-119375469 | 2024-05-11T13:22:14.425832
80 /
tcp
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 28 Oct 2013 22:04:36 GMT
Accept-Ranges: bytes
ETag: "68b396b029d4ce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 11 May 2024 13:22:13 GMT
Content-Length: 689
-2057170442 | 2024-05-04T04:02:01.760543
135 /
tcp
Microsoft RPC Endpoint Mapper
d95afe70-a6d5-4259-822e-2c84da1ddb0d
version: v1.0
protocol: [MS-RSP]: Remote Shutdown Protocol
provider: wininit.exe
ncacn_ip_tcp: 199.244.51.170:1025
ncalrpc: WindowsShutdown
ncacn_np: \\SPSS\PIPE\InitShutdown
ncalrpc: WMsgKRpc086250
76f226c3-ec14-4325-8a99-6a46348418af
version: v1.0
provider: winlogon.exe
ncalrpc: WindowsShutdown
ncacn_np: \\SPSS\PIPE\InitShutdown
ncalrpc: WMsgKRpc086250
ncalrpc: WMsgKRpc089A91
c9ac6db5-82b7-4e55-ae8a-e464ed7b4277
version: v1.0
annotation: Impl friendly name
provider: sysntfy.dll
ncalrpc: LRPC-fc04bc9e981c3edf84
ncacn_np: \\SPSS\PIPE\srvsvc
ncacn_ip_tcp: 199.244.51.170:1027
ncacn_np: \\SPSS\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE6D4021719DA547DEAAB38A66B2AA
ncalrpc: IUserProfile2
ncalrpc: senssvc
ncalrpc: OLE6D4021719DA547DEAAB38A66B2AA
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
ncalrpc: IUserProfile2
12e65dd8-887f-41ef-91bf-8d816c42c2e7
version: v1.0
annotation: Secure Desktop LRPC interface
provider: winlogon.exe
ncalrpc: WMsgKRpc089A91
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
version: v1.0
annotation: DHCP Client LRPC Endpoint
provider: dhcpcsvc.dll
ncalrpc: dhcpcsvc
ncalrpc: dhcpcsvc6
ncacn_ip_tcp: 199.244.51.170:1026
ncacn_np: \\SPSS\pipe\eventlog
ncalrpc: eventlog
3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6
version: v1.0
annotation: DHCPv6 Client LRPC Endpoint
provider: dhcpcsvc6.dll
ncalrpc: dhcpcsvc6
ncacn_ip_tcp: 199.244.51.170:1026
ncacn_np: \\SPSS\pipe\eventlog
ncalrpc: eventlog
30adc50c-5cbc-46ce-9a0e-91914789e23c
version: v1.0
annotation: NRP server endpoint
provider: nrpsrv.dll
ncacn_ip_tcp: 199.244.51.170:1026
ncacn_np: \\SPSS\pipe\eventlog
ncalrpc: eventlog
f6beaff7-1e19-4fbb-9f8f-b89e2018337c
version: v1.0
annotation: Event log TCPIP
protocol: [MS-EVEN6]: EventLog Remoting Protocol
provider: wevtsvc.dll
ncacn_ip_tcp: 199.244.51.170:1026
ncacn_np: \\SPSS\pipe\eventlog
ncalrpc: eventlog
30b044a5-a225-43f0-b3a4-e060df91f9c1
version: v1.0
provider: certprop.dll
ncacn_np: \\SPSS\PIPE\srvsvc
ncacn_ip_tcp: 199.244.51.170:1027
ncacn_np: \\SPSS\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE6D4021719DA547DEAAB38A66B2AA
ncalrpc: IUserProfile2
98716d03-89ac-44c7-bb8c-285824e51c4a
version: v1.0
annotation: XactSrv service
provider: srvsvc.dll
ncacn_ip_tcp: 199.244.51.170:1027
ncacn_np: \\SPSS\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE6D4021719DA547DEAAB38A66B2AA
ncalrpc: IUserProfile2
552d076a-cb29-4e44-8b6a-d15e59e2c0af
version: v1.0
annotation: IP Transition Configuration endpoint
provider: iphlpsvc.dll
ncacn_ip_tcp: 199.244.51.170:1027
ncacn_np: \\SPSS\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE6D4021719DA547DEAAB38A66B2AA
ncalrpc: IUserProfile2
a398e520-d59a-4bdd-aa7a-3c1e0303a511
version: v1.0
annotation: IKE/Authip API
provider: IKEEXT.DLL
ncacn_ip_tcp: 199.244.51.170:1027
ncacn_np: \\SPSS\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE6D4021719DA547DEAAB38A66B2AA
ncalrpc: IUserProfile2
86d35949-83c9-4044-b424-db363231fd0c
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: schedsvc.dll
ncacn_ip_tcp: 199.244.51.170:1027
ncacn_np: \\SPSS\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE6D4021719DA547DEAAB38A66B2AA
ncalrpc: IUserProfile2
378e52b0-c0a9-11cf-822d-00aa0051e40f
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\SPSS\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE6D4021719DA547DEAAB38A66B2AA
ncalrpc: IUserProfile2
1ff70682-0a51-30e8-076d-740be8cee98b
version: v1.0
protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
provider: taskcomp.dll
ncacn_np: \\SPSS\PIPE\atsvc
ncalrpc: senssvc
ncalrpc: OLE6D4021719DA547DEAAB38A66B2AA
ncalrpc: IUserProfile2
0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
version: v1.0
provider: schedsvc.dll
ncalrpc: senssvc
ncalrpc: OLE6D4021719DA547DEAAB38A66B2AA
ncalrpc: IUserProfile2
2eb08e3e-639f-4fba-97b1-14f878961076
version: v1.0
provider: gpsvc.dll
ncalrpc: IUserProfile2
3473dd4d-2e88-4006-9cba-22570909dd10
version: v5.256
annotation: WinHttp Auto-Proxy Service
ncacn_np: \\SPSS\PIPE\W32TIME_ALT
ncalrpc: W32TIME_ALT
ncalrpc: LRPC-67e34ad4f8bc08b35f
ncalrpc: OLE62D02B99F5FB40BC913AC51F2104
7ea70bcf-48af-4f6a-8968-6a440754d5fa
version: v1.0
annotation: NSI server endpoint
provider: nsisvc.dll
ncalrpc: LRPC-67e34ad4f8bc08b35f
ncalrpc: OLE62D02B99F5FB40BC913AC51F2104
2fb92682-6599-42dc-ae13-bd2ca89bd11c
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-38e1ea6369f2d9d6cd
7f9d11bf-7fb9-436b-a812-b2d50c5d4c03
version: v1.0
annotation: Fw APIs
provider: MPSSVC.dll
ncalrpc: LRPC-38e1ea6369f2d9d6cd
dd490425-5325-4565-b774-7e27d6c09c24
version: v1.0
annotation: Base Firewall Engine API
provider: BFE.DLL
ncalrpc: LRPC-38e1ea6369f2d9d6cd
7f1343fe-50a9-4927-a778-0c5859517bac
version: v1.0
annotation: DfsDs service
ncacn_np: \\SPSS\PIPE\wkssvc
ncalrpc: DNSResolver
4a452661-8290-4b36-8fbe-7f4093a94978
version: v1.0
annotation: Spooler function endpoint
provider: spoolsv.exe
ncalrpc: spoolss
ae33069b-a2a8-46ee-a235-ddfd339be281
version: v1.0
annotation: Spooler base remote object endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
0b6edbfa-4a24-4fc6-8a23-942b1eca65d1
version: v1.0
annotation: Spooler function endpoint
protocol: [MS-PAN]: Print System Asynchronous Notification Protocol
provider: spoolsv.exe
ncalrpc: spoolss
bfa951d1-2f0e-11d3-bfd1-00c04fa3490a
version: v1.0
provider: aqueue.dll
ncacn_ip_tcp: 199.244.51.170:1030
ncacn_np: \\SPSS\PIPE\SMTPSVC
ncacn_ip_tcp: 199.244.51.170:1029
ncalrpc: SMTPSVC_LPC
ncacn_np: \\SPSS\PIPE\INETINFO
ncacn_ip_tcp: 199.244.51.170:1028
ncalrpc: INETINFO_LPC
ncalrpc: OLE322522EA27F1435EBFAF73421F0F
8cfb5d70-31a4-11cf-a7d8-00805f48a135
version: v3.0
provider: smtpsvc.dll
ncacn_np: \\SPSS\PIPE\SMTPSVC
ncacn_ip_tcp: 199.244.51.170:1029
ncalrpc: SMTPSVC_LPC
ncacn_np: \\SPSS\PIPE\INETINFO
ncacn_ip_tcp: 199.244.51.170:1028
ncalrpc: INETINFO_LPC
ncalrpc: OLE322522EA27F1435EBFAF73421F0F
82ad4280-036b-11cf-972c-00aa006887b0
version: v2.0
protocol: [MS-IRP]: Internet Information Services (IIS) Inetinfo Remote
provider: infocomm.dll
ncacn_np: \\SPSS\PIPE\INETINFO
ncacn_ip_tcp: 199.244.51.170:1028
ncalrpc: INETINFO_LPC
ncalrpc: OLE322522EA27F1435EBFAF73421F0F
12345778-1234-abcd-ef00-0123456789ac
version: v1.0
protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
provider: samsrv.dll
ncacn_ip_tcp: 199.244.51.170:1040
ncalrpc: samss lpc
ncalrpc: dsrole
ncacn_np: \\SPSS\PIPE\protected_storage
ncalrpc: protected_storage
ncalrpc: lsasspirpc
ncalrpc: lsapolicylookup
ncalrpc: LSARPC_ENDPOINT
ncalrpc: securityevent
ncalrpc: audit
ncalrpc: LRPC-3d303eb6495bf896c9
ncacn_np: \\SPSS\pipe\lsass
367abb81-9844-35f1-ad32-98f038001003
version: v2.0
protocol: [MS-SCMR]: Service Control Manager Remote Protocol
provider: services.exe
ncacn_ip_tcp: 199.244.51.170:1080
12345678-1234-abcd-ef00-0123456789ab
version: v1.0
annotation: IPSec Policy agent endpoint
protocol: [MS-RPRN]: Print System Remote Protocol
provider: spoolsv.exe
ncalrpc: LRPC-04204fa1d9255831b4
906b0ce0-c70b-1067-b317-00dd010662da
version: v1.0
protocol: [MS-CMPO]: MSDTC Connection Manager:
provider: msdtcprx.dll
ncalrpc: LRPC-5a1e2d57621aad0010
ncalrpc: OLE60F25272103042CDA14D64742DF2
ncalrpc: LRPC-8c53ee2f928b0a71e8
ncalrpc: LRPC-8c53ee2f928b0a71e8
ncalrpc: LRPC-8c53ee2f928b0a71e8
ncalrpc: LRPC-8c53ee2f928b0a71e8
76209fe5-9049-4336-ba84-632d907cb154
version: v1.0
annotation: Interprocess Logon Service
ncalrpc: ReportingServices$MSRS10_50.SPSS
ncalrpc: OLE1459914D7C074BE38D3EBD99491F
-119375469 | 2024-05-04T03:34:36.128605
443 /
tcp
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 28 Oct 2013 22:04:36 GMT
Accept-Ranges: bytes
ETag: "68b396b029d4ce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 04 May 2024 03:34:37 GMT
Content-Length: 689
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
29:ce:13:79:1f:6a:d9:77:f1:15:13:ba:9e:e7:5f:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Validity
Not Before: Nov 15 00:00:00 2023 GMT
Not After : Dec 14 23:59:59 2024 GMT
Subject: CN=kpasurveys7.kpa-group.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:c8:62:c7:a0:d0:6a:2d:48:e2:82:52:f3:ad:
59:dd:1c:f5:d0:4d:61:78:a7:10:57:c1:06:a0:9c:
73:08:b4:67:60:e8:12:80:27:3c:5e:d1:b5:ee:4e:
ad:cf:97:1a:ad:bf:99:ba:84:60:e1:86:cc:30:58:
95:e7:ab:f0:e5:9f:c0:5b:2f:ea:38:99:a9:2b:05:
75:93:e1:d2:df:6f:b3:d7:d3:9a:b3:17:ff:f9:0a:
1e:e3:55:da:33:6e:08:b2:44:c1:2b:a1:4c:e6:d2:
75:61:18:bf:7b:58:f5:59:58:d9:57:75:77:f5:95:
bc:d5:b2:0a:d3:b8:ff:65:6b:01:85:ff:cb:88:cc:
ab:b7:c9:b8:3a:0c:31:ce:c1:4e:b2:90:48:25:84:
ea:59:96:a8:3d:9d:b9:ba:dd:38:00:c6:b8:a1:a1:
9b:71:df:71:4b:82:da:a3:8c:86:d9:49:fb:d2:a2:
65:ff:00:17:1d:74:fc:ba:10:1a:aa:57:b9:c5:c9:
d1:c3:ba:f3:34:6e:c2:6d:f8:3a:af:57:c2:d0:fa:
7a:ea:e7:e2:80:c6:48:a3:1f:ce:ad:91:85:de:a9:
ce:16:c8:84:ca:de:33:7e:38:d2:02:f5:73:b5:56:
c4:ca:b1:9a:df:e0:47:39:7c:f2:90:f9:f5:c5:14:
4d:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
X509v3 Subject Key Identifier:
6D:B9:79:29:DF:69:D0:5B:EF:03:AB:2D:B8:62:67:C2:49:DF:07:62
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.7
CPS: https://sectigo.com/CPS
Policy: 2.23.140.1.2.1
Authority Information Access:
CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
OCSP - URI:http://ocsp.sectigo.com
X509v3 Subject Alternative Name:
DNS:kpasurveys7.kpa-group.com
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Nov 15 14:30:18.784 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:B9:EB:91:CF:DD:FD:4A:66:74:D3:98:
5A:96:9A:99:B8:3F:CF:7C:30:7B:F2:6F:14:1F:96:8F:
DA:E4:B3:43:D0:02:21:00:F5:D7:39:97:DF:7C:A3:2A:
A0:3F:09:AE:F5:E9:4D:30:BE:71:F6:43:22:40:21:BB:
CA:67:7B:49:91:29:51:F4
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
Timestamp : Nov 15 14:30:18.904 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:E6:68:46:41:45:23:55:F2:24:D6:0D:
B3:4B:2D:C3:51:C3:BD:70:97:B0:A1:B8:DD:48:B7:6C:
B5:1C:3D:FC:55:02:20:59:B6:42:33:44:F2:4C:2E:19:
EC:08:15:40:AC:C3:99:62:28:B3:88:C1:01:83:17:7B:
AE:D3:73:48:F2:35:E8
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Nov 15 14:30:18.908 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:DB:4A:1F:53:97:D0:86:2E:CB:21:22:
EA:94:88:7D:63:27:5C:8D:CA:D5:59:60:60:5D:C4:E7:
4D:72:8B:2C:24:02:21:00:A4:3A:60:6C:40:B4:F6:AE:
5E:42:34:98:08:81:F8:09:A8:5C:E6:49:6F:04:1A:96:
F3:20:CB:CE:AB:05:E1:7B
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
9c:df:62:9c:cf:87:b7:28:3b:37:c2:b9:0a:25:3f:55:11:a5:
c7:8e:8b:bb:41:e8:d7:b4:f1:57:a4:a3:41:44:4d:b7:b6:a7:
4f:fa:fc:e0:10:6b:f5:b9:c4:9e:2d:d8:70:a9:36:d3:2c:41:
3d:35:2f:7a:da:42:5f:68:d8:14:28:5d:bc:4d:34:2f:83:a8:
59:4b:64:2a:bb:7f:c2:3c:b1:7a:1d:36:0f:33:f1:5a:06:47:
eb:13:a5:4e:fc:ae:56:26:01:20:0a:39:e2:b9:3f:f5:65:8c:
db:11:bd:d4:fa:31:79:5c:26:ec:c4:7d:21:d1:1a:6d:af:17:
f2:02:29:a3:3d:35:03:52:71:56:9e:7a:43:22:46:0e:8d:c4:
21:5e:c9:3b:57:49:56:50:98:9b:5f:eb:9c:98:d0:cf:84:e0:
48:69:e8:5e:e2:57:78:82:72:4f:19:c9:6f:42:18:1d:bc:2d:
0b:47:5e:34:a8:f6:c0:4f:9c:9f:f1:29:e9:15:aa:59:a0:a3:
83:e3:30:46:b3:5c:a7:36:96:ad:cd:a2:0e:74:ee:de:e9:e9:
c4:d4:12:44:e2:3d:ff:2a:0a:c5:2e:52:bf:65:49:fd:63:9b:
a1:df:0f:1c:88:70:b9:64:8f:0d:2c:49:a6:c1:43:5e:03:08:
4e:fe:0d:7a
1641389631 | 2024-04-28T19:52:55.708616
445 /
tcp
SMB Status:
Authentication: enabled
SMB Version: 1
OS: Windows Server 2008 R2 Standard 7601 Service Pack 1
Software: Windows Server 2008 R2 Standard 6.1
Capabilities: extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, lwio, nt-find, nt-smb, nt-status, rpc-remote-api, unicode