSec Policy agent endpoint
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncalrpc: LRPC-e29bd0ed96ab5b4bff
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 10.104.140.63:49166
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC-653e583d97137ae9c7
ncalrpc: LRPC-653e583d97137ae9c7
ncalrpc: LRPC-653e583d97137ae9c7
ncalrpc: LRPC-653e583d97137ae9c7
12e65dd8-887f-41ef-91bf-8d816c42c2e7
version: v1.0
annotation: Secure Desktop LRPC interface
provider: winlogon.exe
ncalrpc: WMsgKRpc058BE72
ncalrpc: WMsgKRpc0A496437114
699746161 | 2024-04-26T02:39:05.273524
443 /
tcp
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 26 Apr 2024 02:39:05 GMT
Content-Type: text/html
Content-Length: 1527
Last-Modified: Fri, 22 Mar 2024 09:57:40 GMT
Connection: keep-alive
ETag: "65fd5614-5f7"
Accept-Ranges: bytes
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9c:12:15:5b:af:11:eb:c8:9a:68:b0:d0:05:98:b5:a4
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia RSA DV TLS CA G2
Validity
Not Before: Mar 12 00:00:00 2024 GMT
Not After : Mar 12 23:59:59 2025 GMT
Subject: CN=51hiwork.honasoft.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e4:86:3e:72:da:14:fa:ad:64:bb:90:3c:98:cf:
60:0b:94:49:59:36:59:18:2b:13:86:0e:88:93:df:
a3:f7:1c:f3:56:b1:e0:f7:fc:36:45:9b:6a:a7:a4:
de:dd:41:ea:fb:3d:a9:7f:aa:a1:80:5d:82:6f:e9:
c9:4c:89:29:c8:4e:b5:89:5c:ab:50:9c:49:d4:d2:
01:09:24:d5:25:15:79:c0:6f:ed:b5:48:f8:fe:f1:
25:a2:34:fb:61:2a:56:d9:45:90:6a:56:b7:65:52:
a3:74:73:34:6a:74:47:09:63:93:6b:b1:f6:3c:1a:
af:7c:25:9b:f4:92:ca:d5:64:75:20:55:54:1d:c6:
76:f0:43:7e:4a:4e:8c:2f:8b:30:be:57:67:1f:87:
95:f3:51:a8:3d:58:ed:9f:b8:82:5d:29:fe:e7:7b:
5e:cb:43:ab:0e:b7:68:cc:a5:0d:58:4f:0f:04:0f:
0a:11:ef:e2:05:ad:5c:e5:c7:ae:51:86:73:33:0e:
44:1a:e6:54:b1:fe:dd:ef:8e:2d:14:29:4e:84:ab:
63:f9:4e:f7:10:3f:7d:ea:11:9f:00:aa:77:7c:ee:
0c:01:18:4a:07:fc:50:52:49:4f:d5:45:d9:3e:eb:
61:42:10:82:bc:3b:75:c5:17:08:9d:0a:fd:60:57:
b1:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
5F:3A:7C:11:10:7E:0C:67:71:61:DC:8B:A3:B5:00:03:67:F5:57:1C
X509v3 Subject Key Identifier:
A9:35:B4:51:1E:9D:31:64:95:A6:E6:C3:1F:27:AF:8E:A3:35:E6:3B
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.49
CPS: https://sectigo.com/CPS
Policy: 2.23.140.1.2.1
Authority Information Access:
CA Issuers - URI:http://crt.trust-provider.cn/TrustAsiaRSADVTLSCAG2.crt
OCSP - URI:http://ocsp.trust-provider.cn
X509v3 Subject Alternative Name:
DNS:51hiwork.honasoft.com
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
Timestamp : Mar 12 06:41:55.885 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:FA:35:03:61:BE:B7:E6:A1:C3:4B:CF:
5C:4B:79:0B:3A:50:32:B0:EB:9C:1E:71:17:58:32:68:
80:E0:EF:C6:60:02:20:23:8E:D2:CF:19:4F:FC:90:7A:
6A:7B:E5:C4:6E:61:3D:06:7D:54:CF:5D:13:B9:20:D7:
B7:DF:C3:5C:31:87:9F
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
Timestamp : Mar 12 06:41:55.822 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:A4:DB:70:77:67:3F:33:F5:08:25:34:
73:BB:43:48:22:1F:E0:DA:C8:DB:72:55:73:ED:B7:75:
AA:5D:14:43:39:02:21:00:FF:EA:F0:25:B1:4F:C9:EA:
35:67:29:C9:03:12:22:F6:EF:07:1D:B4:8C:12:B6:32:
1E:B2:10:9F:14:34:7A:51
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
Timestamp : Mar 12 06:41:55.792 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:03:40:74:7D:32:A0:F7:1C:CC:A5:5D:94:
71:AD:11:8D:C3:D8:43:2E:AA:78:5B:6C:B1:99:30:41:
47:A8:C3:01:02:20:53:38:A9:19:4C:F3:BD:1B:18:4E:
E2:97:B3:48:E8:E3:0E:6C:2F:72:4C:CC:A0:FC:32:A2:
EF:9F:C1:9A:0C:25
Signature Algorithm: sha384WithRSAEncryption
Signature Value:
86:ec:3a:da:36:38:d0:18:7d:b8:0d:34:05:d5:7c:01:86:7f:
ed:5c:12:75:38:af:56:3c:c9:6f:b9:f8:7d:41:b4:cd:6f:91:
9d:33:f1:78:c4:ca:7d:cf:46:b0:8f:e8:aa:8b:66:83:8a:d6:
17:34:73:9c:90:d9:03:14:9a:b7:6b:3b:3b:56:d5:bb:2a:10:
e6:7e:bb:f4:71:9c:58:7d:ba:94:af:b5:0e:d4:2f:8b:d8:0f:
08:31:f9:98:94:f2:2d:b5:54:b4:ec:c6:7f:ae:11:91:e9:43:
05:45:8b:0d:97:48:e6:02:6c:10:fd:4a:72:b8:04:32:a0:cf:
6c:ca:a7:f0:32:a6:15:78:ad:22:35:00:6e:b6:bd:35:09:55:
ec:b5:27:39:d7:b1:94:77:a2:5a:10:24:4c:c6:91:44:3d:2d:
e5:81:43:8b:b9:81:7e:b2:17:f5:6f:a6:70:70:1b:91:41:45:
43:7c:b9:c4:4e:78:00:37:6c:e4:d5:fd:ea:83:32:27:49:11:
ac:f3:0f:0f:db:74:1e:ac:d3:37:12:90:b8:e8:a6:2a:bf:bd:
a8:71:20:f9:0b:43:7e:5c:8a:09:0d:e6:fa:b0:8b:c5:03:c2:
28:7f:be:a0:78:e3:1c:7a:e7:9d:b9:b4:3a:9e:59:fe:76:d4:
ea:9e:ba:b3:e6:fb:a5:43:8c:71:e2:d3:ac:38:8b:a7:e0:3f:
06:49:dd:32:03:33:91:78:f9:fd:75:e5:0a:ff:ee:6f:ad:00:
e4:0c:38:96:5b:27:e1:28:20:f6:a0:d0:d7:77:27:37:ac:2e:
69:e9:40:2c:df:fa:63:1e:09:d5:8c:43:e5:97:ce:57:f6:db:
2d:fc:12:3c:da:1f:6b:f2:4c:cb:e9:4b:ab:6f:f0:d6:a5:bc:
67:71:a6:6e:89:d8:32:8a:e5:4f:04:ab:94:fd:c1:8a:99:70:
95:f2:15:46:f5:20:1a:2d:d3:03:1c:08:10:80:74:6b:c4:46:
36:31:71:a4:04:34
209134657 | 2024-04-28T18:16:55.736163
3306 /
tcp
MySQL:
Protocol Version: 10
Version: 5.6.39
Capabilities: 63487
Server Language: 45
Server Status: 2
Extended Server Capabilities: 32895
Authentication Plugin: mysql_native_password
1304021496 | 2024-04-27T12:09:42.540118
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00