1585714998 | 2024-05-15T05:33:53.681202
22 /
tcp
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQDk0oGaghOyBzYHR1Svbt2BLYDzusdsUVfottLzT84UGqQV
Hs9wlVibT2d7t82NK9HnalUs3arGr8bVMrgAs0TBSS/lSgVelNBuyCWehEapJZpDOhPA+6SfHpR/
4pKy9DhyCPVha3jnkliZEHMdxGXtvyPtqt9lbT09KCq/DjVvmDfY5+adqdaDVfgErfYD6n8qMtzY
S2AUp+zs9sxLuWsA876slUlbbM9wBeXy91jpWxkx1Hsp29IeF8TGoBNpEfWGV3xlBDvJ6GMLUvm7
PKmJgUBvEz55Fmru2GyzLsFLgsHnQjwsBpK1hVubEoB5e2BceaoeJAxXyeBJoVnol2lxg2+f+HQv
M2ftQKPQccQYfhr/wO0J6rOLyxNEBHNMK5sNyhOLGlyBsqGHRNCkKvmMcM+TMp3lpVV46SRPTvhI
b6rOyVEizULqCssPE9ZhPt2HkQPlImCw9C7Yz/22GMWVPJcW255xpb/CdSdX+HaiIdfXQeTtbaTb
rtiayOSdBkE=
Fingerprint: be:f5:05:d8:71:6f:e3:a9:40:60:1d:29:c1:f8:96:f5
Kex Algorithms:
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
kex-strict-s-v00@openssh.com
Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ssh-rsa
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
1845118841 | 2024-06-12T01:40:49.392406
80 /
tcp
HTTP/1.1 200 OK
Date: Wed, 12 Jun 2024 01:40:48 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 14 Dec 2023 03:44:11 GMT
ETag: "2aa6-60c7018bb028f"
Accept-Ranges: bytes
Content-Length: 10918
Vary: Accept-Encoding
Content-Type: text/html
748751232 | 2024-06-08T23:36:10.589590
3306 /
tcp
MySQL:
Protocol Version: 10
Version: 8.0.36-0ubuntu0.20.04.1
Capabilities: 65535
Server Language: 255
Server Status: 2
Extended Server Capabilities: 57343
Authentication Plugin: caching_sha2_password
-113103856 | 2024-05-30T14:02:10.354573
3310 /
tcp
A\x00\x00\x00\n3.0.0-Evil_Mysql_Server\x006\x00\x00\x00evilsalt\x00\xdf\xf7\x08\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00evil2222\x00
0 | 2024-06-08T20:01:27.267501
7001 /
tcp
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer:
Validity
Not Before: Jan 1 00:00:00 1 GMT
Not After : Jan 1 00:00:00 1 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d2:1b:e2:7e:dd:60:b6:5c:d2:39:ad:ad:9c:23:
f6:fa:05:8b:b0:f1:e4:63:92:1a:3c:d0:33:37:e9:
5d:c1:74:35:7e:ac:7b:3b:3c:76:56:74:44:3f:e2:
52:f2:05:d4:2d:47:03:03:bb:45:49:59:07:27:36:
5c:92:24:09:db:60:ff:d0:ae:5f:e9:a9:63:7f:c6:
7c:1e:25:40:40:18:d0:21:be:07:67:55:b3:52:82:
b3:43:fb:8e:d5:1e:11:88:c0:52:92:e6:a3:ed:fb:
41:61:2a:91:f4:48:cf:ae:1f:92:05:bf:0f:74:c7:
fd:1a:3c:8b:a9:6f:51:20:07
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
9c:87:83:19:e2:96:34:35:9d:19:ba:1f:63:c1:1a:95:d6:78:
ce:25:23:bd:44:ec:c1:6e:67:e1:3f:30:94:c9:83:27:77:66:
51:86:b0:86:36:38:f4:d5:60:8d:79:75:d6:89:bd:d1:ba:bb:
df:17:14:c1:c1:13:f3:82:e0:92:43:40:cb:ab:51:34:b4:0c:
c0:35:4d:c0:11:79:b6:16:5a:17:7e:9f:81:e4:ad:c4:16:fa:
c1:71:24:c8:6a:c8:bf:65:40:17:d4:24:f5:ec:22:55:02:18:
df:af:65:fe:c0:8f:2b:b4:0d:c0:00:4d:39:48:11:2a:8a:b5:
f2:e7
-1681541096 | 2024-06-10T23:58:25.329030
7777 /
tcp
HTTP/1.1 404 Not Found
Date: Mon, 10 Jun 2024 23:58:25 GMT
Content-Length: 489
Content-Type: text/html; charset=utf-8
-253443517 | 2024-06-01T09:11:11.896701
8000 /
tcp
HTTP/1.1 404 Not Found
Date: Sat, 1 Jun 2024 09:11:11 GMT
Content-Type: text/plain
Content-Length: 0
-482543318 | 2024-06-13T20:29:28.096086
8080 /
tcp
HTTP/1.1 404 Not Found
Date: Thu, 13 Jun 2024 20:29:27 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 47.115.203.204,/activity
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 8080
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 7cacfc77c9bfbbeed522740496e52c6e
sleeptime: 60000
useragent_header: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 47.115.203.204,/en_US/all.js
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 8080
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 7cacfc77c9bfbbeed522740496e52c6e
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
uses_cookies: 1
watermark: 987654321
2134794953 | 2024-06-13T12:19:37.895413
8089 /
tcp
HTTP/1.1 404 Not Found
Date: Thu, 13 Jun 2024 12:19:37 GMT
Content-Type: text/plain
Content-Length: 0
1521943733 | 2024-05-27T04:29:21.887859
9200 /
tcp
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 5015
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 31 Aug 2022 14:48:48 GMT
Date: Mon, 27 May 2024 04:29:21 GMT