GeneralInformation

Country	China
City	Shenzhen
Organization	Aliyun Computing Co., LTD
ISP	Hangzhou Alibaba Advertising Co.,Ltd.
ASN	AS37963

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

OpenPorts

22 80 8080

964354064 | 2024-06-14T22:11:47.868725

22 / tcp

SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.7
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAwBtLBZMKEXxApjyhzhJjJj
o+GoMTgrVafzw3HRgMcCihhZ8Hff9B1uebQWVajGIUKnORZqIetyxPB20zd8Psc=
Fingerprint: de:1d:3a:ba:de:ad:d7:12:82:a7:f1:44:14:dc:f9:a3

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	sntrup761x25519-sha512@openssh.com
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

1083886113 | 2024-05-23T17:01:49.548172

80 / tcp

HTTP Server Test Page

HTTP/1.1 403 Forbidden
Date: Thu, 23 May 2024 17:01:49 GMT
Server: Apache/2.4.37 (Alibaba Cloud Linux)
Last-Modified: Thu, 01 Jul 2021 09:21:13 GMT
ETag: "1c4-5c60c5c3d9440"
Accept-Ranges: bytes
Content-Length: 452
Content-Type: text/html; charset=UTF-8

CVE-2022-31813 CVE-2022-23943 CVE-2022-22720 CVE-2021-44790 CVE-2021-39275 61 moreCVE-2021-26691 CVE-2020-11984 CVE-2019-9517 CVE-2019-0211 CVE-2013-4365 CVE-2011-2688 CVE-2007-4723 CVE-2022-30556 CVE-2022-29404 CVE-2022-28615 CVE-2022-28614 CVE-2022-28330 CVE-2022-26377 CVE-2022-22721 CVE-2022-22719 CVE-2021-44224 CVE-2021-40438 CVE-2021-36160 CVE-2021-34798 CVE-2021-33193 CVE-2021-32792 CVE-2021-32791 CVE-2021-32786 CVE-2021-32785 CVE-2021-26690 CVE-2020-35452 CVE-2020-11993 CVE-2020-9490 CVE-2020-1934 CVE-2020-1927 CVE-2019-17567 CVE-2019-10098 CVE-2019-10097 CVE-2019-10092 CVE-2019-10082 CVE-2019-10081 CVE-2019-0220 CVE-2019-0217 CVE-2019-0215 CVE-2019-0197 CVE-2019-0196 CVE-2019-0190 CVE-2018-17199 CVE-2018-17189 CVE-2013-2765 CVE-2013-0942 CVE-2012-4360 CVE-2012-4001 CVE-2012-3526 CVE-2011-1176 CVE-2009-2299 CVE-2023-45802 CVE-2023-31122 CVE-2023-27522 CVE-2023-25690 CVE-2022-37436 CVE-2022-36760 CVE-2020-13938 CVE-2013-0941 CVE-2009-0796 CVE-2006-20001

-721052278 | 2024-06-07T17:12:30.297297

8080 / tcp

HTTP/1.1 404 Not Found
Date: Fri, 7 Jun 2024 17:12:29 GMT
Content-Type: text/plain
Content-Length: 0


Cobalt Strike Beacon:
  x86:
    beacon_type: HTTP
    dns-beacon.strategy_fail_seconds: -1
    dns-beacon.strategy_fail_x: -1
    dns-beacon.strategy_rotate_seconds: -1
    http-get.client:
      Cookie
    http-get.uri: 120.24.179.84,/load
    http-get.verb: GET
    http-post.client:
      Content-Type: application/octet-stream
      id
    http-post.uri: /submit.php
    http-post.verb: POST
    maxgetsize: 1048576
    port: 8080
    post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
    post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
    process-inject.execute:
      CreateThread
      SetThreadContext
      CreateRemoteThread
      RtlCreateUserThread
    process-inject.startrwx: 64
    process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
    process-inject.userwx: 64
    proxy.behavior: 2 (Use IE settings)
    server.publickey_md5: 23edd14d7b3cc1e9c4132aa1dd4493fd
    sleeptime: 60000
    useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
    uses_cookies: 1
    watermark: 987654321
  x64:
    beacon_type: HTTP
    dns-beacon.strategy_fail_seconds: -1
    dns-beacon.strategy_fail_x: -1
    dns-beacon.strategy_rotate_seconds: -1
    http-get.client:
      Cookie
    http-get.uri: 120.24.179.84,/visit.js
    http-get.verb: GET
    http-post.client:
      Content-Type: application/octet-stream
      id
    http-post.uri: /submit.php
    http-post.verb: POST
    maxgetsize: 1048576
    port: 8080
    post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
    post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
    process-inject.execute:
      CreateThread
      SetThreadContext
      CreateRemoteThread
      RtlCreateUserThread
    process-inject.startrwx: 64
    process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
    process-inject.userwx: 64
    proxy.behavior: 2 (Use IE settings)
    server.publickey_md5: 23edd14d7b3cc1e9c4132aa1dd4493fd
    sleeptime: 60000
    useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
    uses_cookies: 1
    watermark: 987654321

120.24.179.84

Last Seen: 2024-06-14

GeneralInformation

Vulnerabilities

OpenPorts

964354064 | 2024-06-14T22:11:47.868725
22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.7

1083886113 | 2024-05-23T17:01:49.548172
80 / tcp

Apache httpd2.4.37

-721052278 | 2024-06-07T17:12:30.297297
8080 / tcp

Cobalt Strike Beacon

Products

Pricing

Contact Us

120.24.179.84

Last Seen: 2024-06-14

GeneralInformation

Vulnerabilities All ports Port 80 Latest CVSS

OpenPorts

964354064 | 2024-06-14T22:11:47.868725 22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.7

1083886113 | 2024-05-23T17:01:49.548172 80 / tcp

Apache httpd2.4.37

-721052278 | 2024-06-07T17:12:30.297297 8080 / tcp

Cobalt Strike Beacon

Products

Pricing

Contact Us

Vulnerabilities

964354064 | 2024-06-14T22:11:47.868725
22 / tcp

1083886113 | 2024-05-23T17:01:49.548172
80 / tcp

-721052278 | 2024-06-07T17:12:30.297297
8080 / tcp