daily update Sat Aug 31 16:31:52 UTC 2024

C2_configs/cobaltstrike.json

@@ -55565,5 +55565,16 @@
 {"preview":false,"offset":55564,"result":{"FirstSeen":"08/30/2024 22:24:49.423","ip":"94.20.88.63","ASN":"HOSTART","BeaconType":"HTTP","C2Server":"94.20.88.63,/load","Port":"54322","SleepTime":"60000","Jitter":"0","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpGet_Metadata":"Cookie","HttpPostUri":"/submit.php","HttpPost_Metadata":["Content-Type: application/octet-stream","id"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)","Watermark":"1580103824","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
 {"preview":false,"offset":55565,"result":{"FirstSeen":"08/30/2024 22:24:57.689","ip":"39.108.142.219","ASN":"ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd.","BeaconType":"HTTP","C2Server":"39.108.142.219,/css3/index2.shtml","Port":"64412","SleepTime":"3000","Jitter":"37","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpGet_Metadata":["Accept: text/html, application/xhtml+xml, image/jxr, */*","Accept-Encoding: gzip, deflate","Accept-Language: en-US; q=0.7, en; q=0.3","Connection: keep-alive","DNT: 1","accept"],"HttpPostUri":"/tools/family.html","HttpPost_Metadata":["Accept: text/html, application/xhtml+xml, */*","Accept-Encoding: gzip, deflate","DNT: 1","Content-Type: application/x-www-form-urlencoded","token=","Cookie","input="],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","Watermark":"987654321","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
 {"preview":false,"offset":55566,"result":{"FirstSeen":"08/31/2024 00:46:08.726","ip":"101.35.228.105","ASN":"TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited","BeaconType":"HTTPS","C2Server":"101.35.228.105,/load","Port":"20443","SleepTime":"60000","Jitter":"0","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpGet_Metadata":"Cookie","HttpPostUri":"/submit.php","HttpPost_Metadata":["Content-Type: application/octet-stream","id"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)","Watermark":"987654321","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
-{"preview":false,"offset":55567,"lastrow":true,"result":{"FirstSeen":"08/31/2024 13:31:05.140","ip":"70.34.196.238","ASN":"Hangzhou Alibaba Advertising Co.,Ltd.","BeaconType":"Hybrid HTTP DNS","C2Server":"update.mloadspring.com,/jquery-3.3.1.min.js,upgrade.mloadspring.com,/jquery-3.3.1.min.js","Port":"53","SleepTime":"45000","Jitter":"37","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpPostUri":"Not Found","KillDate":"0","PipeName":"Not Found","UserAgent":"Not Found","Watermark":"100000000","DNS_Idle":"208.118.236.244","DNS_Sleep":"0"}}
+{"preview":false,"offset":55567,"result":{"FirstSeen":"08/31/2024 13:31:05.140","ip":"70.34.196.238","ASN":"Hangzhou Alibaba Advertising Co.,Ltd.","BeaconType":"Hybrid HTTP DNS","C2Server":"update.mloadspring.com,/jquery-3.3.1.min.js,upgrade.mloadspring.com,/jquery-3.3.1.min.js","Port":"53","SleepTime":"45000","Jitter":"37","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpPostUri":"Not Found","KillDate":"0","PipeName":"Not Found","UserAgent":"Not Found","Watermark":"100000000","DNS_Idle":"208.118.236.244","DNS_Sleep":"0"}}
+{"preview":false,"offset":55568,"result":{"FirstSeen":"08/31/2024 14:47:13.871","ip":"103.118.244.27","ASN":"Sakura Network Limited","BeaconType":"HTTP","C2Server":"103.118.244.27,/jquery-3.3.1.min.js","Port":"9999","SleepTime":"45000","Jitter":"37","Proxy_Behavior":"Use IE settings","HostHeader":"Host: microsaft.club","HttpGet_Metadata":["Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Host: microsaft.club","Referer: http://microsaft.club/","Accept-Encoding: gzip, deflate","__cfduid=","Cookie"],"HttpPostUri":"/jquery-3.3.2.min.js","HttpPost_Metadata":["Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Host: microsaft.club","Referer: http://microsaft.club/","Accept-Encoding: gzip, deflate","__cfduid"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","Watermark":"391144938","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
+{"preview":false,"offset":55569,"result":{"FirstSeen":"08/31/2024 14:47:31.972","ip":"120.46.212.33","ASN":"Huawei Public Cloud Service (Huawei Software Technologies Ltd.Co)","BeaconType":"HTTP","C2Server":"120.46.212.33,/load","Port":"9999","SleepTime":"60000","Jitter":"0","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpGet_Metadata":"Cookie","HttpPostUri":"/submit.php","HttpPost_Metadata":["Content-Type: application/octet-stream","id"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)","Watermark":"987654321","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
+{"preview":false,"offset":55570,"result":{"FirstSeen":"08/31/2024 14:47:42.779","ip":"47.243.241.94","ASN":"Alibaba Cloud LLC","BeaconType":"HTTP","C2Server":"192.168.1.157,/match","Port":"80","SleepTime":"60000","Jitter":"0","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpGet_Metadata":"Cookie","HttpPostUri":"/submit.php","HttpPost_Metadata":["Content-Type: application/octet-stream","id"],"KillDate":"0","PipeName":"","UserAgent":"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)","Watermark":"0","DNS_Idle":"0.0.0.0","DNS_Sleep":"0"}}
+{"preview":false,"offset":55571,"result":{"FirstSeen":"08/31/2024 14:47:59.755","ip":"8.134.196.58","ASN":"Aliyun Computing Co.LTD","BeaconType":"HTTP","C2Server":"8.134.196.58,/s/ref=nb_sb_noss_1/167-3294666-0262949/field-keywords=books","Port":"6666","SleepTime":"5000","Jitter":"0","Proxy_Behavior":"Use IE settings","HostHeader":"Host: www.amazon.com","HttpGet_Metadata":["Accept: */*","Host: www.amazon.com","session-token=","skin=noskin;","csm-hit=s-24KU11BB82RZSYGJ3BDK|1419899012996","Cookie"],"HttpPostUri":"/N4215/adj/amzn2023","HttpPost_Metadata":["Accept: */*","Content-Type: text/xml","X-Requested-With: XMLHttpRequest","Host: www.amazon.com","sz=160x600","oe=oe=ISO-8859-1;","sn","s=3717","dc_ref=http%3A%2F%2Fwww.amazon.com"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","Watermark":"987654321","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
+{"preview":false,"offset":55572,"result":{"FirstSeen":"08/31/2024 14:48:41.600","ip":"143.244.185.131","ASN":"DigitalOcean, LLC","BeaconType":"HTTPS","C2Server":"www.county-resources.org,/wp-content/themes/am51-1/dist/settings","Port":"443","SleepTime":"15000","Jitter":"90","Proxy_Behavior":"Use IE settings","HostHeader":"Host: www.county-resources.org","HttpGet_Metadata":["Host: www.county-resources.org","Accept: */*","Accept-Language: en-US","Accept-Encoding: gzip, deflate","display-language=en;check=true;dlcs=1;sess-id=",";SIDCC=CZ0-BxinP5qf3NzHb;TRDv2=F","Cookie"],"HttpPostUri":"/en/us/handlers","HttpPost_Metadata":["Host: www.county-resources.org","Accept: */*","Accept-Language: en-US,en","Accept-Encoding: gzip, deflate","sess-","pd","{\"locale\":\"en-us\",\"channel\":\"prod\",\"widget\":\"","\"}"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36","Watermark":"1559820211","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
+{"preview":false,"offset":55573,"result":{"FirstSeen":"08/31/2024 14:48:51.175","ip":"8.134.196.58","ASN":"Aliyun Computing Co.LTD","BeaconType":"HTTP","C2Server":"119.4.135.3,/s/ref=nb_sb_noss_1/167-3294666-0262949/field-keywords=books","Port":"80","SleepTime":"5000","Jitter":"0","Proxy_Behavior":"Use IE settings","HostHeader":"Host: www.amazon.com","HttpGet_Metadata":["Accept: */*","Host: www.amazon.com","session-token=","skin=noskin;","csm-hit=s-24KU11BB82RZSYGJ3BDK|1419899012996","Cookie"],"HttpPostUri":"/N4215/adj/amzn2023","HttpPost_Metadata":["Accept: */*","Content-Type: text/xml","X-Requested-With: XMLHttpRequest","Host: www.amazon.com","sz=160x600","oe=oe=ISO-8859-1;","sn","s=3717","dc_ref=http%3A%2F%2Fwww.amazon.com"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","Watermark":"987654321","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
+{"preview":false,"offset":55574,"result":{"FirstSeen":"08/31/2024 14:49:12.580","ip":"5.181.202.246","ASN":"LLHOST INC. SRL","BeaconType":"HTTPS","C2Server":"update-system.ru,/Com/dating/VE4YW4P3MGL","Port":"443","SleepTime":"108539","Jitter":"42","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpGet_Metadata":["Accept: application/xhtml+xml, image/*, application/xml","Accept-Language: hi","Accept-Encoding: *, compress","secure_id_DN5FP1G8MU2098N8SRWX=","Cookie"],"HttpPostUri":"/interpret/filelist/7PJ58BPNH2YG","HttpPost_Metadata":["Accept: image/*, application/xml, text/html","Accept-Language: es-pe","Accept-Encoding: *, compress","_HVRKGBBF"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","Watermark":"987654321","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
+{"preview":false,"offset":55575,"result":{"FirstSeen":"08/31/2024 14:49:19.493","ip":"83.229.120.164","ASN":"L-L-IX","BeaconType":"HTTPS","C2Server":"83.229.120.164,/ptj","Port":"443","SleepTime":"60000","Jitter":"0","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpGet_Metadata":"Cookie","HttpPostUri":"/submit.php","HttpPost_Metadata":["Content-Type: application/octet-stream","id"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; ASU2JS)","Watermark":"1234567890","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
+{"preview":false,"offset":55576,"result":{"FirstSeen":"08/31/2024 14:49:31.604","ip":"83.229.120.164","ASN":"L-L-IX","BeaconType":"HTTP","C2Server":"83.229.120.164,/activity","Port":"80","SleepTime":"60000","Jitter":"0","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpGet_Metadata":"Cookie","HttpPostUri":"/submit.php","HttpPost_Metadata":["Content-Type: application/octet-stream","id"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)","Watermark":"1234567890","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
+{"preview":false,"offset":55577,"result":{"FirstSeen":"08/31/2024 14:49:40.888","ip":"125.69.147.208","ASN":"CHINANET Sichuan province network","BeaconType":"HTTP","C2Server":"www.qichen.fun,/dot.gif","Port":"8123","SleepTime":"60000","Jitter":"0","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpGet_Metadata":"Cookie","HttpPostUri":"/submit.php","HttpPost_Metadata":["Content-Type: application/octet-stream","id"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)","Watermark":"987654321","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}
+{"preview":false,"offset":55578,"lastrow":true,"result":{"FirstSeen":"08/31/2024 14:49:46.008","ip":"192.144.140.64","ASN":"Tencent Cloud Computing (Beijing) Co., Ltd","BeaconType":"HTTP","C2Server":"192.144.140.64,/pixel","Port":"80","SleepTime":"60000","Jitter":"0","Proxy_Behavior":"Use IE settings","HostHeader":"","HttpGet_Metadata":"Cookie","HttpPostUri":"/submit.php","HttpPost_Metadata":["Content-Type: application/octet-stream","id"],"KillDate":"0","PipeName":"Not Found","UserAgent":"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MAAU)","Watermark":"987654321","DNS_Idle":"Not Found","DNS_Sleep":"Not Found"}}