GeneralInformation

Cloud Provider	DigitalOcean
Cloud Region	de-he
Country	Germany
City	Frankfurt am Main
Organization	DigitalOcean, LLC
ISP	DigitalOcean, LLC
ASN	AS14061

OpenPorts

22 80 4433 8080

1167562274 | 2024-06-01T18:12:04.367193

22 / tcp

SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQDoD+C4ssztGhkrxIePL7ayFLZdHIrFlT7Sx3YVhlVel1Sq
3KZ6P2dMG62kAlciuxOC80J7Kqf5D2sgbxAm24T5cZnHFpYJ9d4wUAH00y8FUPXp6iLUFki56u7+
GPmoixMRRddNnGxBag6/DDZQXSqkSbSNMFrIzv+jWMzRrCIifuC+ogX32qI8AqmP4szrmqcY5xdY
Nuhw9++oJY9xIRBt4RtnJ0AwNYEJqS/OHQJfUAKFfiORgrDT0ZigUu8i7s23/fcgDx+k/efMq0En
FHrJz6M/XOBdJ4QGBAV/mIYh0wOHidnvu2B7ntUquCkG423GgxLwb131YsXsfLCN5X157qbLx/ix
FVDY72cVg5OUivlp92YDKVATYsMOd0mD2R7OvFBLGQlWO66jfDYVBLdhTw7sG/cA8GBopHk/9uEf
GO3ouhP0DSkCH8fWh8jpdJcUIPmww+Jb3qF/0YyYCANod2OxnZjaOfVPuA0uBySqb25bBHwTazXL
RIUxil2X0+k=
Fingerprint: a4:1a:29:25:74:a2:c4:53:ed:9d:3c:cc:93:a6:3f:d4

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

-700110522 | 2024-05-31T23:05:37.570459

80 / tcp

HTTP/1.1 404 Not Found
Date: Fri, 31 May 2024 23:05:37 GMT
Content-Type: text/plain
Content-Length: 0


Cobalt Strike Beacon:
  x86:
    beacon_type: HTTP
    cfg_caution: 1
    dns-beacon.strategy_fail_seconds: -1
    dns-beacon.strategy_fail_x: -1
    dns-beacon.strategy_rotate_seconds: -1
    http-get.client:
      utmac=UA-2202604-2
      utmcn=1
      utmcs=ISO-8859-1
      utmsr=1280x1024
      utmsc=32-bit
      utmul=en-US
      __utma
      utmcc
    http-get.uri: 207.154.242.220,/__utm.gif
    http-get.verb: GET
    http-post.client:
      Content-Type: application/octet-stream
      UA-220
      -2
      utmac
      utmcn=1
      utmcs=ISO-8859-1
      utmsr=1280x1024
      utmsc=32-bit
      utmul=en-US
    http-post.uri: /___utm.gif
    http-post.verb: POST
    maxgetsize: 1048616
    port: 80
    post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
    post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
    process-inject.execute:
      CreateThread
      SetThreadContext
      CreateRemoteThread
      RtlCreateUserThread
    process-inject.startrwx: 64
    process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
    process-inject.userwx: 64
    proxy.behavior: 2 (Use IE settings)
    server.publickey_md5: 254e0876d823ac3b5765a82b4c4aba36
    sleeptime: 60000
    stage.cleanup: 1
    useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MASPJS)
    watermark: 987654321
  x64:
    beacon_type: HTTP
    cfg_caution: 1
    dns-beacon.strategy_fail_seconds: -1
    dns-beacon.strategy_fail_x: -1
    dns-beacon.strategy_rotate_seconds: -1
    http-get.client:
      utmac=UA-2202604-2
      utmcn=1
      utmcs=ISO-8859-1
      utmsr=1280x1024
      utmsc=32-bit
      utmul=en-US
      __utma
      utmcc
    http-get.uri: 207.154.242.220,/__utm.gif
    http-get.verb: GET
    http-post.client:
      Content-Type: application/octet-stream
      UA-220
      -2
      utmac
      utmcn=1
      utmcs=ISO-8859-1
      utmsr=1280x1024
      utmsc=32-bit
      utmul=en-US
    http-post.uri: /___utm.gif
    http-post.verb: POST
    maxgetsize: 1048616
    port: 80
    post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
    post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
    process-inject.execute:
      CreateThread
      SetThreadContext
      CreateRemoteThread
      RtlCreateUserThread
    process-inject.startrwx: 64
    process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
    process-inject.userwx: 64
    proxy.behavior: 2 (Use IE settings)
    server.publickey_md5: 254e0876d823ac3b5765a82b4c4aba36
    sleeptime: 60000
    stage.cleanup: 1
    useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)
    watermark: 987654321

-979665791 | 2024-06-01T04:04:37.731939

4433 / tcp

HTTP/1.1 404 Not Found
Date: Sat, 1 Jun 2024 04:04:37 GMT
Content-Type: text/plain
Content-Length: 0

1068527006 | 2024-06-01T07:18:05.132956

8080 / tcp

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Jun 2024 07:18:04 GMT
Content-Type: text/html
Content-Length: 66
Last-Modified: Sat, 27 Apr 2024 14:27:04 GMT
Connection: keep-alive
ETag: "662d0b38-42"
Accept-Ranges: bytes

207.154.242.220

Last Seen: 2024-06-01

Tags:

GeneralInformation

OpenPorts

1167562274 | 2024-06-01T18:12:04.367193
22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.11

-700110522 | 2024-05-31T23:05:37.570459
80 / tcp

Cobalt Strike Beacon

-979665791 | 2024-06-01T04:04:37.731939
4433 / tcp

1068527006 | 2024-06-01T07:18:05.132956
8080 / tcp

nginx

Products

Pricing

Contact Us

207.154.242.220

Last Seen: 2024-06-01

Tags:

GeneralInformation

OpenPorts

1167562274 | 2024-06-01T18:12:04.367193 22 / tcp

OpenSSH8.2p1 Ubuntu-4ubuntu0.11

-700110522 | 2024-05-31T23:05:37.570459 80 / tcp

Cobalt Strike Beacon

-979665791 | 2024-06-01T04:04:37.731939 4433 / tcp

1068527006 | 2024-06-01T07:18:05.132956 8080 / tcp

nginx

Products

Pricing

Contact Us

1167562274 | 2024-06-01T18:12:04.367193
22 / tcp

-700110522 | 2024-05-31T23:05:37.570459
80 / tcp

-979665791 | 2024-06-01T04:04:37.731939
4433 / tcp

1068527006 | 2024-06-01T07:18:05.132956
8080 / tcp