-1323787001 | 2024-06-14T11:04:54.952425
22 /
tcp
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.7
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNFCKRLH12xiavUHGcn4ll/1
vnrNxjmK+etoTn59EwLF4M5Le6VLSz2hp4wyMzbSlX3mOTy+g95HwoxPjIYY9Q4=
Fingerprint: 8d:8a:77:05:04:c0:a9:00:40:57:95:dc:6c:b2:c8:5c
Kex Algorithms:
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
sntrup761x25519-sha512@openssh.com
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
kex-strict-s-v00@openssh.com
Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
731197476 | 2024-06-14T06:55:11.799789
80 /
tcp
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Date: Fri, 14 Jun 2024 06:55:11 GMT
Content-Length: 19
-1463323783 | 2024-05-15T23:21:15.368932
81 /
tcp
HTTP/1.1 404 Not Found
Date: Wed, 15 May 2024 23:21:15 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
OSID=
Cookie
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
http-get.uri: 47.99.188.195,/_/scs/mail-static/_/js/
http-get.verb: GET
http-post.client:
ui=d3244c4707
hop=6928632
start=0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
OSID=
Cookie
http-post.uri: /mail/u/0/
http-post.verb: POST
jitter: 15
maxgetsize: 1048576
port: 81
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 63a92113a3310e39e4c6c42ccedd9087
sleeptime: 60000
useragent_header: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; InfoPath.2)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
OSID=
Cookie
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
http-get.uri: 47.99.188.195,/_/scs/mail-static/_/js/
http-get.verb: GET
http-post.client:
ui=d3244c4707
hop=6928632
start=0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
OSID=
Cookie
http-post.uri: /mail/u/0/
http-post.verb: POST
jitter: 15
maxgetsize: 1048576
port: 81
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 63a92113a3310e39e4c6c42ccedd9087
sleeptime: 60000
useragent_header: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)
uses_cookies: 1
watermark: 987654321
-547131307 | 2024-06-14T10:56:20.828873
1234 /
tcp
15313774 | 2024-06-14T04:34:06.389192
8080 /
tcp
HTTP/1.1 404 Not Found
Date: Fri, 14 Jun 2024 04:34:06 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 47.99.188.195,/pixel.gif
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 8080
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 63a92113a3310e39e4c6c42ccedd9087
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 47.99.188.195,/ptj
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 8080
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 63a92113a3310e39e4c6c42ccedd9087
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)
uses_cookies: 1
watermark: 987654321
1240517920 | 2024-06-14T05:29:25.961958
8081 /
tcp
HTTP/1.1 200 OK
Date: Fri, 14 Jun 2024 05:29:25 GMT
Content-Type: text/html
Content-Length: 10101
<!DOCTYPE html>
<html>
<head>
<base href="https://oa.astronergy.com/Astronergy.H3BPM.Extend.Salary.Web/Salary/PayQuery/">
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
<meta charset="utf-8">
<title></title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<meta name="description" content="">
<!-- jquery plugin -->
<script src="/Astronergy.H3BPM.Extend.Salary.Web/Content/jquery/1.11.0/jquery.min.js"></script>
<!-- layui plugin -->
<link rel="stylesheet" href="/Astronergy.H3BPM.Extend.Salary.Web/Content/layui2.3/css/layui.css" />
<link rel="stylesheet" href="/Astronergy.H3BPM.Extend.Salary.Web/Content/layui2.3/css/login/login.css" />
<script type="text/javascript" src="/Astronergy.H3BPM.Extend.Salary.Web/Content/layui2.3/layui.all.js"></script>
<!-- astronergy plugin -->
<script type="text/javascript" src="/Astronergy.H3BPM.Extend.Salary.Web/Content/astronergy/astronergy-ui.js"></script>
</head>
<body>
<div class="layui-tab-content lofo_main">
<fieldset class="layui-elem-field layui-field-title mar_02">
<legend style="color:white;display:block;margin:0 auto;">欢迎登录-薪资查询界面</legend>
</fieldset>
<div class="layui-row layui-col-space15">
<form class="layui-form pad_01" action="" id="login-form">
<div class="layui-col-sm12 layui-col-md12">
<div class="layui-form-item">
<input type="text" id="txtUserCode" name="title" placeholder="请输入员工工号" autocomplete="off" class="layui-input">
<i class="layui-icon layui-icon-username lofo_icon"></i>
</div>
</div>
<div class="layui-col-sm12 layui-col-md12">
<div class="layui-form-item" style="position:relative;">
<input type="password" id="txtPassword" name="password" placeholder="请输入密码" autocomplete="off" class="layui-input">
<i class="layui-icon layui-icon-password lofo_icon"></i>
<img id="hidePassword" style="position:absolute;top:0;right:0;width: 30px;cursor:pointer;" onclick="showPassFunc()" src="/Astronergy.H3BPM.Extend.Salary.Web/Content/layui2.3/images/login/hideWord.png" alt="Alternate Text" />
<img id="showPassword" style="position:absolute;top:0;right:0;width: 30px;cursor:pointer;display: none;" onclick="hidePassFunc()" src="/Astronergy.H3BPM.Extend.Salary.Web/Content/layui2.3/images/login/showWord.png" alt="Alternate Text" />
</div>
</div>
<div class="layui-col-sm12 layui-col-md12" id="divSMS">
<div class="layui-row">
<div class="layui-col-xs8 layui-col-sm8 layui-col-md8">
<div class="layui-form-item">
<input type="text" name="vercode" id="txtVerCode" placeholder="验证码" class="layui-input">
<i class="layui-icon layui-icon-vercode lofo_icon"></i>
</div>
</div>
<div class="layui-col-xs4 layui-col-sm4 layui-col-md4">
<button type="button" class="layui-btn layui-btn-fluid btnSend" id="btnSend" onclick="sendSMS()">获取验证码</button>
</div>
</div>
</div>
<div class="layui-col-sm12 layui-col-md12">
<button type="button" class="layui-btn layui-btn-fluid" style="width:47%" id="loginBtn" onclick="userLogin()">立即登录</button>
<button type="button" class="layui-btn layui-btn-fluid" style="width:47%;background-color:#6484ff !important" id="changeBtn" onclick="changePwd()">修改密码</button>
</div>
<div class="layui-col-sm12 layui-col-md12">
</div>
</form>
</div>
</div>
<div style="display:none">
<input type="hidden" id="hidIsLandIp" value="0" />
</div>
<script type="text/javascript">
var layer = layui.layer
, form = layui.form
, element = layui.element
, table = layui.table;
; !function () {
element.init();
}();
$(function () {
var islanip = $("#hidIsLandIp").val();
if (islanip=="1") {
$("#divSMS").hide();
}
if (getCookie('smsCount') != undefined && getCookie('smsCount') != 'NaN' && getCookie('smsCount') != 'null') {//cookie存在倒计时
timekeeping();
} else {//cookie 没有倒计时
$('#btnSend').attr("disabled", false);
}
});
// ===2020-12-03新增:密码的显示和隐藏
function hidePassFunc() {
$('#txtPassword').attr('type', 'password')
$('#txtPassword').attr('name', 'password')
$('#showPassword').css('display', 'none')
$('#hidePassword').css('display', 'inline-block')
};
function showPassFunc() {
$('#