API tools faq
paste
Advertisement
whickey

2020-11-29 CobaltStrike Beacon Config Grab

whickey
Nov 30th, 2020 (edited)
11,428
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.15 MB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <!DOCTYPE nmaprun>
  3. <?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
  4. <!-- Nmap 7.80 scan initiated Mon Nov 30 10:47:41 2020 as: nmap -iL 2020-11-30.txt -oX 2020-11-30.xml -&#45;script=./grab_beacon_config.nse -->
  5. <nmaprun scanner="nmap" args="nmap -iL 2020-11-30.txt -oX 2020-11-30.xml -&#45;script=./grab_beacon_config.nse" start="1606751261" startstr="Mon Nov 30 10:47:41 2020" version="7.80" xmloutputversion="1.04">
  6. <scaninfo type="connect" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
  7. <verbose level="0"/>
  8. <debugging level="0"/>
  9. <taskprogress task="Connect Scan" time="1606752391" percent="75.34" remaining="359" etc="1606752750"/>
  10. <taskprogress task="Connect Scan" time="1606753028" percent="98.79" remaining="22" etc="1606753049"/>
  11. <host starttime="1606751262" endtime="1606754879"><status state="up" reason="conn-refused" reason_ttl="0"/>
  12. <address addr="51.79.161.171" addrtype="ipv4"/>
  13. <hostnames>
  14. <hostname name="vps-35f6595b.vps.ovh.ca" type="PTR"/>
  15. </hostnames>
  16. <ports><extraports state="closed" count="997">
  17. <extrareasons reason="conn-refused" count="997"/>
  18. </extraports>
  19. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  20. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  21. <port protocol="tcp" portid="31337"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="Elite" method="table" conf="3"/></port>
  22. </ports>
  23. <times srtt="247265" rttvar="6320" to="272545"/>
  24. </host>
  25. <host starttime="1606751262" endtime="1606755010"><status state="up" reason="syn-ack" reason_ttl="0"/>
  26. <address addr="23.81.246.89" addrtype="ipv4"/>
  27. <hostnames>
  28. </hostnames>
  29. <ports><extraports state="closed" count="992">
  30. <extrareasons reason="conn-refused" count="992"/>
  31. </extraports>
  32. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  33. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  34. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  35. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  36. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  37. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  38. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  39. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  40. </ports>
  41. <times srtt="58322" rttvar="2836" to="100000"/>
  42. </host>
  43. <host starttime="1606751262" endtime="1606754900"><status state="up" reason="conn-refused" reason_ttl="0"/>
  44. <address addr="154.208.76.60" addrtype="ipv4"/>
  45. <hostnames>
  46. </hostnames>
  47. <ports><extraports state="closed" count="991">
  48. <extrareasons reason="conn-refused" count="991"/>
  49. </extraports>
  50. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  51. <port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  52. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  53. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  54. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  55. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  56. <port protocol="tcp" portid="888"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  57. <port protocol="tcp" portid="7625"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  58. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  59. </ports>
  60. <times srtt="226373" rttvar="9121" to="262857"/>
  61. </host>
  62. <host starttime="1606751262" endtime="1606754900"><status state="up" reason="conn-refused" reason_ttl="0"/>
  63. <address addr="154.208.76.59" addrtype="ipv4"/>
  64. <hostnames>
  65. </hostnames>
  66. <ports><extraports state="closed" count="992">
  67. <extrareasons reason="conn-refused" count="992"/>
  68. </extraports>
  69. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  70. <port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  71. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  72. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  73. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  74. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  75. <port protocol="tcp" portid="888"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  76. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  77. </ports>
  78. <times srtt="222319" rttvar="3461" to="236163"/>
  79. </host>
  80. <host starttime="1606751261" endtime="1606755021"><status state="up" reason="conn-refused" reason_ttl="0"/>
  81. <address addr="156.255.2.36" addrtype="ipv4"/>
  82. <hostnames>
  83. </hostnames>
  84. <ports><extraports state="closed" count="992">
  85. <extrareasons reason="conn-refused" count="992"/>
  86. </extraports>
  87. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  88. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  89. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  90. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  91. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  92. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  93. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  94. <port protocol="tcp" portid="465"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  95. </ports>
  96. <times srtt="228807" rttvar="2626" to="239311"/>
  97. </host>
  98. <host starttime="1606751262" endtime="1606754884"><status state="up" reason="conn-refused" reason_ttl="0"/>
  99. <address addr="134.209.117.238" addrtype="ipv4"/>
  100. <hostnames>
  101. </hostnames>
  102. <ports><extraports state="closed" count="995">
  103. <extrareasons reason="conn-refused" count="995"/>
  104. </extraports>
  105. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  106. <port protocol="tcp" portid="89"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="su-mit-tg" method="table" conf="3"/></port>
  107. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 50000&#xa;Jitter: 37&#xa;C2 Server: jude.saintjameschurch.org,/Video&#xa;HTTP Method Path 2: /search&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 50000&#xa;Jitter: 37&#xa;C2 Server: jude.saintjameschurch.org,/Video&#xa;HTTP Method Path 2: /search&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  108. <port protocol="tcp" portid="9050"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tor-socks" method="table" conf="3"/></port>
  109. <port protocol="tcp" portid="9595"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pds" method="table" conf="3"/></port>
  110. </ports>
  111. <times srtt="18242" rttvar="7424" to="100000"/>
  112. </host>
  113. <host starttime="1606751263" endtime="1606755026"><status state="up" reason="syn-ack" reason_ttl="0"/>
  114. <address addr="154.220.3.226" addrtype="ipv4"/>
  115. <hostnames>
  116. </hostnames>
  117. <ports><extraports state="closed" count="992">
  118. <extrareasons reason="conn-refused" count="992"/>
  119. </extraports>
  120. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  121. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  122. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  123. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 154.220.3.226,/dot.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 154.220.3.226,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  124. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  125. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  126. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  127. <port protocol="tcp" portid="465"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  128. </ports>
  129. <times srtt="231037" rttvar="11947" to="278825"/>
  130. </host>
  131. <host starttime="1606751262" endtime="1606754888"><status state="up" reason="conn-refused" reason_ttl="0"/>
  132. <address addr="134.209.5.246" addrtype="ipv4"/>
  133. <hostnames>
  134. </hostnames>
  135. <ports><extraports state="closed" count="997">
  136. <extrareasons reason="conn-refused" count="997"/>
  137. </extraports>
  138. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  139. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  140. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 134.209.5.246,/visit.js&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  141. </ports>
  142. <times srtt="85732" rttvar="8096" to="118116"/>
  143. </host>
  144. <host starttime="1606751274" endtime="1606755021"><status state="up" reason="syn-ack" reason_ttl="0"/>
  145. <address addr="199.247.18.58" addrtype="ipv4"/>
  146. <hostnames>
  147. <hostname name="199.247.18.58.vultr.com" type="PTR"/>
  148. </hostnames>
  149. <ports><extraports state="closed" count="996">
  150. <extrareasons reason="conn-refused" count="996"/>
  151. </extraports>
  152. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  153. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  154. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  155. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 199.247.18.58,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  156. </ports>
  157. <times srtt="100370" rttvar="1931" to="108094"/>
  158. </host>
  159. <host starttime="1606751262" endtime="1606754913"><status state="up" reason="syn-ack" reason_ttl="0"/>
  160. <address addr="212.64.32.215" addrtype="ipv4"/>
  161. <hostnames>
  162. </hostnames>
  163. <ports><extraports state="closed" count="984">
  164. <extrareasons reason="conn-refused" count="984"/>
  165. </extraports>
  166. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  167. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  168. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  169. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  170. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  171. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  172. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 212.64.32.215,/dot.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  173. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  174. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  175. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  176. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  177. <port protocol="tcp" portid="1075"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rdrmshc" method="table" conf="3"/></port>
  178. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  179. <port protocol="tcp" portid="3071"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="csd-mgmt-port" method="table" conf="3"/></port>
  180. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  181. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  182. </ports>
  183. <times srtt="219352" rttvar="14831" to="278676"/>
  184. </host>
  185. <host starttime="1606751263" endtime="1606754888"><status state="up" reason="conn-refused" reason_ttl="0"/>
  186. <address addr="154.220.3.196" addrtype="ipv4"/>
  187. <hostnames>
  188. </hostnames>
  189. <ports><extraports state="closed" count="993">
  190. <extrareasons reason="conn-refused" count="993"/>
  191. </extraports>
  192. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  193. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  194. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  195. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  196. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  197. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  198. <port protocol="tcp" portid="465"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  199. </ports>
  200. <times srtt="222786" rttvar="3770" to="237866"/>
  201. </host>
  202. <host starttime="1606751263" endtime="1606755000"><status state="up" reason="syn-ack" reason_ttl="0"/>
  203. <address addr="192.236.248.169" addrtype="ipv4"/>
  204. <hostnames>
  205. <hostname name="hwsrv-805727.hostwindsdns.com" type="PTR"/>
  206. </hostnames>
  207. <ports><extraports state="closed" count="994">
  208. <extrareasons reason="conn-refused" count="994"/>
  209. </extraports>
  210. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  211. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  212. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  213. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amapai-technologies.email,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amapai-technologies.email,/dot.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  214. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  215. <port protocol="tcp" portid="11967"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sysinfo-sp" method="table" conf="3"/></port>
  216. </ports>
  217. <times srtt="93602" rttvar="1298" to="100000"/>
  218. </host>
  219. <host starttime="1606751262" endtime="1606755029"><status state="up" reason="syn-ack" reason_ttl="0"/>
  220. <address addr="212.95.150.10" addrtype="ipv4"/>
  221. <hostnames>
  222. </hostnames>
  223. <ports><extraports state="filtered" count="27">
  224. <extrareasons reason="no-responses" count="27"/>
  225. </extraports>
  226. <port protocol="tcp" portid="1"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tcpmux" method="table" conf="3"/></port>
  227. <port protocol="tcp" portid="3"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="compressnet" method="table" conf="3"/></port>
  228. <port protocol="tcp" portid="4"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  229. <port protocol="tcp" portid="6"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  230. <port protocol="tcp" portid="7"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="echo" method="table" conf="3"/></port>
  231. <port protocol="tcp" portid="9"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="discard" method="table" conf="3"/></port>
  232. <port protocol="tcp" portid="13"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="daytime" method="table" conf="3"/></port>
  233. <port protocol="tcp" portid="17"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="qotd" method="table" conf="3"/></port>
  234. <port protocol="tcp" portid="19"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="chargen" method="table" conf="3"/></port>
  235. <port protocol="tcp" portid="20"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp-data" method="table" conf="3"/></port>
  236. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  237. <port protocol="tcp" portid="22"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  238. <port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="telnet" method="table" conf="3"/></port>
  239. <port protocol="tcp" portid="24"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="priv-mail" method="table" conf="3"/></port>
  240. <port protocol="tcp" portid="26"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rsftp" method="table" conf="3"/></port>
  241. <port protocol="tcp" portid="30"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  242. <port protocol="tcp" portid="32"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  243. <port protocol="tcp" portid="33"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dsp" method="table" conf="3"/></port>
  244. <port protocol="tcp" portid="37"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="time" method="table" conf="3"/></port>
  245. <port protocol="tcp" portid="42"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  246. <port protocol="tcp" portid="43"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="whois" method="table" conf="3"/></port>
  247. <port protocol="tcp" portid="49"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tacacs" method="table" conf="3"/></port>
  248. <port protocol="tcp" portid="70"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="gopher" method="table" conf="3"/></port>
  249. <port protocol="tcp" portid="79"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="finger" method="table" conf="3"/></port>
  250. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  251. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  252. <port protocol="tcp" portid="82"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xfer" method="table" conf="3"/></port>
  253. <port protocol="tcp" portid="83"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mit-ml-dev" method="table" conf="3"/></port>
  254. <port protocol="tcp" portid="84"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ctf" method="table" conf="3"/></port>
  255. <port protocol="tcp" portid="85"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mit-ml-dev" method="table" conf="3"/></port>
  256. <port protocol="tcp" portid="88"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="kerberos-sec" method="table" conf="3"/></port>
  257. <port protocol="tcp" portid="89"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="su-mit-tg" method="table" conf="3"/></port>
  258. <port protocol="tcp" portid="90"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dnsix" method="table" conf="3"/></port>
  259. <port protocol="tcp" portid="99"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="metagram" method="table" conf="3"/></port>
  260. <port protocol="tcp" portid="100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="newacct" method="table" conf="3"/></port>
  261. <port protocol="tcp" portid="106"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pop3pw" method="table" conf="3"/></port>
  262. <port protocol="tcp" portid="111"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  263. <port protocol="tcp" portid="113"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ident" method="table" conf="3"/></port>
  264. <port protocol="tcp" portid="119"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nntp" method="table" conf="3"/></port>
  265. <port protocol="tcp" portid="125"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="locus-map" method="table" conf="3"/></port>
  266. <port protocol="tcp" portid="144"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="news" method="table" conf="3"/></port>
  267. <port protocol="tcp" portid="146"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iso-tp0" method="table" conf="3"/></port>
  268. <port protocol="tcp" portid="161"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snmp" method="table" conf="3"/></port>
  269. <port protocol="tcp" portid="163"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cmip-man" method="table" conf="3"/></port>
  270. <port protocol="tcp" portid="179"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bgp" method="table" conf="3"/></port>
  271. <port protocol="tcp" portid="199"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smux" method="table" conf="3"/></port>
  272. <port protocol="tcp" portid="211"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="914c-g" method="table" conf="3"/></port>
  273. <port protocol="tcp" portid="212"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="anet" method="table" conf="3"/></port>
  274. <port protocol="tcp" portid="222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rsh-spx" method="table" conf="3"/></port>
  275. <port protocol="tcp" portid="254"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  276. <port protocol="tcp" portid="255"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  277. <port protocol="tcp" portid="256"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fw1-secureremote" method="table" conf="3"/></port>
  278. <port protocol="tcp" portid="259"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="esro-gen" method="table" conf="3"/></port>
  279. <port protocol="tcp" portid="264"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bgmp" method="table" conf="3"/></port>
  280. <port protocol="tcp" portid="280"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-mgmt" method="table" conf="3"/></port>
  281. <port protocol="tcp" portid="301"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  282. <port protocol="tcp" portid="306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  283. <port protocol="tcp" portid="311"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="asip-webadmin" method="table" conf="3"/></port>
  284. <port protocol="tcp" portid="340"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  285. <port protocol="tcp" portid="366"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="odmr" method="table" conf="3"/></port>
  286. <port protocol="tcp" portid="389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ldap" method="table" conf="3"/></port>
  287. <port protocol="tcp" portid="406"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imsp" method="table" conf="3"/></port>
  288. <port protocol="tcp" portid="407"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="timbuktu" method="table" conf="3"/></port>
  289. <port protocol="tcp" portid="416"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="silverplatter" method="table" conf="3"/></port>
  290. <port protocol="tcp" portid="417"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="onmux" method="table" conf="3"/></port>
  291. <port protocol="tcp" portid="425"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="icad-el" method="table" conf="3"/></port>
  292. <port protocol="tcp" portid="427"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="svrloc" method="table" conf="3"/></port>
  293. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  294. <port protocol="tcp" portid="444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snpp" method="table" conf="3"/></port>
  295. <port protocol="tcp" portid="458"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="appleqtc" method="table" conf="3"/></port>
  296. <port protocol="tcp" portid="464"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="kpasswd5" method="table" conf="3"/></port>
  297. <port protocol="tcp" portid="481"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dvs" method="table" conf="3"/></port>
  298. <port protocol="tcp" portid="497"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="retrospect" method="table" conf="3"/></port>
  299. <port protocol="tcp" portid="500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
  300. <port protocol="tcp" portid="512"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="exec" method="table" conf="3"/></port>
  301. <port protocol="tcp" portid="513"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="login" method="table" conf="3"/></port>
  302. <port protocol="tcp" portid="514"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="shell" method="table" conf="3"/></port>
  303. <port protocol="tcp" portid="515"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="printer" method="table" conf="3"/></port>
  304. <port protocol="tcp" portid="524"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ncp" method="table" conf="3"/></port>
  305. <port protocol="tcp" portid="541"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="uucp-rlogin" method="table" conf="3"/></port>
  306. <port protocol="tcp" portid="543"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="klogin" method="table" conf="3"/></port>
  307. <port protocol="tcp" portid="544"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="kshell" method="table" conf="3"/></port>
  308. <port protocol="tcp" portid="545"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ekshell" method="table" conf="3"/></port>
  309. <port protocol="tcp" portid="548"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afp" method="table" conf="3"/></port>
  310. <port protocol="tcp" portid="554"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="rtsp" method="table" conf="3"/></port>
  311. <port protocol="tcp" portid="555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dsf" method="table" conf="3"/></port>
  312. <port protocol="tcp" portid="563"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snews" method="table" conf="3"/></port>
  313. <port protocol="tcp" portid="616"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sco-sysmgr" method="table" conf="3"/></port>
  314. <port protocol="tcp" portid="617"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sco-dtmgr" method="table" conf="3"/></port>
  315. <port protocol="tcp" portid="625"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="apple-xsrvr-admin" method="table" conf="3"/></port>
  316. <port protocol="tcp" portid="631"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ipp" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  317. <port protocol="tcp" portid="636"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ldapssl" method="table" conf="3"/></port>
  318. <port protocol="tcp" portid="646"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ldp" method="table" conf="3"/></port>
  319. <port protocol="tcp" portid="648"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rrp" method="table" conf="3"/></port>
  320. <port protocol="tcp" portid="666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="doom" method="table" conf="3"/></port>
  321. <port protocol="tcp" portid="667"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="disclose" method="table" conf="3"/></port>
  322. <port protocol="tcp" portid="668"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mecomm" method="table" conf="3"/></port>
  323. <port protocol="tcp" portid="683"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="corba-iiop" method="table" conf="3"/></port>
  324. <port protocol="tcp" portid="687"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="asipregistry" method="table" conf="3"/></port>
  325. <port protocol="tcp" portid="691"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="resvc" method="table" conf="3"/></port>
  326. <port protocol="tcp" portid="700"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="epp" method="table" conf="3"/></port>
  327. <port protocol="tcp" portid="705"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="agentx" method="table" conf="3"/></port>
  328. <port protocol="tcp" portid="711"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-tdp" method="table" conf="3"/></port>
  329. <port protocol="tcp" portid="714"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iris-xpcs" method="table" conf="3"/></port>
  330. <port protocol="tcp" portid="720"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  331. <port protocol="tcp" portid="722"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  332. <port protocol="tcp" portid="726"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  333. <port protocol="tcp" portid="749"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="kerberos-adm" method="table" conf="3"/></port>
  334. <port protocol="tcp" portid="765"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="webster" method="table" conf="3"/></port>
  335. <port protocol="tcp" portid="777"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="multiling-http" method="table" conf="3"/></port>
  336. <port protocol="tcp" portid="783"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="spamassassin" method="table" conf="3"/></port>
  337. <port protocol="tcp" portid="787"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="qsc" method="table" conf="3"/></port>
  338. <port protocol="tcp" portid="800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mdbs_daemon" method="table" conf="3"/></port>
  339. <port protocol="tcp" portid="801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="device" method="table" conf="3"/></port>
  340. <port protocol="tcp" portid="808"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ccproxy-http" method="table" conf="3"/></port>
  341. <port protocol="tcp" portid="843"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  342. <port protocol="tcp" portid="873"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rsync" method="table" conf="3"/></port>
  343. <port protocol="tcp" portid="880"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  344. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  345. <port protocol="tcp" portid="898"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-manageconsole" method="table" conf="3"/></port>
  346. <port protocol="tcp" portid="900"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="omginitialrefs" method="table" conf="3"/></port>
  347. <port protocol="tcp" portid="901"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="samba-swat" method="table" conf="3"/></port>
  348. <port protocol="tcp" portid="902"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iss-realsecure" method="table" conf="3"/></port>
  349. <port protocol="tcp" portid="903"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iss-console-mgr" method="table" conf="3"/></port>
  350. <port protocol="tcp" portid="911"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xact-backup" method="table" conf="3"/></port>
  351. <port protocol="tcp" portid="912"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="apex-mesh" method="table" conf="3"/></port>
  352. <port protocol="tcp" portid="981"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  353. <port protocol="tcp" portid="987"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  354. <port protocol="tcp" portid="990"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftps" method="table" conf="3"/></port>
  355. <port protocol="tcp" portid="992"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="telnets" method="table" conf="3"/></port>
  356. <port protocol="tcp" portid="999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="garcon" method="table" conf="3"/></port>
  357. <port protocol="tcp" portid="1000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cadlock" method="table" conf="3"/></port>
  358. <port protocol="tcp" portid="1001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="webpush" method="table" conf="3"/></port>
  359. <port protocol="tcp" portid="1002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="windows-icfw" method="table" conf="3"/></port>
  360. <port protocol="tcp" portid="1007"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  361. <port protocol="tcp" portid="1009"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  362. <port protocol="tcp" portid="1010"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="surf" method="table" conf="3"/></port>
  363. <port protocol="tcp" portid="1011"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  364. <port protocol="tcp" portid="1021"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="exp1" method="table" conf="3"/></port>
  365. <port protocol="tcp" portid="1022"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="exp2" method="table" conf="3"/></port>
  366. <port protocol="tcp" portid="1023"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netvenuechat" method="table" conf="3"/></port>
  367. <port protocol="tcp" portid="1026"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="LSA-or-nterm" method="table" conf="3"/></port>
  368. <port protocol="tcp" portid="1027"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="IIS" method="table" conf="3"/></port>
  369. <port protocol="tcp" portid="1028"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  370. <port protocol="tcp" portid="1029"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-lsa" method="table" conf="3"/></port>
  371. <port protocol="tcp" portid="1030"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iad1" method="table" conf="3"/></port>
  372. <port protocol="tcp" portid="1031"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iad2" method="table" conf="3"/></port>
  373. <port protocol="tcp" portid="1032"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iad3" method="table" conf="3"/></port>
  374. <port protocol="tcp" portid="1033"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netinfo" method="table" conf="3"/></port>
  375. <port protocol="tcp" portid="1034"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zincite-a" method="table" conf="3"/></port>
  376. <port protocol="tcp" portid="1035"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="multidropper" method="table" conf="3"/></port>
  377. <port protocol="tcp" portid="1037"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ams" method="table" conf="3"/></port>
  378. <port protocol="tcp" portid="1038"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mtqp" method="table" conf="3"/></port>
  379. <port protocol="tcp" portid="1039"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sbl" method="table" conf="3"/></port>
  380. <port protocol="tcp" portid="1040"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netsaint" method="table" conf="3"/></port>
  381. <port protocol="tcp" portid="1041"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="danf-ak2" method="table" conf="3"/></port>
  382. <port protocol="tcp" portid="1042"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afrog" method="table" conf="3"/></port>
  383. <port protocol="tcp" portid="1043"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="boinc" method="table" conf="3"/></port>
  384. <port protocol="tcp" portid="1044"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dcutility" method="table" conf="3"/></port>
  385. <port protocol="tcp" portid="1045"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fpitp" method="table" conf="3"/></port>
  386. <port protocol="tcp" portid="1046"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wfremotertm" method="table" conf="3"/></port>
  387. <port protocol="tcp" portid="1047"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="neod1" method="table" conf="3"/></port>
  388. <port protocol="tcp" portid="1048"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="neod2" method="table" conf="3"/></port>
  389. <port protocol="tcp" portid="1049"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="td-postman" method="table" conf="3"/></port>
  390. <port protocol="tcp" portid="1050"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="java-or-OTGfileshare" method="table" conf="3"/></port>
  391. <port protocol="tcp" portid="1051"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="optima-vnet" method="table" conf="3"/></port>
  392. <port protocol="tcp" portid="1052"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ddt" method="table" conf="3"/></port>
  393. <port protocol="tcp" portid="1053"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="remote-as" method="table" conf="3"/></port>
  394. <port protocol="tcp" portid="1054"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="brvread" method="table" conf="3"/></port>
  395. <port protocol="tcp" portid="1055"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ansyslmd" method="table" conf="3"/></port>
  396. <port protocol="tcp" portid="1056"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vfo" method="table" conf="3"/></port>
  397. <port protocol="tcp" portid="1057"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="startron" method="table" conf="3"/></port>
  398. <port protocol="tcp" portid="1058"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nim" method="table" conf="3"/></port>
  399. <port protocol="tcp" portid="1059"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nimreg" method="table" conf="3"/></port>
  400. <port protocol="tcp" portid="1060"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="polestar" method="table" conf="3"/></port>
  401. <port protocol="tcp" portid="1061"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="kiosk" method="table" conf="3"/></port>
  402. <port protocol="tcp" portid="1062"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="veracity" method="table" conf="3"/></port>
  403. <port protocol="tcp" portid="1063"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="kyoceranetdev" method="table" conf="3"/></port>
  404. <port protocol="tcp" portid="1064"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jstel" method="table" conf="3"/></port>
  405. <port protocol="tcp" portid="1065"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="syscomlan" method="table" conf="3"/></port>
  406. <port protocol="tcp" portid="1066"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fpo-fns" method="table" conf="3"/></port>
  407. <port protocol="tcp" portid="1067"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="instl_boots" method="table" conf="3"/></port>
  408. <port protocol="tcp" portid="1068"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  409. <port protocol="tcp" portid="1069"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cognex-insight" method="table" conf="3"/></port>
  410. <port protocol="tcp" portid="1070"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="gmrupdateserv" method="table" conf="3"/></port>
  411. <port protocol="tcp" portid="1071"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bsquare-voip" method="table" conf="3"/></port>
  412. <port protocol="tcp" portid="1072"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cardax" method="table" conf="3"/></port>
  413. <port protocol="tcp" portid="1073"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bridgecontrol" method="table" conf="3"/></port>
  414. <port protocol="tcp" portid="1074"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="warmspotMgmt" method="table" conf="3"/></port>
  415. <port protocol="tcp" portid="1075"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rdrmshc" method="table" conf="3"/></port>
  416. <port protocol="tcp" portid="1076"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sns_credit" method="table" conf="3"/></port>
  417. <port protocol="tcp" portid="1077"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imgames" method="table" conf="3"/></port>
  418. <port protocol="tcp" portid="1078"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="avocent-proxy" method="table" conf="3"/></port>
  419. <port protocol="tcp" portid="1079"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="asprovatalk" method="table" conf="3"/></port>
  420. <port protocol="tcp" portid="1080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="socks" method="table" conf="3"/></port>
  421. <port protocol="tcp" portid="1081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pvuniwien" method="table" conf="3"/></port>
  422. <port protocol="tcp" portid="1082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="amt-esd-prot" method="table" conf="3"/></port>
  423. <port protocol="tcp" portid="1083"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ansoft-lm-1" method="table" conf="3"/></port>
  424. <port protocol="tcp" portid="1084"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ansoft-lm-2" method="table" conf="3"/></port>
  425. <port protocol="tcp" portid="1085"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="webobjects" method="table" conf="3"/></port>
  426. <port protocol="tcp" portid="1086"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cplscrambler-lg" method="table" conf="3"/></port>
  427. <port protocol="tcp" portid="1087"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cplscrambler-in" method="table" conf="3"/></port>
  428. <port protocol="tcp" portid="1088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cplscrambler-al" method="table" conf="3"/></port>
  429. <port protocol="tcp" portid="1089"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ff-annunc" method="table" conf="3"/></port>
  430. <port protocol="tcp" portid="1090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ff-fms" method="table" conf="3"/></port>
  431. <port protocol="tcp" portid="1091"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ff-sm" method="table" conf="3"/></port>
  432. <port protocol="tcp" portid="1092"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="obrpd" method="table" conf="3"/></port>
  433. <port protocol="tcp" portid="1093"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="proofd" method="table" conf="3"/></port>
  434. <port protocol="tcp" portid="1094"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rootd" method="table" conf="3"/></port>
  435. <port protocol="tcp" portid="1095"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nicelink" method="table" conf="3"/></port>
  436. <port protocol="tcp" portid="1096"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cnrprotocol" method="table" conf="3"/></port>
  437. <port protocol="tcp" portid="1097"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sunclustermgr" method="table" conf="3"/></port>
  438. <port protocol="tcp" portid="1098"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rmiactivation" method="table" conf="3"/></port>
  439. <port protocol="tcp" portid="1099"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rmiregistry" method="table" conf="3"/></port>
  440. <port protocol="tcp" portid="1100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mctp" method="table" conf="3"/></port>
  441. <port protocol="tcp" portid="1102"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="adobeserver-1" method="table" conf="3"/></port>
  442. <port protocol="tcp" portid="1104"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xrl" method="table" conf="3"/></port>
  443. <port protocol="tcp" portid="1105"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftranhc" method="table" conf="3"/></port>
  444. <port protocol="tcp" portid="1106"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isoipsigport-1" method="table" conf="3"/></port>
  445. <port protocol="tcp" portid="1107"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isoipsigport-2" method="table" conf="3"/></port>
  446. <port protocol="tcp" portid="1108"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ratio-adp" method="table" conf="3"/></port>
  447. <port protocol="tcp" portid="1110"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nfsd-status" method="table" conf="3"/></port>
  448. <port protocol="tcp" portid="1111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="lmsocialserver" method="table" conf="3"/></port>
  449. <port protocol="tcp" portid="1112"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msql" method="table" conf="3"/></port>
  450. <port protocol="tcp" portid="1113"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ltp-deepspace" method="table" conf="3"/></port>
  451. <port protocol="tcp" portid="1114"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mini-sql" method="table" conf="3"/></port>
  452. <port protocol="tcp" portid="1117"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ardus-mtrns" method="table" conf="3"/></port>
  453. <port protocol="tcp" portid="1119"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bnetgame" method="table" conf="3"/></port>
  454. <port protocol="tcp" portid="1121"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rmpp" method="table" conf="3"/></port>
  455. <port protocol="tcp" portid="1122"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="availant-mgr" method="table" conf="3"/></port>
  456. <port protocol="tcp" portid="1123"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="murray" method="table" conf="3"/></port>
  457. <port protocol="tcp" portid="1124"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hpvmmcontrol" method="table" conf="3"/></port>
  458. <port protocol="tcp" portid="1126"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hpvmmdata" method="table" conf="3"/></port>
  459. <port protocol="tcp" portid="1130"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="casp" method="table" conf="3"/></port>
  460. <port protocol="tcp" portid="1131"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="caspssl" method="table" conf="3"/></port>
  461. <port protocol="tcp" portid="1132"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="kvm-via-ip" method="table" conf="3"/></port>
  462. <port protocol="tcp" portid="1137"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="trim" method="table" conf="3"/></port>
  463. <port protocol="tcp" portid="1138"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="encrypted_admin" method="table" conf="3"/></port>
  464. <port protocol="tcp" portid="1141"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mxomss" method="table" conf="3"/></port>
  465. <port protocol="tcp" portid="1145"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="x9-icue" method="table" conf="3"/></port>
  466. <port protocol="tcp" portid="1147"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="capioverlan" method="table" conf="3"/></port>
  467. <port protocol="tcp" portid="1148"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="elfiq-repl" method="table" conf="3"/></port>
  468. <port protocol="tcp" portid="1149"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bvtsonar" method="table" conf="3"/></port>
  469. <port protocol="tcp" portid="1151"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unizensus" method="table" conf="3"/></port>
  470. <port protocol="tcp" portid="1152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="winpoplanmess" method="table" conf="3"/></port>
  471. <port protocol="tcp" portid="1154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="resacommunity" method="table" conf="3"/></port>
  472. <port protocol="tcp" portid="1163"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sddp" method="table" conf="3"/></port>
  473. <port protocol="tcp" portid="1164"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="qsm-proxy" method="table" conf="3"/></port>
  474. <port protocol="tcp" portid="1166"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="qsm-remote" method="table" conf="3"/></port>
  475. <port protocol="tcp" portid="1169"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tripwire" method="table" conf="3"/></port>
  476. <port protocol="tcp" portid="1174"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fnet-remote-ui" method="table" conf="3"/></port>
  477. <port protocol="tcp" portid="1175"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dossier" method="table" conf="3"/></port>
  478. <port protocol="tcp" portid="1183"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="llsurfup-http" method="table" conf="3"/></port>
  479. <port protocol="tcp" portid="1185"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="catchpole" method="table" conf="3"/></port>
  480. <port protocol="tcp" portid="1186"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql-cluster" method="table" conf="3"/></port>
  481. <port protocol="tcp" portid="1187"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="alias" method="table" conf="3"/></port>
  482. <port protocol="tcp" portid="1192"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="caids-sensor" method="table" conf="3"/></port>
  483. <port protocol="tcp" portid="1198"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cajo-discovery" method="table" conf="3"/></port>
  484. <port protocol="tcp" portid="1199"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dmidi" method="table" conf="3"/></port>
  485. <port protocol="tcp" portid="1201"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nucleus-sand" method="table" conf="3"/></port>
  486. <port protocol="tcp" portid="1213"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mpc-lifenet" method="table" conf="3"/></port>
  487. <port protocol="tcp" portid="1216"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="etebac5" method="table" conf="3"/></port>
  488. <port protocol="tcp" portid="1217"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hpss-ndapi" method="table" conf="3"/></port>
  489. <port protocol="tcp" portid="1218"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="aeroflight-ads" method="table" conf="3"/></port>
  490. <port protocol="tcp" portid="1233"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="univ-appserver" method="table" conf="3"/></port>
  491. <port protocol="tcp" portid="1234"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hotline" method="table" conf="3"/></port>
  492. <port protocol="tcp" portid="1236"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bvcontrol" method="table" conf="3"/></port>
  493. <port protocol="tcp" portid="1244"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isbconference1" method="table" conf="3"/></port>
  494. <port protocol="tcp" portid="1247"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="visionpyramid" method="table" conf="3"/></port>
  495. <port protocol="tcp" portid="1248"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hermes" method="table" conf="3"/></port>
  496. <port protocol="tcp" portid="1259"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="opennl-voice" method="table" conf="3"/></port>
  497. <port protocol="tcp" portid="1271"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="excw" method="table" conf="3"/></port>
  498. <port protocol="tcp" portid="1272"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cspmlockmgr" method="table" conf="3"/></port>
  499. <port protocol="tcp" portid="1277"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="miva-mqs" method="table" conf="3"/></port>
  500. <port protocol="tcp" portid="1287"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="routematch" method="table" conf="3"/></port>
  501. <port protocol="tcp" portid="1296"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dproxy" method="table" conf="3"/></port>
  502. <port protocol="tcp" portid="1300"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="h323hostcallsc" method="table" conf="3"/></port>
  503. <port protocol="tcp" portid="1301"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ci3-software-1" method="table" conf="3"/></port>
  504. <port protocol="tcp" portid="1309"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jtag-server" method="table" conf="3"/></port>
  505. <port protocol="tcp" portid="1310"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="husky" method="table" conf="3"/></port>
  506. <port protocol="tcp" portid="1311"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rxmon" method="table" conf="3"/></port>
  507. <port protocol="tcp" portid="1322"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="novation" method="table" conf="3"/></port>
  508. <port protocol="tcp" portid="1328"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ewall" method="table" conf="3"/></port>
  509. <port protocol="tcp" portid="1334"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="writesrv" method="table" conf="3"/></port>
  510. <port protocol="tcp" portid="1352"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="lotusnotes" method="table" conf="3"/></port>
  511. <port protocol="tcp" portid="1417"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="timbuktu-srv1" method="table" conf="3"/></port>
  512. <port protocol="tcp" portid="1434"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  513. <port protocol="tcp" portid="1443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ies-lm" method="table" conf="3"/></port>
  514. <port protocol="tcp" portid="1455"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="esl-lm" method="table" conf="3"/></port>
  515. <port protocol="tcp" portid="1461"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ibm_wrless_lan" method="table" conf="3"/></port>
  516. <port protocol="tcp" portid="1494"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="citrix-ica" method="table" conf="3"/></port>
  517. <port protocol="tcp" portid="1500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vlsi-lm" method="table" conf="3"/></port>
  518. <port protocol="tcp" portid="1501"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sas-3" method="table" conf="3"/></port>
  519. <port protocol="tcp" portid="1503"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imtc-mcs" method="table" conf="3"/></port>
  520. <port protocol="tcp" portid="1521"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oracle" method="table" conf="3"/></port>
  521. <port protocol="tcp" portid="1524"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ingreslock" method="table" conf="3"/></port>
  522. <port protocol="tcp" portid="1533"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="virtual-places" method="table" conf="3"/></port>
  523. <port protocol="tcp" portid="1556"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="veritas_pbx" method="table" conf="3"/></port>
  524. <port protocol="tcp" portid="1580"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tn-tl-r1" method="table" conf="3"/></port>
  525. <port protocol="tcp" portid="1583"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="simbaexpress" method="table" conf="3"/></port>
  526. <port protocol="tcp" portid="1594"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sixtrak" method="table" conf="3"/></port>
  527. <port protocol="tcp" portid="1600"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="issd" method="table" conf="3"/></port>
  528. <port protocol="tcp" portid="1641"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="invision" method="table" conf="3"/></port>
  529. <port protocol="tcp" portid="1658"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sixnetudr" method="table" conf="3"/></port>
  530. <port protocol="tcp" portid="1666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netview-aix-6" method="table" conf="3"/></port>
  531. <port protocol="tcp" portid="1687"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nsjtp-ctrl" method="table" conf="3"/></port>
  532. <port protocol="tcp" portid="1688"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nsjtp-data" method="table" conf="3"/></port>
  533. <port protocol="tcp" portid="1700"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mps-raft" method="table" conf="3"/></port>
  534. <port protocol="tcp" portid="1717"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fj-hdnet" method="table" conf="3"/></port>
  535. <port protocol="tcp" portid="1718"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="h323gatedisc" method="table" conf="3"/></port>
  536. <port protocol="tcp" portid="1719"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="h323gatestat" method="table" conf="3"/></port>
  537. <port protocol="tcp" portid="1720"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="h323q931" method="table" conf="3"/></port>
  538. <port protocol="tcp" portid="1721"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="caicci" method="table" conf="3"/></port>
  539. <port protocol="tcp" portid="1755"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wms" method="table" conf="3"/></port>
  540. <port protocol="tcp" portid="1761"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="landesk-rc" method="table" conf="3"/></port>
  541. <port protocol="tcp" portid="1782"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hp-hcip" method="table" conf="3"/></port>
  542. <port protocol="tcp" portid="1783"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  543. <port protocol="tcp" portid="1801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msmq" method="table" conf="3"/></port>
  544. <port protocol="tcp" portid="1805"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="enl-name" method="table" conf="3"/></port>
  545. <port protocol="tcp" portid="1812"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radius" method="table" conf="3"/></port>
  546. <port protocol="tcp" portid="1839"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netopia-vo1" method="table" conf="3"/></port>
  547. <port protocol="tcp" portid="1840"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netopia-vo2" method="table" conf="3"/></port>
  548. <port protocol="tcp" portid="1862"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql-cm-agent" method="table" conf="3"/></port>
  549. <port protocol="tcp" portid="1863"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msnp" method="table" conf="3"/></port>
  550. <port protocol="tcp" portid="1864"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="paradym-31" method="table" conf="3"/></port>
  551. <port protocol="tcp" portid="1875"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="westell-stats" method="table" conf="3"/></port>
  552. <port protocol="tcp" portid="1900"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  553. <port protocol="tcp" portid="1914"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="elm-momentum" method="table" conf="3"/></port>
  554. <port protocol="tcp" portid="1935"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rtmp" method="table" conf="3"/></port>
  555. <port protocol="tcp" portid="1947"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sentinelsrm" method="table" conf="3"/></port>
  556. <port protocol="tcp" portid="1971"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netop-school" method="table" conf="3"/></port>
  557. <port protocol="tcp" portid="1972"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="intersys-cache" method="table" conf="3"/></port>
  558. <port protocol="tcp" portid="1974"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="drp" method="table" conf="3"/></port>
  559. <port protocol="tcp" portid="1984"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bigbrother" method="table" conf="3"/></port>
  560. <port protocol="tcp" portid="1998"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="x25-svc-port" method="table" conf="3"/></port>
  561. <port protocol="tcp" portid="1999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tcp-id-port" method="table" conf="3"/></port>
  562. <port protocol="tcp" portid="2000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-sccp" method="table" conf="3"/></port>
  563. <port protocol="tcp" portid="2001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dc" method="table" conf="3"/></port>
  564. <port protocol="tcp" portid="2002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="globe" method="table" conf="3"/></port>
  565. <port protocol="tcp" portid="2003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="finger" method="table" conf="3"/></port>
  566. <port protocol="tcp" portid="2004"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mailbox" method="table" conf="3"/></port>
  567. <port protocol="tcp" portid="2005"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="deslogin" method="table" conf="3"/></port>
  568. <port protocol="tcp" portid="2006"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="invokator" method="table" conf="3"/></port>
  569. <port protocol="tcp" portid="2007"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dectalk" method="table" conf="3"/></port>
  570. <port protocol="tcp" portid="2008"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="conf" method="table" conf="3"/></port>
  571. <port protocol="tcp" portid="2009"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="news" method="table" conf="3"/></port>
  572. <port protocol="tcp" portid="2010"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="search" method="table" conf="3"/></port>
  573. <port protocol="tcp" portid="2013"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="raid-am" method="table" conf="3"/></port>
  574. <port protocol="tcp" portid="2020"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xinupageserver" method="table" conf="3"/></port>
  575. <port protocol="tcp" portid="2021"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="servexec" method="table" conf="3"/></port>
  576. <port protocol="tcp" portid="2022"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="down" method="table" conf="3"/></port>
  577. <port protocol="tcp" portid="2030"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="device2" method="table" conf="3"/></port>
  578. <port protocol="tcp" portid="2033"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="glogger" method="table" conf="3"/></port>
  579. <port protocol="tcp" portid="2034"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="scoremgr" method="table" conf="3"/></port>
  580. <port protocol="tcp" portid="2035"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imsldoc" method="table" conf="3"/></port>
  581. <port protocol="tcp" portid="2038"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="objectmanager" method="table" conf="3"/></port>
  582. <port protocol="tcp" portid="2040"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="lam" method="table" conf="3"/></port>
  583. <port protocol="tcp" portid="2041"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="interbase" method="table" conf="3"/></port>
  584. <port protocol="tcp" portid="2042"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isis" method="table" conf="3"/></port>
  585. <port protocol="tcp" portid="2043"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isis-bcast" method="table" conf="3"/></port>
  586. <port protocol="tcp" portid="2045"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cdfunc" method="table" conf="3"/></port>
  587. <port protocol="tcp" portid="2046"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sdfunc" method="table" conf="3"/></port>
  588. <port protocol="tcp" portid="2047"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dls" method="table" conf="3"/></port>
  589. <port protocol="tcp" portid="2048"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dls-monitor" method="table" conf="3"/></port>
  590. <port protocol="tcp" portid="2049"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nfs" method="table" conf="3"/></port>
  591. <port protocol="tcp" portid="2065"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dlsrpn" method="table" conf="3"/></port>
  592. <port protocol="tcp" portid="2068"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="avocentkvm" method="table" conf="3"/></port>
  593. <port protocol="tcp" portid="2099"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="h2250-annex-g" method="table" conf="3"/></port>
  594. <port protocol="tcp" portid="2100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="amiganetfs" method="table" conf="3"/></port>
  595. <port protocol="tcp" portid="2103"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zephyr-clt" method="table" conf="3"/></port>
  596. <port protocol="tcp" portid="2105"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="eklogin" method="table" conf="3"/></port>
  597. <port protocol="tcp" portid="2106"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ekshell" method="table" conf="3"/></port>
  598. <port protocol="tcp" portid="2107"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msmq-mgmt" method="table" conf="3"/></port>
  599. <port protocol="tcp" portid="2111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="kx" method="table" conf="3"/></port>
  600. <port protocol="tcp" portid="2119"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="gsigatekeeper" method="table" conf="3"/></port>
  601. <port protocol="tcp" portid="2121"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ccproxy-ftp" method="table" conf="3"/></port>
  602. <port protocol="tcp" portid="2126"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pktcable-cops" method="table" conf="3"/></port>
  603. <port protocol="tcp" portid="2135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="gris" method="table" conf="3"/></port>
  604. <port protocol="tcp" portid="2144"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="lv-ffx" method="table" conf="3"/></port>
  605. <port protocol="tcp" portid="2160"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="apc-2160" method="table" conf="3"/></port>
  606. <port protocol="tcp" portid="2161"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="apc-agent" method="table" conf="3"/></port>
  607. <port protocol="tcp" portid="2170"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="eyetv" method="table" conf="3"/></port>
  608. <port protocol="tcp" portid="2179"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vmrdp" method="table" conf="3"/></port>
  609. <port protocol="tcp" portid="2190"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tivoconnect" method="table" conf="3"/></port>
  610. <port protocol="tcp" portid="2191"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tvbus" method="table" conf="3"/></port>
  611. <port protocol="tcp" portid="2196"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  612. <port protocol="tcp" portid="2200"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ici" method="table" conf="3"/></port>
  613. <port protocol="tcp" portid="2222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="EtherNetIP-1" method="table" conf="3"/></port>
  614. <port protocol="tcp" portid="2251"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dif-port" method="table" conf="3"/></port>
  615. <port protocol="tcp" portid="2260"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="apc-2260" method="table" conf="3"/></port>
  616. <port protocol="tcp" portid="2288"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netml" method="table" conf="3"/></port>
  617. <port protocol="tcp" portid="2301"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="compaqdiag" method="table" conf="3"/></port>
  618. <port protocol="tcp" portid="2323"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="3d-nfsd" method="table" conf="3"/></port>
  619. <port protocol="tcp" portid="2366"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="qip-login" method="table" conf="3"/></port>
  620. <port protocol="tcp" portid="2381"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="compaq-https" method="table" conf="3"/></port>
  621. <port protocol="tcp" portid="2382"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-olap3" method="table" conf="3"/></port>
  622. <port protocol="tcp" portid="2383"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-olap4" method="table" conf="3"/></port>
  623. <port protocol="tcp" portid="2393"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-olap1" method="table" conf="3"/></port>
  624. <port protocol="tcp" portid="2394"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-olap2" method="table" conf="3"/></port>
  625. <port protocol="tcp" portid="2399"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fmpro-fdal" method="table" conf="3"/></port>
  626. <port protocol="tcp" portid="2401"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cvspserver" method="table" conf="3"/></port>
  627. <port protocol="tcp" portid="2492"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="groove" method="table" conf="3"/></port>
  628. <port protocol="tcp" portid="2500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rtsserv" method="table" conf="3"/></port>
  629. <port protocol="tcp" portid="2522"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="windb" method="table" conf="3"/></port>
  630. <port protocol="tcp" portid="2525"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-v-worlds" method="table" conf="3"/></port>
  631. <port protocol="tcp" portid="2557"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nicetec-mgmt" method="table" conf="3"/></port>
  632. <port protocol="tcp" portid="2601"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zebra" method="table" conf="3"/></port>
  633. <port protocol="tcp" portid="2602"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ripd" method="table" conf="3"/></port>
  634. <port protocol="tcp" portid="2604"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ospfd" method="table" conf="3"/></port>
  635. <port protocol="tcp" portid="2605"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bgpd" method="table" conf="3"/></port>
  636. <port protocol="tcp" portid="2607"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="connection" method="table" conf="3"/></port>
  637. <port protocol="tcp" portid="2608"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wag-service" method="table" conf="3"/></port>
  638. <port protocol="tcp" portid="2701"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sms-rcinfo" method="table" conf="3"/></port>
  639. <port protocol="tcp" portid="2702"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sms-xfer" method="table" conf="3"/></port>
  640. <port protocol="tcp" portid="2710"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sso-service" method="table" conf="3"/></port>
  641. <port protocol="tcp" portid="2717"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pn-requester" method="table" conf="3"/></port>
  642. <port protocol="tcp" portid="2718"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pn-requester2" method="table" conf="3"/></port>
  643. <port protocol="tcp" portid="2725"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msolap-ptp2" method="table" conf="3"/></port>
  644. <port protocol="tcp" portid="2800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="acc-raid" method="table" conf="3"/></port>
  645. <port protocol="tcp" portid="2809"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="corbaloc" method="table" conf="3"/></port>
  646. <port protocol="tcp" portid="2811"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="gsiftp" method="table" conf="3"/></port>
  647. <port protocol="tcp" portid="2869"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="icslap" method="table" conf="3"/></port>
  648. <port protocol="tcp" portid="2909"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="funk-dialout" method="table" conf="3"/></port>
  649. <port protocol="tcp" portid="2910"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tdaccess" method="table" conf="3"/></port>
  650. <port protocol="tcp" portid="2920"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="roboeda" method="table" conf="3"/></port>
  651. <port protocol="tcp" portid="2967"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="symantec-av" method="table" conf="3"/></port>
  652. <port protocol="tcp" portid="2968"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="enpp" method="table" conf="3"/></port>
  653. <port protocol="tcp" portid="2998"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iss-realsec" method="table" conf="3"/></port>
  654. <port protocol="tcp" portid="3000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ppp" method="table" conf="3"/></port>
  655. <port protocol="tcp" portid="3001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nessus" method="table" conf="3"/></port>
  656. <port protocol="tcp" portid="3003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cgms" method="table" conf="3"/></port>
  657. <port protocol="tcp" portid="3005"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="deslogin" method="table" conf="3"/></port>
  658. <port protocol="tcp" portid="3006"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="deslogind" method="table" conf="3"/></port>
  659. <port protocol="tcp" portid="3007"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="lotusmtap" method="table" conf="3"/></port>
  660. <port protocol="tcp" portid="3011"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="trusted-web" method="table" conf="3"/></port>
  661. <port protocol="tcp" portid="3013"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="gilatskysurfer" method="table" conf="3"/></port>
  662. <port protocol="tcp" portid="3017"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="event_listener" method="table" conf="3"/></port>
  663. <port protocol="tcp" portid="3030"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="arepa-cas" method="table" conf="3"/></port>
  664. <port protocol="tcp" portid="3031"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="eppc" method="table" conf="3"/></port>
  665. <port protocol="tcp" portid="3052"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="powerchute" method="table" conf="3"/></port>
  666. <port protocol="tcp" portid="3071"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="csd-mgmt-port" method="table" conf="3"/></port>
  667. <port protocol="tcp" portid="3077"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="orbix-loc-ssl" method="table" conf="3"/></port>
  668. <port protocol="tcp" portid="3128"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  669. <port protocol="tcp" portid="3168"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="poweronnud" method="table" conf="3"/></port>
  670. <port protocol="tcp" portid="3211"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="avsecuremgmt" method="table" conf="3"/></port>
  671. <port protocol="tcp" portid="3221"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xnm-clear-text" method="table" conf="3"/></port>
  672. <port protocol="tcp" portid="3260"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iscsi" method="table" conf="3"/></port>
  673. <port protocol="tcp" portid="3261"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="winshadow" method="table" conf="3"/></port>
  674. <port protocol="tcp" portid="3268"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="globalcatLDAP" method="table" conf="3"/></port>
  675. <port protocol="tcp" portid="3269"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="globalcatLDAPssl" method="table" conf="3"/></port>
  676. <port protocol="tcp" portid="3283"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netassistant" method="table" conf="3"/></port>
  677. <port protocol="tcp" portid="3300"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ceph" method="table" conf="3"/></port>
  678. <port protocol="tcp" portid="3301"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  679. <port protocol="tcp" portid="3306"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  680. <port protocol="tcp" portid="3322"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="active-net" method="table" conf="3"/></port>
  681. <port protocol="tcp" portid="3323"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="active-net" method="table" conf="3"/></port>
  682. <port protocol="tcp" portid="3324"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="active-net" method="table" conf="3"/></port>
  683. <port protocol="tcp" portid="3325"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="active-net" method="table" conf="3"/></port>
  684. <port protocol="tcp" portid="3333"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dec-notes" method="table" conf="3"/></port>
  685. <port protocol="tcp" portid="3351"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="btrieve" method="table" conf="3"/></port>
  686. <port protocol="tcp" portid="3367"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="satvid-datalnk" method="table" conf="3"/></port>
  687. <port protocol="tcp" portid="3369"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="satvid-datalnk" method="table" conf="3"/></port>
  688. <port protocol="tcp" portid="3370"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="satvid-datalnk" method="table" conf="3"/></port>
  689. <port protocol="tcp" portid="3371"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="satvid-datalnk" method="table" conf="3"/></port>
  690. <port protocol="tcp" portid="3372"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msdtc" method="table" conf="3"/></port>
  691. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  692. <port protocol="tcp" portid="3390"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dsc" method="table" conf="3"/></port>
  693. <port protocol="tcp" portid="3404"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  694. <port protocol="tcp" portid="3476"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nppmp" method="table" conf="3"/></port>
  695. <port protocol="tcp" portid="3493"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nut" method="table" conf="3"/></port>
  696. <port protocol="tcp" portid="3517"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="802-11-iapp" method="table" conf="3"/></port>
  697. <port protocol="tcp" portid="3527"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="beserver-msg-q" method="table" conf="3"/></port>
  698. <port protocol="tcp" portid="3546"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  699. <port protocol="tcp" portid="3551"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="apcupsd" method="table" conf="3"/></port>
  700. <port protocol="tcp" portid="3580"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nati-svrloc" method="table" conf="3"/></port>
  701. <port protocol="tcp" portid="3659"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="apple-sasl" method="table" conf="3"/></port>
  702. <port protocol="tcp" portid="3689"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rendezvous" method="table" conf="3"/></port>
  703. <port protocol="tcp" portid="3690"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="svn" method="table" conf="3"/></port>
  704. <port protocol="tcp" portid="3703"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="adobeserver-3" method="table" conf="3"/></port>
  705. <port protocol="tcp" portid="3737"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xpanel" method="table" conf="3"/></port>
  706. <port protocol="tcp" portid="3766"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sitewatch-s" method="table" conf="3"/></port>
  707. <port protocol="tcp" portid="3784"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bfd-control" method="table" conf="3"/></port>
  708. <port protocol="tcp" portid="3800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pwgpsi" method="table" conf="3"/></port>
  709. <port protocol="tcp" portid="3801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ibm-mgr" method="table" conf="3"/></port>
  710. <port protocol="tcp" portid="3809"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="apocd" method="table" conf="3"/></port>
  711. <port protocol="tcp" portid="3814"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="neto-dcs" method="table" conf="3"/></port>
  712. <port protocol="tcp" portid="3826"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wormux" method="table" conf="3"/></port>
  713. <port protocol="tcp" portid="3827"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netmpi" method="table" conf="3"/></port>
  714. <port protocol="tcp" portid="3828"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="neteh" method="table" conf="3"/></port>
  715. <port protocol="tcp" portid="3851"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="spectraport" method="table" conf="3"/></port>
  716. <port protocol="tcp" portid="3869"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ovsam-mgmt" method="table" conf="3"/></port>
  717. <port protocol="tcp" portid="3871"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="avocent-adsap" method="table" conf="3"/></port>
  718. <port protocol="tcp" portid="3878"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fotogcad" method="table" conf="3"/></port>
  719. <port protocol="tcp" portid="3880"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="igrs" method="table" conf="3"/></port>
  720. <port protocol="tcp" portid="3889"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dandv-tester" method="table" conf="3"/></port>
  721. <port protocol="tcp" portid="3905"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mupdate" method="table" conf="3"/></port>
  722. <port protocol="tcp" portid="3918"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pktcablemmcops" method="table" conf="3"/></port>
  723. <port protocol="tcp" portid="3920"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="exasoftport1" method="table" conf="3"/></port>
  724. <port protocol="tcp" portid="3945"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="emcads" method="table" conf="3"/></port>
  725. <port protocol="tcp" portid="3971"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="lanrevserver" method="table" conf="3"/></port>
  726. <port protocol="tcp" portid="3986"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mapper-ws_ethd" method="table" conf="3"/></port>
  727. <port protocol="tcp" portid="3995"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iss-mgmt-ssl" method="table" conf="3"/></port>
  728. <port protocol="tcp" portid="3998"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dnx" method="table" conf="3"/></port>
  729. <port protocol="tcp" portid="4000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="remoteanything" method="table" conf="3"/></port>
  730. <port protocol="tcp" portid="4001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="newoak" method="table" conf="3"/></port>
  731. <port protocol="tcp" portid="4002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mlchat-proxy" method="table" conf="3"/></port>
  732. <port protocol="tcp" portid="4003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pxc-splr-ft" method="table" conf="3"/></port>
  733. <port protocol="tcp" portid="4004"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pxc-roid" method="table" conf="3"/></port>
  734. <port protocol="tcp" portid="4005"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pxc-pin" method="table" conf="3"/></port>
  735. <port protocol="tcp" portid="4006"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pxc-spvr" method="table" conf="3"/></port>
  736. <port protocol="tcp" portid="4045"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="lockd" method="table" conf="3"/></port>
  737. <port protocol="tcp" portid="4111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xgrid" method="table" conf="3"/></port>
  738. <port protocol="tcp" portid="4125"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rww" method="table" conf="3"/></port>
  739. <port protocol="tcp" portid="4126"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ddrepl" method="table" conf="3"/></port>
  740. <port protocol="tcp" portid="4129"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nuauth" method="table" conf="3"/></port>
  741. <port protocol="tcp" portid="4224"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xtell" method="table" conf="3"/></port>
  742. <port protocol="tcp" portid="4242"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vrml-multi-use" method="table" conf="3"/></port>
  743. <port protocol="tcp" portid="4279"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vrml-multi-use" method="table" conf="3"/></port>
  744. <port protocol="tcp" portid="4321"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rwhois" method="table" conf="3"/></port>
  745. <port protocol="tcp" portid="4343"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unicall" method="table" conf="3"/></port>
  746. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  747. <port protocol="tcp" portid="4444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  748. <port protocol="tcp" portid="4445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="upnotifyp" method="table" conf="3"/></port>
  749. <port protocol="tcp" portid="4446"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="n1-fwp" method="table" conf="3"/></port>
  750. <port protocol="tcp" portid="4449"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="privatewire" method="table" conf="3"/></port>
  751. <port protocol="tcp" portid="4550"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="gds-adppiw-db" method="table" conf="3"/></port>
  752. <port protocol="tcp" portid="4567"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tram" method="table" conf="3"/></port>
  753. <port protocol="tcp" portid="4662"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="edonkey" method="table" conf="3"/></port>
  754. <port protocol="tcp" portid="4848"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="appserv-http" method="table" conf="3"/></port>
  755. <port protocol="tcp" portid="4899"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radmin" method="table" conf="3"/></port>
  756. <port protocol="tcp" portid="4900"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hfcs" method="table" conf="3"/></port>
  757. <port protocol="tcp" portid="4998"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="maybe-veritas" method="table" conf="3"/></port>
  758. <port protocol="tcp" portid="5000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  759. <port protocol="tcp" portid="5001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="commplex-link" method="table" conf="3"/></port>
  760. <port protocol="tcp" portid="5002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rfe" method="table" conf="3"/></port>
  761. <port protocol="tcp" portid="5003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="filemaker" method="table" conf="3"/></port>
  762. <port protocol="tcp" portid="5004"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="avt-profile-1" method="table" conf="3"/></port>
  763. <port protocol="tcp" portid="5009"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="airport-admin" method="table" conf="3"/></port>
  764. <port protocol="tcp" portid="5030"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="surfpass" method="table" conf="3"/></port>
  765. <port protocol="tcp" portid="5033"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jtnetd-server" method="table" conf="3"/></port>
  766. <port protocol="tcp" portid="5050"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mmcc" method="table" conf="3"/></port>
  767. <port protocol="tcp" portid="5051"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ida-agent" method="table" conf="3"/></port>
  768. <port protocol="tcp" portid="5054"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rlm-admin" method="table" conf="3"/></port>
  769. <port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sip" method="table" conf="3"/></port>
  770. <port protocol="tcp" portid="5061"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sip-tls" method="table" conf="3"/></port>
  771. <port protocol="tcp" portid="5080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="onscreen" method="table" conf="3"/></port>
  772. <port protocol="tcp" portid="5087"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="biotic" method="table" conf="3"/></port>
  773. <port protocol="tcp" portid="5100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="admd" method="table" conf="3"/></port>
  774. <port protocol="tcp" portid="5101"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="admdog" method="table" conf="3"/></port>
  775. <port protocol="tcp" portid="5102"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="admeng" method="table" conf="3"/></port>
  776. <port protocol="tcp" portid="5120"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="barracuda-bbs" method="table" conf="3"/></port>
  777. <port protocol="tcp" portid="5190"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="aol" method="table" conf="3"/></port>
  778. <port protocol="tcp" portid="5200"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="targus-getdata" method="table" conf="3"/></port>
  779. <port protocol="tcp" portid="5214"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  780. <port protocol="tcp" portid="5221"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="3exmp" method="table" conf="3"/></port>
  781. <port protocol="tcp" portid="5222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmpp-client" method="table" conf="3"/></port>
  782. <port protocol="tcp" portid="5225"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hp-server" method="table" conf="3"/></port>
  783. <port protocol="tcp" portid="5226"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hp-status" method="table" conf="3"/></port>
  784. <port protocol="tcp" portid="5269"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmpp-server" method="table" conf="3"/></port>
  785. <port protocol="tcp" portid="5280"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmpp-bosh" method="table" conf="3"/></port>
  786. <port protocol="tcp" portid="5298"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="presence" method="table" conf="3"/></port>
  787. <port protocol="tcp" portid="5357"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wsdapi" method="table" conf="3"/></port>
  788. <port protocol="tcp" portid="5405"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pcduo" method="table" conf="3"/></port>
  789. <port protocol="tcp" portid="5414"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="statusd" method="table" conf="3"/></port>
  790. <port protocol="tcp" portid="5431"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="park-agent" method="table" conf="3"/></port>
  791. <port protocol="tcp" portid="5432"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="postgresql" method="table" conf="3"/></port>
  792. <port protocol="tcp" portid="5440"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  793. <port protocol="tcp" portid="5500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hotline" method="table" conf="3"/></port>
  794. <port protocol="tcp" portid="5510"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="secureidprop" method="table" conf="3"/></port>
  795. <port protocol="tcp" portid="5544"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  796. <port protocol="tcp" portid="5550"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sdadmind" method="table" conf="3"/></port>
  797. <port protocol="tcp" portid="5555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="freeciv" method="table" conf="3"/></port>
  798. <port protocol="tcp" portid="5560"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isqlplus" method="table" conf="3"/></port>
  799. <port protocol="tcp" portid="5566"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="westec-connect" method="table" conf="3"/></port>
  800. <port protocol="tcp" portid="5631"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pcanywheredata" method="table" conf="3"/></port>
  801. <port protocol="tcp" portid="5633"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="beorl" method="table" conf="3"/></port>
  802. <port protocol="tcp" portid="5666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nrpe" method="table" conf="3"/></port>
  803. <port protocol="tcp" portid="5678"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rrac" method="table" conf="3"/></port>
  804. <port protocol="tcp" portid="5679"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="activesync" method="table" conf="3"/></port>
  805. <port protocol="tcp" portid="5718"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dpm" method="table" conf="3"/></port>
  806. <port protocol="tcp" portid="5730"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unieng" method="table" conf="3"/></port>
  807. <port protocol="tcp" portid="5800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  808. <port protocol="tcp" portid="5801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-http-1" method="table" conf="3"/></port>
  809. <port protocol="tcp" portid="5802"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-http-2" method="table" conf="3"/></port>
  810. <port protocol="tcp" portid="5810"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  811. <port protocol="tcp" portid="5811"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  812. <port protocol="tcp" portid="5815"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  813. <port protocol="tcp" portid="5822"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  814. <port protocol="tcp" portid="5825"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  815. <port protocol="tcp" portid="5850"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  816. <port protocol="tcp" portid="5859"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wherehoo" method="table" conf="3"/></port>
  817. <port protocol="tcp" portid="5862"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  818. <port protocol="tcp" portid="5877"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  819. <port protocol="tcp" portid="5900"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  820. <port protocol="tcp" portid="5901"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-1" method="table" conf="3"/></port>
  821. <port protocol="tcp" portid="5902"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-2" method="table" conf="3"/></port>
  822. <port protocol="tcp" portid="5903"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-3" method="table" conf="3"/></port>
  823. <port protocol="tcp" portid="5904"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  824. <port protocol="tcp" portid="5906"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  825. <port protocol="tcp" portid="5907"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  826. <port protocol="tcp" portid="5910"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cm" method="table" conf="3"/></port>
  827. <port protocol="tcp" portid="5911"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cpdlc" method="table" conf="3"/></port>
  828. <port protocol="tcp" portid="5915"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  829. <port protocol="tcp" portid="5922"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  830. <port protocol="tcp" portid="5925"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  831. <port protocol="tcp" portid="5950"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  832. <port protocol="tcp" portid="5952"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  833. <port protocol="tcp" portid="5959"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  834. <port protocol="tcp" portid="5960"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  835. <port protocol="tcp" portid="5961"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  836. <port protocol="tcp" portid="5962"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  837. <port protocol="tcp" portid="5963"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="indy" method="table" conf="3"/></port>
  838. <port protocol="tcp" portid="5987"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wbem-rmi" method="table" conf="3"/></port>
  839. <port protocol="tcp" portid="5988"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wbem-http" method="table" conf="3"/></port>
  840. <port protocol="tcp" portid="5989"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wbem-https" method="table" conf="3"/></port>
  841. <port protocol="tcp" portid="5998"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ncd-diag" method="table" conf="3"/></port>
  842. <port protocol="tcp" portid="5999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ncd-conf" method="table" conf="3"/></port>
  843. <port protocol="tcp" portid="6000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11" method="table" conf="3"/></port>
  844. <port protocol="tcp" portid="6001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:1" method="table" conf="3"/></port>
  845. <port protocol="tcp" portid="6002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:2" method="table" conf="3"/></port>
  846. <port protocol="tcp" portid="6003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:3" method="table" conf="3"/></port>
  847. <port protocol="tcp" portid="6004"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:4" method="table" conf="3"/></port>
  848. <port protocol="tcp" portid="6005"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:5" method="table" conf="3"/></port>
  849. <port protocol="tcp" portid="6006"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:6" method="table" conf="3"/></port>
  850. <port protocol="tcp" portid="6007"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:7" method="table" conf="3"/></port>
  851. <port protocol="tcp" portid="6009"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:9" method="table" conf="3"/></port>
  852. <port protocol="tcp" portid="6025"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="x11" method="table" conf="3"/></port>
  853. <port protocol="tcp" portid="6059"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:59" method="table" conf="3"/></port>
  854. <port protocol="tcp" portid="6100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="synchronet-db" method="table" conf="3"/></port>
  855. <port protocol="tcp" portid="6101"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="backupexec" method="table" conf="3"/></port>
  856. <port protocol="tcp" portid="6106"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isdninfo" method="table" conf="3"/></port>
  857. <port protocol="tcp" portid="6112"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dtspc" method="table" conf="3"/></port>
  858. <port protocol="tcp" portid="6123"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="backup-express" method="table" conf="3"/></port>
  859. <port protocol="tcp" portid="6129"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  860. <port protocol="tcp" portid="6156"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  861. <port protocol="tcp" portid="6346"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="gnutella" method="table" conf="3"/></port>
  862. <port protocol="tcp" portid="6389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="clariion-evr01" method="table" conf="3"/></port>
  863. <port protocol="tcp" portid="6502"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netop-rc" method="table" conf="3"/></port>
  864. <port protocol="tcp" portid="6510"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mcer-port" method="table" conf="3"/></port>
  865. <port protocol="tcp" portid="6543"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mythtv" method="table" conf="3"/></port>
  866. <port protocol="tcp" portid="6547"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="powerchuteplus" method="table" conf="3"/></port>
  867. <port protocol="tcp" portid="6565"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  868. <port protocol="tcp" portid="6566"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sane-port" method="table" conf="3"/></port>
  869. <port protocol="tcp" portid="6567"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="esp" method="table" conf="3"/></port>
  870. <port protocol="tcp" portid="6580"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="parsec-master" method="table" conf="3"/></port>
  871. <port protocol="tcp" portid="6646"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  872. <port protocol="tcp" portid="6666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  873. <port protocol="tcp" portid="6667"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  874. <port protocol="tcp" portid="6668"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  875. <port protocol="tcp" portid="6689"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tsa" method="table" conf="3"/></port>
  876. <port protocol="tcp" portid="6692"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  877. <port protocol="tcp" portid="6699"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="napster" method="table" conf="3"/></port>
  878. <port protocol="tcp" portid="6779"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  879. <port protocol="tcp" portid="6788"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smc-http" method="table" conf="3"/></port>
  880. <port protocol="tcp" portid="6789"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ibm-db2-admin" method="table" conf="3"/></port>
  881. <port protocol="tcp" portid="6792"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  882. <port protocol="tcp" portid="6839"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  883. <port protocol="tcp" portid="6881"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bittorrent-tracker" method="table" conf="3"/></port>
  884. <port protocol="tcp" portid="6901"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jetstream" method="table" conf="3"/></port>
  885. <port protocol="tcp" portid="6969"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="acmsoda" method="table" conf="3"/></port>
  886. <port protocol="tcp" portid="7000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-fileserver" method="table" conf="3"/></port>
  887. <port protocol="tcp" portid="7001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-callback" method="table" conf="3"/></port>
  888. <port protocol="tcp" portid="7002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-prserver" method="table" conf="3"/></port>
  889. <port protocol="tcp" portid="7004"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-kaserver" method="table" conf="3"/></port>
  890. <port protocol="tcp" portid="7007"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-bos" method="table" conf="3"/></port>
  891. <port protocol="tcp" portid="7019"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="doceri-ctl" method="table" conf="3"/></port>
  892. <port protocol="tcp" portid="7025"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vmsvc-2" method="table" conf="3"/></port>
  893. <port protocol="tcp" portid="7070"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="realserver" method="table" conf="3"/></port>
  894. <port protocol="tcp" portid="7100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="font-service" method="table" conf="3"/></port>
  895. <port protocol="tcp" portid="7103"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  896. <port protocol="tcp" portid="7106"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  897. <port protocol="tcp" portid="7200"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fodms" method="table" conf="3"/></port>
  898. <port protocol="tcp" portid="7201"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dlip" method="table" conf="3"/></port>
  899. <port protocol="tcp" portid="7402"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rtps-dd-mt" method="table" conf="3"/></port>
  900. <port protocol="tcp" portid="7435"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  901. <port protocol="tcp" portid="7443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oracleas-https" method="table" conf="3"/></port>
  902. <port protocol="tcp" portid="7496"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  903. <port protocol="tcp" portid="7512"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  904. <port protocol="tcp" portid="7625"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  905. <port protocol="tcp" portid="7627"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="soap-http" method="table" conf="3"/></port>
  906. <port protocol="tcp" portid="7676"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imqbrokerd" method="table" conf="3"/></port>
  907. <port protocol="tcp" portid="7741"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="scriptview" method="table" conf="3"/></port>
  908. <port protocol="tcp" portid="7777"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cbt" method="table" conf="3"/></port>
  909. <port protocol="tcp" portid="7778"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="interwise" method="table" conf="3"/></port>
  910. <port protocol="tcp" portid="7800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="asr" method="table" conf="3"/></port>
  911. <port protocol="tcp" portid="7911"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  912. <port protocol="tcp" portid="7920"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  913. <port protocol="tcp" portid="7921"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  914. <port protocol="tcp" portid="7937"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nsrexecd" method="table" conf="3"/></port>
  915. <port protocol="tcp" portid="7938"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="lgtomapper" method="table" conf="3"/></port>
  916. <port protocol="tcp" portid="7999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="irdmi2" method="table" conf="3"/></port>
  917. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  918. <port protocol="tcp" portid="8001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vcom-tunnel" method="table" conf="3"/></port>
  919. <port protocol="tcp" portid="8002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="teradataordbms" method="table" conf="3"/></port>
  920. <port protocol="tcp" portid="8007"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ajp12" method="table" conf="3"/></port>
  921. <port protocol="tcp" portid="8008"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  922. <port protocol="tcp" portid="8009"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ajp13" method="table" conf="3"/></port>
  923. <port protocol="tcp" portid="8010"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmpp" method="table" conf="3"/></port>
  924. <port protocol="tcp" portid="8011"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  925. <port protocol="tcp" portid="8021"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp-proxy" method="table" conf="3"/></port>
  926. <port protocol="tcp" portid="8022"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oa-system" method="table" conf="3"/></port>
  927. <port protocol="tcp" portid="8031"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  928. <port protocol="tcp" portid="8042"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fs-agent" method="table" conf="3"/></port>
  929. <port protocol="tcp" portid="8045"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  930. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  931. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  932. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  933. <port protocol="tcp" portid="8083"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="us-srv" method="table" conf="3"/></port>
  934. <port protocol="tcp" portid="8084"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  935. <port protocol="tcp" portid="8085"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  936. <port protocol="tcp" portid="8086"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="d-s-n" method="table" conf="3"/></port>
  937. <port protocol="tcp" portid="8087"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="simplifymedia" method="table" conf="3"/></port>
  938. <port protocol="tcp" portid="8088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  939. <port protocol="tcp" portid="8089"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  940. <port protocol="tcp" portid="8090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="opsmessaging" method="table" conf="3"/></port>
  941. <port protocol="tcp" portid="8093"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  942. <port protocol="tcp" portid="8099"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  943. <port protocol="tcp" portid="8100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xprint-server" method="table" conf="3"/></port>
  944. <port protocol="tcp" portid="8180"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  945. <port protocol="tcp" portid="8181"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="intermapper" method="table" conf="3"/></port>
  946. <port protocol="tcp" portid="8192"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sophos" method="table" conf="3"/></port>
  947. <port protocol="tcp" portid="8193"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sophos" method="table" conf="3"/></port>
  948. <port protocol="tcp" portid="8194"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sophos" method="table" conf="3"/></port>
  949. <port protocol="tcp" portid="8200"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="trivnet1" method="table" conf="3"/></port>
  950. <port protocol="tcp" portid="8222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  951. <port protocol="tcp" portid="8254"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  952. <port protocol="tcp" portid="8290"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  953. <port protocol="tcp" portid="8291"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  954. <port protocol="tcp" portid="8292"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blp3" method="table" conf="3"/></port>
  955. <port protocol="tcp" portid="8300"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tmi" method="table" conf="3"/></port>
  956. <port protocol="tcp" portid="8333"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bitcoin" method="table" conf="3"/></port>
  957. <port protocol="tcp" portid="8383"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="m2mservices" method="table" conf="3"/></port>
  958. <port protocol="tcp" portid="8400"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cvd" method="table" conf="3"/></port>
  959. <port protocol="tcp" portid="8402"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="abarsd" method="table" conf="3"/></port>
  960. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  961. <port protocol="tcp" portid="8500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fmtp" method="table" conf="3"/></port>
  962. <port protocol="tcp" portid="8600"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="asterix" method="table" conf="3"/></port>
  963. <port protocol="tcp" portid="8649"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  964. <port protocol="tcp" portid="8651"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  965. <port protocol="tcp" portid="8652"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  966. <port protocol="tcp" portid="8654"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  967. <port protocol="tcp" portid="8701"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  968. <port protocol="tcp" portid="8800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sunwebadmin" method="table" conf="3"/></port>
  969. <port protocol="tcp" portid="8873"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dxspider" method="table" conf="3"/></port>
  970. <port protocol="tcp" portid="8899"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ospf-lite" method="table" conf="3"/></port>
  971. <port protocol="tcp" portid="8994"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  972. <port protocol="tcp" portid="9000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cslistener" method="table" conf="3"/></port>
  973. <port protocol="tcp" portid="9001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tor-orport" method="table" conf="3"/></port>
  974. <port protocol="tcp" portid="9002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dynamid" method="table" conf="3"/></port>
  975. <port protocol="tcp" portid="9003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  976. <port protocol="tcp" portid="9009"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pichat" method="table" conf="3"/></port>
  977. <port protocol="tcp" portid="9010"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sdr" method="table" conf="3"/></port>
  978. <port protocol="tcp" portid="9011"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="d-star" method="table" conf="3"/></port>
  979. <port protocol="tcp" portid="9040"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tor-trans" method="table" conf="3"/></port>
  980. <port protocol="tcp" portid="9050"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tor-socks" method="table" conf="3"/></port>
  981. <port protocol="tcp" portid="9071"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  982. <port protocol="tcp" portid="9080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="glrpc" method="table" conf="3"/></port>
  983. <port protocol="tcp" portid="9081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-aqos" method="table" conf="3"/></port>
  984. <port protocol="tcp" portid="9090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zeus-admin" method="table" conf="3"/></port>
  985. <port protocol="tcp" portid="9091"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmltec-xmlmail" method="table" conf="3"/></port>
  986. <port protocol="tcp" portid="9099"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  987. <port protocol="tcp" portid="9100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jetdirect" method="table" conf="3"/></port>
  988. <port protocol="tcp" portid="9101"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jetdirect" method="table" conf="3"/></port>
  989. <port protocol="tcp" portid="9102"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jetdirect" method="table" conf="3"/></port>
  990. <port protocol="tcp" portid="9103"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jetdirect" method="table" conf="3"/></port>
  991. <port protocol="tcp" portid="9110"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  992. <port protocol="tcp" portid="9111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="DragonIDSConsole" method="table" conf="3"/></port>
  993. <port protocol="tcp" portid="9200"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wap-wsp" method="table" conf="3"/></port>
  994. <port protocol="tcp" portid="9207"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wap-vcal-s" method="table" conf="3"/></port>
  995. <port protocol="tcp" portid="9220"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  996. <port protocol="tcp" portid="9290"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  997. <port protocol="tcp" portid="9415"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  998. <port protocol="tcp" portid="9418"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="git" method="table" conf="3"/></port>
  999. <port protocol="tcp" portid="9485"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1000. <port protocol="tcp" portid="9500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ismserver" method="table" conf="3"/></port>
  1001. <port protocol="tcp" portid="9502"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1002. <port protocol="tcp" portid="9503"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1003. <port protocol="tcp" portid="9535"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="man" method="table" conf="3"/></port>
  1004. <port protocol="tcp" portid="9575"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1005. <port protocol="tcp" portid="9593"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cba8" method="table" conf="3"/></port>
  1006. <port protocol="tcp" portid="9594"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msgsys" method="table" conf="3"/></port>
  1007. <port protocol="tcp" portid="9595"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pds" method="table" conf="3"/></port>
  1008. <port protocol="tcp" portid="9618"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="condor" method="table" conf="3"/></port>
  1009. <port protocol="tcp" portid="9666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zoomcp" method="table" conf="3"/></port>
  1010. <port protocol="tcp" portid="9876"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sd" method="table" conf="3"/></port>
  1011. <port protocol="tcp" portid="9877"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1012. <port protocol="tcp" portid="9878"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="kca-service" method="table" conf="3"/></port>
  1013. <port protocol="tcp" portid="9898"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="monkeycom" method="table" conf="3"/></port>
  1014. <port protocol="tcp" portid="9900"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iua" method="table" conf="3"/></port>
  1015. <port protocol="tcp" portid="9917"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1016. <port protocol="tcp" portid="9929"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nping-echo" method="table" conf="3"/></port>
  1017. <port protocol="tcp" portid="9943"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1018. <port protocol="tcp" portid="9944"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1019. <port protocol="tcp" portid="9968"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1020. <port protocol="tcp" portid="9998"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="distinct32" method="table" conf="3"/></port>
  1021. <port protocol="tcp" portid="9999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="abyss" method="table" conf="3"/></port>
  1022. <port protocol="tcp" portid="10000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snet-sensor-mgmt" method="table" conf="3"/></port>
  1023. <port protocol="tcp" portid="10001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="scp-config" method="table" conf="3"/></port>
  1024. <port protocol="tcp" portid="10003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="documentum_s" method="table" conf="3"/></port>
  1025. <port protocol="tcp" portid="10009"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="swdtp-sv" method="table" conf="3"/></port>
  1026. <port protocol="tcp" portid="10010"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rxapi" method="table" conf="3"/></port>
  1027. <port protocol="tcp" portid="10012"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1028. <port protocol="tcp" portid="10025"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1029. <port protocol="tcp" portid="10082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="amandaidx" method="table" conf="3"/></port>
  1030. <port protocol="tcp" portid="10180"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1031. <port protocol="tcp" portid="10215"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1032. <port protocol="tcp" portid="10243"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1033. <port protocol="tcp" portid="10566"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1034. <port protocol="tcp" portid="10616"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1035. <port protocol="tcp" portid="10617"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1036. <port protocol="tcp" portid="10621"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1037. <port protocol="tcp" portid="10626"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1038. <port protocol="tcp" portid="10628"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1039. <port protocol="tcp" portid="10629"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1040. <port protocol="tcp" portid="10778"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1041. <port protocol="tcp" portid="11110"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sgi-soap" method="table" conf="3"/></port>
  1042. <port protocol="tcp" portid="11111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vce" method="table" conf="3"/></port>
  1043. <port protocol="tcp" portid="11967"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sysinfo-sp" method="table" conf="3"/></port>
  1044. <port protocol="tcp" portid="12000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cce4x" method="table" conf="3"/></port>
  1045. <port protocol="tcp" portid="12174"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1046. <port protocol="tcp" portid="12265"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1047. <port protocol="tcp" portid="12345"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbus" method="table" conf="3"/></port>
  1048. <port protocol="tcp" portid="13456"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1049. <port protocol="tcp" portid="13722"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbackup" method="table" conf="3"/></port>
  1050. <port protocol="tcp" portid="13782"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbackup" method="table" conf="3"/></port>
  1051. <port protocol="tcp" portid="13783"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbackup" method="table" conf="3"/></port>
  1052. <port protocol="tcp" portid="14000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="scotty-ft" method="table" conf="3"/></port>
  1053. <port protocol="tcp" portid="14238"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1054. <port protocol="tcp" portid="14441"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1055. <port protocol="tcp" portid="14442"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1056. <port protocol="tcp" portid="15000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hydap" method="table" conf="3"/></port>
  1057. <port protocol="tcp" portid="15002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="onep-tls" method="table" conf="3"/></port>
  1058. <port protocol="tcp" portid="15003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1059. <port protocol="tcp" portid="15004"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1060. <port protocol="tcp" portid="15660"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="bex-xr" method="table" conf="3"/></port>
  1061. <port protocol="tcp" portid="15742"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1062. <port protocol="tcp" portid="16000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fmsas" method="table" conf="3"/></port>
  1063. <port protocol="tcp" portid="16001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="fmsascon" method="table" conf="3"/></port>
  1064. <port protocol="tcp" portid="16012"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1065. <port protocol="tcp" portid="16016"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1066. <port protocol="tcp" portid="16018"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1067. <port protocol="tcp" portid="16080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="osxwebadmin" method="table" conf="3"/></port>
  1068. <port protocol="tcp" portid="16113"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1069. <port protocol="tcp" portid="16992"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="amt-soap-http" method="table" conf="3"/></port>
  1070. <port protocol="tcp" portid="16993"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="amt-soap-https" method="table" conf="3"/></port>
  1071. <port protocol="tcp" portid="17877"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1072. <port protocol="tcp" portid="17988"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1073. <port protocol="tcp" portid="18040"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1074. <port protocol="tcp" portid="18101"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1075. <port protocol="tcp" portid="18988"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1076. <port protocol="tcp" portid="19101"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1077. <port protocol="tcp" portid="19283"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="keysrvr" method="table" conf="3"/></port>
  1078. <port protocol="tcp" portid="19315"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="keyshadow" method="table" conf="3"/></port>
  1079. <port protocol="tcp" portid="19350"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1080. <port protocol="tcp" portid="19780"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1081. <port protocol="tcp" portid="19801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1082. <port protocol="tcp" portid="19842"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1083. <port protocol="tcp" portid="20000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dnp" method="table" conf="3"/></port>
  1084. <port protocol="tcp" portid="20005"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="btx" method="table" conf="3"/></port>
  1085. <port protocol="tcp" portid="20031"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1086. <port protocol="tcp" portid="20221"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1087. <port protocol="tcp" portid="20222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ipulse-ics" method="table" conf="3"/></port>
  1088. <port protocol="tcp" portid="20828"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1089. <port protocol="tcp" portid="21571"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1090. <port protocol="tcp" portid="22939"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1091. <port protocol="tcp" portid="23502"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1092. <port protocol="tcp" portid="24444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1093. <port protocol="tcp" portid="24800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1094. <port protocol="tcp" portid="25734"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1095. <port protocol="tcp" portid="25735"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1096. <port protocol="tcp" portid="26214"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1097. <port protocol="tcp" portid="27000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="flexlm0" method="table" conf="3"/></port>
  1098. <port protocol="tcp" portid="27352"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1099. <port protocol="tcp" portid="27353"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1100. <port protocol="tcp" portid="27355"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1101. <port protocol="tcp" portid="27356"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1102. <port protocol="tcp" portid="27715"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1103. <port protocol="tcp" portid="28201"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1104. <port protocol="tcp" portid="30000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ndmps" method="table" conf="3"/></port>
  1105. <port protocol="tcp" portid="30718"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1106. <port protocol="tcp" portid="30951"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1107. <port protocol="tcp" portid="31038"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1108. <port protocol="tcp" portid="31337"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="Elite" method="table" conf="3"/></port>
  1109. <port protocol="tcp" portid="32768"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="filenet-tms" method="table" conf="3"/></port>
  1110. <port protocol="tcp" portid="32769"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="filenet-rpc" method="table" conf="3"/></port>
  1111. <port protocol="tcp" portid="32770"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc3" method="table" conf="3"/></port>
  1112. <port protocol="tcp" portid="32771"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc5" method="table" conf="3"/></port>
  1113. <port protocol="tcp" portid="32772"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc7" method="table" conf="3"/></port>
  1114. <port protocol="tcp" portid="32773"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc9" method="table" conf="3"/></port>
  1115. <port protocol="tcp" portid="32774"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc11" method="table" conf="3"/></port>
  1116. <port protocol="tcp" portid="32775"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc13" method="table" conf="3"/></port>
  1117. <port protocol="tcp" portid="32776"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc15" method="table" conf="3"/></port>
  1118. <port protocol="tcp" portid="32777"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc17" method="table" conf="3"/></port>
  1119. <port protocol="tcp" portid="32778"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc19" method="table" conf="3"/></port>
  1120. <port protocol="tcp" portid="32779"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc21" method="table" conf="3"/></port>
  1121. <port protocol="tcp" portid="32780"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc23" method="table" conf="3"/></port>
  1122. <port protocol="tcp" portid="32781"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1123. <port protocol="tcp" portid="32782"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1124. <port protocol="tcp" portid="32783"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1125. <port protocol="tcp" portid="32784"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1126. <port protocol="tcp" portid="32785"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1127. <port protocol="tcp" portid="33354"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1128. <port protocol="tcp" portid="33899"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1129. <port protocol="tcp" portid="34571"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1130. <port protocol="tcp" portid="34572"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1131. <port protocol="tcp" portid="34573"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1132. <port protocol="tcp" portid="35500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1133. <port protocol="tcp" portid="38292"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="landesk-cba" method="table" conf="3"/></port>
  1134. <port protocol="tcp" portid="40193"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1135. <port protocol="tcp" portid="40911"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1136. <port protocol="tcp" portid="41511"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1137. <port protocol="tcp" portid="42510"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="caerpc" method="table" conf="3"/></port>
  1138. <port protocol="tcp" portid="44176"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1139. <port protocol="tcp" portid="44442"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="coldfusion-auth" method="table" conf="3"/></port>
  1140. <port protocol="tcp" portid="44443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="coldfusion-auth" method="table" conf="3"/></port>
  1141. <port protocol="tcp" portid="44501"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1142. <port protocol="tcp" portid="45100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1143. <port protocol="tcp" portid="48080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1144. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1145. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1146. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1147. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1148. <port protocol="tcp" portid="49156"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1149. <port protocol="tcp" portid="49157"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1150. <port protocol="tcp" portid="49158"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1151. <port protocol="tcp" portid="49159"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1152. <port protocol="tcp" portid="49160"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1153. <port protocol="tcp" portid="49161"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1154. <port protocol="tcp" portid="49163"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1155. <port protocol="tcp" portid="49165"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1156. <port protocol="tcp" portid="49167"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1157. <port protocol="tcp" portid="49175"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1158. <port protocol="tcp" portid="49176"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1159. <port protocol="tcp" portid="49400"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="compaqdiag" method="table" conf="3"/></port>
  1160. <port protocol="tcp" portid="49999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1161. <port protocol="tcp" portid="50000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ibm-db2" method="table" conf="3"/></port>
  1162. <port protocol="tcp" portid="50001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1163. <port protocol="tcp" portid="50002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iiimsf" method="table" conf="3"/></port>
  1164. <port protocol="tcp" portid="50003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1165. <port protocol="tcp" portid="50006"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1166. <port protocol="tcp" portid="50300"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1167. <port protocol="tcp" portid="50389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1168. <port protocol="tcp" portid="50500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1169. <port protocol="tcp" portid="50636"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1170. <port protocol="tcp" portid="50800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1171. <port protocol="tcp" portid="51103"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1172. <port protocol="tcp" portid="51493"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1173. <port protocol="tcp" portid="52673"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1174. <port protocol="tcp" portid="52822"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1175. <port protocol="tcp" portid="52848"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1176. <port protocol="tcp" portid="52869"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1177. <port protocol="tcp" portid="54045"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1178. <port protocol="tcp" portid="54328"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1179. <port protocol="tcp" portid="55055"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1180. <port protocol="tcp" portid="55056"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1181. <port protocol="tcp" portid="55555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1182. <port protocol="tcp" portid="55600"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1183. <port protocol="tcp" portid="56737"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1184. <port protocol="tcp" portid="56738"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1185. <port protocol="tcp" portid="57294"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1186. <port protocol="tcp" portid="57797"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1187. <port protocol="tcp" portid="58080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1188. <port protocol="tcp" portid="60020"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1189. <port protocol="tcp" portid="60443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1190. <port protocol="tcp" portid="61532"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1191. <port protocol="tcp" portid="61900"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1192. <port protocol="tcp" portid="62078"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iphone-sync" method="table" conf="3"/></port>
  1193. <port protocol="tcp" portid="63331"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1194. <port protocol="tcp" portid="64623"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1195. <port protocol="tcp" portid="64680"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1196. <port protocol="tcp" portid="65000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1197. <port protocol="tcp" portid="65129"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1198. <port protocol="tcp" portid="65389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1199. </ports>
  1200. <times srtt="71198" rttvar="3996" to="100000"/>
  1201. </host>
  1202. <host starttime="1606751262" endtime="1606755017"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1203. <address addr="217.12.218.250" addrtype="ipv4"/>
  1204. <hostnames>
  1205. <hostname name="dedic-aprilim-640160.hosted-by-itldc.com" type="PTR"/>
  1206. </hostnames>
  1207. <ports><extraports state="closed" count="990">
  1208. <extrareasons reason="conn-refused" count="990"/>
  1209. </extraports>
  1210. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1211. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1212. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 35000&#xa;Jitter: 22&#xa;Maxdns: 245&#xa;C2 Server: 217.12.218.250,/questions/32251816/c-sharp-directives-compilation-error,zbfgns.xyz,/questions/32251816/c-sharp-directives-compilation-error&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36&#xa;HTTP Method Path 2: /questions/32251817/c-sharp-directives-compilation-error&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 35000&#xa;Jitter: 22&#xa;Maxdns: 245&#xa;C2 Server: 217.12.218.250,/questions/32251816/c-sharp-directives-compilation-error,zbfgns.xyz,/questions/32251816/c-sharp-directives-compilation-error&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36&#xa;HTTP Method Path 2: /questions/32251817/c-sharp-directives-compilation-error&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1213. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  1214. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1215. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1216. <port protocol="tcp" portid="444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snpp" method="table" conf="3"/></port>
  1217. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1218. <port protocol="tcp" portid="616"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="sco-sysmgr" method="table" conf="3"/></port>
  1219. <port protocol="tcp" portid="9944"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1220. </ports>
  1221. <times srtt="95667" rttvar="1325" to="100967"/>
  1222. </host>
  1223. <host starttime="1606751262" endtime="1606755014"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1224. <address addr="198.44.97.179" addrtype="ipv4"/>
  1225. <hostnames>
  1226. <hostname name="hwsrv-803384.hostwindsdns.com" type="PTR"/>
  1227. </hostnames>
  1228. <ports><extraports state="closed" count="995">
  1229. <extrareasons reason="conn-refused" count="995"/>
  1230. </extraports>
  1231. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1232. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1233. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 198.44.97.180,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 198.44.97.180,/pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1234. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  1235. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1236. </ports>
  1237. <times srtt="93599" rttvar="785" to="100000"/>
  1238. </host>
  1239. <host starttime="1606751263" endtime="1606755029"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1240. <address addr="198.44.97.181" addrtype="ipv4"/>
  1241. <hostnames>
  1242. <hostname name="client-198-44-97-181.hostwindsdns.com" type="PTR"/>
  1243. </hostnames>
  1244. <ports><extraports state="closed" count="995">
  1245. <extrareasons reason="conn-refused" count="995"/>
  1246. </extraports>
  1247. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1248. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1249. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 198.44.97.180,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 198.44.97.180,/pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1250. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  1251. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 198.44.97.180,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1252. </ports>
  1253. <times srtt="94492" rttvar="919" to="100000"/>
  1254. </host>
  1255. <host starttime="1606751263" endtime="1606755021"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1256. <address addr="35.193.193.149" addrtype="ipv4"/>
  1257. <hostnames>
  1258. <hostname name="149.193.193.35.bc.googleusercontent.com" type="PTR"/>
  1259. </hostnames>
  1260. <ports><extraports state="filtered" count="996">
  1261. <extrareasons reason="no-responses" count="996"/>
  1262. </extraports>
  1263. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1264. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  1265. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 35.193.193.149,/load&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1266. <port protocol="tcp" portid="3389"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  1267. </ports>
  1268. <times srtt="50906" rttvar="13134" to="103442"/>
  1269. </host>
  1270. <host starttime="1606751262" endtime="1606755021"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1271. <address addr="202.61.87.136" addrtype="ipv4"/>
  1272. <hostnames>
  1273. </hostnames>
  1274. <ports><extraports state="closed" count="986">
  1275. <extrareasons reason="conn-refused" count="986"/>
  1276. </extraports>
  1277. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1278. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  1279. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1280. <port protocol="tcp" portid="109"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop2" method="table" conf="3"/></port>
  1281. <port protocol="tcp" portid="110"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop3" method="table" conf="3"/></port>
  1282. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  1283. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1284. <port protocol="tcp" portid="143"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="imap" method="table" conf="3"/></port>
  1285. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1286. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1287. <port protocol="tcp" portid="465"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  1288. <port protocol="tcp" portid="587"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="submission" method="table" conf="3"/></port>
  1289. <port protocol="tcp" portid="993"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="imaps" method="table" conf="3"/></port>
  1290. <port protocol="tcp" portid="995"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop3s" method="table" conf="3"/></port>
  1291. </ports>
  1292. <times srtt="223077" rttvar="7976" to="254981"/>
  1293. </host>
  1294. <host starttime="1606751262" endtime="1606755023"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1295. <address addr="217.61.61.60" addrtype="ipv4"/>
  1296. <hostnames>
  1297. <hostname name="host60-61-61-217.serverdedicati.aruba.it" type="PTR"/>
  1298. </hostnames>
  1299. <ports><extraports state="closed" count="994">
  1300. <extrareasons reason="conn-refused" count="994"/>
  1301. </extraports>
  1302. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1303. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1304. <port protocol="tcp" portid="179"><state state="filtered" reason="host-unreach" reason_ttl="0"/><service name="bgp" method="table" conf="3"/></port>
  1305. <port protocol="tcp" portid="416"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="silverplatter" method="table" conf="3"/></port>
  1306. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1307. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1308. </ports>
  1309. <times srtt="108798" rttvar="1219" to="113674"/>
  1310. </host>
  1311. <host starttime="1606751262" endtime="1606754963"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1312. <address addr="218.253.251.102" addrtype="ipv4"/>
  1313. <hostnames>
  1314. <hostname name="102.251-253-218-static.reserve.wtt.net.hk" type="PTR"/>
  1315. </hostnames>
  1316. <ports><extraports state="closed" count="987">
  1317. <extrareasons reason="conn-refused" count="987"/>
  1318. </extraports>
  1319. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1320. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1321. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  1322. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1323. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1324. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1325. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  1326. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1327. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1328. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1329. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1330. <port protocol="tcp" portid="49157"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1331. <port protocol="tcp" portid="49161"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1332. </ports>
  1333. <times srtt="215877" rttvar="1677" to="222585"/>
  1334. </host>
  1335. <host starttime="1606751261" endtime="1606755007"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1336. <address addr="185.158.249.12" addrtype="ipv4"/>
  1337. <hostnames>
  1338. <hostname name="hernieuwrbnk.icu" type="PTR"/>
  1339. </hostnames>
  1340. <ports><extraports state="closed" count="993">
  1341. <extrareasons reason="conn-refused" count="993"/>
  1342. </extraports>
  1343. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1344. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1345. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.158.249.12,/pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.158.249.12,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1346. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  1347. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1348. <port protocol="tcp" portid="7676"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imqbrokerd" method="table" conf="3"/></port>
  1349. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.158.249.12,/load&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS125526)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.158.249.12,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1350. </ports>
  1351. <times srtt="92740" rttvar="1212" to="100000"/>
  1352. </host>
  1353. <host starttime="1606751262" endtime="1606755000"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1354. <address addr="185.189.183.172" addrtype="ipv4"/>
  1355. <hostnames>
  1356. <hostname name="185-189-183-172.rdns.itconnectsyou.nl" type="PTR"/>
  1357. </hostnames>
  1358. <ports><extraports state="filtered" count="997">
  1359. <extrareasons reason="no-responses" count="997"/>
  1360. </extraports>
  1361. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  1362. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1363. <port protocol="tcp" portid="8083"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="us-srv" method="table" conf="3"/></port>
  1364. </ports>
  1365. <times srtt="93535" rttvar="1549" to="100000"/>
  1366. </host>
  1367. <host starttime="1606751262" endtime="1606755007"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1368. <address addr="185.191.32.180" addrtype="ipv4"/>
  1369. <hostnames>
  1370. </hostnames>
  1371. <ports><extraports state="closed" count="989">
  1372. <extrareasons reason="conn-refused" count="989"/>
  1373. </extraports>
  1374. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1375. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1376. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.191.32.180,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.191.32.180,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1377. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  1378. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1379. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1380. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1381. <port protocol="tcp" portid="2000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-sccp" method="table" conf="3"/></port>
  1382. <port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sip" method="table" conf="3"/></port>
  1383. <port protocol="tcp" portid="7777"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cbt" method="table" conf="3"/></port>
  1384. <port protocol="tcp" portid="7778"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="interwise" method="table" conf="3"/></port>
  1385. </ports>
  1386. <times srtt="135077" rttvar="1328" to="140389"/>
  1387. </host>
  1388. <host starttime="1606751269" endtime="1606754994"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1389. <address addr="185.82.126.47" addrtype="ipv4"/>
  1390. <hostnames>
  1391. </hostnames>
  1392. <ports><extraports state="closed" count="994">
  1393. <extrareasons reason="conn-refused" count="994"/>
  1394. </extraports>
  1395. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1396. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1397. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.82.126.47,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; FunWebProducts)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.82.126.47,/en_US/all.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1398. <port protocol="tcp" portid="82"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xfer" method="table" conf="3"/></port>
  1399. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1400. <port protocol="tcp" portid="5666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="nrpe" method="table" conf="3"/></port>
  1401. </ports>
  1402. <times srtt="126600" rttvar="3151" to="139204"/>
  1403. </host>
  1404. <host starttime="1606751262" endtime="1606755023"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1405. <address addr="185.236.201.102" addrtype="ipv4"/>
  1406. <hostnames>
  1407. <hostname name="no-mans-land.m247.com" type="PTR"/>
  1408. </hostnames>
  1409. <ports><extraports state="closed" count="994">
  1410. <extrareasons reason="conn-refused" count="994"/>
  1411. </extraports>
  1412. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  1413. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1414. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1415. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1416. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1417. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1418. </ports>
  1419. <times srtt="107548" rttvar="904" to="111164"/>
  1420. </host>
  1421. <host starttime="1606751262" endtime="1606755030"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1422. <address addr="218.253.251.90" addrtype="ipv4"/>
  1423. <hostnames>
  1424. <hostname name="90.251-253-218-static.reserve.wtt.net.hk" type="PTR"/>
  1425. </hostnames>
  1426. <ports><extraports state="closed" count="992">
  1427. <extrareasons reason="conn-refused" count="992"/>
  1428. </extraports>
  1429. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1430. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1431. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 218.253.251.90,/g.pixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 218.253.251.90,/push&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1432. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  1433. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 218.253.251.90,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASP)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1434. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1435. <port protocol="tcp" portid="8001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vcom-tunnel" method="table" conf="3"/></port>
  1436. <port protocol="tcp" portid="9502"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1437. </ports>
  1438. <times srtt="215007" rttvar="533" to="217139"/>
  1439. </host>
  1440. <host starttime="1606751262" endtime="1606755021"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1441. <address addr="185.153.198.121" addrtype="ipv4"/>
  1442. <hostnames>
  1443. <hostname name="server-185-153-198-121.cloudedic.net" type="PTR"/>
  1444. </hostnames>
  1445. <ports><extraports state="closed" count="995">
  1446. <extrareasons reason="conn-refused" count="995"/>
  1447. </extraports>
  1448. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1449. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1450. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1451. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1452. <port protocol="tcp" portid="7007"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-bos" method="table" conf="3"/></port>
  1453. </ports>
  1454. <times srtt="138954" rttvar="1653" to="145566"/>
  1455. </host>
  1456. <host starttime="1606751262" endtime="1606754967"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1457. <address addr="217.12.218.199" addrtype="ipv4"/>
  1458. <hostnames>
  1459. <hostname name="dedic-ammarik-646723.hosted-by-itldc.com" type="PTR"/>
  1460. </hostnames>
  1461. <ports><extraports state="closed" count="993">
  1462. <extrareasons reason="conn-refused" count="993"/>
  1463. </extraports>
  1464. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1465. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1466. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 35000&#xa;Jitter: 22&#xa;Maxdns: 245&#xa;C2 Server: 217.12.218.199,/questions/32251816/c-sharp-directives-compilation-error&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36&#xa;HTTP Method Path 2: /questions/32251817/c-sharp-directives-compilation-error&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 35000&#xa;Jitter: 22&#xa;Maxdns: 245&#xa;C2 Server: 217.12.218.199,/questions/32251816/c-sharp-directives-compilation-error&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36&#xa;HTTP Method Path 2: /questions/32251817/c-sharp-directives-compilation-error&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1467. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  1468. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1469. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 35000&#xa;Jitter: 22&#xa;Maxdns: 245&#xa;C2 Server: 217.12.218.199,/questions/32251816/c-sharp-directives-compilation-error&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36&#xa;HTTP Method Path 2: /questions/32251817/c-sharp-directives-compilation-error&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1470. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1471. </ports>
  1472. <times srtt="95063" rttvar="976" to="100000"/>
  1473. </host>
  1474. <host starttime="1606751262" endtime="1606755007"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1475. <address addr="192.236.232.228" addrtype="ipv4"/>
  1476. <hostnames>
  1477. <hostname name="hwsrv-758602.hostwindsdns.com" type="PTR"/>
  1478. </hostnames>
  1479. <ports><extraports state="closed" count="995">
  1480. <extrareasons reason="conn-refused" count="995"/>
  1481. </extraports>
  1482. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1483. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1484. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.236.232.228,/dpixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.236.232.228,/activity&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1485. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1486. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  1487. </ports>
  1488. <times srtt="93999" rttvar="1690" to="100759"/>
  1489. </host>
  1490. <host starttime="1606751263" endtime="1606755021"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1491. <address addr="156.255.3.224" addrtype="ipv4"/>
  1492. <hostnames>
  1493. </hostnames>
  1494. <ports><extraports state="filtered" count="998">
  1495. <extrareasons reason="no-responses" count="998"/>
  1496. </extraports>
  1497. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1498. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1499. </ports>
  1500. <times srtt="224566" rttvar="4097" to="240954"/>
  1501. </host>
  1502. <host starttime="1606751262" endtime="1606754987"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1503. <address addr="185.153.196.130" addrtype="ipv4"/>
  1504. <hostnames>
  1505. <hostname name="server-185-153-196-130.cloudedic.net" type="PTR"/>
  1506. </hostnames>
  1507. <ports><extraports state="closed" count="997">
  1508. <extrareasons reason="conn-refused" count="997"/>
  1509. </extraports>
  1510. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1511. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.153.196.130,/dot.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.153.196.130,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1512. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.153.196.130,/match&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1513. </ports>
  1514. <times srtt="137994" rttvar="1883" to="145526"/>
  1515. </host>
  1516. <host starttime="1606751262" endtime="1606755026"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1517. <address addr="167.88.125.73" addrtype="ipv4"/>
  1518. <hostnames>
  1519. </hostnames>
  1520. <ports><extraports state="closed" count="994">
  1521. <extrareasons reason="conn-refused" count="994"/>
  1522. </extraports>
  1523. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1524. <port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  1525. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1526. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  1527. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1528. <port protocol="tcp" portid="8084"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1529. </ports>
  1530. <times srtt="82473" rttvar="1832" to="100000"/>
  1531. </host>
  1532. <host starttime="1606751262" endtime="1606754913"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1533. <address addr="199.217.117.184" addrtype="ipv4"/>
  1534. <hostnames>
  1535. <hostname name="falcon709.startdedicated.com" type="PTR"/>
  1536. </hostnames>
  1537. <ports><extraports state="closed" count="997">
  1538. <extrareasons reason="conn-refused" count="997"/>
  1539. </extraports>
  1540. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1541. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1542. <port protocol="tcp" portid="444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snpp" method="table" conf="3"/></port>
  1543. </ports>
  1544. <times srtt="36449" rttvar="2656" to="100000"/>
  1545. </host>
  1546. <host starttime="1606751261" endtime="1606755002"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1547. <address addr="142.93.98.6" addrtype="ipv4"/>
  1548. <hostnames>
  1549. </hostnames>
  1550. <ports><extraports state="closed" count="996">
  1551. <extrareasons reason="conn-refused" count="996"/>
  1552. </extraports>
  1553. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1554. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1555. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  1556. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1557. </ports>
  1558. <times srtt="100820" rttvar="2046" to="109004"/>
  1559. </host>
  1560. <host starttime="1606751263" endtime="1606755023"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1561. <address addr="207.148.65.247" addrtype="ipv4"/>
  1562. <hostnames>
  1563. <hostname name="207.148.65.247.vultr.com" type="PTR"/>
  1564. </hostnames>
  1565. <ports><extraports state="closed" count="994">
  1566. <extrareasons reason="conn-refused" count="994"/>
  1567. </extraports>
  1568. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1569. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1570. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1571. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1572. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1573. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1574. </ports>
  1575. <times srtt="235361" rttvar="3326" to="248665"/>
  1576. </host>
  1577. <host starttime="1606751262" endtime="1606754980"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1578. <address addr="185.158.114.133" addrtype="ipv4"/>
  1579. <hostnames>
  1580. <hostname name="114-133.static.spheral.ru" type="PTR"/>
  1581. </hostnames>
  1582. <ports><extraports state="closed" count="992">
  1583. <extrareasons reason="conn-refused" count="992"/>
  1584. </extraports>
  1585. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1586. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1587. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1588. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 15&#xa;Maxdns: 235&#xa;C2 Server: ballaue881.global.ssl.fastly.net,/analytics/sync/cloud/&#xa;User Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /data/ann&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpresult.exe&#xa;Spawnto_x64: %windir%\sysnative\gpresult.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1589. <port protocol="tcp" portid="500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
  1590. <port protocol="tcp" portid="10000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snet-sensor-mgmt" method="table" conf="3"/></port>
  1591. <port protocol="tcp" portid="12000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cce4x" method="table" conf="3"/></port>
  1592. <port protocol="tcp" portid="21571"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1593. </ports>
  1594. <times srtt="129946" rttvar="1626" to="136450"/>
  1595. </host>
  1596. <host starttime="1606751263" endtime="1606755007"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1597. <address addr="185.244.149.152" addrtype="ipv4"/>
  1598. <hostnames>
  1599. </hostnames>
  1600. <ports><extraports state="closed" count="994">
  1601. <extrareasons reason="conn-refused" count="994"/>
  1602. </extraports>
  1603. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1604. <port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  1605. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1606. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1607. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1608. <port protocol="tcp" portid="27356"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1609. </ports>
  1610. <times srtt="126856" rttvar="2170" to="135536"/>
  1611. </host>
  1612. <host starttime="1606751262" endtime="1606754913"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1613. <address addr="185.150.117.142" addrtype="ipv4"/>
  1614. <hostnames>
  1615. </hostnames>
  1616. <ports><extraports state="closed" count="997">
  1617. <extrareasons reason="conn-refused" count="997"/>
  1618. </extraports>
  1619. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1620. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1621. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1622. </ports>
  1623. <times srtt="129373" rttvar="1656" to="135997"/>
  1624. </host>
  1625. <host starttime="1606751262" endtime="1606754959"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1626. <address addr="212.129.150.253" addrtype="ipv4"/>
  1627. <hostnames>
  1628. </hostnames>
  1629. <ports><extraports state="closed" count="984">
  1630. <extrareasons reason="conn-refused" count="984"/>
  1631. </extraports>
  1632. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1633. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  1634. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1635. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1636. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  1637. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1638. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1639. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1640. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  1641. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  1642. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  1643. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  1644. <port protocol="tcp" portid="1521"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oracle" method="table" conf="3"/></port>
  1645. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  1646. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  1647. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  1648. </ports>
  1649. <times srtt="219431" rttvar="8080" to="251751"/>
  1650. </host>
  1651. <host starttime="1606751262" endtime="1606755004"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1652. <address addr="34.238.192.43" addrtype="ipv4"/>
  1653. <hostnames>
  1654. <hostname name="ec2-34-238-192-43.compute-1.amazonaws.com" type="PTR"/>
  1655. </hostnames>
  1656. <ports><extraports state="filtered" count="991">
  1657. <extrareasons reason="no-responses" count="991"/>
  1658. </extraports>
  1659. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1660. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  1661. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 32051&#xa;Jitter: 57&#xa;Maxdns: 255&#xa;C2 Server: sharkfishinguk.com,/jquery-1.12.1.min.js&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62&#xa;HTTP Method Path 2: /jquery-1.12.2.min.js&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\svchost.exe&#xa;Spawnto_x64: %windir%\sysnative\spoolsv.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 32051&#xa;Jitter: 57&#xa;Maxdns: 255&#xa;C2 Server: sharkfishinguk.com,/jquery-1.12.1.min.js&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62&#xa;HTTP Method Path 2: /jquery-1.12.2.min.js&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\svchost.exe&#xa;Spawnto_x64: %windir%\sysnative\spoolsv.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1662. <port protocol="tcp" portid="900"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="omginitialrefs" method="table" conf="3"/></port>
  1663. <port protocol="tcp" portid="901"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="samba-swat" method="table" conf="3"/></port>
  1664. <port protocol="tcp" portid="902"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="iss-realsecure" method="table" conf="3"/></port>
  1665. <port protocol="tcp" portid="903"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="iss-console-mgr" method="table" conf="3"/></port>
  1666. <port protocol="tcp" portid="911"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="xact-backup" method="table" conf="3"/></port>
  1667. <port protocol="tcp" portid="912"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="apex-mesh" method="table" conf="3"/></port>
  1668. </ports>
  1669. <times srtt="15497" rttvar="7835" to="100000"/>
  1670. </host>
  1671. <host starttime="1606751274" endtime="1606755010"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1672. <address addr="185.144.100.29" addrtype="ipv4"/>
  1673. <hostnames>
  1674. <hostname name="29.100.144.185.baremetal.zare.com" type="PTR"/>
  1675. </hostnames>
  1676. <ports><extraports state="closed" count="995">
  1677. <extrareasons reason="conn-refused" count="995"/>
  1678. </extraports>
  1679. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1680. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1681. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1682. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.144.100.29,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1683. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1684. </ports>
  1685. <times srtt="92618" rttvar="2169" to="101294"/>
  1686. </host>
  1687. <host starttime="1606751262" endtime="1606754983"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1688. <address addr="193.34.166.73" addrtype="ipv4"/>
  1689. <hostnames>
  1690. <hostname name="dns.servupdates.com" type="PTR"/>
  1691. </hostnames>
  1692. <ports><extraports state="filtered" count="996">
  1693. <extrareasons reason="no-responses" count="996"/>
  1694. </extraports>
  1695. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1696. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: servupdates.com,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: servupdates.com,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1697. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: servupdates.com,/cx&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1698. <port protocol="tcp" portid="32777"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sometimes-rpc17" method="table" conf="3"/></port>
  1699. </ports>
  1700. <times srtt="92319" rttvar="1370" to="100000"/>
  1701. </host>
  1702. <host starttime="1606751261" endtime="1606755021"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1703. <address addr="204.16.247.41" addrtype="ipv4"/>
  1704. <hostnames>
  1705. </hostnames>
  1706. <ports><extraports state="closed" count="996">
  1707. <extrareasons reason="conn-refused" count="996"/>
  1708. </extraports>
  1709. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1710. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1711. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1712. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1713. </ports>
  1714. <times srtt="18201" rttvar="1465" to="100000"/>
  1715. </host>
  1716. <host starttime="1606751262" endtime="1606755000"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1717. <address addr="193.34.166.124" addrtype="ipv4"/>
  1718. <hostnames>
  1719. <hostname name="cb3.tms.rv" type="PTR"/>
  1720. </hostnames>
  1721. <ports><extraports state="filtered" count="995">
  1722. <extrareasons reason="no-responses" count="995"/>
  1723. </extraports>
  1724. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1725. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1726. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: ntservicespack.com,/ptj&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1727. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1728. <port protocol="tcp" portid="12000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cce4x" method="table" conf="3"/></port>
  1729. </ports>
  1730. <times srtt="92179" rttvar="1048" to="100000"/>
  1731. </host>
  1732. <host starttime="1606751263" endtime="1606755007"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1733. <address addr="172.98.192.94" addrtype="ipv4"/>
  1734. <hostnames>
  1735. </hostnames>
  1736. <ports><extraports state="closed" count="994">
  1737. <extrareasons reason="conn-refused" count="994"/>
  1738. </extraports>
  1739. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1740. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1741. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 172.98.192.94,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1742. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1743. <port protocol="tcp" portid="8181"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="intermapper" method="table" conf="3"/></port>
  1744. <port protocol="tcp" portid="8383"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="m2mservices" method="table" conf="3"/></port>
  1745. </ports>
  1746. <times srtt="30629" rttvar="1906" to="100000"/>
  1747. </host>
  1748. <host starttime="1606751271" endtime="1606754980"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1749. <address addr="211.49.225.208" addrtype="ipv4"/>
  1750. <hostnames>
  1751. </hostnames>
  1752. <ports><extraports state="closed" count="994">
  1753. <extrareasons reason="conn-refused" count="994"/>
  1754. </extraports>
  1755. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1756. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1757. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1758. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1759. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1760. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1761. </ports>
  1762. <times srtt="208818" rttvar="2553" to="219030"/>
  1763. </host>
  1764. <host starttime="1606751262" endtime="1606755002"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1765. <address addr="204.16.247.89" addrtype="ipv4"/>
  1766. <hostnames>
  1767. </hostnames>
  1768. <ports><extraports state="closed" count="996">
  1769. <extrareasons reason="conn-refused" count="996"/>
  1770. </extraports>
  1771. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1772. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1773. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 204.16.247.89,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 204.16.247.89,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1774. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1775. </ports>
  1776. <times srtt="19513" rttvar="3660" to="100000"/>
  1777. </host>
  1778. <host starttime="1606751262" endtime="1606755021"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1779. <address addr="204.44.83.214" addrtype="ipv4"/>
  1780. <hostnames>
  1781. <hostname name="204.44.83.214.static.quadranet.com" type="PTR"/>
  1782. </hostnames>
  1783. <ports><extraports state="closed" count="997">
  1784. <extrareasons reason="conn-refused" count="997"/>
  1785. </extraports>
  1786. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1787. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1788. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 204.44.83.214,/en_US/all.js&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1789. </ports>
  1790. <times srtt="70552" rttvar="1684" to="100000"/>
  1791. </host>
  1792. <host starttime="1606751274" endtime="1606755008"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1793. <address addr="193.112.10.125" addrtype="ipv4"/>
  1794. <hostnames>
  1795. </hostnames>
  1796. <ports><extraports state="closed" count="995">
  1797. <extrareasons reason="conn-refused" count="995"/>
  1798. </extraports>
  1799. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1800. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1801. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1802. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1803. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  1804. </ports>
  1805. <times srtt="280081" rttvar="47770" to="471161"/>
  1806. </host>
  1807. <host starttime="1606751262" endtime="1606755021"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1808. <address addr="193.34.167.200" addrtype="ipv4"/>
  1809. <hostnames>
  1810. <hostname name="dns.inteldrivers.com" type="PTR"/>
  1811. </hostnames>
  1812. <ports><extraports state="filtered" count="997">
  1813. <extrareasons reason="no-responses" count="997"/>
  1814. </extraports>
  1815. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1816. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: inteldrivers.com,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: inteldrivers.com,/visit.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1817. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1818. </ports>
  1819. <times srtt="92557" rttvar="1666" to="100000"/>
  1820. </host>
  1821. <host starttime="1606751263" endtime="1606755002"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1822. <address addr="198.13.55.13" addrtype="ipv4"/>
  1823. <hostnames>
  1824. <hostname name="198.13.55.13.vultr.com" type="PTR"/>
  1825. </hostnames>
  1826. <ports><extraports state="closed" count="993">
  1827. <extrareasons reason="conn-refused" count="993"/>
  1828. </extraports>
  1829. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1830. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1831. <port protocol="tcp" portid="80"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  1832. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1833. <port protocol="tcp" portid="6666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  1834. <port protocol="tcp" portid="7999"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="irdmi2" method="table" conf="3"/></port>
  1835. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 198.13.55.13,/g.pixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 198.13.55.13,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1836. </ports>
  1837. <times srtt="181081" rttvar="1442" to="186849"/>
  1838. </host>
  1839. <host starttime="1606751261" endtime="1606755021"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1840. <address addr="185.207.154.21" addrtype="ipv4"/>
  1841. <hostnames>
  1842. </hostnames>
  1843. <ports><extraports state="closed" count="992">
  1844. <extrareasons reason="conn-refused" count="992"/>
  1845. </extraports>
  1846. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1847. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1848. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1849. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  1850. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1851. <port protocol="tcp" portid="8088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1852. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1853. <port protocol="tcp" portid="50001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  1854. </ports>
  1855. <times srtt="230799" rttvar="3967" to="246667"/>
  1856. </host>
  1857. <host starttime="1606751262" endtime="1606755034"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1858. <address addr="207.148.70.82" addrtype="ipv4"/>
  1859. <hostnames>
  1860. <hostname name="207.148.70.82.vultr.com" type="PTR"/>
  1861. </hostnames>
  1862. <ports><extraports state="closed" count="990">
  1863. <extrareasons reason="conn-refused" count="990"/>
  1864. </extraports>
  1865. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1866. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 207.148.70.82,/cm&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 207.148.70.82,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1867. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  1868. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1869. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 207.148.70.82,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 207.148.70.82,/pixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1870. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1871. <port protocol="tcp" portid="1688"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nsjtp-data" method="table" conf="3"/></port>
  1872. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1873. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  1874. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  1875. </ports>
  1876. <times srtt="237327" rttvar="6156" to="261951"/>
  1877. </host>
  1878. <host starttime="1606751262" endtime="1606754933"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1879. <address addr="207.219.199.120" addrtype="ipv4"/>
  1880. <hostnames>
  1881. </hostnames>
  1882. <ports><extraports state="filtered" count="994">
  1883. <extrareasons reason="no-responses" count="994"/>
  1884. </extraports>
  1885. <port protocol="tcp" portid="25"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  1886. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: s3app.eastus.cloudapp.azure.com,/iconpage.gif,azurecloudapi.eastus.cloudapp.azure.com,/iconpage.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MASPJS)&#xa;HTTP Method Path 2: /iconimage.gif&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: s3app.eastus.cloudapp.azure.com,/iconpage.gif,azurecloudapi.eastus.cloudapp.azure.com,/iconpage.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /iconimage.gif&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1887. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: s3app.eastus.cloudapp.azure.com,/iconpage.gif,azurecloudapi.eastus.cloudapp.azure.com,/iconpage.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)&#xa;HTTP Method Path 2: /iconimage.gif&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1888. <port protocol="tcp" portid="587"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="submission" method="table" conf="3"/></port>
  1889. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  1890. <port protocol="tcp" portid="8443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  1891. </ports>
  1892. <times srtt="25255" rttvar="1519" to="100000"/>
  1893. </host>
  1894. <host starttime="1606751262" endtime="1606754921"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1895. <address addr="192.119.110.81" addrtype="ipv4"/>
  1896. <hostnames>
  1897. <hostname name="hwsrv-786620.hostwindsdns.com" type="PTR"/>
  1898. </hostnames>
  1899. <ports><extraports state="closed" count="994">
  1900. <extrareasons reason="conn-refused" count="994"/>
  1901. </extraports>
  1902. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1903. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1904. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.119.111.117,/cx&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.119.111.117,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1905. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  1906. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.119.111.117,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1907. <port protocol="tcp" portid="801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="device" method="table" conf="3"/></port>
  1908. </ports>
  1909. <times srtt="93935" rttvar="1345" to="100000"/>
  1910. </host>
  1911. <host starttime="1606751262" endtime="1606754951"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1912. <address addr="185.232.52.143" addrtype="ipv4"/>
  1913. <hostnames>
  1914. <hostname name="jimbatton89890.prohoster.info" type="PTR"/>
  1915. </hostnames>
  1916. <ports><extraports state="closed" count="992">
  1917. <extrareasons reason="conn-refused" count="992"/>
  1918. </extraports>
  1919. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1920. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1921. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.232.52.143,/activity&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; InfoPath.2)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.232.52.143,/en_US/all.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1922. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1923. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.232.52.143,/ptj&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1924. <port protocol="tcp" portid="1301"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ci3-software-1" method="table" conf="3"/></port>
  1925. <port protocol="tcp" portid="5901"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-1" method="table" conf="3"/></port>
  1926. <port protocol="tcp" portid="6001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:1" method="table" conf="3"/></port>
  1927. </ports>
  1928. <times srtt="97873" rttvar="1633" to="104405"/>
  1929. </host>
  1930. <host starttime="1606751261" endtime="1606754913"><status state="up" reason="conn-refused" reason_ttl="0"/>
  1931. <address addr="207.148.78.25" addrtype="ipv4"/>
  1932. <hostnames>
  1933. <hostname name="207.148.78.25.vultr.com" type="PTR"/>
  1934. </hostnames>
  1935. <ports><extraports state="closed" count="994">
  1936. <extrareasons reason="conn-refused" count="994"/>
  1937. </extraports>
  1938. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1939. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1940. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1941. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1942. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1943. <port protocol="tcp" portid="1022"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="exp2" method="table" conf="3"/></port>
  1944. </ports>
  1945. <times srtt="234058" rttvar="4438" to="251810"/>
  1946. </host>
  1947. <host starttime="1606751262" endtime="1606754938"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1948. <address addr="202.182.101.162" addrtype="ipv4"/>
  1949. <hostnames>
  1950. <hostname name="202.182.101.162.vultr.com" type="PTR"/>
  1951. </hostnames>
  1952. <ports><extraports state="closed" count="991">
  1953. <extrareasons reason="conn-refused" count="991"/>
  1954. </extraports>
  1955. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1956. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1957. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1958. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  1959. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1960. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  1961. <port protocol="tcp" portid="1080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="socks" method="table" conf="3"/></port>
  1962. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1963. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1964. </ports>
  1965. <times srtt="180844" rttvar="1051" to="185048"/>
  1966. </host>
  1967. <host starttime="1606751262" endtime="1606755007"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1968. <address addr="193.168.147.249" addrtype="ipv4"/>
  1969. <hostnames>
  1970. </hostnames>
  1971. <ports><extraports state="closed" count="996">
  1972. <extrareasons reason="conn-refused" count="996"/>
  1973. </extraports>
  1974. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1975. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  1976. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1977. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1978. </ports>
  1979. <times srtt="96691" rttvar="1309" to="101927"/>
  1980. </host>
  1981. <host starttime="1606751262" endtime="1606755026"><status state="up" reason="syn-ack" reason_ttl="0"/>
  1982. <address addr="193.34.167.80" addrtype="ipv4"/>
  1983. <hostnames>
  1984. <hostname name="cb2.tm.srv" type="PTR"/>
  1985. </hostnames>
  1986. <ports><extraports state="filtered" count="986">
  1987. <extrareasons reason="no-responses" count="986"/>
  1988. </extraports>
  1989. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  1990. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1991. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: wustatwindows.com,/dpixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  1992. <port protocol="tcp" portid="1000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cadlock" method="table" conf="3"/></port>
  1993. <port protocol="tcp" portid="1001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="webpush" method="table" conf="3"/></port>
  1994. <port protocol="tcp" portid="2000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-sccp" method="table" conf="3"/></port>
  1995. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1996. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  1997. <port protocol="tcp" portid="10000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snet-sensor-mgmt" method="table" conf="3"/></port>
  1998. <port protocol="tcp" portid="10001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="scp-config" method="table" conf="3"/></port>
  1999. <port protocol="tcp" portid="10002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="documentum" method="table" conf="3"/></port>
  2000. <port protocol="tcp" portid="11111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vce" method="table" conf="3"/></port>
  2001. <port protocol="tcp" portid="12345"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbus" method="table" conf="3"/></port>
  2002. <port protocol="tcp" portid="55555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  2003. </ports>
  2004. <times srtt="92318" rttvar="1746" to="100000"/>
  2005. </host>
  2006. <host starttime="1606751262" endtime="1606754909"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2007. <address addr="198.44.97.180" addrtype="ipv4"/>
  2008. <hostnames>
  2009. <hostname name="client-198-44-97-180.hostwindsdns.com" type="PTR"/>
  2010. </hostnames>
  2011. <ports><extraports state="closed" count="995">
  2012. <extrareasons reason="conn-refused" count="995"/>
  2013. </extraports>
  2014. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2015. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2016. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 198.44.97.180,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 198.44.97.180,/pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2017. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  2018. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 198.44.97.180,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2019. </ports>
  2020. <times srtt="93538" rttvar="2075" to="101838"/>
  2021. </host>
  2022. <host starttime="1606751262" endtime="1606754980"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2023. <address addr="185.189.151.92" addrtype="ipv4"/>
  2024. <hostnames>
  2025. <hostname name="intervals-1295.cosmobulk.com" type="PTR"/>
  2026. </hostnames>
  2027. <ports><extraports state="closed" count="995">
  2028. <extrareasons reason="conn-refused" count="995"/>
  2029. </extraports>
  2030. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2031. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2032. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.189.151.92,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.189.151.92,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2033. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  2034. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.189.151.92,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2035. </ports>
  2036. <times srtt="109779" rttvar="1900" to="117379"/>
  2037. </host>
  2038. <host starttime="1606751263" endtime="1606754998"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2039. <address addr="192.119.111.117" addrtype="ipv4"/>
  2040. <hostnames>
  2041. <hostname name="client-192-119-111-117.hostwindsdns.com" type="PTR"/>
  2042. </hostnames>
  2043. <ports><extraports state="closed" count="994">
  2044. <extrareasons reason="conn-refused" count="994"/>
  2045. </extraports>
  2046. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2047. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2048. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.119.111.117,/cx&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.119.111.117,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2049. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  2050. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.119.111.117,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2051. <port protocol="tcp" portid="801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="device" method="table" conf="3"/></port>
  2052. </ports>
  2053. <times srtt="93192" rttvar="1133" to="100000"/>
  2054. </host>
  2055. <host starttime="1606751263" endtime="1606755008"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2056. <address addr="193.187.118.232" addrtype="ipv4"/>
  2057. <hostnames>
  2058. </hostnames>
  2059. <ports><extraports state="closed" count="984">
  2060. <extrareasons reason="conn-refused" count="984"/>
  2061. </extraports>
  2062. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2063. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  2064. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2065. <port protocol="tcp" portid="109"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop2" method="table" conf="3"/></port>
  2066. <port protocol="tcp" portid="110"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop3" method="table" conf="3"/></port>
  2067. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2068. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2069. <port protocol="tcp" portid="143"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="imap" method="table" conf="3"/></port>
  2070. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2071. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2072. <port protocol="tcp" portid="465"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  2073. <port protocol="tcp" portid="587"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="submission" method="table" conf="3"/></port>
  2074. <port protocol="tcp" portid="993"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="imaps" method="table" conf="3"/></port>
  2075. <port protocol="tcp" portid="995"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop3s" method="table" conf="3"/></port>
  2076. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  2077. <port protocol="tcp" portid="1935"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rtmp" method="table" conf="3"/></port>
  2078. </ports>
  2079. <times srtt="229649" rttvar="4685" to="248389"/>
  2080. </host>
  2081. <host starttime="1606751266" endtime="1606758288"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2082. <address addr="162.241.65.121" addrtype="ipv4"/>
  2083. <hostnames>
  2084. <hostname name="162-241-65-121.unifiedlayer.com" type="PTR"/>
  2085. </hostnames>
  2086. <ports><extraports state="closed" count="996">
  2087. <extrareasons reason="conn-refused" count="996"/>
  2088. </extraports>
  2089. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2090. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2091. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 162.241.65.121,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 162.241.65.121,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2092. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 162.241.65.121,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASP)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2093. </ports>
  2094. <times srtt="40300" rttvar="8503" to="100000"/>
  2095. </host>
  2096. <host starttime="1606751262" endtime="1606758205"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2097. <address addr="173.234.155.54" addrtype="ipv4"/>
  2098. <hostnames>
  2099. </hostnames>
  2100. <ports><extraports state="closed" count="993">
  2101. <extrareasons reason="conn-refused" count="993"/>
  2102. </extraports>
  2103. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2104. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2105. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2106. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2107. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: img.intactlinks.com,/fwlink,print.intactlinks.com,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2108. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2109. <port protocol="tcp" portid="1067"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="instl_boots" method="table" conf="3"/></port>
  2110. </ports>
  2111. <times srtt="16546" rttvar="3078" to="100000"/>
  2112. </host>
  2113. <host starttime="1606751269" endtime="1606758232"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2114. <address addr="172.241.29.153" addrtype="ipv4"/>
  2115. <hostnames>
  2116. </hostnames>
  2117. <ports><extraports state="closed" count="994">
  2118. <extrareasons reason="conn-refused" count="994"/>
  2119. </extraports>
  2120. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2121. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2122. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2123. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2124. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 172.241.29.153,/dpixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2125. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2126. </ports>
  2127. <times srtt="40788" rttvar="5009" to="100000"/>
  2128. </host>
  2129. <host starttime="1606751262" endtime="1606758281"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2130. <address addr="185.191.32.172" addrtype="ipv4"/>
  2131. <hostnames>
  2132. </hostnames>
  2133. <ports><extraports state="closed" count="991">
  2134. <extrareasons reason="conn-refused" count="991"/>
  2135. </extraports>
  2136. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2137. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2138. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.191.32.172,/load&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.191.32.172,/en_US/all.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2139. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2140. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2141. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2142. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2143. <port protocol="tcp" portid="2000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-sccp" method="table" conf="3"/></port>
  2144. <port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sip" method="table" conf="3"/></port>
  2145. </ports>
  2146. <times srtt="134819" rttvar="1602" to="141227"/>
  2147. </host>
  2148. <host starttime="1606751262" endtime="1606758294"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2149. <address addr="172.241.27.44" addrtype="ipv4"/>
  2150. <hostnames>
  2151. </hostnames>
  2152. <ports><extraports state="closed" count="994">
  2153. <extrareasons reason="conn-refused" count="994"/>
  2154. </extraports>
  2155. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2156. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2157. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2158. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2159. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amatai-technologies.site,/j.ad&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2160. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2161. </ports>
  2162. <times srtt="40452" rttvar="1581" to="100000"/>
  2163. </host>
  2164. <host starttime="1606751262" endtime="1606758292"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2165. <address addr="193.34.166.169" addrtype="ipv4"/>
  2166. <hostnames>
  2167. <hostname name="cob1.ad.to" type="PTR"/>
  2168. </hostnames>
  2169. <ports><extraports state="filtered" count="997">
  2170. <extrareasons reason="no-responses" count="997"/>
  2171. </extraports>
  2172. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2173. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2174. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2175. </ports>
  2176. <times srtt="94948" rttvar="2523" to="105040"/>
  2177. </host>
  2178. <host starttime="1606751262" endtime="1606758223"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2179. <address addr="172.105.118.92" addrtype="ipv4"/>
  2180. <hostnames>
  2181. <hostname name="li2011-92.members.linode.com" type="PTR"/>
  2182. </hostnames>
  2183. <ports><extraports state="filtered" count="994">
  2184. <extrareasons reason="no-responses" count="994"/>
  2185. </extraports>
  2186. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2187. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  2188. <port protocol="tcp" portid="110"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="pop3" method="table" conf="3"/></port>
  2189. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2190. <port protocol="tcp" portid="993"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="imaps" method="table" conf="3"/></port>
  2191. <port protocol="tcp" portid="995"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="pop3s" method="table" conf="3"/></port>
  2192. </ports>
  2193. <times srtt="237055" rttvar="1089" to="241411"/>
  2194. </host>
  2195. <host starttime="1606751262" endtime="1606758205"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2196. <address addr="198.13.39.67" addrtype="ipv4"/>
  2197. <hostnames>
  2198. <hostname name="198.13.39.67.vultr.com" type="PTR"/>
  2199. </hostnames>
  2200. <ports><extraports state="closed" count="994">
  2201. <extrareasons reason="conn-refused" count="994"/>
  2202. </extraports>
  2203. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2204. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2205. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2206. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2207. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2208. <port protocol="tcp" portid="3322"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="active-net" method="table" conf="3"/></port>
  2209. </ports>
  2210. <times srtt="181359" rttvar="2175" to="190059"/>
  2211. </host>
  2212. <host starttime="1606751262" endtime="1606758294"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2213. <address addr="172.104.174.57" addrtype="ipv4"/>
  2214. <hostnames>
  2215. <hostname name="li1765-57.members.linode.com" type="PTR"/>
  2216. </hostnames>
  2217. <ports><extraports state="closed" count="997">
  2218. <extrareasons reason="conn-refused" count="997"/>
  2219. </extraports>
  2220. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2221. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2222. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2223. </ports>
  2224. <times srtt="247485" rttvar="2358" to="256917"/>
  2225. </host>
  2226. <host starttime="1606751263" endtime="1606758295"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2227. <address addr="182.92.120.156" addrtype="ipv4"/>
  2228. <hostnames>
  2229. </hostnames>
  2230. <ports><extraports state="filtered" count="953">
  2231. <extrareasons reason="no-responses" count="953"/>
  2232. </extraports>
  2233. <extraports state="closed" count="43">
  2234. <extrareasons reason="conn-refused" count="43"/>
  2235. </extraports>
  2236. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2237. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2238. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2239. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  2240. </ports>
  2241. <times srtt="259682" rttvar="28556" to="373906"/>
  2242. </host>
  2243. <host starttime="1606751261" endtime="1606758286"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2244. <address addr="34.212.57.1" addrtype="ipv4"/>
  2245. <hostnames>
  2246. <hostname name="ec2-34-212-57-1.us-west-2.compute.amazonaws.com" type="PTR"/>
  2247. </hostnames>
  2248. <ports><extraports state="filtered" count="998">
  2249. <extrareasons reason="no-responses" count="998"/>
  2250. </extraports>
  2251. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 34.212.57.1,/push&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 34.212.57.1,/cm&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2252. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2253. </ports>
  2254. <times srtt="91138" rttvar="2771" to="102222"/>
  2255. </host>
  2256. <host starttime="1606751262" endtime="1606758279"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2257. <address addr="185.82.202.123" addrtype="ipv4"/>
  2258. <hostnames>
  2259. </hostnames>
  2260. <ports><extraports state="closed" count="995">
  2261. <extrareasons reason="conn-refused" count="995"/>
  2262. </extraports>
  2263. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2264. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2265. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  2266. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2267. <port protocol="tcp" portid="8090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="opsmessaging" method="table" conf="3"/></port>
  2268. </ports>
  2269. <times srtt="92088" rttvar="1352" to="100000"/>
  2270. </host>
  2271. <host starttime="1606751262" endtime="1606758205"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2272. <address addr="193.187.118.235" addrtype="ipv4"/>
  2273. <hostnames>
  2274. </hostnames>
  2275. <ports><extraports state="closed" count="984">
  2276. <extrareasons reason="conn-refused" count="984"/>
  2277. </extraports>
  2278. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2279. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  2280. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2281. <port protocol="tcp" portid="109"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop2" method="table" conf="3"/></port>
  2282. <port protocol="tcp" portid="110"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop3" method="table" conf="3"/></port>
  2283. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2284. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2285. <port protocol="tcp" portid="143"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="imap" method="table" conf="3"/></port>
  2286. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2287. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2288. <port protocol="tcp" portid="465"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  2289. <port protocol="tcp" portid="587"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="submission" method="table" conf="3"/></port>
  2290. <port protocol="tcp" portid="993"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="imaps" method="table" conf="3"/></port>
  2291. <port protocol="tcp" portid="995"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop3s" method="table" conf="3"/></port>
  2292. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  2293. <port protocol="tcp" portid="1935"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rtmp" method="table" conf="3"/></port>
  2294. </ports>
  2295. <times srtt="230814" rttvar="5368" to="252286"/>
  2296. </host>
  2297. <host starttime="1606751261" endtime="1606758286"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2298. <address addr="185.162.235.35" addrtype="ipv4"/>
  2299. <hostnames>
  2300. </hostnames>
  2301. <ports><extraports state="filtered" count="998">
  2302. <extrareasons reason="no-responses" count="997"/>
  2303. <extrareasons reason="host-unreach" count="1"/>
  2304. </extraports>
  2305. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.162.235.35,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.162.235.35,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2306. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2307. </ports>
  2308. <times srtt="95404" rttvar="1925" to="103104"/>
  2309. </host>
  2310. <host starttime="1606751263" endtime="1606758232"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2311. <address addr="162.254.204.222" addrtype="ipv4"/>
  2312. <hostnames>
  2313. <hostname name="hosted-by.eurohoster.online" type="PTR"/>
  2314. </hostnames>
  2315. <ports><extraports state="filtered" count="996">
  2316. <extrareasons reason="no-responses" count="996"/>
  2317. </extraports>
  2318. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2319. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 13500&#xa;Jitter: 27&#xa;Maxdns: 255&#xa;C2 Server: mstronestia.me,/maps/overlaybfpr&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36&#xa;HTTP Method Path 2: /fd/ls/lsp.aspx&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2320. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 13500&#xa;Jitter: 27&#xa;Maxdns: 255&#xa;C2 Server: microstamplet.me,/api&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36&#xa;HTTP Method Path 2: /media/api_wma.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2321. <port protocol="tcp" portid="45100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  2322. </ports>
  2323. <times srtt="37689" rttvar="8079" to="100000"/>
  2324. </host>
  2325. <host starttime="1606751262" endtime="1606758233"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2326. <address addr="162.241.127.180" addrtype="ipv4"/>
  2327. <hostnames>
  2328. <hostname name="162-241-127-180.unifiedlayer.com" type="PTR"/>
  2329. </hostnames>
  2330. <ports><extraports state="closed" count="997">
  2331. <extrareasons reason="conn-refused" count="997"/>
  2332. </extraports>
  2333. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2334. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2335. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 162.241.127.180,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2336. </ports>
  2337. <times srtt="33956" rttvar="1683" to="100000"/>
  2338. </host>
  2339. <host starttime="1606751271" endtime="1606758279"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2340. <address addr="52.166.232.140" addrtype="ipv4"/>
  2341. <hostnames>
  2342. </hostnames>
  2343. <ports><extraports state="filtered" count="997">
  2344. <extrareasons reason="no-responses" count="997"/>
  2345. </extraports>
  2346. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2347. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  2348. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2349. </ports>
  2350. <times srtt="96118" rttvar="2563" to="106370"/>
  2351. </host>
  2352. <host starttime="1606751263" endtime="1606758275"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2353. <address addr="192.119.111.155" addrtype="ipv4"/>
  2354. <hostnames>
  2355. <hostname name="client-192-119-111-155.hostwindsdns.com" type="PTR"/>
  2356. </hostnames>
  2357. <ports><extraports state="closed" count="994">
  2358. <extrareasons reason="conn-refused" count="994"/>
  2359. </extraports>
  2360. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2361. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2362. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.119.111.117,/cx&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.119.111.117,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2363. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  2364. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2365. <port protocol="tcp" portid="801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="device" method="table" conf="3"/></port>
  2366. </ports>
  2367. <times srtt="94636" rttvar="3021" to="106720"/>
  2368. </host>
  2369. <host starttime="1606751262" endtime="1606758286"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2370. <address addr="47.110.145.60" addrtype="ipv4"/>
  2371. <hostnames>
  2372. </hostnames>
  2373. <ports><extraports state="closed" count="989">
  2374. <extrareasons reason="conn-refused" count="989"/>
  2375. </extraports>
  2376. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2377. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2378. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2379. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2380. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2381. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  2382. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  2383. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  2384. <port protocol="tcp" portid="8089"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  2385. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  2386. <port protocol="tcp" portid="9999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="abyss" method="table" conf="3"/></port>
  2387. </ports>
  2388. <times srtt="219395" rttvar="5281" to="240519"/>
  2389. </host>
  2390. <host starttime="1606751276" endtime="1606758262"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2391. <address addr="185.189.183.173" addrtype="ipv4"/>
  2392. <hostnames>
  2393. <hostname name="185-189-183-173.rdns.itconnectsyou.nl" type="PTR"/>
  2394. </hostnames>
  2395. <ports><extraports state="filtered" count="997">
  2396. <extrareasons reason="no-responses" count="997"/>
  2397. </extraports>
  2398. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  2399. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2400. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  2401. </ports>
  2402. <times srtt="93603" rttvar="2680" to="104323"/>
  2403. </host>
  2404. <host starttime="1606751263" endtime="1606758247"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2405. <address addr="172.241.29.155" addrtype="ipv4"/>
  2406. <hostnames>
  2407. </hostnames>
  2408. <ports><extraports state="closed" count="994">
  2409. <extrareasons reason="conn-refused" count="994"/>
  2410. </extraports>
  2411. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2412. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2413. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2414. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2415. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2416. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2417. </ports>
  2418. <times srtt="41560" rttvar="4554" to="100000"/>
  2419. </host>
  2420. <host starttime="1606751262" endtime="1606758216"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2421. <address addr="192.144.234.207" addrtype="ipv4"/>
  2422. <hostnames>
  2423. </hostnames>
  2424. <ports><extraports state="closed" count="985">
  2425. <extrareasons reason="conn-refused" count="985"/>
  2426. </extraports>
  2427. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2428. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.144.234.207,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.144.234.207,/j.ad&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; InfoPath.2)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2429. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2430. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2431. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2432. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2433. <port protocol="tcp" portid="1433"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3"/></port>
  2434. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  2435. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  2436. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  2437. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  2438. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  2439. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  2440. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  2441. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  2442. </ports>
  2443. <times srtt="260602" rttvar="6501" to="286606"/>
  2444. </host>
  2445. <host starttime="1606751262" endtime="1606758230"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2446. <address addr="107.172.104.41" addrtype="ipv4"/>
  2447. <hostnames>
  2448. <hostname name="107-172-104-41-host.colocrossing.com" type="PTR"/>
  2449. </hostnames>
  2450. <ports><extraports state="filtered" count="996">
  2451. <extrareasons reason="no-responses" count="996"/>
  2452. </extraports>
  2453. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  2454. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 107.172.104.41,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;PTBR)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2455. <port protocol="tcp" portid="990"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftps" method="table" conf="3"/></port>
  2456. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  2457. </ports>
  2458. <times srtt="71775" rttvar="5522" to="100000"/>
  2459. </host>
  2460. <host starttime="1606751262" endtime="1606758281"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2461. <address addr="193.34.166.89" addrtype="ipv4"/>
  2462. <hostnames>
  2463. <hostname name="neo.com.org" type="PTR"/>
  2464. </hostnames>
  2465. <ports><extraports state="filtered" count="998">
  2466. <extrareasons reason="no-responses" count="998"/>
  2467. </extraports>
  2468. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2469. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 193.34.166.89,/en_US/all.js&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2470. </ports>
  2471. <times srtt="93148" rttvar="3363" to="106600"/>
  2472. </host>
  2473. <host starttime="1606751262" endtime="1606758283"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2474. <address addr="195.123.239.142" addrtype="ipv4"/>
  2475. <hostnames>
  2476. <hostname name="vps.ss" type="PTR"/>
  2477. </hostnames>
  2478. <ports><extraports state="closed" count="990">
  2479. <extrareasons reason="conn-refused" count="990"/>
  2480. </extraports>
  2481. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2482. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2483. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2484. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2485. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2486. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2487. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2488. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2489. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  2490. <port protocol="tcp" portid="32768"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="filenet-tms" method="table" conf="3"/></port>
  2491. </ports>
  2492. <times srtt="235291" rttvar="2400" to="244891"/>
  2493. </host>
  2494. <host starttime="1606751262" endtime="1606758279"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2495. <address addr="172.98.192.91" addrtype="ipv4"/>
  2496. <hostnames>
  2497. </hostnames>
  2498. <ports><extraports state="closed" count="996">
  2499. <extrareasons reason="conn-refused" count="996"/>
  2500. </extraports>
  2501. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2502. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2503. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2504. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  2505. </ports>
  2506. <times srtt="31608" rttvar="4042" to="100000"/>
  2507. </host>
  2508. <host starttime="1606751261" endtime="1606758292"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2509. <address addr="195.123.217.27" addrtype="ipv4"/>
  2510. <hostnames>
  2511. <hostname name="dedic-abrahome-646718.hosted-by-itldc.com" type="PTR"/>
  2512. </hostnames>
  2513. <ports><extraports state="closed" count="993">
  2514. <extrareasons reason="conn-refused" count="993"/>
  2515. </extraports>
  2516. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2517. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2518. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 35000&#xa;Jitter: 22&#xa;Maxdns: 245&#xa;C2 Server: 195.123.217.27,/questions/32251816/c-sharp-directives-compilation-error&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36&#xa;HTTP Method Path 2: /questions/32251817/c-sharp-directives-compilation-error&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 35000&#xa;Jitter: 22&#xa;Maxdns: 245&#xa;C2 Server: 195.123.217.27,/questions/32251816/c-sharp-directives-compilation-error&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36&#xa;HTTP Method Path 2: /questions/32251817/c-sharp-directives-compilation-error&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2519. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2520. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2521. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2522. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2523. </ports>
  2524. <times srtt="94877" rttvar="1316" to="100141"/>
  2525. </host>
  2526. <host starttime="1606751262" endtime="1606758279"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2527. <address addr="139.180.203.104" addrtype="ipv4"/>
  2528. <hostnames>
  2529. <hostname name="139.180.203.104.vultr.com" type="PTR"/>
  2530. </hostnames>
  2531. <ports><extraports state="filtered" count="998">
  2532. <extrareasons reason="no-responses" count="998"/>
  2533. </extraports>
  2534. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: microsoft.systemservices.network,/ca,139.180.203.104,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: microsoft.systemservices.network,/g.pixel,139.180.203.104,/__utm.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2535. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2536. </ports>
  2537. <times srtt="179857" rttvar="1556" to="186081"/>
  2538. </host>
  2539. <host starttime="1606751262" endtime="1606758292"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2540. <address addr="178.79.134.144" addrtype="ipv4"/>
  2541. <hostnames>
  2542. <hostname name="li190-144.members.linode.com" type="PTR"/>
  2543. </hostnames>
  2544. <ports><extraports state="closed" count="995">
  2545. <extrareasons reason="conn-refused" count="995"/>
  2546. </extraports>
  2547. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2548. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2549. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 178.79.134.144,/idle/1376547834/1&#xa;User Agent: Shockwave Flash&#xa;HTTP Method Path 2: /send/1376547834/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 1 (Use direct connection)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 178.79.134.144,/idle/1376547834/1&#xa;User Agent: Shockwave Flash&#xa;HTTP Method Path 2: /send/1376547834/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 1 (Use direct connection)&#xa;&#xa;"/></port>
  2550. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2551. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  2552. </ports>
  2553. <times srtt="87347" rttvar="1755" to="100000"/>
  2554. </host>
  2555. <host starttime="1606751262" endtime="1606758292"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2556. <address addr="193.34.166.207" addrtype="ipv4"/>
  2557. <hostnames>
  2558. <hostname name="dns.timesyncad.com" type="PTR"/>
  2559. </hostnames>
  2560. <ports><extraports state="filtered" count="997">
  2561. <extrareasons reason="no-responses" count="997"/>
  2562. </extraports>
  2563. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2564. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: timesyncad.com,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;PTBR)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: timesyncad.com,/match&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2565. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2566. </ports>
  2567. <times srtt="93115" rttvar="2576" to="103419"/>
  2568. </host>
  2569. <host starttime="1606751262" endtime="1606758284"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2570. <address addr="192.144.181.141" addrtype="ipv4"/>
  2571. <hostnames>
  2572. </hostnames>
  2573. <ports><extraports state="closed" count="991">
  2574. <extrareasons reason="conn-refused" count="991"/>
  2575. </extraports>
  2576. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2577. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2578. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2579. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2580. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2581. <port protocol="tcp" portid="2222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="EtherNetIP-1" method="table" conf="3"/></port>
  2582. <port protocol="tcp" portid="4444"><state state="filtered" reason="host-unreach" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  2583. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  2584. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  2585. </ports>
  2586. <times srtt="276646" rttvar="22096" to="365030"/>
  2587. </host>
  2588. <host starttime="1606751262" endtime="1606758281"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2589. <address addr="185.150.117.50" addrtype="ipv4"/>
  2590. <hostnames>
  2591. </hostnames>
  2592. <ports><extraports state="closed" count="993">
  2593. <extrareasons reason="conn-refused" count="993"/>
  2594. </extraports>
  2595. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2596. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2597. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.150.117.50,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.150.117.50,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2598. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2599. <port protocol="tcp" portid="1081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pvuniwien" method="table" conf="3"/></port>
  2600. <port protocol="tcp" portid="1658"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sixnetudr" method="table" conf="3"/></port>
  2601. <port protocol="tcp" portid="1761"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="landesk-rc" method="table" conf="3"/></port>
  2602. </ports>
  2603. <times srtt="128286" rttvar="1047" to="132474"/>
  2604. </host>
  2605. <host starttime="1606751271" endtime="1606758286"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2606. <address addr="185.156.172.56" addrtype="ipv4"/>
  2607. <hostnames>
  2608. </hostnames>
  2609. <ports><extraports state="closed" count="996">
  2610. <extrareasons reason="conn-refused" count="996"/>
  2611. </extraports>
  2612. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2613. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2614. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2615. <port protocol="tcp" portid="6667"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  2616. </ports>
  2617. <times srtt="94946" rttvar="2803" to="106158"/>
  2618. </host>
  2619. <host starttime="1606751262" endtime="1606758225"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2620. <address addr="182.92.122.148" addrtype="ipv4"/>
  2621. <hostnames>
  2622. </hostnames>
  2623. <ports><extraports state="filtered" count="994">
  2624. <extrareasons reason="no-responses" count="994"/>
  2625. </extraports>
  2626. <port protocol="tcp" portid="22"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2627. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2628. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2629. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  2630. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  2631. <port protocol="tcp" portid="8888"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  2632. </ports>
  2633. <times srtt="259559" rttvar="6554" to="285775"/>
  2634. </host>
  2635. <host starttime="1606751262" endtime="1606758212"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2636. <address addr="167.179.66.246" addrtype="ipv4"/>
  2637. <hostnames>
  2638. <hostname name="167.179.66.246.vultr.com" type="PTR"/>
  2639. </hostnames>
  2640. <ports><extraports state="closed" count="993">
  2641. <extrareasons reason="conn-refused" count="993"/>
  2642. </extraports>
  2643. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2644. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2645. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2646. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2647. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  2648. <port protocol="tcp" portid="9090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zeus-admin" method="table" conf="3"/></port>
  2649. <port protocol="tcp" portid="9999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="abyss" method="table" conf="3"/></port>
  2650. </ports>
  2651. <times srtt="180341" rttvar="1466" to="186205"/>
  2652. </host>
  2653. <host starttime="1606751262" endtime="1606758262"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2654. <address addr="182.92.189.18" addrtype="ipv4"/>
  2655. <hostnames>
  2656. </hostnames>
  2657. <ports><extraports state="closed" count="989">
  2658. <extrareasons reason="conn-refused" count="989"/>
  2659. </extraports>
  2660. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2661. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2662. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2663. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2664. <port protocol="tcp" portid="4444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  2665. <port protocol="tcp" portid="5432"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="postgresql" method="table" conf="3"/></port>
  2666. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  2667. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  2668. <port protocol="tcp" portid="7443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oracleas-https" method="table" conf="3"/></port>
  2669. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2670. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2671. </ports>
  2672. <times srtt="228214" rttvar="1753" to="235226"/>
  2673. </host>
  2674. <host starttime="1606751263" endtime="1606758286"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2675. <address addr="159.65.115.160" addrtype="ipv4"/>
  2676. <hostnames>
  2677. </hostnames>
  2678. <ports><extraports state="filtered" count="997">
  2679. <extrareasons reason="no-responses" count="997"/>
  2680. </extraports>
  2681. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2682. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2683. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2684. </ports>
  2685. <times srtt="166275" rttvar="2811" to="177519"/>
  2686. </host>
  2687. <host starttime="1606751272" endtime="1606758292"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2688. <address addr="188.119.113.24" addrtype="ipv4"/>
  2689. <hostnames>
  2690. <hostname name="anitaaseva.example.com" type="PTR"/>
  2691. </hostnames>
  2692. <ports><extraports state="closed" count="996">
  2693. <extrareasons reason="conn-refused" count="996"/>
  2694. </extraports>
  2695. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2696. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2697. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2698. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2699. </ports>
  2700. <times srtt="97394" rttvar="1818" to="104666"/>
  2701. </host>
  2702. <host starttime="1606751262" endtime="1606758262"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2703. <address addr="185.227.82.66" addrtype="ipv4"/>
  2704. <hostnames>
  2705. </hostnames>
  2706. <ports><extraports state="closed" count="995">
  2707. <extrareasons reason="conn-refused" count="995"/>
  2708. </extraports>
  2709. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2710. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2711. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.227.82.66,/push&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2712. <port protocol="tcp" portid="3283"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netassistant" method="table" conf="3"/></port>
  2713. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.227.82.66,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.227.82.66,/visit.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2714. </ports>
  2715. <times srtt="94062" rttvar="1356" to="100000"/>
  2716. </host>
  2717. <host starttime="1606751262" endtime="1606758275"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2718. <address addr="172.241.29.156" addrtype="ipv4"/>
  2719. <hostnames>
  2720. </hostnames>
  2721. <ports><extraports state="closed" count="994">
  2722. <extrareasons reason="conn-refused" count="994"/>
  2723. </extraports>
  2724. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2725. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2726. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2727. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2728. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amamai-tecnologies.digital,/dpixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2729. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2730. </ports>
  2731. <times srtt="41834" rttvar="4339" to="100000"/>
  2732. </host>
  2733. <host starttime="1606751269" endtime="1606758272"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2734. <address addr="172.245.153.150" addrtype="ipv4"/>
  2735. <hostnames>
  2736. <hostname name="172-245-153-150-host.colocrossing.com" type="PTR"/>
  2737. </hostnames>
  2738. <ports><extraports state="closed" count="993">
  2739. <extrareasons reason="conn-refused" count="993"/>
  2740. </extraports>
  2741. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2742. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2743. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  2744. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2745. <port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2746. <port protocol="tcp" portid="8001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vcom-tunnel" method="table" conf="3"/></port>
  2747. <port protocol="tcp" portid="8085"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  2748. </ports>
  2749. <times srtt="27920" rttvar="5779" to="100000"/>
  2750. </host>
  2751. <host starttime="1606751263" endtime="1606758250"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2752. <address addr="195.123.217.7" addrtype="ipv4"/>
  2753. <hostnames>
  2754. <hostname name="dedic-umabenenein-650629.hosted-by-itldc.com" type="PTR"/>
  2755. </hostnames>
  2756. <ports><extraports state="closed" count="993">
  2757. <extrareasons reason="conn-refused" count="993"/>
  2758. </extraports>
  2759. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2760. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2761. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 195.123.217.7,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,yten.xyz,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/amzn.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 195.123.217.7,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,yten.xyz,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/amzn.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2762. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2763. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2764. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2765. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2766. </ports>
  2767. <times srtt="94766" rttvar="1099" to="100000"/>
  2768. </host>
  2769. <host starttime="1606751262" endtime="1606758209"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2770. <address addr="176.121.14.229" addrtype="ipv4"/>
  2771. <hostnames>
  2772. <hostname name="ns1648.ztomy.com" type="PTR"/>
  2773. </hostnames>
  2774. <ports><extraports state="closed" count="996">
  2775. <extrareasons reason="conn-refused" count="996"/>
  2776. </extraports>
  2777. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2778. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 176.121.14.229,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 176.121.14.229,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2779. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2780. <port protocol="tcp" portid="7201"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="dlip" method="table" conf="3"/></port>
  2781. </ports>
  2782. <times srtt="128267" rttvar="2812" to="139515"/>
  2783. </host>
  2784. <host starttime="1606751262" endtime="1606758247"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2785. <address addr="195.123.233.50" addrtype="ipv4"/>
  2786. <hostnames>
  2787. <hostname name="vds-634823.hosted-by-itldc.com" type="PTR"/>
  2788. </hostnames>
  2789. <ports><extraports state="closed" count="990">
  2790. <extrareasons reason="conn-refused" count="990"/>
  2791. </extraports>
  2792. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2793. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  2794. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2795. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 195.123.233.50,/dpixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 195.123.233.50,/activity&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2796. <port protocol="tcp" portid="125"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="locus-map" method="table" conf="3"/></port>
  2797. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2798. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2799. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2800. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2801. <port protocol="tcp" portid="465"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  2802. </ports>
  2803. <times srtt="18823" rttvar="6564" to="100000"/>
  2804. </host>
  2805. <host starttime="1606751262" endtime="1606758298"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2806. <address addr="194.5.249.55" addrtype="ipv4"/>
  2807. <hostnames>
  2808. </hostnames>
  2809. <ports><extraports state="closed" count="994">
  2810. <extrareasons reason="conn-refused" count="994"/>
  2811. </extraports>
  2812. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2813. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 194.5.249.55,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENCA)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 194.5.249.55,/dpixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2814. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 194.5.249.55,/cx&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2815. <port protocol="tcp" portid="1007"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  2816. <port protocol="tcp" portid="1187"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="alias" method="table" conf="3"/></port>
  2817. <port protocol="tcp" portid="5500"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="hotline" method="table" conf="3"/></port>
  2818. </ports>
  2819. <times srtt="133005" rttvar="1593" to="139377"/>
  2820. </host>
  2821. <host starttime="1606751262" endtime="1606758262"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2822. <address addr="172.104.9.181" addrtype="ipv4"/>
  2823. <hostnames>
  2824. <hostname name="li1744-181.members.linode.com" type="PTR"/>
  2825. </hostnames>
  2826. <ports><extraports state="filtered" count="998">
  2827. <extrareasons reason="no-responses" count="998"/>
  2828. </extraports>
  2829. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: www.immigrationstatus.net,/checkstatus/v1/,immigrationstatus.net,/checkstatus/v1/&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.177&#xa;HTTP Method Path 2: /checkstatus/v2/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: POST&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2830. <port protocol="tcp" portid="5000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  2831. </ports>
  2832. <times srtt="22364" rttvar="9958" to="100000"/>
  2833. </host>
  2834. <host starttime="1606751262" endtime="1606758262"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2835. <address addr="161.35.218.255" addrtype="ipv4"/>
  2836. <hostnames>
  2837. </hostnames>
  2838. <ports><extraports state="closed" count="996">
  2839. <extrareasons reason="conn-refused" count="996"/>
  2840. </extraports>
  2841. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2842. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2843. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2844. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 161.35.218.255,/ptj&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2845. </ports>
  2846. <times srtt="99127" rttvar="1527" to="105235"/>
  2847. </host>
  2848. <host starttime="1606751263" endtime="1606758271"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2849. <address addr="185.232.52.137" addrtype="ipv4"/>
  2850. <hostnames>
  2851. <hostname name="jimbatton89890.prohoster.info" type="PTR"/>
  2852. </hostnames>
  2853. <ports><extraports state="closed" count="991">
  2854. <extrareasons reason="conn-refused" count="991"/>
  2855. </extraports>
  2856. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2857. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2858. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.232.52.137,/push&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.232.52.137,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2859. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2860. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.232.52.137,/fwlink&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2861. <port protocol="tcp" portid="1033"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netinfo" method="table" conf="3"/></port>
  2862. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  2863. <port protocol="tcp" portid="5901"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-1" method="table" conf="3"/></port>
  2864. <port protocol="tcp" portid="6001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:1" method="table" conf="3"/></port>
  2865. </ports>
  2866. <times srtt="98270" rttvar="1463" to="104122"/>
  2867. </host>
  2868. <host starttime="1606751262" endtime="1606758205"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2869. <address addr="121.37.175.161" addrtype="ipv4"/>
  2870. <hostnames>
  2871. <hostname name="ecs-121-37-175-161.compute.hwclouds-dns.com" type="PTR"/>
  2872. </hostnames>
  2873. <ports><extraports state="closed" count="986">
  2874. <extrareasons reason="conn-refused" count="986"/>
  2875. </extraports>
  2876. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2877. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  2878. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2879. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2880. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2881. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2882. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2883. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  2884. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  2885. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  2886. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  2887. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  2888. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  2889. <port protocol="tcp" portid="9001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tor-orport" method="table" conf="3"/></port>
  2890. </ports>
  2891. <times srtt="236453" rttvar="22374" to="325949"/>
  2892. </host>
  2893. <host starttime="1606751270" endtime="1606758261"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2894. <address addr="182.254.180.180" addrtype="ipv4"/>
  2895. <hostnames>
  2896. </hostnames>
  2897. <ports><extraports state="filtered" count="992">
  2898. <extrareasons reason="no-responses" count="992"/>
  2899. </extraports>
  2900. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2901. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  2902. <port protocol="tcp" portid="82"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xfer" method="table" conf="3"/></port>
  2903. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2904. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2905. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2906. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  2907. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  2908. </ports>
  2909. <times srtt="270837" rttvar="31603" to="397249"/>
  2910. </host>
  2911. <host starttime="1606751262" endtime="1606758265"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2912. <address addr="175.24.68.66" addrtype="ipv4"/>
  2913. <hostnames>
  2914. </hostnames>
  2915. <ports><extraports state="closed" count="984">
  2916. <extrareasons reason="conn-refused" count="984"/>
  2917. </extraports>
  2918. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2919. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  2920. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2921. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2922. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2923. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2924. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 175.24.68.66,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2925. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2926. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  2927. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  2928. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  2929. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  2930. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  2931. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  2932. <port protocol="tcp" portid="8088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2933. <port protocol="tcp" portid="10000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snet-sensor-mgmt" method="table" conf="3"/></port>
  2934. </ports>
  2935. <times srtt="214584" rttvar="4345" to="231964"/>
  2936. </host>
  2937. <host starttime="1606751262" endtime="1606758205"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2938. <address addr="178.62.233.180" addrtype="ipv4"/>
  2939. <hostnames>
  2940. </hostnames>
  2941. <ports><extraports state="closed" count="997">
  2942. <extrareasons reason="conn-refused" count="997"/>
  2943. </extraports>
  2944. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2945. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2946. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2947. </ports>
  2948. <times srtt="101326" rttvar="1455" to="107146"/>
  2949. </host>
  2950. <host starttime="1606751262" endtime="1606758253"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2951. <address addr="176.121.14.251" addrtype="ipv4"/>
  2952. <hostnames>
  2953. <hostname name="ns1648.ztomy.com" type="PTR"/>
  2954. </hostnames>
  2955. <ports><extraports state="closed" count="998">
  2956. <extrareasons reason="conn-refused" count="998"/>
  2957. </extraports>
  2958. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2959. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 176.121.14.251,/updates.rss&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2960. </ports>
  2961. <times srtt="126109" rttvar="1684" to="132845"/>
  2962. </host>
  2963. <host starttime="1606751270" endtime="1606758251"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2964. <address addr="178.162.199.36" addrtype="ipv4"/>
  2965. <hostnames>
  2966. </hostnames>
  2967. <ports><extraports state="closed" count="994">
  2968. <extrareasons reason="conn-refused" count="994"/>
  2969. </extraports>
  2970. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2971. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2972. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2973. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  2974. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2975. <port protocol="tcp" portid="3371"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="satvid-datalnk" method="table" conf="3"/></port>
  2976. </ports>
  2977. <times srtt="96228" rttvar="1087" to="100576"/>
  2978. </host>
  2979. <host starttime="1606751262" endtime="1606758243"><status state="up" reason="conn-refused" reason_ttl="0"/>
  2980. <address addr="139.60.161.215" addrtype="ipv4"/>
  2981. <hostnames>
  2982. </hostnames>
  2983. <ports><extraports state="closed" count="993">
  2984. <extrareasons reason="conn-refused" count="993"/>
  2985. </extraports>
  2986. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  2987. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  2988. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  2989. <port protocol="tcp" portid="139"><state state="filtered" reason="host-unreach" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  2990. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 600000&#xa;Jitter: 28&#xa;Maxdns: 245&#xa;C2 Server: 139.60.161.215,/jquery-3.3.1.min.js&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.3&#xa;HTTP Method Path 2: /jquery-3.3.2.min.js&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\dllhost.exe&#xa;Spawnto_x64: %windir%\sysnative\dllhost.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  2991. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  2992. <port protocol="tcp" portid="49152"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  2993. </ports>
  2994. <times srtt="15909" rttvar="2151" to="100000"/>
  2995. </host>
  2996. <host starttime="1606751262" endtime="1606758259"><status state="up" reason="syn-ack" reason_ttl="0"/>
  2997. <address addr="148.70.32.190" addrtype="ipv4"/>
  2998. <hostnames>
  2999. </hostnames>
  3000. <ports><extraports state="closed" count="993">
  3001. <extrareasons reason="conn-refused" count="993"/>
  3002. </extraports>
  3003. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3004. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3005. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 148.70.32.190,/pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MATMJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 148.70.32.190,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3006. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3007. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3008. <port protocol="tcp" portid="7938"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="lgtomapper" method="table" conf="3"/></port>
  3009. <port protocol="tcp" portid="50000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ibm-db2" method="table" conf="3"/></port>
  3010. </ports>
  3011. <times srtt="278568" rttvar="8843" to="313940"/>
  3012. </host>
  3013. <host starttime="1606751262" endtime="1606758226"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3014. <address addr="163.172.39.102" addrtype="ipv4"/>
  3015. <hostnames>
  3016. <hostname name="163-172-39-102.rev.poneytelecom.eu" type="PTR"/>
  3017. </hostnames>
  3018. <ports><extraports state="closed" count="990">
  3019. <extrareasons reason="conn-refused" count="990"/>
  3020. </extraports>
  3021. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3022. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3023. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3024. <port protocol="tcp" portid="3920"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="exasoftport1" method="table" conf="3"/></port>
  3025. <port protocol="tcp" portid="4848"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="appserv-http" method="table" conf="3"/></port>
  3026. <port protocol="tcp" portid="5800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3027. <port protocol="tcp" portid="5900"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  3028. <port protocol="tcp" portid="7676"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imqbrokerd" method="table" conf="3"/></port>
  3029. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3030. <port protocol="tcp" portid="8181"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="intermapper" method="table" conf="3"/></port>
  3031. </ports>
  3032. <times srtt="90630" rttvar="5432" to="112358"/>
  3033. </host>
  3034. <host starttime="1606751262" endtime="1606758238"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3035. <address addr="176.121.14.249" addrtype="ipv4"/>
  3036. <hostnames>
  3037. <hostname name="ns1648.ztomy.com" type="PTR"/>
  3038. </hostnames>
  3039. <ports><extraports state="closed" count="996">
  3040. <extrareasons reason="conn-refused" count="996"/>
  3041. </extraports>
  3042. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3043. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 176.121.14.249,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 176.121.14.249,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; ASU2JS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3044. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3045. <port protocol="tcp" portid="6004"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="X11:4" method="table" conf="3"/></port>
  3046. </ports>
  3047. <times srtt="126434" rttvar="2777" to="137542"/>
  3048. </host>
  3049. <host starttime="1606751262" endtime="1606758236"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3050. <address addr="154.86.30.241" addrtype="ipv4"/>
  3051. <hostnames>
  3052. </hostnames>
  3053. <ports><extraports state="closed" count="989">
  3054. <extrareasons reason="conn-refused" count="989"/>
  3055. </extraports>
  3056. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3057. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  3058. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  3059. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3060. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3061. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  3062. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  3063. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3064. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3065. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  3066. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3067. </ports>
  3068. <times srtt="219228" rttvar="5624" to="241724"/>
  3069. </host>
  3070. <host starttime="1606751262" endtime="1606758291"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3071. <address addr="159.65.229.6" addrtype="ipv4"/>
  3072. <hostnames>
  3073. </hostnames>
  3074. <ports><extraports state="closed" count="998">
  3075. <extrareasons reason="conn-refused" count="998"/>
  3076. </extraports>
  3077. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3078. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 159.65.229.6,/load&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 159.65.229.6,/updates.rss&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3079. </ports>
  3080. <times srtt="27860" rttvar="15436" to="100000"/>
  3081. </host>
  3082. <host starttime="1606751262" endtime="1606758290"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3083. <address addr="161.35.38.97" addrtype="ipv4"/>
  3084. <hostnames>
  3085. </hostnames>
  3086. <ports><extraports state="closed" count="998">
  3087. <extrareasons reason="conn-refused" count="998"/>
  3088. </extraports>
  3089. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3090. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 90000&#xa;Jitter: 15&#xa;Maxdns: 212&#xa;C2 Server: jscript-cdn.azureedge.net,/npm/[email protected]/dist/jquery.fullpage.min.css&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.3396.99 Safari/537.36&#xa;HTTP Method Path 2: /sites/p/b93/googleanalytics/track&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: h\x10U\x14&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\gpresult.exe&#xa;Spawnto_x64: %windir%\sysnative\gpresult.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3091. </ports>
  3092. <times srtt="89786" rttvar="2256" to="100000"/>
  3093. </host>
  3094. <host starttime="1606751262" endtime="1606758219"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3095. <address addr="45.33.27.73" addrtype="ipv4"/>
  3096. <hostnames>
  3097. <hostname name="li981-73.members.linode.com" type="PTR"/>
  3098. </hostnames>
  3099. <ports><extraports state="filtered" count="998">
  3100. <extrareasons reason="no-responses" count="998"/>
  3101. </extraports>
  3102. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.33.27.73,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.33.27.73,/push&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3103. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3104. </ports>
  3105. <times srtt="40081" rttvar="2588" to="100000"/>
  3106. </host>
  3107. <host starttime="1606751272" endtime="1606758286"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3108. <address addr="160.124.49.133" addrtype="ipv4"/>
  3109. <hostnames>
  3110. </hostnames>
  3111. <ports><extraports state="filtered" count="994">
  3112. <extrareasons reason="host-unreaches" count="943"/>
  3113. <extrareasons reason="no-responses" count="51"/>
  3114. </extraports>
  3115. <port protocol="tcp" portid="22"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3116. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3117. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3118. <port protocol="tcp" portid="7777"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cbt" method="table" conf="3"/></port>
  3119. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  3120. <port protocol="tcp" portid="8088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3121. </ports>
  3122. <times srtt="225404" rttvar="2214" to="234260"/>
  3123. </host>
  3124. <host starttime="1606751271" endtime="1606758279"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3125. <address addr="168.119.82.216" addrtype="ipv4"/>
  3126. <hostnames>
  3127. <hostname name="static.216.82.119.168.clients.your-server.de" type="PTR"/>
  3128. </hostnames>
  3129. <ports><extraports state="closed" count="994">
  3130. <extrareasons reason="conn-refused" count="994"/>
  3131. </extraports>
  3132. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3133. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3134. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 168.119.82.216,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 168.119.82.216,/load&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3135. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  3136. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 168.119.82.216,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3137. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  3138. </ports>
  3139. <times srtt="104333" rttvar="2599" to="114729"/>
  3140. </host>
  3141. <host starttime="1606751262" endtime="1606760685"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3142. <address addr="175.24.113.235" addrtype="ipv4"/>
  3143. <hostnames>
  3144. </hostnames>
  3145. <ports><extraports state="closed" count="984">
  3146. <extrareasons reason="conn-refused" count="984"/>
  3147. </extraports>
  3148. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3149. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  3150. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3151. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 175.24.113.235,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 175.24.113.235,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3152. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  3153. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  3154. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3155. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3156. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  3157. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  3158. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  3159. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  3160. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  3161. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  3162. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3163. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3164. </ports>
  3165. <times srtt="240259" rttvar="46461" to="426103"/>
  3166. </host>
  3167. <host starttime="1606751262" endtime="1606760678"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3168. <address addr="104.238.205.44" addrtype="ipv4"/>
  3169. <hostnames>
  3170. </hostnames>
  3171. <ports><extraports state="closed" count="997">
  3172. <extrareasons reason="conn-refused" count="997"/>
  3173. </extraports>
  3174. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3175. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3176. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: syscx.com,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; ASU2JS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3177. </ports>
  3178. <times srtt="33331" rttvar="2147" to="100000"/>
  3179. </host>
  3180. <host starttime="1606751262" endtime="1606760683"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3181. <address addr="168.119.0.88" addrtype="ipv4"/>
  3182. <hostnames>
  3183. <hostname name="static.88.0.119.168.clients.your-server.de" type="PTR"/>
  3184. </hostnames>
  3185. <ports><extraports state="closed" count="997">
  3186. <extrareasons reason="conn-refused" count="997"/>
  3187. </extraports>
  3188. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3189. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3190. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 168.119.0.88,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3191. </ports>
  3192. <times srtt="105181" rttvar="1977" to="113089"/>
  3193. </host>
  3194. <host starttime="1606751262" endtime="1606760661"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3195. <address addr="151.106.56.187" addrtype="ipv4"/>
  3196. <hostnames>
  3197. </hostnames>
  3198. <ports><extraports state="closed" count="995">
  3199. <extrareasons reason="conn-refused" count="995"/>
  3200. </extraports>
  3201. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3202. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3203. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3204. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3205. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3206. </ports>
  3207. <times srtt="94747" rttvar="1020" to="100000"/>
  3208. </host>
  3209. <host starttime="1606751268" endtime="1606760683"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3210. <address addr="155.138.245.98" addrtype="ipv4"/>
  3211. <hostnames>
  3212. <hostname name="155.138.245.98.vultr.com" type="PTR"/>
  3213. </hostnames>
  3214. <ports><extraports state="closed" count="998">
  3215. <extrareasons reason="conn-refused" count="998"/>
  3216. </extraports>
  3217. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3218. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 155.138.245.98,/pixel.gif&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3219. </ports>
  3220. <times srtt="41432" rttvar="3319" to="100000"/>
  3221. </host>
  3222. <host starttime="1606751262" endtime="1606760666"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3223. <address addr="104.237.4.40" addrtype="ipv4"/>
  3224. <hostnames>
  3225. <hostname name="mail2.purchasecare.net" type="PTR"/>
  3226. </hostnames>
  3227. <ports><extraports state="closed" count="996">
  3228. <extrareasons reason="conn-refused" count="996"/>
  3229. </extraports>
  3230. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3231. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3232. <port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  3233. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 104.237.4.40,/fwlink&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3234. </ports>
  3235. <times srtt="40631" rttvar="5161" to="100000"/>
  3236. </host>
  3237. <host starttime="1606751262" endtime="1606760687"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3238. <address addr="103.253.43.98" addrtype="ipv4"/>
  3239. <hostnames>
  3240. <hostname name="mail43098.app3.wd-clothing.com" type="PTR"/>
  3241. </hostnames>
  3242. <ports><extraports state="closed" count="996">
  3243. <extrareasons reason="conn-refused" count="996"/>
  3244. </extraports>
  3245. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3246. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3247. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3248. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3249. </ports>
  3250. <times srtt="321480" rttvar="1824" to="328776"/>
  3251. </host>
  3252. <host starttime="1606751263" endtime="1606760635"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3253. <address addr="54.214.197.200" addrtype="ipv4"/>
  3254. <hostnames>
  3255. <hostname name="ec2-54-214-197-200.us-west-2.compute.amazonaws.com" type="PTR"/>
  3256. </hostnames>
  3257. <ports><extraports state="filtered" count="997">
  3258. <extrareasons reason="no-responses" count="997"/>
  3259. </extraports>
  3260. <port protocol="tcp" portid="22"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3261. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3262. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: pnwcontent-delivery.com,/updates.rss&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3263. </ports>
  3264. <times srtt="91123" rttvar="2675" to="101823"/>
  3265. </host>
  3266. <host starttime="1606751262" endtime="1606760638"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3267. <address addr="165.227.85.160" addrtype="ipv4"/>
  3268. <hostnames>
  3269. </hostnames>
  3270. <ports><extraports state="closed" count="997">
  3271. <extrareasons reason="conn-refused" count="997"/>
  3272. </extraports>
  3273. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3274. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3275. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 165.227.85.160,/__utm.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3276. </ports>
  3277. <times srtt="21083" rttvar="12049" to="100000"/>
  3278. </host>
  3279. <host starttime="1606751262" endtime="1606760664"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3280. <address addr="159.138.58.45" addrtype="ipv4"/>
  3281. <hostnames>
  3282. <hostname name="ecs-159-138-58-45.compute.hwclouds-dns.com" type="PTR"/>
  3283. </hostnames>
  3284. <ports><extraports state="filtered" count="995">
  3285. <extrareasons reason="no-responses" count="995"/>
  3286. </extraports>
  3287. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3288. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3289. <port protocol="tcp" portid="99"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="metagram" method="table" conf="3"/></port>
  3290. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3291. <port protocol="tcp" portid="3389"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  3292. </ports>
  3293. <times srtt="219912" rttvar="2227" to="228820"/>
  3294. </host>
  3295. <host starttime="1606751262" endtime="1606760673"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3296. <address addr="34.211.110.219" addrtype="ipv4"/>
  3297. <hostnames>
  3298. <hostname name="ec2-34-211-110-219.us-west-2.compute.amazonaws.com" type="PTR"/>
  3299. </hostnames>
  3300. <ports><extraports state="filtered" count="998">
  3301. <extrareasons reason="no-responses" count="998"/>
  3302. </extraports>
  3303. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3304. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: nelnetbanks.com,/fwlink&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3305. </ports>
  3306. <times srtt="91878" rttvar="2228" to="100790"/>
  3307. </host>
  3308. <host starttime="1606751262" endtime="1606760666"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3309. <address addr="154.8.160.196" addrtype="ipv4"/>
  3310. <hostnames>
  3311. </hostnames>
  3312. <ports><extraports state="closed" count="994">
  3313. <extrareasons reason="conn-refused" count="994"/>
  3314. </extraports>
  3315. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3316. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3317. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3318. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3319. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  3320. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  3321. </ports>
  3322. <times srtt="238814" rttvar="1032" to="242942"/>
  3323. </host>
  3324. <host starttime="1606751262" endtime="1606760677"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3325. <address addr="95.217.197.66" addrtype="ipv4"/>
  3326. <hostnames>
  3327. <hostname name="static.66.197.217.95.clients.your-server.de" type="PTR"/>
  3328. </hostnames>
  3329. <ports><extraports state="closed" count="994">
  3330. <extrareasons reason="conn-refused" count="994"/>
  3331. </extraports>
  3332. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3333. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3334. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3335. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: oomdatacollect.global.ssl.fastly.net,/pixel.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3336. <port protocol="tcp" portid="500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
  3337. <port protocol="tcp" portid="12000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cce4x" method="table" conf="3"/></port>
  3338. </ports>
  3339. <times srtt="117958" rttvar="2139" to="126514"/>
  3340. </host>
  3341. <host starttime="1606751262" endtime="1606760675"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3342. <address addr="104.131.210.108" addrtype="ipv4"/>
  3343. <hostnames>
  3344. </hostnames>
  3345. <ports><extraports state="closed" count="995">
  3346. <extrareasons reason="conn-refused" count="995"/>
  3347. </extraports>
  3348. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3349. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3350. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3351. <port protocol="tcp" portid="84"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ctf" method="table" conf="3"/></port>
  3352. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: mobilecdnprod.azureedge.net,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: mobilecdnprod.azureedge.net,/ptj&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3353. </ports>
  3354. <times srtt="17274" rttvar="4318" to="100000"/>
  3355. </host>
  3356. <host starttime="1606751263" endtime="1606760669"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3357. <address addr="35.241.143.134" addrtype="ipv4"/>
  3358. <hostnames>
  3359. <hostname name="134.143.241.35.bc.googleusercontent.com" type="PTR"/>
  3360. </hostnames>
  3361. <ports><extraports state="filtered" count="998">
  3362. <extrareasons reason="no-responses" count="998"/>
  3363. </extraports>
  3364. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 20&#xa;Maxdns: 235&#xa;C2 Server: control.commanderinthe.cloud,/search/&#xa;User Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /Search/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x04\x04&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 20&#xa;Maxdns: 235&#xa;C2 Server: control.commanderinthe.cloud,/search/&#xa;User Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /Search/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x04\x04&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3365. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 20&#xa;Maxdns: 235&#xa;C2 Server: control.commanderinthe.cloud,/search/&#xa;User Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /Search/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x04\x04&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3366. </ports>
  3367. <times srtt="93412" rttvar="1891" to="100976"/>
  3368. </host>
  3369. <host starttime="1606751261" endtime="1606760687"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3370. <address addr="47.112.16.34" addrtype="ipv4"/>
  3371. <hostnames>
  3372. </hostnames>
  3373. <ports><extraports state="closed" count="991">
  3374. <extrareasons reason="conn-refused" count="991"/>
  3375. </extraports>
  3376. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  3377. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3378. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3379. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3380. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3381. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3382. <port protocol="tcp" portid="1580"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="tn-tl-r1" method="table" conf="3"/></port>
  3383. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  3384. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  3385. </ports>
  3386. <times srtt="235276" rttvar="2473" to="245168"/>
  3387. </host>
  3388. <host starttime="1606751261" endtime="1606760615"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3389. <address addr="120.79.38.19" addrtype="ipv4"/>
  3390. <hostnames>
  3391. </hostnames>
  3392. <ports><extraports state="closed" count="970">
  3393. <extrareasons reason="conn-refused" count="970"/>
  3394. </extraports>
  3395. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  3396. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3397. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3398. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3399. <port protocol="tcp" portid="82"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xfer" method="table" conf="3"/></port>
  3400. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3401. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3402. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  3403. <port protocol="tcp" portid="1024"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="kdm" method="table" conf="3"/></port>
  3404. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  3405. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  3406. <port protocol="tcp" portid="9999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="abyss" method="table" conf="3"/></port>
  3407. <port protocol="tcp" portid="55555"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3408. <port protocol="tcp" portid="55600"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3409. <port protocol="tcp" portid="56737"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3410. <port protocol="tcp" portid="56738"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3411. <port protocol="tcp" portid="57294"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3412. <port protocol="tcp" portid="57797"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3413. <port protocol="tcp" portid="58080"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3414. <port protocol="tcp" portid="60020"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3415. <port protocol="tcp" portid="60443"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3416. <port protocol="tcp" portid="61532"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3417. <port protocol="tcp" portid="61900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3418. <port protocol="tcp" portid="62078"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="iphone-sync" method="table" conf="3"/></port>
  3419. <port protocol="tcp" portid="63331"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3420. <port protocol="tcp" portid="64623"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3421. <port protocol="tcp" portid="64680"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3422. <port protocol="tcp" portid="65000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3423. <port protocol="tcp" portid="65129"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3424. <port protocol="tcp" portid="65389"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3425. </ports>
  3426. <times srtt="239268" rttvar="4253" to="256280"/>
  3427. </host>
  3428. <host starttime="1606751263" endtime="1606760638"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3429. <address addr="145.249.106.134" addrtype="ipv4"/>
  3430. <hostnames>
  3431. </hostnames>
  3432. <ports><extraports state="closed" count="990">
  3433. <extrareasons reason="conn-refused" count="990"/>
  3434. </extraports>
  3435. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3436. <port protocol="tcp" portid="23"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="telnet" method="table" conf="3"/></port>
  3437. <port protocol="tcp" portid="32"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3438. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3439. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 145.249.106.134,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 145.249.106.134,/dpixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3440. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 145.249.106.134,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3441. <port protocol="tcp" portid="2222"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="EtherNetIP-1" method="table" conf="3"/></port>
  3442. <port protocol="tcp" portid="2323"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="3d-nfsd" method="table" conf="3"/></port>
  3443. <port protocol="tcp" portid="5555"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="freeciv" method="table" conf="3"/></port>
  3444. <port protocol="tcp" portid="6789"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ibm-db2-admin" method="table" conf="3"/></port>
  3445. </ports>
  3446. <times srtt="101619" rttvar="5169" to="122295"/>
  3447. </host>
  3448. <host starttime="1606751262" endtime="1606760659"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3449. <address addr="144.217.207.21" addrtype="ipv4"/>
  3450. <hostnames>
  3451. <hostname name="ip21.ip-144-217-207.net" type="PTR"/>
  3452. </hostnames>
  3453. <ports><extraports state="closed" count="991">
  3454. <extrareasons reason="conn-refused" count="991"/>
  3455. </extraports>
  3456. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3457. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3458. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3459. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3460. <port protocol="tcp" portid="801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="device" method="table" conf="3"/></port>
  3461. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  3462. <port protocol="tcp" portid="6001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:1" method="table" conf="3"/></port>
  3463. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  3464. <port protocol="tcp" portid="8181"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="intermapper" method="table" conf="3"/></port>
  3465. </ports>
  3466. <times srtt="22418" rttvar="1333" to="100000"/>
  3467. </host>
  3468. <host starttime="1606751262" endtime="1606760687"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3469. <address addr="47.97.65.242" addrtype="ipv4"/>
  3470. <hostnames>
  3471. </hostnames>
  3472. <ports><extraports state="closed" count="993">
  3473. <extrareasons reason="conn-refused" count="993"/>
  3474. </extraports>
  3475. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3476. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3477. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3478. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.97.65.242,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3479. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3480. <port protocol="tcp" portid="7000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-fileserver" method="table" conf="3"/></port>
  3481. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3482. </ports>
  3483. <times srtt="214564" rttvar="4025" to="230664"/>
  3484. </host>
  3485. <host starttime="1606751261" endtime="1606760681"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3486. <address addr="139.60.162.19" addrtype="ipv4"/>
  3487. <hostnames>
  3488. </hostnames>
  3489. <ports><extraports state="closed" count="991">
  3490. <extrareasons reason="conn-refused" count="991"/>
  3491. </extraports>
  3492. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3493. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3494. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 139.60.162.19,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 139.60.162.19,/pixel.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3495. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  3496. <port protocol="tcp" portid="139"><state state="filtered" reason="host-unreach" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  3497. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3498. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3499. <port protocol="tcp" portid="4444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  3500. <port protocol="tcp" portid="49152"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3501. </ports>
  3502. <times srtt="17640" rttvar="7158" to="100000"/>
  3503. </host>
  3504. <host starttime="1606751262" endtime="1606760640"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3505. <address addr="155.94.177.80" addrtype="ipv4"/>
  3506. <hostnames>
  3507. <hostname name="155.94.177.80.static.quadranet.com" type="PTR"/>
  3508. </hostnames>
  3509. <ports><extraports state="closed" count="997">
  3510. <extrareasons reason="conn-refused" count="997"/>
  3511. </extraports>
  3512. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3513. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3514. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3515. </ports>
  3516. <times srtt="76637" rttvar="12419" to="126313"/>
  3517. </host>
  3518. <host starttime="1606751262" endtime="1606760656"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3519. <address addr="47.99.72.130" addrtype="ipv4"/>
  3520. <hostnames>
  3521. </hostnames>
  3522. <ports><extraports state="closed" count="992">
  3523. <extrareasons reason="conn-refused" count="992"/>
  3524. </extraports>
  3525. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3526. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3527. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: www.microport.com.cn,/match&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: www.microport.com.cn,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3528. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3529. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3530. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  3531. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  3532. <port protocol="tcp" portid="13722"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbackup" method="table" conf="3"/></port>
  3533. </ports>
  3534. <times srtt="224956" rttvar="5289" to="246112"/>
  3535. </host>
  3536. <host starttime="1606751262" endtime="1606760615"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3537. <address addr="47.101.43.224" addrtype="ipv4"/>
  3538. <hostnames>
  3539. </hostnames>
  3540. <ports><extraports state="closed" count="986">
  3541. <extrareasons reason="conn-refused" count="986"/>
  3542. </extraports>
  3543. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3544. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  3545. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3546. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  3547. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  3548. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3549. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3550. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  3551. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  3552. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  3553. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  3554. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  3555. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  3556. <port protocol="tcp" portid="13456"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3557. </ports>
  3558. <times srtt="233105" rttvar="16911" to="300749"/>
  3559. </host>
  3560. <host starttime="1606751263" endtime="1606760669"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3561. <address addr="139.59.1.154" addrtype="ipv4"/>
  3562. <hostnames>
  3563. </hostnames>
  3564. <ports><extraports state="closed" count="994">
  3565. <extrareasons reason="conn-refused" count="994"/>
  3566. </extraports>
  3567. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3568. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3569. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 139.59.1.154,/ca&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 139.59.1.154,/match&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3570. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  3571. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3572. <port protocol="tcp" portid="3000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ppp" method="table" conf="3"/></port>
  3573. </ports>
  3574. <times srtt="247562" rttvar="2789" to="258718"/>
  3575. </host>
  3576. <host starttime="1606751263" endtime="1606760678"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3577. <address addr="144.217.207.19" addrtype="ipv4"/>
  3578. <hostnames>
  3579. <hostname name="ip19.ip-144-217-207.net" type="PTR"/>
  3580. </hostnames>
  3581. <ports><extraports state="closed" count="993">
  3582. <extrareasons reason="conn-refused" count="993"/>
  3583. </extraports>
  3584. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3585. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3586. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3587. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3588. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3589. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  3590. <port protocol="tcp" portid="65000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3591. </ports>
  3592. <times srtt="21377" rttvar="436" to="100000"/>
  3593. </host>
  3594. <host starttime="1606751262" endtime="1606760659"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3595. <address addr="147.78.64.161" addrtype="ipv4"/>
  3596. <hostnames>
  3597. <hostname name="petrkoleeeesnikov.example.com" type="PTR"/>
  3598. </hostnames>
  3599. <ports><extraports state="closed" count="993">
  3600. <extrareasons reason="conn-refused" count="993"/>
  3601. </extraports>
  3602. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3603. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3604. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3605. <port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  3606. <port protocol="tcp" portid="179"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bgp" method="table" conf="3"/></port>
  3607. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 147.78.64.161,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3608. <port protocol="tcp" portid="8099"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3609. </ports>
  3610. <times srtt="133954" rttvar="1934" to="141690"/>
  3611. </host>
  3612. <host starttime="1606751266" endtime="1606760663"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3613. <address addr="145.249.107.130" addrtype="ipv4"/>
  3614. <hostnames>
  3615. </hostnames>
  3616. <ports><extraports state="closed" count="996">
  3617. <extrareasons reason="conn-refused" count="996"/>
  3618. </extraports>
  3619. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3620. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3621. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 145.249.107.130,/visit.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 145.249.107.130,/en_US/all.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3622. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 145.249.107.130,/fwlink&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3623. </ports>
  3624. <times srtt="103093" rttvar="5783" to="126225"/>
  3625. </host>
  3626. <host starttime="1606751271" endtime="1606760664"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3627. <address addr="149.129.63.219" addrtype="ipv4"/>
  3628. <hostnames>
  3629. </hostnames>
  3630. <ports><extraports state="closed" count="995">
  3631. <extrareasons reason="conn-refused" count="995"/>
  3632. </extraports>
  3633. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3634. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3635. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 149.129.63.219,/pixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 149.129.63.219,/load&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3636. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3637. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3638. </ports>
  3639. <times srtt="249643" rttvar="5996" to="273627"/>
  3640. </host>
  3641. <host starttime="1606751261" endtime="1606760686"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3642. <address addr="150.158.158.25" addrtype="ipv4"/>
  3643. <hostnames>
  3644. </hostnames>
  3645. <ports><extraports state="closed" count="984">
  3646. <extrareasons reason="conn-refused" count="984"/>
  3647. </extraports>
  3648. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3649. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  3650. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3651. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 150.158.158.25,/g.pixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3652. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  3653. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  3654. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 36.248.8.207,/activity,222.85.26.250,/pixel.gif,116.117.158.80,/__utm.gif,153.3.231.211,/cx,14.29.40.6,/IE9CompatViewList.xml,221.178.6.181,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3655. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3656. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  3657. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  3658. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  3659. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  3660. <port protocol="tcp" portid="1521"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oracle" method="table" conf="3"/></port>
  3661. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  3662. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  3663. <port protocol="tcp" portid="9877"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3664. </ports>
  3665. <times srtt="273416" rttvar="45338" to="454768"/>
  3666. </host>
  3667. <host starttime="1606751262" endtime="1606760677"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3668. <address addr="95.217.197.124" addrtype="ipv4"/>
  3669. <hostnames>
  3670. <hostname name="static.124.197.217.95.clients.your-server.de" type="PTR"/>
  3671. </hostnames>
  3672. <ports><extraports state="closed" count="994">
  3673. <extrareasons reason="conn-refused" count="994"/>
  3674. </extraports>
  3675. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3676. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3677. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3678. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3679. <port protocol="tcp" portid="500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
  3680. <port protocol="tcp" portid="12000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cce4x" method="table" conf="3"/></port>
  3681. </ports>
  3682. <times srtt="115796" rttvar="3742" to="130764"/>
  3683. </host>
  3684. <host starttime="1606751261" endtime="1606760638"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3685. <address addr="34.80.10.27" addrtype="ipv4"/>
  3686. <hostnames>
  3687. <hostname name="27.10.80.34.bc.googleusercontent.com" type="PTR"/>
  3688. </hostnames>
  3689. <ports><extraports state="filtered" count="996">
  3690. <extrareasons reason="no-responses" count="996"/>
  3691. </extraports>
  3692. <port protocol="tcp" portid="22"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3693. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3694. <port protocol="tcp" portid="3389"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  3695. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  3696. </ports>
  3697. <times srtt="204547" rttvar="4283" to="221679"/>
  3698. </host>
  3699. <host starttime="1606751262" endtime="1606760671"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3700. <address addr="18.223.155.112" addrtype="ipv4"/>
  3701. <hostnames>
  3702. <hostname name="ec2-18-223-155-112.us-east-2.compute.amazonaws.com" type="PTR"/>
  3703. </hostnames>
  3704. <ports><extraports state="closed" count="996">
  3705. <extrareasons reason="conn-refused" count="996"/>
  3706. </extraports>
  3707. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3708. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3709. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 18.223.155.112,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 18.223.155.112,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSSEM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3710. <port protocol="tcp" portid="7777"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cbt" method="table" conf="3"/></port>
  3711. </ports>
  3712. <times srtt="36639" rttvar="6205" to="100000"/>
  3713. </host>
  3714. <host starttime="1606751272" endtime="1606760669"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3715. <address addr="35.220.144.193" addrtype="ipv4"/>
  3716. <hostnames>
  3717. <hostname name="193.144.220.35.bc.googleusercontent.com" type="PTR"/>
  3718. </hostnames>
  3719. <ports><extraports state="closed" count="950">
  3720. <extrareasons reason="conn-refused" count="950"/>
  3721. </extraports>
  3722. <extraports state="filtered" count="45">
  3723. <extrareasons reason="no-responses" count="45"/>
  3724. </extraports>
  3725. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3726. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 35.220.144.193,/cx&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 35.220.144.193,/push&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3727. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3728. <port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3729. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3730. </ports>
  3731. <times srtt="215741" rttvar="6139" to="240297"/>
  3732. </host>
  3733. <host starttime="1606751261" endtime="1606760592"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3734. <address addr="138.91.90.6" addrtype="ipv4"/>
  3735. <hostnames>
  3736. </hostnames>
  3737. <ports><extraports state="filtered" count="998">
  3738. <extrareasons reason="no-responses" count="998"/>
  3739. </extraports>
  3740. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3741. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3742. </ports>
  3743. <times srtt="75670" rttvar="1686" to="100000"/>
  3744. </host>
  3745. <host starttime="1606751269" endtime="1606760686"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3746. <address addr="149.28.95.180" addrtype="ipv4"/>
  3747. <hostnames>
  3748. <hostname name="149.28.95.180.vultr.com" type="PTR"/>
  3749. </hostnames>
  3750. <ports><extraports state="closed" count="994">
  3751. <extrareasons reason="conn-refused" count="994"/>
  3752. </extraports>
  3753. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3754. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  3755. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  3756. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3757. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3758. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  3759. </ports>
  3760. <times srtt="67679" rttvar="1348" to="100000"/>
  3761. </host>
  3762. <host starttime="1606751262" endtime="1606760669"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3763. <address addr="139.155.245.29" addrtype="ipv4"/>
  3764. <hostnames>
  3765. </hostnames>
  3766. <ports><extraports state="closed" count="986">
  3767. <extrareasons reason="conn-refused" count="986"/>
  3768. </extraports>
  3769. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3770. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3771. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  3772. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  3773. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3774. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3775. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  3776. <port protocol="tcp" portid="8022"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oa-system" method="table" conf="3"/></port>
  3777. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3778. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3779. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3780. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3781. <port protocol="tcp" portid="49156"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3782. <port protocol="tcp" portid="49160"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3783. </ports>
  3784. <times srtt="264901" rttvar="3144" to="277477"/>
  3785. </host>
  3786. <host starttime="1606751261" endtime="1606760596"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3787. <address addr="146.6.15.12" addrtype="ipv4"/>
  3788. <hostnames>
  3789. <hostname name="cobaltstrike.infosec.utexas.edu" type="PTR"/>
  3790. </hostnames>
  3791. <ports><extraports state="filtered" count="986">
  3792. <extrareasons reason="host-unreaches" count="911"/>
  3793. <extrareasons reason="no-responses" count="75"/>
  3794. </extraports>
  3795. <port protocol="tcp" portid="21"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  3796. <port protocol="tcp" portid="25"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  3797. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  3798. <port protocol="tcp" portid="110"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="pop3" method="table" conf="3"/></port>
  3799. <port protocol="tcp" portid="143"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="imap" method="table" conf="3"/></port>
  3800. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 146.6.15.12,/match&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3801. <port protocol="tcp" portid="465"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  3802. <port protocol="tcp" portid="587"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="submission" method="table" conf="3"/></port>
  3803. <port protocol="tcp" portid="993"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="imaps" method="table" conf="3"/></port>
  3804. <port protocol="tcp" portid="995"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="pop3s" method="table" conf="3"/></port>
  3805. <port protocol="tcp" portid="1234"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="hotline" method="table" conf="3"/></port>
  3806. <port protocol="tcp" portid="4444"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  3807. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  3808. <port protocol="tcp" portid="8181"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="intermapper" method="table" conf="3"/></port>
  3809. </ports>
  3810. <times srtt="48877" rttvar="4888" to="100000"/>
  3811. </host>
  3812. <host starttime="1606751261" endtime="1606760666"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3813. <address addr="108.177.235.22" addrtype="ipv4"/>
  3814. <hostnames>
  3815. </hostnames>
  3816. <ports><extraports state="closed" count="993">
  3817. <extrareasons reason="conn-refused" count="993"/>
  3818. </extraports>
  3819. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3820. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3821. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  3822. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  3823. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3824. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3825. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3826. </ports>
  3827. <times srtt="71317" rttvar="3531" to="100000"/>
  3828. </host>
  3829. <host starttime="1606751263" endtime="1606760677"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3830. <address addr="139.155.59.181" addrtype="ipv4"/>
  3831. <hostnames>
  3832. </hostnames>
  3833. <ports><extraports state="closed" count="992">
  3834. <extrareasons reason="conn-refused" count="992"/>
  3835. </extraports>
  3836. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3837. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3838. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 172.19.30.253,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 172.19.30.253,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3839. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3840. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3841. <port protocol="tcp" portid="2638"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="sybase" method="table" conf="3"/></port>
  3842. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  3843. <port protocol="tcp" portid="8899"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ospf-lite" method="table" conf="3"/></port>
  3844. </ports>
  3845. <times srtt="283442" rttvar="7843" to="314814"/>
  3846. </host>
  3847. <host starttime="1606751262" endtime="1606760649"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3848. <address addr="104.41.130.190" addrtype="ipv4"/>
  3849. <hostnames>
  3850. </hostnames>
  3851. <ports><extraports state="filtered" count="998">
  3852. <extrareasons reason="no-responses" count="998"/>
  3853. </extraports>
  3854. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3855. <port protocol="tcp" portid="10082"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="amandaidx" method="table" conf="3"/></port>
  3856. </ports>
  3857. <times srtt="12511" rttvar="3173" to="100000"/>
  3858. </host>
  3859. <host starttime="1606751262" endtime="1606760658"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3860. <address addr="103.224.82.194" addrtype="ipv4"/>
  3861. <hostnames>
  3862. </hostnames>
  3863. <ports><extraports state="closed" count="990">
  3864. <extrareasons reason="conn-refused" count="990"/>
  3865. </extraports>
  3866. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3867. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3868. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3869. <port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  3870. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  3871. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  3872. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3873. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3874. <port protocol="tcp" portid="1433"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3"/></port>
  3875. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  3876. </ports>
  3877. <times srtt="229848" rttvar="4728" to="248760"/>
  3878. </host>
  3879. <host starttime="1606751262" endtime="1606760659"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3880. <address addr="123.56.133.239" addrtype="ipv4"/>
  3881. <hostnames>
  3882. </hostnames>
  3883. <ports><extraports state="closed" count="992">
  3884. <extrareasons reason="conn-refused" count="992"/>
  3885. </extraports>
  3886. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3887. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3888. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3889. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3890. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3891. <port protocol="tcp" portid="1094"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rootd" method="table" conf="3"/></port>
  3892. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  3893. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  3894. </ports>
  3895. <times srtt="239367" rttvar="1934" to="247103"/>
  3896. </host>
  3897. <host starttime="1606751262" endtime="1606760654"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3898. <address addr="134.209.92.85" addrtype="ipv4"/>
  3899. <hostnames>
  3900. </hostnames>
  3901. <ports><extraports state="closed" count="996">
  3902. <extrareasons reason="conn-refused" count="996"/>
  3903. </extraports>
  3904. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3905. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3906. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3907. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3908. </ports>
  3909. <times srtt="100900" rttvar="1355" to="106320"/>
  3910. </host>
  3911. <host starttime="1606751262" endtime="1606760631"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3912. <address addr="139.59.204.7" addrtype="ipv4"/>
  3913. <hostnames>
  3914. </hostnames>
  3915. <ports><extraports state="closed" count="997">
  3916. <extrareasons reason="conn-refused" count="997"/>
  3917. </extraports>
  3918. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3919. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3920. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 139.59.204.7,/visit.js&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3921. </ports>
  3922. <times srtt="100613" rttvar="1975" to="108513"/>
  3923. </host>
  3924. <host starttime="1606751270" endtime="1606760658"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3925. <address addr="141.98.80.152" addrtype="ipv4"/>
  3926. <hostnames>
  3927. </hostnames>
  3928. <ports><extraports state="closed" count="996">
  3929. <extrareasons reason="conn-refused" count="996"/>
  3930. </extraports>
  3931. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3932. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3933. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 141.98.80.152,/j.ad&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 141.98.80.152,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3934. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3935. </ports>
  3936. <times srtt="93854" rttvar="1307" to="100000"/>
  3937. </host>
  3938. <host starttime="1606751272" endtime="1606760654"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3939. <address addr="45.61.136.65" addrtype="ipv4"/>
  3940. <hostnames>
  3941. </hostnames>
  3942. <ports><extraports state="filtered" count="997">
  3943. <extrareasons reason="no-responses" count="997"/>
  3944. </extraports>
  3945. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  3946. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 37500&#xa;Jitter: 33&#xa;Maxdns: 245&#xa;C2 Server: 45.79.72.33,/auto.cfg.bat&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729&#xa;HTTP Method Path 2: /html&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 37500&#xa;Jitter: 33&#xa;Maxdns: 245&#xa;C2 Server: 45.79.72.33,/auto.cfg.bat&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729&#xa;HTTP Method Path 2: /html&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3947. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3948. </ports>
  3949. <times srtt="84049" rttvar="18068" to="156321"/>
  3950. </host>
  3951. <host starttime="1606751275" endtime="1606760638"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3952. <address addr="121.37.139.238" addrtype="ipv4"/>
  3953. <hostnames>
  3954. <hostname name="ecs-121-37-139-238.compute.hwclouds-dns.com" type="PTR"/>
  3955. </hostnames>
  3956. <ports><extraports state="closed" count="979">
  3957. <extrareasons reason="conn-refused" count="979"/>
  3958. </extraports>
  3959. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  3960. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  3961. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3962. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  3963. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  3964. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 121.37.139.238,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 121.37.139.238,/ca&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  3965. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  3966. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  3967. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  3968. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  3969. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  3970. <port protocol="tcp" portid="2222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="EtherNetIP-1" method="table" conf="3"/></port>
  3971. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  3972. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  3973. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  3974. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3975. <port protocol="tcp" portid="8011"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  3976. <port protocol="tcp" portid="9999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="abyss" method="table" conf="3"/></port>
  3977. <port protocol="tcp" portid="10001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="scp-config" method="table" conf="3"/></port>
  3978. <port protocol="tcp" portid="10003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="documentum_s" method="table" conf="3"/></port>
  3979. <port protocol="tcp" portid="20000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dnp" method="table" conf="3"/></port>
  3980. </ports>
  3981. <times srtt="216493" rttvar="7562" to="246741"/>
  3982. </host>
  3983. <host starttime="1606751275" endtime="1606760658"><status state="up" reason="syn-ack" reason_ttl="0"/>
  3984. <address addr="106.14.94.149" addrtype="ipv4"/>
  3985. <hostnames>
  3986. </hostnames>
  3987. <ports><extraports state="filtered" count="996">
  3988. <extrareasons reason="no-responses" count="996"/>
  3989. </extraports>
  3990. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  3991. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  3992. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  3993. <port protocol="tcp" portid="8888"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  3994. </ports>
  3995. <times srtt="214967" rttvar="5082" to="235295"/>
  3996. </host>
  3997. <host starttime="1606751262" endtime="1606760649"><status state="up" reason="conn-refused" reason_ttl="0"/>
  3998. <address addr="52.89.33.58" addrtype="ipv4"/>
  3999. <hostnames>
  4000. <hostname name="ec2-52-89-33-58.us-west-2.compute.amazonaws.com" type="PTR"/>
  4001. </hostnames>
  4002. <ports><extraports state="filtered" count="998">
  4003. <extrareasons reason="no-responses" count="998"/>
  4004. </extraports>
  4005. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  4006. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4007. </ports>
  4008. <times srtt="90448" rttvar="732" to="100000"/>
  4009. </host>
  4010. <host starttime="1606751263" endtime="1606760651"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4011. <address addr="119.3.40.158" addrtype="ipv4"/>
  4012. <hostnames>
  4013. <hostname name="ecs-119-3-40-158.compute.hwclouds-dns.com" type="PTR"/>
  4014. </hostnames>
  4015. <ports><extraports state="filtered" count="987">
  4016. <extrareasons reason="no-responses" count="987"/>
  4017. </extraports>
  4018. <port protocol="tcp" portid="20"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp-data" method="table" conf="3"/></port>
  4019. <port protocol="tcp" portid="21"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  4020. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4021. <port protocol="tcp" portid="25"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  4022. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4023. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4024. <port protocol="tcp" portid="1234"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="hotline" method="table" conf="3"/></port>
  4025. <port protocol="tcp" portid="1521"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="oracle" method="table" conf="3"/></port>
  4026. <port protocol="tcp" portid="3306"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  4027. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  4028. <port protocol="tcp" portid="8001"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="vcom-tunnel" method="table" conf="3"/></port>
  4029. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4030. <port protocol="tcp" portid="8181"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="intermapper" method="table" conf="3"/></port>
  4031. </ports>
  4032. <times srtt="217242" rttvar="4430" to="234962"/>
  4033. </host>
  4034. <host starttime="1606751262" endtime="1606760641"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4035. <address addr="94.140.115.131" addrtype="ipv4"/>
  4036. <hostnames>
  4037. </hostnames>
  4038. <ports><extraports state="closed" count="992">
  4039. <extrareasons reason="conn-refused" count="992"/>
  4040. </extraports>
  4041. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4042. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4043. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 94.140.115.131,/ga.js&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; BOIE8;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 94.140.115.131,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MDDCJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4044. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  4045. <port protocol="tcp" portid="135"><state state="filtered" reason="host-unreach" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4046. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4047. <port protocol="tcp" portid="1864"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="paradym-31" method="table" conf="3"/></port>
  4048. <port protocol="tcp" portid="3801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ibm-mgr" method="table" conf="3"/></port>
  4049. </ports>
  4050. <times srtt="129487" rttvar="1588" to="135839"/>
  4051. </host>
  4052. <host starttime="1606751262" endtime="1606760669"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4053. <address addr="103.45.120.215" addrtype="ipv4"/>
  4054. <hostnames>
  4055. </hostnames>
  4056. <ports><extraports state="closed" count="980">
  4057. <extrareasons reason="conn-refused" count="980"/>
  4058. </extraports>
  4059. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4060. <port protocol="tcp" portid="83"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mit-ml-dev" method="table" conf="3"/></port>
  4061. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  4062. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4063. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4064. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4065. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4066. <port protocol="tcp" portid="1025"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  4067. <port protocol="tcp" portid="1026"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="LSA-or-nterm" method="table" conf="3"/></port>
  4068. <port protocol="tcp" portid="1027"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="IIS" method="table" conf="3"/></port>
  4069. <port protocol="tcp" portid="1028"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4070. <port protocol="tcp" portid="1035"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="multidropper" method="table" conf="3"/></port>
  4071. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  4072. <port protocol="tcp" portid="1900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  4073. <port protocol="tcp" portid="2222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="EtherNetIP-1" method="table" conf="3"/></port>
  4074. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  4075. <port protocol="tcp" portid="6667"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  4076. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 103.45.120.215,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 103.45.120.215,/match&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4077. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4078. <port protocol="tcp" portid="15742"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4079. </ports>
  4080. <times srtt="247401" rttvar="3584" to="261737"/>
  4081. </host>
  4082. <host starttime="1606751262" endtime="1606760677"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4083. <address addr="142.202.205.57" addrtype="ipv4"/>
  4084. <hostnames>
  4085. </hostnames>
  4086. <ports><extraports state="closed" count="994">
  4087. <extrareasons reason="conn-refused" count="994"/>
  4088. </extraports>
  4089. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4090. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4091. <port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  4092. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 142.202.205.57,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4093. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4094. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  4095. </ports>
  4096. <times srtt="30733" rttvar="16565" to="100000"/>
  4097. </host>
  4098. <host starttime="1606751262" endtime="1606760625"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4099. <address addr="142.202.205.88" addrtype="ipv4"/>
  4100. <hostnames>
  4101. </hostnames>
  4102. <ports><extraports state="closed" count="996">
  4103. <extrareasons reason="conn-refused" count="996"/>
  4104. </extraports>
  4105. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4106. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4107. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4108. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 142.202.205.88,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4109. </ports>
  4110. <times srtt="23256" rttvar="3168" to="100000"/>
  4111. </host>
  4112. <host starttime="1606751262" endtime="1606760645"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4113. <address addr="139.155.2.101" addrtype="ipv4"/>
  4114. <hostnames>
  4115. </hostnames>
  4116. <ports><extraports state="closed" count="992">
  4117. <extrareasons reason="conn-refused" count="992"/>
  4118. </extraports>
  4119. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4120. <port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="telnet" method="table" conf="3"/></port>
  4121. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4122. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 50&#xa;Maxdns: 255&#xa;C2 Server: 104.27.185.91,/s/ref=nb_sb_noss_1/167-3294888-0262941/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/MS.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 50&#xa;Maxdns: 255&#xa;C2 Server: 104.27.185.91,/s/ref=nb_sb_noss_1/167-3294888-0262941/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/MS.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4123. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4124. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4125. <port protocol="tcp" portid="1066"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="fpo-fns" method="table" conf="3"/></port>
  4126. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 5000&#xa;Jitter: 50&#xa;Maxdns: 255&#xa;C2 Server: 139.155.2.101,/s/ref=nb_sb_noss_1/167-3294888-0262941/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/MS.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 5000&#xa;Jitter: 50&#xa;Maxdns: 255&#xa;C2 Server: 139.155.2.101,/s/ref=nb_sb_noss_1/167-3294888-0262941/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/MS.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4127. </ports>
  4128. <times srtt="262062" rttvar="3671" to="276746"/>
  4129. </host>
  4130. <host starttime="1606751262" endtime="1606760635"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4131. <address addr="139.180.212.244" addrtype="ipv4"/>
  4132. <hostnames>
  4133. <hostname name="139.180.212.244.vultr.com" type="PTR"/>
  4134. </hostnames>
  4135. <ports><extraports state="closed" count="994">
  4136. <extrareasons reason="conn-refused" count="994"/>
  4137. </extraports>
  4138. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4139. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4140. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 139.180.212.244,/push&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 139.180.212.244,/visit.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4141. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4142. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4143. <port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4144. </ports>
  4145. <times srtt="231848" rttvar="1749" to="238844"/>
  4146. </host>
  4147. <host starttime="1606751262" endtime="1606760658"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4148. <address addr="95.217.197.67" addrtype="ipv4"/>
  4149. <hostnames>
  4150. <hostname name="static.67.197.217.95.clients.your-server.de" type="PTR"/>
  4151. </hostnames>
  4152. <ports><extraports state="closed" count="994">
  4153. <extrareasons reason="conn-refused" count="994"/>
  4154. </extraports>
  4155. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4156. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4157. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4158. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: oomdatacollect.global.ssl.fastly.net,/pixel.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4159. <port protocol="tcp" portid="500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
  4160. <port protocol="tcp" portid="12000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cce4x" method="table" conf="3"/></port>
  4161. </ports>
  4162. <times srtt="118193" rttvar="5368" to="139665"/>
  4163. </host>
  4164. <host starttime="1606751262" endtime="1606760609"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4165. <address addr="104.243.46.74" addrtype="ipv4"/>
  4166. <hostnames>
  4167. </hostnames>
  4168. <ports><extraports state="closed" count="997">
  4169. <extrareasons reason="conn-refused" count="997"/>
  4170. </extraports>
  4171. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4172. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4173. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 104.243.46.74,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4174. </ports>
  4175. <times srtt="37056" rttvar="5705" to="100000"/>
  4176. </host>
  4177. <host starttime="1606751262" endtime="1606760658"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4178. <address addr="129.226.15.142" addrtype="ipv4"/>
  4179. <hostnames>
  4180. </hostnames>
  4181. <ports><extraports state="closed" count="995">
  4182. <extrareasons reason="conn-refused" count="995"/>
  4183. </extraports>
  4184. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4185. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4186. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  4187. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4188. <port protocol="tcp" portid="1088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cplscrambler-al" method="table" conf="3"/></port>
  4189. </ports>
  4190. <times srtt="230271" rttvar="5334" to="251607"/>
  4191. </host>
  4192. <host starttime="1606751262" endtime="1606760661"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4193. <address addr="121.41.82.60" addrtype="ipv4"/>
  4194. <hostnames>
  4195. </hostnames>
  4196. <ports><extraports state="closed" count="991">
  4197. <extrareasons reason="conn-refused" count="991"/>
  4198. </extraports>
  4199. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4200. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4201. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4202. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4203. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4204. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4205. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4206. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  4207. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4208. </ports>
  4209. <times srtt="231056" rttvar="6743" to="258028"/>
  4210. </host>
  4211. <host starttime="1606751262" endtime="1606760650"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4212. <address addr="139.180.199.171" addrtype="ipv4"/>
  4213. <hostnames>
  4214. <hostname name="139.180.199.171.vultr.com" type="PTR"/>
  4215. </hostnames>
  4216. <ports><extraports state="closed" count="992">
  4217. <extrareasons reason="conn-refused" count="992"/>
  4218. </extraports>
  4219. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4220. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4221. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4222. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4223. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4224. <port protocol="tcp" portid="6002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:2" method="table" conf="3"/></port>
  4225. <port protocol="tcp" portid="6007"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:7" method="table" conf="3"/></port>
  4226. <port protocol="tcp" portid="9011"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="d-star" method="table" conf="3"/></port>
  4227. </ports>
  4228. <times srtt="181230" rttvar="1050" to="185430"/>
  4229. </host>
  4230. <host starttime="1606751263" endtime="1606760611"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4231. <address addr="139.155.42.254" addrtype="ipv4"/>
  4232. <hostnames>
  4233. </hostnames>
  4234. <ports><extraports state="closed" count="988">
  4235. <extrareasons reason="conn-refused" count="988"/>
  4236. </extraports>
  4237. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4238. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4239. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4240. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4241. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4242. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4243. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  4244. <port protocol="tcp" portid="12345"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbus" method="table" conf="3"/></port>
  4245. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4246. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4247. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4248. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4249. </ports>
  4250. <times srtt="276655" rttvar="9542" to="314823"/>
  4251. </host>
  4252. <host starttime="1606751263" endtime="1606760648"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4253. <address addr="137.59.16.168" addrtype="ipv4"/>
  4254. <hostnames>
  4255. </hostnames>
  4256. <ports><extraports state="closed" count="996">
  4257. <extrareasons reason="conn-refused" count="996"/>
  4258. </extraports>
  4259. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4260. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4261. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4262. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4263. </ports>
  4264. <times srtt="201699" rttvar="2910" to="213339"/>
  4265. </host>
  4266. <host starttime="1606751269" endtime="1606762642"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4267. <address addr="135.181.1.70" addrtype="ipv4"/>
  4268. <hostnames>
  4269. <hostname name="static.70.1.181.135.clients.your-server.de" type="PTR"/>
  4270. </hostnames>
  4271. <ports><extraports state="closed" count="996">
  4272. <extrareasons reason="conn-refused" count="996"/>
  4273. </extraports>
  4274. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4275. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4276. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4277. <port protocol="tcp" portid="6666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  4278. </ports>
  4279. <times srtt="117706" rttvar="2242" to="126674"/>
  4280. </host>
  4281. <host starttime="1606751262" endtime="1606762675"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4282. <address addr="108.166.207.133" addrtype="ipv4"/>
  4283. <hostnames>
  4284. <hostname name="133-207-166-108-dedicated.multacom.com" type="PTR"/>
  4285. </hostnames>
  4286. <ports><extraports state="closed" count="994">
  4287. <extrareasons reason="conn-refused" count="994"/>
  4288. </extraports>
  4289. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4290. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 108.166.207.133,/cm&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 108.166.207.133,/pixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4291. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4292. <port protocol="tcp" portid="1094"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rootd" method="table" conf="3"/></port>
  4293. <port protocol="tcp" portid="3784"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bfd-control" method="table" conf="3"/></port>
  4294. <port protocol="tcp" portid="9595"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pds" method="table" conf="3"/></port>
  4295. </ports>
  4296. <times srtt="69507" rttvar="2106" to="100000"/>
  4297. </host>
  4298. <host starttime="1606751262" endtime="1606762682"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4299. <address addr="119.3.141.162" addrtype="ipv4"/>
  4300. <hostnames>
  4301. <hostname name="ecs-119-3-141-162.compute.hwclouds-dns.com" type="PTR"/>
  4302. </hostnames>
  4303. <ports><extraports state="closed" count="987">
  4304. <extrareasons reason="conn-refused" count="987"/>
  4305. </extraports>
  4306. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4307. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  4308. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4309. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4310. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4311. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4312. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4313. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  4314. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  4315. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  4316. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  4317. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  4318. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  4319. </ports>
  4320. <times srtt="220990" rttvar="6238" to="245942"/>
  4321. </host>
  4322. <host starttime="1606751263" endtime="1606762698"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4323. <address addr="120.24.64.98" addrtype="ipv4"/>
  4324. <hostnames>
  4325. </hostnames>
  4326. <ports><extraports state="closed" count="993">
  4327. <extrareasons reason="conn-refused" count="993"/>
  4328. </extraports>
  4329. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4330. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4331. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4332. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4333. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4334. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  4335. <port protocol="tcp" portid="4445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="upnotifyp" method="table" conf="3"/></port>
  4336. </ports>
  4337. <times srtt="237829" rttvar="6603" to="264241"/>
  4338. </host>
  4339. <host starttime="1606751262" endtime="1606762644"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4340. <address addr="104.247.196.106" addrtype="ipv4"/>
  4341. <hostnames>
  4342. </hostnames>
  4343. <ports><extraports state="closed" count="997">
  4344. <extrareasons reason="conn-refused" count="997"/>
  4345. </extraports>
  4346. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4347. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4348. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4349. </ports>
  4350. <times srtt="72472" rttvar="1802" to="100000"/>
  4351. </host>
  4352. <host starttime="1606751262" endtime="1606762688"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4353. <address addr="103.106.65.251" addrtype="ipv4"/>
  4354. <hostnames>
  4355. <hostname name="ip-103-106-65-251.addr.localhost.net.nz" type="PTR"/>
  4356. </hostnames>
  4357. <ports><extraports state="closed" count="997">
  4358. <extrareasons reason="conn-refused" count="997"/>
  4359. </extraports>
  4360. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4361. <port protocol="tcp" portid="80"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  4362. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4363. </ports>
  4364. <times srtt="228740" rttvar="671" to="231424"/>
  4365. </host>
  4366. <host starttime="1606751262" endtime="1606762698"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4367. <address addr="111.229.51.128" addrtype="ipv4"/>
  4368. <hostnames>
  4369. </hostnames>
  4370. <ports><extraports state="closed" count="986">
  4371. <extrareasons reason="conn-refused" count="986"/>
  4372. </extraports>
  4373. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4374. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  4375. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4376. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4377. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4378. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4379. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4380. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  4381. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  4382. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  4383. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  4384. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  4385. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  4386. <port protocol="tcp" portid="7000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-fileserver" method="table" conf="3"/></port>
  4387. </ports>
  4388. <times srtt="213839" rttvar="2279" to="222955"/>
  4389. </host>
  4390. <host starttime="1606751262" endtime="1606762671"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4391. <address addr="121.36.211.148" addrtype="ipv4"/>
  4392. <hostnames>
  4393. <hostname name="ecs-121-36-211-148.compute.hwclouds-dns.com" type="PTR"/>
  4394. </hostnames>
  4395. <ports><extraports state="closed" count="984">
  4396. <extrareasons reason="conn-refused" count="984"/>
  4397. </extraports>
  4398. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4399. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  4400. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4401. <port protocol="tcp" portid="90"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dnsix" method="table" conf="3"/></port>
  4402. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4403. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4404. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4405. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4406. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  4407. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  4408. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  4409. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  4410. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  4411. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  4412. <port protocol="tcp" portid="5432"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="postgresql" method="table" conf="3"/></port>
  4413. <port protocol="tcp" portid="8089"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4414. </ports>
  4415. <times srtt="215465" rttvar="6846" to="242849"/>
  4416. </host>
  4417. <host starttime="1606751263" endtime="1606762655"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4418. <address addr="119.28.9.129" addrtype="ipv4"/>
  4419. <hostnames>
  4420. </hostnames>
  4421. <ports><extraports state="closed" count="996">
  4422. <extrareasons reason="conn-refused" count="996"/>
  4423. </extraports>
  4424. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4425. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4426. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 119.28.9.129,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 119.28.9.129,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4427. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4428. </ports>
  4429. <times srtt="214468" rttvar="551" to="216672"/>
  4430. </host>
  4431. <host starttime="1606751262" endtime="1606762684"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4432. <address addr="128.14.230.80" addrtype="ipv4"/>
  4433. <hostnames>
  4434. </hostnames>
  4435. <ports><extraports state="closed" count="995">
  4436. <extrareasons reason="conn-refused" count="995"/>
  4437. </extraports>
  4438. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4439. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4440. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 218.14.230.80,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 218.14.230.80,/push&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4441. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  4442. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4443. </ports>
  4444. <times srtt="200414" rttvar="2356" to="209838"/>
  4445. </host>
  4446. <host starttime="1606751262" endtime="1606762638"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4447. <address addr="18.217.54.127" addrtype="ipv4"/>
  4448. <hostnames>
  4449. <hostname name="ec2-18-217-54-127.us-east-2.compute.amazonaws.com" type="PTR"/>
  4450. </hostnames>
  4451. <ports><extraports state="filtered" count="993">
  4452. <extrareasons reason="no-responses" count="993"/>
  4453. </extraports>
  4454. <port protocol="tcp" portid="22"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4455. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  4456. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4457. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  4458. <port protocol="tcp" portid="8081"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  4459. <port protocol="tcp" portid="8888"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  4460. <port protocol="tcp" portid="9102"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="jetdirect" method="table" conf="3"/></port>
  4461. </ports>
  4462. <times srtt="34542" rttvar="2847" to="100000"/>
  4463. </host>
  4464. <host starttime="1606751262" endtime="1606762690"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4465. <address addr="114.118.5.108" addrtype="ipv4"/>
  4466. <hostnames>
  4467. </hostnames>
  4468. <ports><extraports state="closed" count="942">
  4469. <extrareasons reason="conn-refused" count="942"/>
  4470. </extraports>
  4471. <extraports state="filtered" count="54">
  4472. <extrareasons reason="no-responses" count="54"/>
  4473. </extraports>
  4474. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 111.231.74.70,/pixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 111.231.74.70,/dpixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4475. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4476. <port protocol="tcp" portid="2222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="EtherNetIP-1" method="table" conf="3"/></port>
  4477. <port protocol="tcp" portid="10001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="scp-config" method="table" conf="3"/></port>
  4478. </ports>
  4479. <times srtt="229606" rttvar="994" to="233582"/>
  4480. </host>
  4481. <host starttime="1606751261" endtime="1606762684"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4482. <address addr="103.147.12.5" addrtype="ipv4"/>
  4483. <hostnames>
  4484. </hostnames>
  4485. <ports><extraports state="closed" count="986">
  4486. <extrareasons reason="conn-refused" count="986"/>
  4487. </extraports>
  4488. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4489. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4490. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4491. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4492. <port protocol="tcp" portid="2000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-sccp" method="table" conf="3"/></port>
  4493. <port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sip" method="table" conf="3"/></port>
  4494. <port protocol="tcp" portid="16113"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4495. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4496. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4497. <port protocol="tcp" portid="49157"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4498. <port protocol="tcp" portid="49158"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4499. <port protocol="tcp" portid="49159"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4500. <port protocol="tcp" portid="49161"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4501. <port protocol="tcp" portid="55555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4502. </ports>
  4503. <times srtt="226963" rttvar="4797" to="246151"/>
  4504. </host>
  4505. <host starttime="1606751262" endtime="1606762648"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4506. <address addr="122.10.52.70" addrtype="ipv4"/>
  4507. <hostnames>
  4508. </hostnames>
  4509. <ports><extraports state="closed" count="992">
  4510. <extrareasons reason="conn-refused" count="992"/>
  4511. </extraports>
  4512. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4513. <port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  4514. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4515. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4516. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4517. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4518. <port protocol="tcp" portid="888"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  4519. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4520. </ports>
  4521. <times srtt="227649" rttvar="7090" to="256009"/>
  4522. </host>
  4523. <host starttime="1606751262" endtime="1606762655"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4524. <address addr="103.117.72.60" addrtype="ipv4"/>
  4525. <hostnames>
  4526. </hostnames>
  4527. <ports><extraports state="closed" count="977">
  4528. <extrareasons reason="conn-refused" count="977"/>
  4529. </extraports>
  4530. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  4531. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4532. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4533. <port protocol="tcp" portid="88"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="kerberos-sec" method="table" conf="3"/></port>
  4534. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4535. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4536. <port protocol="tcp" portid="389"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ldap" method="table" conf="3"/></port>
  4537. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4538. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4539. <port protocol="tcp" portid="464"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="kpasswd5" method="table" conf="3"/></port>
  4540. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  4541. <port protocol="tcp" portid="636"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ldapssl" method="table" conf="3"/></port>
  4542. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  4543. <port protocol="tcp" portid="1433"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3"/></port>
  4544. <port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="h323q931" method="table" conf="3"/></port>
  4545. <port protocol="tcp" portid="3001"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nessus" method="table" conf="3"/></port>
  4546. <port protocol="tcp" portid="3003"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="cgms" method="table" conf="3"/></port>
  4547. <port protocol="tcp" portid="3306"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  4548. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4549. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4550. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4551. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4552. <port protocol="tcp" portid="49156"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4553. </ports>
  4554. <times srtt="220240" rttvar="3416" to="233904"/>
  4555. </host>
  4556. <host starttime="1606751262" endtime="1606762694"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4557. <address addr="117.51.149.186" addrtype="ipv4"/>
  4558. <hostnames>
  4559. </hostnames>
  4560. <ports><extraports state="closed" count="989">
  4561. <extrareasons reason="conn-refused" count="989"/>
  4562. </extraports>
  4563. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4564. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4565. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4566. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  4567. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 117.51.149.186,/fwlink&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MATMJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4568. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4569. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  4570. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  4571. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  4572. <port protocol="tcp" portid="8009"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ajp13" method="table" conf="3"/></port>
  4573. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4574. </ports>
  4575. <times srtt="230852" rttvar="4838" to="250204"/>
  4576. </host>
  4577. <host starttime="1606751262" endtime="1606762633"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4578. <address addr="47.114.36.45" addrtype="ipv4"/>
  4579. <hostnames>
  4580. </hostnames>
  4581. <ports><extraports state="closed" count="997">
  4582. <extrareasons reason="conn-refused" count="997"/>
  4583. </extraports>
  4584. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4585. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4586. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4587. </ports>
  4588. <times srtt="242516" rttvar="7608" to="272948"/>
  4589. </host>
  4590. <host starttime="1606751262" endtime="1606762686"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4591. <address addr="119.29.111.190" addrtype="ipv4"/>
  4592. <hostnames>
  4593. </hostnames>
  4594. <ports><extraports state="closed" count="986">
  4595. <extrareasons reason="conn-refused" count="986"/>
  4596. </extraports>
  4597. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4598. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4599. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4600. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4601. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4602. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4603. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  4604. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  4605. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4606. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4607. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4608. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4609. <port protocol="tcp" portid="49156"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4610. <port protocol="tcp" portid="49160"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4611. </ports>
  4612. <times srtt="233752" rttvar="4124" to="250248"/>
  4613. </host>
  4614. <host starttime="1606751262" endtime="1606762688"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4615. <address addr="119.45.5.195" addrtype="ipv4"/>
  4616. <hostnames>
  4617. </hostnames>
  4618. <ports><extraports state="closed" count="974">
  4619. <extrareasons reason="conn-refused" count="974"/>
  4620. </extraports>
  4621. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4622. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4623. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4624. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4625. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4626. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  4627. <port protocol="tcp" portid="5001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="commplex-link" method="table" conf="3"/></port>
  4628. <port protocol="tcp" portid="5002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rfe" method="table" conf="3"/></port>
  4629. <port protocol="tcp" portid="5003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="filemaker" method="table" conf="3"/></port>
  4630. <port protocol="tcp" portid="5004"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="avt-profile-1" method="table" conf="3"/></port>
  4631. <port protocol="tcp" portid="5009"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="airport-admin" method="table" conf="3"/></port>
  4632. <port protocol="tcp" portid="5030"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="surfpass" method="table" conf="3"/></port>
  4633. <port protocol="tcp" portid="5033"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jtnetd-server" method="table" conf="3"/></port>
  4634. <port protocol="tcp" portid="5050"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mmcc" method="table" conf="3"/></port>
  4635. <port protocol="tcp" portid="5051"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ida-agent" method="table" conf="3"/></port>
  4636. <port protocol="tcp" portid="5054"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rlm-admin" method="table" conf="3"/></port>
  4637. <port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sip" method="table" conf="3"/></port>
  4638. <port protocol="tcp" portid="5061"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sip-tls" method="table" conf="3"/></port>
  4639. <port protocol="tcp" portid="5080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="onscreen" method="table" conf="3"/></port>
  4640. <port protocol="tcp" portid="5087"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="biotic" method="table" conf="3"/></port>
  4641. <port protocol="tcp" portid="5100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="admd" method="table" conf="3"/></port>
  4642. <port protocol="tcp" portid="5101"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="admdog" method="table" conf="3"/></port>
  4643. <port protocol="tcp" portid="5102"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="admeng" method="table" conf="3"/></port>
  4644. <port protocol="tcp" portid="5120"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="barracuda-bbs" method="table" conf="3"/></port>
  4645. <port protocol="tcp" portid="5200"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="targus-getdata" method="table" conf="3"/></port>
  4646. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  4647. </ports>
  4648. <times srtt="210133" rttvar="4904" to="229749"/>
  4649. </host>
  4650. <host starttime="1606751263" endtime="1606762671"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4651. <address addr="47.97.100.135" addrtype="ipv4"/>
  4652. <hostnames>
  4653. </hostnames>
  4654. <ports><extraports state="closed" count="995">
  4655. <extrareasons reason="conn-refused" count="995"/>
  4656. </extraports>
  4657. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4658. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4659. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4660. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4661. <port protocol="tcp" portid="8088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4662. </ports>
  4663. <times srtt="212879" rttvar="7162" to="241527"/>
  4664. </host>
  4665. <host starttime="1606751262" endtime="1606762698"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4666. <address addr="119.8.235.216" addrtype="ipv4"/>
  4667. <hostnames>
  4668. <hostname name="ecs-119-8-235-216.compute.hwclouds-dns.com" type="PTR"/>
  4669. </hostnames>
  4670. <ports><extraports state="closed" count="995">
  4671. <extrareasons reason="conn-refused" count="995"/>
  4672. </extraports>
  4673. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4674. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4675. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4676. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4677. <port protocol="tcp" portid="5915"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4678. </ports>
  4679. <times srtt="223549" rttvar="7034" to="251685"/>
  4680. </host>
  4681. <host starttime="1606751262" endtime="1606762698"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4682. <address addr="122.114.81.237" addrtype="ipv4"/>
  4683. <hostnames>
  4684. </hostnames>
  4685. <ports><extraports state="closed" count="987">
  4686. <extrareasons reason="conn-refused" count="987"/>
  4687. </extraports>
  4688. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4689. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4690. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 122.114.81.237,/ssphome/homeindex/contact/ad-device=games&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36&#xa;HTTP Method Path 2: /login/ad/user.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 122.114.81.237,/ssphome/homeindex/contact/ad-device=games&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36&#xa;HTTP Method Path 2: /login/ad/user.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4691. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4692. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4693. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4694. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4695. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  4696. <port protocol="tcp" portid="1011"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4697. <port protocol="tcp" portid="2323"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="3d-nfsd" method="table" conf="3"/></port>
  4698. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  4699. <port protocol="tcp" portid="6779"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4700. <port protocol="tcp" portid="8090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="opsmessaging" method="table" conf="3"/></port>
  4701. </ports>
  4702. <times srtt="230199" rttvar="2269" to="239275"/>
  4703. </host>
  4704. <host starttime="1606751263" endtime="1606762693"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4705. <address addr="123.57.90.172" addrtype="ipv4"/>
  4706. <hostnames>
  4707. </hostnames>
  4708. <ports><extraports state="closed" count="992">
  4709. <extrareasons reason="conn-refused" count="992"/>
  4710. </extraports>
  4711. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4712. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4713. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 123.57.90.172,/match&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 123.57.90.172,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4714. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4715. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4716. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  4717. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  4718. <port protocol="tcp" portid="10001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="scp-config" method="table" conf="3"/></port>
  4719. </ports>
  4720. <times srtt="225538" rttvar="3341" to="238902"/>
  4721. </host>
  4722. <host starttime="1606751261" endtime="1606762679"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4723. <address addr="108.62.118.37" addrtype="ipv4"/>
  4724. <hostnames>
  4725. <hostname name="static-108-62-118-37.nextroute.co" type="PTR"/>
  4726. </hostnames>
  4727. <ports><extraports state="closed" count="992">
  4728. <extrareasons reason="conn-refused" count="992"/>
  4729. </extraports>
  4730. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4731. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4732. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.trade,/ga.js&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.trade,/dpixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4733. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4734. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4735. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.trade,/ga.js&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.trade,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BO1IE8_v1;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4736. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4737. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  4738. </ports>
  4739. <times srtt="10441" rttvar="2346" to="100000"/>
  4740. </host>
  4741. <host starttime="1606751262" endtime="1606762679"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4742. <address addr="120.55.14.10" addrtype="ipv4"/>
  4743. <hostnames>
  4744. </hostnames>
  4745. <ports><extraports state="closed" count="994">
  4746. <extrareasons reason="conn-refused" count="994"/>
  4747. </extraports>
  4748. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4749. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4750. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 10000&#xa;Jitter: 0&#xa;Maxdns: 235&#xa;C2 Server: 120.55.14.10,/wp-content/themes/calliope/wp_data.php&#xa;User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36&#xa;HTTP Method Path 2: /jquery-3.3.2.min.js&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x04\x04&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 10000&#xa;Jitter: 0&#xa;Maxdns: 235&#xa;C2 Server: 120.55.14.10,/wp-content/themes/calliope/wp_data.php&#xa;User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36&#xa;HTTP Method Path 2: /jquery-3.3.2.min.js&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x04\x04&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4751. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4752. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4753. <port protocol="tcp" portid="5952"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4754. </ports>
  4755. <times srtt="218082" rttvar="3361" to="231526"/>
  4756. </host>
  4757. <host starttime="1606751262" endtime="1606762670"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4758. <address addr="104.238.133.94" addrtype="ipv4"/>
  4759. <hostnames>
  4760. <hostname name="104.238.133.94.vultr.com" type="PTR"/>
  4761. </hostnames>
  4762. <ports><extraports state="closed" count="993">
  4763. <extrareasons reason="conn-refused" count="993"/>
  4764. </extraports>
  4765. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4766. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4767. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 104.238.133.94,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 104.238.133.94,/pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4768. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4769. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4770. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4771. <port protocol="tcp" portid="1688"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nsjtp-data" method="table" conf="3"/></port>
  4772. </ports>
  4773. <times srtt="19959" rttvar="8582" to="100000"/>
  4774. </host>
  4775. <host starttime="1606751261" endtime="1606762701"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4776. <address addr="113.31.118.7" addrtype="ipv4"/>
  4777. <hostnames>
  4778. </hostnames>
  4779. <ports><extraports state="closed" count="982">
  4780. <extrareasons reason="conn-refused" count="982"/>
  4781. </extraports>
  4782. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4783. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  4784. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4785. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 113.31.118.7,/updates.rss&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 113.31.118.7,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4786. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  4787. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4788. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4789. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4790. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4791. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  4792. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  4793. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  4794. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  4795. <port protocol="tcp" portid="2222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="EtherNetIP-1" method="table" conf="3"/></port>
  4796. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  4797. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  4798. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  4799. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  4800. </ports>
  4801. <times srtt="214671" rttvar="5855" to="238091"/>
  4802. </host>
  4803. <host starttime="1606751262" endtime="1606762655"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4804. <address addr="118.107.41.104" addrtype="ipv4"/>
  4805. <hostnames>
  4806. </hostnames>
  4807. <ports><extraports state="closed" count="994">
  4808. <extrareasons reason="conn-refused" count="994"/>
  4809. </extraports>
  4810. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4811. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4812. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4813. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4814. <port protocol="tcp" portid="1900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  4815. <port protocol="tcp" portid="8899"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ospf-lite" method="table" conf="3"/></port>
  4816. </ports>
  4817. <times srtt="222134" rttvar="5203" to="242946"/>
  4818. </host>
  4819. <host starttime="1606751262" endtime="1606762703"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4820. <address addr="116.62.49.176" addrtype="ipv4"/>
  4821. <hostnames>
  4822. </hostnames>
  4823. <ports><extraports state="closed" count="990">
  4824. <extrareasons reason="conn-refused" count="990"/>
  4825. </extraports>
  4826. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4827. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4828. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 116.62.49.176,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 116.62.49.176,/push&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MDDCJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4829. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  4830. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4831. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4832. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4833. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4834. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  4835. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  4836. </ports>
  4837. <times srtt="231882" rttvar="7995" to="263862"/>
  4838. </host>
  4839. <host starttime="1606751262" endtime="1606762677"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4840. <address addr="104.243.41.123" addrtype="ipv4"/>
  4841. <hostnames>
  4842. </hostnames>
  4843. <ports><extraports state="closed" count="997">
  4844. <extrareasons reason="conn-refused" count="997"/>
  4845. </extraports>
  4846. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4847. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4848. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: cuphq.com,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4849. </ports>
  4850. <times srtt="18825" rttvar="5186" to="100000"/>
  4851. </host>
  4852. <host starttime="1606751262" endtime="1606762690"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4853. <address addr="116.63.189.240" addrtype="ipv4"/>
  4854. <hostnames>
  4855. <hostname name="ecs-116-63-189-240.compute.hwclouds-dns.com" type="PTR"/>
  4856. </hostnames>
  4857. <ports><extraports state="closed" count="987">
  4858. <extrareasons reason="conn-refused" count="987"/>
  4859. </extraports>
  4860. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4861. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4862. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4863. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4864. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4865. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  4866. <port protocol="tcp" portid="5989"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="wbem-https" method="table" conf="3"/></port>
  4867. <port protocol="tcp" portid="7103"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4868. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4869. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4870. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4871. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4872. <port protocol="tcp" portid="49161"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4873. </ports>
  4874. <times srtt="249844" rttvar="22875" to="341344"/>
  4875. </host>
  4876. <host starttime="1606751263" endtime="1606762643"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4877. <address addr="114.118.4.213" addrtype="ipv4"/>
  4878. <hostnames>
  4879. </hostnames>
  4880. <ports><extraports state="closed" count="945">
  4881. <extrareasons reason="conn-refused" count="945"/>
  4882. </extraports>
  4883. <extraports state="filtered" count="54">
  4884. <extrareasons reason="no-responses" count="54"/>
  4885. </extraports>
  4886. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4887. </ports>
  4888. <times srtt="228511" rttvar="5552" to="250719"/>
  4889. </host>
  4890. <host starttime="1606751262" endtime="1606762674"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4891. <address addr="104.149.168.199" addrtype="ipv4"/>
  4892. <hostnames>
  4893. </hostnames>
  4894. <ports><extraports state="closed" count="994">
  4895. <extrareasons reason="conn-refused" count="994"/>
  4896. </extraports>
  4897. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4898. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  4899. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4900. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4901. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4902. <port protocol="tcp" portid="49152"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  4903. </ports>
  4904. <times srtt="73051" rttvar="5341" to="100000"/>
  4905. </host>
  4906. <host starttime="1606751263" endtime="1606762683"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4907. <address addr="121.37.190.118" addrtype="ipv4"/>
  4908. <hostnames>
  4909. <hostname name="ecs-121-37-190-118.compute.hwclouds-dns.com" type="PTR"/>
  4910. </hostnames>
  4911. <ports><extraports state="closed" count="986">
  4912. <extrareasons reason="conn-refused" count="986"/>
  4913. </extraports>
  4914. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4915. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  4916. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4917. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4918. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4919. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4920. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4921. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  4922. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  4923. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  4924. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  4925. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  4926. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  4927. <port protocol="tcp" portid="12000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="cce4x" method="table" conf="3"/></port>
  4928. </ports>
  4929. <times srtt="215062" rttvar="4581" to="233386"/>
  4930. </host>
  4931. <host starttime="1606751269" endtime="1606762683"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4932. <address addr="111.229.163.55" addrtype="ipv4"/>
  4933. <hostnames>
  4934. </hostnames>
  4935. <ports><extraports state="closed" count="985">
  4936. <extrareasons reason="conn-refused" count="985"/>
  4937. </extraports>
  4938. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4939. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  4940. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4941. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4942. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4943. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4944. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4945. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4946. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  4947. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  4948. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  4949. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  4950. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  4951. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  4952. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  4953. </ports>
  4954. <times srtt="212914" rttvar="4975" to="232814"/>
  4955. </host>
  4956. <host starttime="1606751263" endtime="1606762677"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4957. <address addr="108.177.235.180" addrtype="ipv4"/>
  4958. <hostnames>
  4959. </hostnames>
  4960. <ports><extraports state="closed" count="993">
  4961. <extrareasons reason="conn-refused" count="993"/>
  4962. </extraports>
  4963. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4964. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4965. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4966. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4967. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  4968. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: mail.safeyoke.com,/cm,feedback.safeyoke.com,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  4969. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  4970. </ports>
  4971. <times srtt="70900" rttvar="3644" to="100000"/>
  4972. </host>
  4973. <host starttime="1606751262" endtime="1606762651"><status state="up" reason="syn-ack" reason_ttl="0"/>
  4974. <address addr="35.225.244.45" addrtype="ipv4"/>
  4975. <hostnames>
  4976. <hostname name="45.244.225.35.bc.googleusercontent.com" type="PTR"/>
  4977. </hostnames>
  4978. <ports><extraports state="closed" count="994">
  4979. <extrareasons reason="conn-refused" count="994"/>
  4980. </extraports>
  4981. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  4982. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4983. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4984. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4985. <port protocol="tcp" portid="7000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-fileserver" method="table" conf="3"/></port>
  4986. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  4987. </ports>
  4988. <times srtt="42965" rttvar="2816" to="100000"/>
  4989. </host>
  4990. <host starttime="1606751262" endtime="1606762655"><status state="up" reason="conn-refused" reason_ttl="0"/>
  4991. <address addr="118.107.41.40" addrtype="ipv4"/>
  4992. <hostnames>
  4993. </hostnames>
  4994. <ports><extraports state="closed" count="994">
  4995. <extrareasons reason="conn-refused" count="994"/>
  4996. </extraports>
  4997. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  4998. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  4999. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5000. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5001. <port protocol="tcp" portid="1900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  5002. <port protocol="tcp" portid="8899"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ospf-lite" method="table" conf="3"/></port>
  5003. </ports>
  5004. <times srtt="222647" rttvar="5381" to="244171"/>
  5005. </host>
  5006. <host starttime="1606751263" endtime="1606762638"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5007. <address addr="87.248.0.216" addrtype="ipv4"/>
  5008. <hostnames>
  5009. <hostname name="ip-216-0-248-87.eidsiva.net" type="PTR"/>
  5010. </hostnames>
  5011. <ports><extraports state="filtered" count="995">
  5012. <extrareasons reason="no-responses" count="995"/>
  5013. </extraports>
  5014. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  5015. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5016. <port protocol="tcp" portid="2200"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ici" method="table" conf="3"/></port>
  5017. <port protocol="tcp" portid="4444"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  5018. <port protocol="tcp" portid="5555"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="freeciv" method="table" conf="3"/></port>
  5019. </ports>
  5020. <times srtt="120084" rttvar="2464" to="129940"/>
  5021. </host>
  5022. <host starttime="1606751261" endtime="1606762684"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5023. <address addr="103.143.208.3" addrtype="ipv4"/>
  5024. <hostnames>
  5025. </hostnames>
  5026. <ports><extraports state="closed" count="987">
  5027. <extrareasons reason="conn-refused" count="987"/>
  5028. </extraports>
  5029. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5030. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  5031. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5032. <port protocol="tcp" portid="417"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="onmux" method="table" conf="3"/></port>
  5033. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5034. <port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5035. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  5036. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5037. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5038. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5039. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5040. <port protocol="tcp" portid="49156"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5041. <port protocol="tcp" portid="49157"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5042. </ports>
  5043. <times srtt="300459" rttvar="6277" to="325567"/>
  5044. </host>
  5045. <host starttime="1606751262" endtime="1606762644"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5046. <address addr="118.126.100.187" addrtype="ipv4"/>
  5047. <hostnames>
  5048. </hostnames>
  5049. <ports><extraports state="closed" count="993">
  5050. <extrareasons reason="conn-refused" count="993"/>
  5051. </extraports>
  5052. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5053. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5054. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5055. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5056. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  5057. <port protocol="tcp" portid="5555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="freeciv" method="table" conf="3"/></port>
  5058. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5059. </ports>
  5060. <times srtt="239842" rttvar="7908" to="271474"/>
  5061. </host>
  5062. <host starttime="1606751262" endtime="1606762643"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5063. <address addr="117.50.106.161" addrtype="ipv4"/>
  5064. <hostnames>
  5065. </hostnames>
  5066. <ports><extraports state="filtered" count="990">
  5067. <extrareasons reason="no-responses" count="990"/>
  5068. </extraports>
  5069. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5070. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  5071. <port protocol="tcp" portid="81"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  5072. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5073. <port protocol="tcp" portid="3389"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  5074. <port protocol="tcp" portid="3390"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="dsc" method="table" conf="3"/></port>
  5075. <port protocol="tcp" portid="7000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="afs3-fileserver" method="table" conf="3"/></port>
  5076. <port protocol="tcp" portid="7443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="oracleas-https" method="table" conf="3"/></port>
  5077. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  5078. <port protocol="tcp" portid="8443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  5079. </ports>
  5080. <times srtt="234586" rttvar="3940" to="250346"/>
  5081. </host>
  5082. <host starttime="1606751262" endtime="1606762670"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5083. <address addr="108.160.136.100" addrtype="ipv4"/>
  5084. <hostnames>
  5085. <hostname name="108.160.136.100.vultr.com" type="PTR"/>
  5086. </hostnames>
  5087. <ports><extraports state="closed" count="992">
  5088. <extrareasons reason="conn-refused" count="992"/>
  5089. </extraports>
  5090. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5091. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5092. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5093. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5094. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5095. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5096. <port protocol="tcp" portid="1688"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nsjtp-data" method="table" conf="3"/></port>
  5097. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5098. </ports>
  5099. <times srtt="181217" rttvar="1029" to="185333"/>
  5100. </host>
  5101. <host starttime="1606751261" endtime="1606762681"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5102. <address addr="45.76.48.40" addrtype="ipv4"/>
  5103. <hostnames>
  5104. <hostname name="45.76.48.40.vultr.com" type="PTR"/>
  5105. </hostnames>
  5106. <ports><extraports state="closed" count="992">
  5107. <extrareasons reason="conn-refused" count="992"/>
  5108. </extraports>
  5109. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5110. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.76.48.40,/load&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.76.48.40,/load&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; ASU2JS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5111. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  5112. <port protocol="tcp" portid="90"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dnsix" method="table" conf="3"/></port>
  5113. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5114. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.76.48.40,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.76.48.40,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENCA)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5115. <port protocol="tcp" portid="8090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="opsmessaging" method="table" conf="3"/></port>
  5116. <port protocol="tcp" portid="9001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tor-orport" method="table" conf="3"/></port>
  5117. </ports>
  5118. <times srtt="181830" rttvar="1194" to="186606"/>
  5119. </host>
  5120. <host starttime="1606751263" endtime="1606762658"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5121. <address addr="104.236.172.121" addrtype="ipv4"/>
  5122. <hostnames>
  5123. <hostname name="n00she.com" type="PTR"/>
  5124. </hostnames>
  5125. <ports><extraports state="filtered" count="988">
  5126. <extrareasons reason="no-responses" count="988"/>
  5127. </extraports>
  5128. <port protocol="tcp" portid="20"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp-data" method="table" conf="3"/></port>
  5129. <port protocol="tcp" portid="21"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  5130. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5131. <port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  5132. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5133. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 104.236.172.121,/en_US/all.js,n00she.com,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LBBROWSER)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5134. <port protocol="tcp" portid="4444"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  5135. <port protocol="tcp" portid="4445"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="upnotifyp" method="table" conf="3"/></port>
  5136. <port protocol="tcp" portid="4446"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="n1-fwp" method="table" conf="3"/></port>
  5137. <port protocol="tcp" portid="5432"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="postgresql" method="table" conf="3"/></port>
  5138. <port protocol="tcp" portid="8000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/></port>
  5139. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5140. </ports>
  5141. <times srtt="83246" rttvar="1606" to="100000"/>
  5142. </host>
  5143. <host starttime="1606751262" endtime="1606762698"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5144. <address addr="106.55.153.204" addrtype="ipv4"/>
  5145. <hostnames>
  5146. </hostnames>
  5147. <ports><extraports state="closed" count="992">
  5148. <extrareasons reason="conn-refused" count="992"/>
  5149. </extraports>
  5150. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5151. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  5152. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 106.55.153.204,/en_US/all.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5153. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5154. <port protocol="tcp" portid="1025"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  5155. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  5156. <port protocol="tcp" portid="5901"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-1" method="table" conf="3"/></port>
  5157. <port protocol="tcp" portid="6543"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mythtv" method="table" conf="3"/></port>
  5158. </ports>
  5159. <times srtt="231944" rttvar="5297" to="253132"/>
  5160. </host>
  5161. <host starttime="1606751262" endtime="1606762706"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5162. <address addr="103.152.132.173" addrtype="ipv4"/>
  5163. <hostnames>
  5164. </hostnames>
  5165. <ports><extraports state="closed" count="990">
  5166. <extrareasons reason="conn-refused" count="990"/>
  5167. </extraports>
  5168. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5169. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  5170. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5171. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5172. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: http.ifirstmeet.cn,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5173. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5174. <port protocol="tcp" portid="2000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-sccp" method="table" conf="3"/></port>
  5175. <port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sip" method="table" conf="3"/></port>
  5176. <port protocol="tcp" portid="8008"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5177. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  5178. </ports>
  5179. <times srtt="216598" rttvar="850" to="219998"/>
  5180. </host>
  5181. <host starttime="1606751263" endtime="1606762684"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5182. <address addr="95.179.239.225" addrtype="ipv4"/>
  5183. <hostnames>
  5184. <hostname name="95.179.239.225.vultr.com" type="PTR"/>
  5185. </hostnames>
  5186. <ports><extraports state="closed" count="995">
  5187. <extrareasons reason="conn-refused" count="995"/>
  5188. </extraports>
  5189. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5190. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5191. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5192. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5193. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5194. </ports>
  5195. <times srtt="86778" rttvar="2010" to="100000"/>
  5196. </host>
  5197. <host starttime="1606751262" endtime="1606762670"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5198. <address addr="109.201.142.110" addrtype="ipv4"/>
  5199. <hostnames>
  5200. <hostname name="pool.laughingmoonmusic.com" type="PTR"/>
  5201. </hostnames>
  5202. <ports><extraports state="closed" count="996">
  5203. <extrareasons reason="conn-refused" count="996"/>
  5204. </extraports>
  5205. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5206. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5207. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: forteupdate.com,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: forteupdate.com,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5208. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: forteupdate.com,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5209. </ports>
  5210. <times srtt="93130" rttvar="359" to="100000"/>
  5211. </host>
  5212. <host starttime="1606751262" endtime="1606762649"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5213. <address addr="108.61.200.55" addrtype="ipv4"/>
  5214. <hostnames>
  5215. <hostname name="108.61.200.55.vultr.com" type="PTR"/>
  5216. </hostnames>
  5217. <ports><extraports state="closed" count="996">
  5218. <extrareasons reason="conn-refused" count="996"/>
  5219. </extraports>
  5220. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5221. <port protocol="tcp" portid="222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rsh-spx" method="table" conf="3"/></port>
  5222. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5223. <port protocol="tcp" portid="4000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="remoteanything" method="table" conf="3"/></port>
  5224. </ports>
  5225. <times srtt="180381" rttvar="1165" to="185041"/>
  5226. </host>
  5227. <host starttime="1606751262" endtime="1606762682"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5228. <address addr="18.216.51.155" addrtype="ipv4"/>
  5229. <hostnames>
  5230. <hostname name="ec2-18-216-51-155.us-east-2.compute.amazonaws.com" type="PTR"/>
  5231. </hostnames>
  5232. <ports><extraports state="filtered" count="998">
  5233. <extrareasons reason="no-responses" count="998"/>
  5234. </extraports>
  5235. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  5236. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5237. </ports>
  5238. <times srtt="33764" rttvar="2113" to="100000"/>
  5239. </host>
  5240. <host starttime="1606751261" endtime="1606762698"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5241. <address addr="91.229.77.41" addrtype="ipv4"/>
  5242. <hostnames>
  5243. <hostname name="91.229.77.41.deltahost-ptr" type="PTR"/>
  5244. </hostnames>
  5245. <ports><extraports state="closed" count="994">
  5246. <extrareasons reason="conn-refused" count="994"/>
  5247. </extraports>
  5248. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5249. <port protocol="tcp" portid="146"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="iso-tp0" method="table" conf="3"/></port>
  5250. <port protocol="tcp" portid="389"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ldap" method="table" conf="3"/></port>
  5251. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: bdiaccs.global.ssl.fastly.net,/ptj&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5252. <port protocol="tcp" portid="500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
  5253. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5254. </ports>
  5255. <times srtt="127769" rttvar="1382" to="133297"/>
  5256. </host>
  5257. <host starttime="1606751262" endtime="1606762684"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5258. <address addr="103.150.8.146" addrtype="ipv4"/>
  5259. <hostnames>
  5260. </hostnames>
  5261. <ports><extraports state="filtered" count="991">
  5262. <extrareasons reason="host-unreaches" count="986"/>
  5263. <extrareasons reason="no-responses" count="5"/>
  5264. </extraports>
  5265. <port protocol="tcp" portid="20"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp-data" method="table" conf="3"/></port>
  5266. <port protocol="tcp" portid="21"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  5267. <port protocol="tcp" portid="22"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5268. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5269. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5270. <port protocol="tcp" portid="8443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  5271. <port protocol="tcp" portid="8800"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="sunwebadmin" method="table" conf="3"/></port>
  5272. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  5273. <port protocol="tcp" portid="9000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="cslistener" method="table" conf="3"/></port>
  5274. </ports>
  5275. <times srtt="179424" rttvar="4722" to="198312"/>
  5276. </host>
  5277. <host starttime="1606751262" endtime="1606762681"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5278. <address addr="100.24.56.227" addrtype="ipv4"/>
  5279. <hostnames>
  5280. <hostname name="ec2-100-24-56-227.compute-1.amazonaws.com" type="PTR"/>
  5281. </hostnames>
  5282. <ports><extraports state="filtered" count="997">
  5283. <extrareasons reason="no-responses" count="997"/>
  5284. </extraports>
  5285. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5286. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5287. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5288. </ports>
  5289. <times srtt="20644" rttvar="20259" to="101680"/>
  5290. </host>
  5291. <host starttime="1606751262" endtime="1606762644"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5292. <address addr="92.42.14.133" addrtype="ipv4"/>
  5293. <hostnames>
  5294. </hostnames>
  5295. <ports><extraports state="closed" count="991">
  5296. <extrareasons reason="conn-refused" count="991"/>
  5297. </extraports>
  5298. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5299. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 92.42.14.133,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 92.42.14.133,/ptj&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5300. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  5301. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5302. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5303. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5304. <port protocol="tcp" portid="8000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/></port>
  5305. <port protocol="tcp" portid="9090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zeus-admin" method="table" conf="3"/></port>
  5306. <port protocol="tcp" portid="9999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="abyss" method="table" conf="3"/></port>
  5307. </ports>
  5308. <times srtt="128563" rttvar="2308" to="137795"/>
  5309. </host>
  5310. <host starttime="1606751262" endtime="1606762684"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5311. <address addr="88.214.26.33" addrtype="ipv4"/>
  5312. <hostnames>
  5313. <hostname name="hostby.fcloud.biz" type="PTR"/>
  5314. </hostnames>
  5315. <ports><extraports state="closed" count="997">
  5316. <extrareasons reason="conn-refused" count="997"/>
  5317. </extraports>
  5318. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5319. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5320. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5321. </ports>
  5322. <times srtt="130008" rttvar="3504" to="144024"/>
  5323. </host>
  5324. <host starttime="1606751262" endtime="1606762688"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5325. <address addr="45.32.129.110" addrtype="ipv4"/>
  5326. <hostnames>
  5327. <hostname name="45.32.129.110.vultr.com" type="PTR"/>
  5328. </hostnames>
  5329. <ports><extraports state="closed" count="992">
  5330. <extrareasons reason="conn-refused" count="992"/>
  5331. </extraports>
  5332. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5333. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5334. <port protocol="tcp" portid="80"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  5335. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5336. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5337. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5338. <port protocol="tcp" portid="1688"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nsjtp-data" method="table" conf="3"/></port>
  5339. <port protocol="tcp" portid="8088"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/></port>
  5340. </ports>
  5341. <times srtt="81698" rttvar="1373" to="100000"/>
  5342. </host>
  5343. <host starttime="1606751262" endtime="1606762638"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5344. <address addr="91.229.23.63" addrtype="ipv4"/>
  5345. <hostnames>
  5346. </hostnames>
  5347. <ports><extraports state="closed" count="996">
  5348. <extrareasons reason="conn-refused" count="996"/>
  5349. </extraports>
  5350. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5351. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5352. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5353. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5354. </ports>
  5355. <times srtt="93415" rttvar="2445" to="103195"/>
  5356. </host>
  5357. <host starttime="1606751263" endtime="1606762670"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5358. <address addr="74.118.138.113" addrtype="ipv4"/>
  5359. <hostnames>
  5360. </hostnames>
  5361. <ports><extraports state="closed" count="997">
  5362. <extrareasons reason="conn-refused" count="997"/>
  5363. </extraports>
  5364. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5365. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5366. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5367. </ports>
  5368. <times srtt="22001" rttvar="7850" to="100000"/>
  5369. </host>
  5370. <host starttime="1606751263" endtime="1606762687"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5371. <address addr="106.75.67.182" addrtype="ipv4"/>
  5372. <hostnames>
  5373. </hostnames>
  5374. <ports><extraports state="closed" count="990">
  5375. <extrareasons reason="conn-refused" count="990"/>
  5376. </extraports>
  5377. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5378. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5379. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 106.75.67.182,/__utm.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 106.75.67.182,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5380. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  5381. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5382. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5383. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  5384. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  5385. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  5386. <port protocol="tcp" portid="32774"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="sometimes-rpc11" method="table" conf="3"/></port>
  5387. </ports>
  5388. <times srtt="295430" rttvar="37570" to="445710"/>
  5389. </host>
  5390. <host starttime="1606751263" endtime="1606762688"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5391. <address addr="47.98.123.167" addrtype="ipv4"/>
  5392. <hostnames>
  5393. </hostnames>
  5394. <ports><extraports state="closed" count="992">
  5395. <extrareasons reason="conn-refused" count="992"/>
  5396. </extraports>
  5397. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5398. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5399. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5400. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5401. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5402. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  5403. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5404. <port protocol="tcp" portid="9090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zeus-admin" method="table" conf="3"/></port>
  5405. </ports>
  5406. <times srtt="212794" rttvar="9758" to="251826"/>
  5407. </host>
  5408. <host starttime="1606751262" endtime="1606762681"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5409. <address addr="95.179.228.227" addrtype="ipv4"/>
  5410. <hostnames>
  5411. <hostname name="95.179.228.227.vultr.com" type="PTR"/>
  5412. </hostnames>
  5413. <ports><extraports state="closed" count="997">
  5414. <extrareasons reason="conn-refused" count="997"/>
  5415. </extraports>
  5416. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5417. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5418. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5419. </ports>
  5420. <times srtt="86897" rttvar="2099" to="100000"/>
  5421. </host>
  5422. <host starttime="1606751262" endtime="1606762671"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5423. <address addr="95.217.197.78" addrtype="ipv4"/>
  5424. <hostnames>
  5425. <hostname name="static.78.197.217.95.clients.your-server.de" type="PTR"/>
  5426. </hostnames>
  5427. <ports><extraports state="closed" count="994">
  5428. <extrareasons reason="conn-refused" count="994"/>
  5429. </extraports>
  5430. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5431. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5432. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5433. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5434. <port protocol="tcp" portid="500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
  5435. <port protocol="tcp" portid="12000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cce4x" method="table" conf="3"/></port>
  5436. </ports>
  5437. <times srtt="116858" rttvar="3582" to="131186"/>
  5438. </host>
  5439. <host starttime="1606751262" endtime="1606762681"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5440. <address addr="103.96.151.147" addrtype="ipv4"/>
  5441. <hostnames>
  5442. </hostnames>
  5443. <ports><extraports state="closed" count="970">
  5444. <extrareasons reason="conn-refused" count="970"/>
  5445. </extraports>
  5446. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  5447. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5448. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5449. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  5450. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5451. <port protocol="tcp" portid="301"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5452. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5453. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5454. <port protocol="tcp" portid="541"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="uucp-rlogin" method="table" conf="3"/></port>
  5455. <port protocol="tcp" portid="726"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5456. <port protocol="tcp" portid="1050"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="java-or-OTGfileshare" method="table" conf="3"/></port>
  5457. <port protocol="tcp" portid="1052"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ddt" method="table" conf="3"/></port>
  5458. <port protocol="tcp" portid="1067"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_boots" method="table" conf="3"/></port>
  5459. <port protocol="tcp" portid="1310"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="husky" method="table" conf="3"/></port>
  5460. <port protocol="tcp" portid="1600"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="issd" method="table" conf="3"/></port>
  5461. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  5462. <port protocol="tcp" portid="3878"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="fotogcad" method="table" conf="3"/></port>
  5463. <port protocol="tcp" portid="4006"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pxc-spvr" method="table" conf="3"/></port>
  5464. <port protocol="tcp" portid="5414"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="statusd" method="table" conf="3"/></port>
  5465. <port protocol="tcp" portid="5431"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="park-agent" method="table" conf="3"/></port>
  5466. <port protocol="tcp" portid="5666"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nrpe" method="table" conf="3"/></port>
  5467. <port protocol="tcp" portid="9101"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="jetdirect" method="table" conf="3"/></port>
  5468. <port protocol="tcp" portid="15660"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bex-xr" method="table" conf="3"/></port>
  5469. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5470. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5471. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5472. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5473. <port protocol="tcp" portid="49156"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5474. <port protocol="tcp" portid="49157"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5475. <port protocol="tcp" portid="64623"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5476. </ports>
  5477. <times srtt="228253" rttvar="1100" to="232653"/>
  5478. </host>
  5479. <host starttime="1606751263" endtime="1606764531"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5480. <address addr="43.242.201.222" addrtype="ipv4"/>
  5481. <hostnames>
  5482. </hostnames>
  5483. <ports><extraports state="closed" count="987">
  5484. <extrareasons reason="conn-refused" count="987"/>
  5485. </extraports>
  5486. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  5487. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  5488. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5489. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5490. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  5491. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5492. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5493. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5494. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  5495. <port protocol="tcp" portid="3000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ppp" method="table" conf="3"/></port>
  5496. <port protocol="tcp" portid="8011"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5497. <port protocol="tcp" portid="8089"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5498. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5499. </ports>
  5500. <times srtt="219454" rttvar="5470" to="241334"/>
  5501. </host>
  5502. <host starttime="1606751262" endtime="1606764546"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5503. <address addr="95.217.197.85" addrtype="ipv4"/>
  5504. <hostnames>
  5505. <hostname name="static.85.197.217.95.clients.your-server.de" type="PTR"/>
  5506. </hostnames>
  5507. <ports><extraports state="closed" count="994">
  5508. <extrareasons reason="conn-refused" count="994"/>
  5509. </extraports>
  5510. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5511. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5512. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5513. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: oomdatacollect.global.ssl.fastly.net,/pixel.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5514. <port protocol="tcp" portid="500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
  5515. <port protocol="tcp" portid="12000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cce4x" method="table" conf="3"/></port>
  5516. </ports>
  5517. <times srtt="119767" rttvar="2479" to="129683"/>
  5518. </host>
  5519. <host starttime="1606751262" endtime="1606764535"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5520. <address addr="52.229.22.93" addrtype="ipv4"/>
  5521. <hostnames>
  5522. </hostnames>
  5523. <ports><extraports state="filtered" count="997">
  5524. <extrareasons reason="no-responses" count="997"/>
  5525. </extraports>
  5526. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5527. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5528. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 52.229.22.93,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5529. </ports>
  5530. <times srtt="80997" rttvar="2789" to="100000"/>
  5531. </host>
  5532. <host starttime="1606751262" endtime="1606764533"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5533. <address addr="34.72.161.61" addrtype="ipv4"/>
  5534. <hostnames>
  5535. <hostname name="61.161.72.34.bc.googleusercontent.com" type="PTR"/>
  5536. </hostnames>
  5537. <ports><extraports state="filtered" count="995">
  5538. <extrareasons reason="no-responses" count="995"/>
  5539. </extraports>
  5540. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5541. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5542. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  5543. <port protocol="tcp" portid="8081"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  5544. <port protocol="tcp" portid="8443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  5545. </ports>
  5546. <times srtt="50545" rttvar="15316" to="111809"/>
  5547. </host>
  5548. <host starttime="1606751262" endtime="1606764550"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5549. <address addr="43.239.158.224" addrtype="ipv4"/>
  5550. <hostnames>
  5551. </hostnames>
  5552. <ports><extraports state="closed" count="991">
  5553. <extrareasons reason="conn-refused" count="991"/>
  5554. </extraports>
  5555. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5556. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 43.239.158.224,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 43.239.158.224,/pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5557. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  5558. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5559. <port protocol="tcp" portid="1688"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nsjtp-data" method="table" conf="3"/></port>
  5560. <port protocol="tcp" portid="6881"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bittorrent-tracker" method="table" conf="3"/></port>
  5561. <port protocol="tcp" portid="6901"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="jetstream" method="table" conf="3"/></port>
  5562. <port protocol="tcp" portid="6969"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="acmsoda" method="table" conf="3"/></port>
  5563. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5564. </ports>
  5565. <times srtt="208886" rttvar="2310" to="218126"/>
  5566. </host>
  5567. <host starttime="1606751262" endtime="1606764527"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5568. <address addr="45.76.69.114" addrtype="ipv4"/>
  5569. <hostnames>
  5570. <hostname name="45.76.69.114.vultr.com" type="PTR"/>
  5571. </hostnames>
  5572. <ports><extraports state="closed" count="996">
  5573. <extrareasons reason="conn-refused" count="996"/>
  5574. </extraports>
  5575. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5576. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5577. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.76.69.114,/fwlink&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.76.69.114,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5578. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5579. </ports>
  5580. <times srtt="69321" rttvar="1418" to="100000"/>
  5581. </host>
  5582. <host starttime="1606751262" endtime="1606764546"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5583. <address addr="23.19.227.204" addrtype="ipv4"/>
  5584. <hostnames>
  5585. </hostnames>
  5586. <ports><extraports state="closed" count="994">
  5587. <extrareasons reason="conn-refused" count="994"/>
  5588. </extraports>
  5589. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5590. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5591. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  5592. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5593. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: pics.lockboxlink.com,/IE9CompatViewList.xml,black.lockboxlink.com,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5594. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5595. </ports>
  5596. <times srtt="21152" rttvar="5769" to="100000"/>
  5597. </host>
  5598. <host starttime="1606751263" endtime="1606764487"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5599. <address addr="88.119.174.150" addrtype="ipv4"/>
  5600. <hostnames>
  5601. <hostname name="12683-23248.bacloud.info" type="PTR"/>
  5602. </hostnames>
  5603. <ports><extraports state="closed" count="995">
  5604. <extrareasons reason="conn-refused" count="995"/>
  5605. </extraports>
  5606. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5607. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5608. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 88.119.174.150,/pixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 88.119.174.150,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5609. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 88.119.174.150,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5610. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5611. </ports>
  5612. <times srtt="31517" rttvar="11366" to="100000"/>
  5613. </host>
  5614. <host starttime="1606751270" endtime="1606764501"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5615. <address addr="79.141.167.40" addrtype="ipv4"/>
  5616. <hostnames>
  5617. <hostname name="organisation.buroerrod.co.uk" type="PTR"/>
  5618. </hostnames>
  5619. <ports><extraports state="closed" count="997">
  5620. <extrareasons reason="conn-refused" count="997"/>
  5621. </extraports>
  5622. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5623. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 79.141.167.40,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 79.141.167.40,/dpixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAM2)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5624. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5625. </ports>
  5626. <times srtt="29337" rttvar="3067" to="100000"/>
  5627. </host>
  5628. <host starttime="1606751263" endtime="1606764510"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5629. <address addr="89.45.4.135" addrtype="ipv4"/>
  5630. <hostnames>
  5631. </hostnames>
  5632. <ports><extraports state="closed" count="996">
  5633. <extrareasons reason="conn-refused" count="996"/>
  5634. </extraports>
  5635. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5636. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5637. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5638. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 89.45.4.135,/j.ad&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 89.45.4.135,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5639. </ports>
  5640. <times srtt="72128" rttvar="5401" to="100000"/>
  5641. </host>
  5642. <host starttime="1606751262" endtime="1606764467"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5643. <address addr="47.75.123.100" addrtype="ipv4"/>
  5644. <hostnames>
  5645. </hostnames>
  5646. <ports><extraports state="filtered" count="994">
  5647. <extrareasons reason="no-responses" count="994"/>
  5648. </extraports>
  5649. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5650. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  5651. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: news.itamarty.com,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5652. <port protocol="tcp" portid="995"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pop3s" method="table" conf="3"/></port>
  5653. <port protocol="tcp" portid="999"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="garcon" method="table" conf="3"/></port>
  5654. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  5655. </ports>
  5656. <times srtt="228499" rttvar="707" to="231327"/>
  5657. </host>
  5658. <host starttime="1606751262" endtime="1606764519"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5659. <address addr="44.234.72.246" addrtype="ipv4"/>
  5660. <hostnames>
  5661. <hostname name="ec2-44-234-72-246.us-west-2.compute.amazonaws.com" type="PTR"/>
  5662. </hostnames>
  5663. <ports><extraports state="filtered" count="998">
  5664. <extrareasons reason="no-responses" count="998"/>
  5665. </extraports>
  5666. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5667. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 44.234.72.246,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5668. </ports>
  5669. <times srtt="91292" rttvar="1110" to="100000"/>
  5670. </host>
  5671. <host starttime="1606751261" endtime="1606764467"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5672. <address addr="78.128.113.14" addrtype="ipv4"/>
  5673. <hostnames>
  5674. <hostname name="ip-113-14.4vendeta.com" type="PTR"/>
  5675. </hostnames>
  5676. <ports><extraports state="filtered" count="996">
  5677. <extrareasons reason="no-responses" count="996"/>
  5678. </extraports>
  5679. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5680. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  5681. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5682. <port protocol="tcp" portid="2020"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xinupageserver" method="table" conf="3"/></port>
  5683. </ports>
  5684. <times srtt="128099" rttvar="825" to="131399"/>
  5685. </host>
  5686. <host starttime="1606751262" endtime="1606764546"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5687. <address addr="81.70.2.180" addrtype="ipv4"/>
  5688. <hostnames>
  5689. </hostnames>
  5690. <ports><extraports state="closed" count="993">
  5691. <extrareasons reason="conn-refused" count="993"/>
  5692. </extraports>
  5693. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5694. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5695. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5696. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5697. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5698. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  5699. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  5700. </ports>
  5701. <times srtt="225369" rttvar="2758" to="236401"/>
  5702. </host>
  5703. <host starttime="1606751262" endtime="1606764495"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5704. <address addr="81.70.213.71" addrtype="ipv4"/>
  5705. <hostnames>
  5706. </hostnames>
  5707. <ports><extraports state="closed" count="993">
  5708. <extrareasons reason="conn-refused" count="993"/>
  5709. </extraports>
  5710. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5711. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5712. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 10000&#xa;Jitter: 0&#xa;Maxdns: 235&#xa;C2 Server: 81.70.213.71,/wp-content/themes/calliope/wp_data.php&#xa;User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36&#xa;HTTP Method Path 2: /jquery-3.3.2.min.js&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x04\x04&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 10000&#xa;Jitter: 0&#xa;Maxdns: 235&#xa;C2 Server: 81.70.213.71,/wp-content/themes/calliope/wp_data.php&#xa;User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36&#xa;HTTP Method Path 2: /jquery-3.3.2.min.js&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x04\x04&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5713. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5714. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5715. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  5716. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  5717. </ports>
  5718. <times srtt="229292" rttvar="2936" to="241036"/>
  5719. </host>
  5720. <host starttime="1606751263" endtime="1606764508"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5721. <address addr="51.195.35.0" addrtype="ipv4"/>
  5722. <hostnames>
  5723. <hostname name="ip0.ip-51-195-35.eu" type="PTR"/>
  5724. </hostnames>
  5725. <ports><extraports state="closed" count="996">
  5726. <extrareasons reason="conn-refused" count="996"/>
  5727. </extraports>
  5728. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5729. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5730. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 51.195.35.0,/ca&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5731. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  5732. </ports>
  5733. <times srtt="101654" rttvar="2176" to="110358"/>
  5734. </host>
  5735. <host starttime="1606751261" endtime="1606764546"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5736. <address addr="23.83.134.16" addrtype="ipv4"/>
  5737. <hostnames>
  5738. </hostnames>
  5739. <ports><extraports state="closed" count="993">
  5740. <extrareasons reason="conn-refused" count="993"/>
  5741. </extraports>
  5742. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5743. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5744. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5745. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  5746. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5747. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: black.lockboxlink.com,/ga.js,pics.lockboxlink.com,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5748. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5749. </ports>
  5750. <times srtt="61443" rttvar="4995" to="100000"/>
  5751. </host>
  5752. <host starttime="1606751261" endtime="1606764501"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5753. <address addr="87.251.70.12" addrtype="ipv4"/>
  5754. <hostnames>
  5755. </hostnames>
  5756. <ports><extraports state="closed" count="996">
  5757. <extrareasons reason="conn-refused" count="996"/>
  5758. </extraports>
  5759. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5760. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5761. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5762. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5763. </ports>
  5764. <times srtt="138960" rttvar="1600" to="145360"/>
  5765. </host>
  5766. <host starttime="1606751262" endtime="1606764488"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5767. <address addr="43.240.15.68" addrtype="ipv4"/>
  5768. <hostnames>
  5769. <hostname name="ns1.asiahostway.com" type="PTR"/>
  5770. </hostnames>
  5771. <ports><extraports state="closed" count="994">
  5772. <extrareasons reason="conn-refused" count="994"/>
  5773. </extraports>
  5774. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5775. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5776. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  5777. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5778. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5779. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5780. </ports>
  5781. <times srtt="234765" rttvar="8825" to="270065"/>
  5782. </host>
  5783. <host starttime="1606751263" endtime="1606764548"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5784. <address addr="79.141.164.206" addrtype="ipv4"/>
  5785. <hostnames>
  5786. <hostname name="i3cb.maloof.pw" type="PTR"/>
  5787. </hostnames>
  5788. <ports><extraports state="closed" count="997">
  5789. <extrareasons reason="conn-refused" count="997"/>
  5790. </extraports>
  5791. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5792. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 79.141.164.206,/load&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 79.141.164.206,/g.pixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5793. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 79.141.164.206,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5794. </ports>
  5795. <times srtt="93385" rttvar="1230" to="100000"/>
  5796. </host>
  5797. <host starttime="1606751263" endtime="1606764534"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5798. <address addr="45.84.0.218" addrtype="ipv4"/>
  5799. <hostnames>
  5800. <hostname name="uywdbysdwx3.example.com" type="PTR"/>
  5801. </hostnames>
  5802. <ports><extraports state="closed" count="994">
  5803. <extrareasons reason="conn-refused" count="994"/>
  5804. </extraports>
  5805. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5806. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5807. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  5808. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5809. <port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5810. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  5811. </ports>
  5812. <times srtt="155251" rttvar="9970" to="195131"/>
  5813. </host>
  5814. <host starttime="1606751262" endtime="1606764548"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5815. <address addr="47.95.37.84" addrtype="ipv4"/>
  5816. <hostnames>
  5817. </hostnames>
  5818. <ports><extraports state="closed" count="985">
  5819. <extrareasons reason="conn-refused" count="985"/>
  5820. </extraports>
  5821. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5822. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5823. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5824. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5825. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5826. <port protocol="tcp" portid="880"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5827. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  5828. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  5829. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  5830. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  5831. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5832. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5833. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5834. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  5835. <port protocol="tcp" portid="10001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="scp-config" method="table" conf="3"/></port>
  5836. </ports>
  5837. <times srtt="230001" rttvar="3421" to="243685"/>
  5838. </host>
  5839. <host starttime="1606751262" endtime="1606764501"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5840. <address addr="64.128.143.70" addrtype="ipv4"/>
  5841. <hostnames>
  5842. </hostnames>
  5843. <ports><extraports state="filtered" count="998">
  5844. <extrareasons reason="no-responses" count="998"/>
  5845. </extraports>
  5846. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5847. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5848. </ports>
  5849. <times srtt="29467" rttvar="4649" to="100000"/>
  5850. </host>
  5851. <host starttime="1606751262" endtime="1606764490"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5852. <address addr="77.123.155.74" addrtype="ipv4"/>
  5853. <hostnames>
  5854. <hostname name="74.155.123.77.colo.static.dcvolia.com" type="PTR"/>
  5855. </hostnames>
  5856. <ports><extraports state="closed" count="996">
  5857. <extrareasons reason="conn-refused" count="996"/>
  5858. </extraports>
  5859. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5860. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5861. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 30000&#xa;Jitter: 20&#xa;Maxdns: 235&#xa;C2 Server: 77.123.155.74,/owa/&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)&#xa;HTTP Method Path 2: /OWA/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 30000&#xa;Jitter: 20&#xa;Maxdns: 235&#xa;C2 Server: 77.123.155.74,/owa/&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)&#xa;HTTP Method Path 2: /OWA/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5862. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5863. </ports>
  5864. <times srtt="128689" rttvar="2924" to="140385"/>
  5865. </host>
  5866. <host starttime="1606751262" endtime="1606764546"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5867. <address addr="47.92.0.132" addrtype="ipv4"/>
  5868. <hostnames>
  5869. </hostnames>
  5870. <ports><extraports state="filtered" count="997">
  5871. <extrareasons reason="no-responses" count="997"/>
  5872. </extraports>
  5873. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5874. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5875. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  5876. </ports>
  5877. <times srtt="231492" rttvar="3039" to="243648"/>
  5878. </host>
  5879. <host starttime="1606751262" endtime="1606764546"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5880. <address addr="43.225.30.90" addrtype="ipv4"/>
  5881. <hostnames>
  5882. </hostnames>
  5883. <ports><extraports state="closed" count="991">
  5884. <extrareasons reason="conn-refused" count="991"/>
  5885. </extraports>
  5886. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5887. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  5888. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  5889. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5890. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  5891. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5892. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5893. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5894. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  5895. </ports>
  5896. <times srtt="219786" rttvar="3856" to="235210"/>
  5897. </host>
  5898. <host starttime="1606751263" endtime="1606764501"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5899. <address addr="47.104.11.169" addrtype="ipv4"/>
  5900. <hostnames>
  5901. </hostnames>
  5902. <ports><extraports state="closed" count="989">
  5903. <extrareasons reason="conn-refused" count="989"/>
  5904. </extraports>
  5905. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5906. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5907. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5908. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  5909. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  5910. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5911. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5912. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  5913. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  5914. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  5915. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  5916. </ports>
  5917. <times srtt="278478" rttvar="6883" to="306010"/>
  5918. </host>
  5919. <host starttime="1606751262" endtime="1606764546"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5920. <address addr="45.76.158.91" addrtype="ipv4"/>
  5921. <hostnames>
  5922. <hostname name="www.luciferxx.cn" type="PTR"/>
  5923. </hostnames>
  5924. <ports><extraports state="closed" count="996">
  5925. <extrareasons reason="conn-refused" count="996"/>
  5926. </extraports>
  5927. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5928. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5929. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5930. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5931. </ports>
  5932. <times srtt="235831" rttvar="6795" to="263011"/>
  5933. </host>
  5934. <host starttime="1606751262" endtime="1606764513"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5935. <address addr="39.101.136.149" addrtype="ipv4"/>
  5936. <hostnames>
  5937. </hostnames>
  5938. <ports><extraports state="filtered" count="975">
  5939. <extrareasons reason="no-responses" count="975"/>
  5940. </extraports>
  5941. <port protocol="tcp" portid="21"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  5942. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5943. <port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  5944. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5945. <port protocol="tcp" portid="143"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="imap" method="table" conf="3"/></port>
  5946. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5947. <port protocol="tcp" portid="465"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  5948. <port protocol="tcp" portid="808"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ccproxy-http" method="table" conf="3"/></port>
  5949. <port protocol="tcp" portid="2020"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="xinupageserver" method="table" conf="3"/></port>
  5950. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  5951. <port protocol="tcp" portid="3389"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  5952. <port protocol="tcp" portid="3690"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="svn" method="table" conf="3"/></port>
  5953. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5954. <port protocol="tcp" portid="8010"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmpp" method="table" conf="3"/></port>
  5955. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  5956. <port protocol="tcp" portid="8888"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  5957. <port protocol="tcp" portid="9001"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="tor-orport" method="table" conf="3"/></port>
  5958. <port protocol="tcp" portid="50000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ibm-db2" method="table" conf="3"/></port>
  5959. <port protocol="tcp" portid="50001"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5960. <port protocol="tcp" portid="50002"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="iiimsf" method="table" conf="3"/></port>
  5961. <port protocol="tcp" portid="50003"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5962. <port protocol="tcp" portid="50006"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5963. <port protocol="tcp" portid="50300"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5964. <port protocol="tcp" portid="50389"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5965. <port protocol="tcp" portid="50500"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5966. </ports>
  5967. <times srtt="233612" rttvar="789" to="236768"/>
  5968. </host>
  5969. <host starttime="1606751262" endtime="1606764546"><status state="up" reason="conn-refused" reason_ttl="0"/>
  5970. <address addr="63.142.243.214" addrtype="ipv4"/>
  5971. <hostnames>
  5972. </hostnames>
  5973. <ports><extraports state="closed" count="996">
  5974. <extrareasons reason="conn-refused" count="996"/>
  5975. </extraports>
  5976. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5977. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5978. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5979. <port protocol="tcp" portid="1053"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="remote-as" method="table" conf="3"/></port>
  5980. </ports>
  5981. <times srtt="71755" rttvar="5344" to="100000"/>
  5982. </host>
  5983. <host starttime="1606751262" endtime="1606764508"><status state="up" reason="syn-ack" reason_ttl="0"/>
  5984. <address addr="47.110.83.12" addrtype="ipv4"/>
  5985. <hostnames>
  5986. </hostnames>
  5987. <ports><extraports state="closed" count="990">
  5988. <extrareasons reason="conn-refused" count="990"/>
  5989. </extraports>
  5990. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  5991. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  5992. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.110.83.12,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.110.83.12,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  5993. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  5994. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5995. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  5996. <port protocol="tcp" portid="880"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  5997. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5998. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  5999. <port protocol="tcp" portid="9081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-aqos" method="table" conf="3"/></port>
  6000. </ports>
  6001. <times srtt="217653" rttvar="8868" to="253125"/>
  6002. </host>
  6003. <host starttime="1606751271" endtime="1606764524"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6004. <address addr="64.187.238.202" addrtype="ipv4"/>
  6005. <hostnames>
  6006. <hostname name="64.187.238.202.alnitech.com" type="PTR"/>
  6007. </hostnames>
  6008. <ports><extraports state="closed" count="998">
  6009. <extrareasons reason="conn-refused" count="998"/>
  6010. </extraports>
  6011. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6012. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6013. </ports>
  6014. <times srtt="35041" rttvar="11619" to="100000"/>
  6015. </host>
  6016. <host starttime="1606751262" endtime="1606764546"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6017. <address addr="43.255.30.192" addrtype="ipv4"/>
  6018. <hostnames>
  6019. </hostnames>
  6020. <ports><extraports state="closed" count="991">
  6021. <extrareasons reason="conn-refused" count="991"/>
  6022. </extraports>
  6023. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6024. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6025. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  6026. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6027. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6028. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6029. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6030. <port protocol="tcp" portid="1900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  6031. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6032. </ports>
  6033. <times srtt="217027" rttvar="2311" to="226271"/>
  6034. </host>
  6035. <host starttime="1606751263" endtime="1606764529"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6036. <address addr="34.72.48.115" addrtype="ipv4"/>
  6037. <hostnames>
  6038. <hostname name="115.48.72.34.bc.googleusercontent.com" type="PTR"/>
  6039. </hostnames>
  6040. <ports><extraports state="filtered" count="995">
  6041. <extrareasons reason="no-responses" count="995"/>
  6042. </extraports>
  6043. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  6044. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6045. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  6046. <port protocol="tcp" portid="8081"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  6047. <port protocol="tcp" portid="8443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  6048. </ports>
  6049. <times srtt="43234" rttvar="4888" to="100000"/>
  6050. </host>
  6051. <host starttime="1606751262" endtime="1606764463"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6052. <address addr="40.121.162.127" addrtype="ipv4"/>
  6053. <hostnames>
  6054. </hostnames>
  6055. <ports><extraports state="closed" count="996">
  6056. <extrareasons reason="conn-refused" count="996"/>
  6057. </extraports>
  6058. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6059. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6060. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 40.121.162.127,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6061. <port protocol="tcp" portid="587"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="submission" method="table" conf="3"/></port>
  6062. </ports>
  6063. <times srtt="18348" rttvar="10649" to="100000"/>
  6064. </host>
  6065. <host starttime="1606751263" endtime="1606764493"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6066. <address addr="45.11.180.250" addrtype="ipv4"/>
  6067. <hostnames>
  6068. </hostnames>
  6069. <ports><extraports state="closed" count="995">
  6070. <extrareasons reason="conn-refused" count="995"/>
  6071. </extraports>
  6072. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6073. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6074. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.11.180.250,/dpixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.11.180.250,/en_US/all.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP08; MAAU; NP08)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6075. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  6076. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6077. </ports>
  6078. <times srtt="93976" rttvar="1600" to="100376"/>
  6079. </host>
  6080. <host starttime="1606751262" endtime="1606764488"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6081. <address addr="39.107.60.234" addrtype="ipv4"/>
  6082. <hostnames>
  6083. </hostnames>
  6084. <ports><extraports state="closed" count="994">
  6085. <extrareasons reason="conn-refused" count="994"/>
  6086. </extraports>
  6087. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6088. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6089. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6090. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6091. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  6092. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  6093. </ports>
  6094. <times srtt="229846" rttvar="1095" to="234226"/>
  6095. </host>
  6096. <host starttime="1606751263" endtime="1606764532"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6097. <address addr="45.199.110.164" addrtype="ipv4"/>
  6098. <hostnames>
  6099. </hostnames>
  6100. <ports><extraports state="closed" count="990">
  6101. <extrareasons reason="conn-refused" count="990"/>
  6102. </extraports>
  6103. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6104. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6105. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  6106. <port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  6107. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6108. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6109. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6110. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6111. <port protocol="tcp" portid="888"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  6112. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  6113. </ports>
  6114. <times srtt="231106" rttvar="7491" to="261070"/>
  6115. </host>
  6116. <host starttime="1606751263" endtime="1606764508"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6117. <address addr="47.97.116.203" addrtype="ipv4"/>
  6118. <hostnames>
  6119. </hostnames>
  6120. <ports><extraports state="filtered" count="995">
  6121. <extrareasons reason="no-responses" count="995"/>
  6122. </extraports>
  6123. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6124. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6125. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6126. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6127. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6128. </ports>
  6129. <times srtt="204469" rttvar="1526" to="210573"/>
  6130. </host>
  6131. <host starttime="1606751270" endtime="1606764532"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6132. <address addr="45.77.249.181" addrtype="ipv4"/>
  6133. <hostnames>
  6134. <hostname name="45.77.249.181.vultr.com" type="PTR"/>
  6135. </hostnames>
  6136. <ports><extraports state="closed" count="993">
  6137. <extrareasons reason="conn-refused" count="993"/>
  6138. </extraports>
  6139. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6140. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6141. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6142. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6143. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6144. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6145. <port protocol="tcp" portid="5051"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ida-agent" method="table" conf="3"/></port>
  6146. </ports>
  6147. <times srtt="233693" rttvar="2999" to="245689"/>
  6148. </host>
  6149. <host starttime="1606751262" endtime="1606764537"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6150. <address addr="45.83.140.231" addrtype="ipv4"/>
  6151. <hostnames>
  6152. <hostname name="nordns.vps.hosteons.com" type="PTR"/>
  6153. </hostnames>
  6154. <ports><extraports state="filtered" count="996">
  6155. <extrareasons reason="no-responses" count="996"/>
  6156. </extraports>
  6157. <port protocol="tcp" portid="53"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6158. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6159. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  6160. <port protocol="tcp" portid="8888"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  6161. </ports>
  6162. <times srtt="335088" rttvar="32461" to="464932"/>
  6163. </host>
  6164. <host starttime="1606751263" endtime="1606764532"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6165. <address addr="34.96.157.246" addrtype="ipv4"/>
  6166. <hostnames>
  6167. <hostname name="246.157.96.34.bc.googleusercontent.com" type="PTR"/>
  6168. </hostnames>
  6169. <ports><extraports state="closed" count="992">
  6170. <extrareasons reason="conn-refused" count="992"/>
  6171. </extraports>
  6172. <port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  6173. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6174. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6175. <port protocol="tcp" portid="90"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dnsix" method="table" conf="3"/></port>
  6176. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6177. <port protocol="tcp" portid="1099"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rmiregistry" method="table" conf="3"/></port>
  6178. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  6179. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  6180. </ports>
  6181. <times srtt="214590" rttvar="5149" to="235186"/>
  6182. </host>
  6183. <host starttime="1606751262" endtime="1606764538"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6184. <address addr="45.153.243.215" addrtype="ipv4"/>
  6185. <hostnames>
  6186. </hostnames>
  6187. <ports><extraports state="closed" count="994">
  6188. <extrareasons reason="conn-refused" count="994"/>
  6189. </extraports>
  6190. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6191. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6192. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.support,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.support,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6193. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6194. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6195. <port protocol="tcp" portid="10000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="snet-sensor-mgmt" method="table" conf="3"/></port>
  6196. </ports>
  6197. <times srtt="98222" rttvar="890" to="101782"/>
  6198. </host>
  6199. <host starttime="1606751263" endtime="1606764534"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6200. <address addr="46.148.26.246" addrtype="ipv4"/>
  6201. <hostnames>
  6202. <hostname name="boilserg.example.com" type="PTR"/>
  6203. </hostnames>
  6204. <ports><extraports state="closed" count="996">
  6205. <extrareasons reason="conn-refused" count="996"/>
  6206. </extraports>
  6207. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6208. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6209. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6210. <port protocol="tcp" portid="444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snpp" method="table" conf="3"/></port>
  6211. </ports>
  6212. <times srtt="261339" rttvar="63332" to="514667"/>
  6213. </host>
  6214. <host starttime="1606751263" endtime="1606764517"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6215. <address addr="46.166.129.169" addrtype="ipv4"/>
  6216. <hostnames>
  6217. <hostname name="olympusservice.net" type="PTR"/>
  6218. </hostnames>
  6219. <ports><extraports state="closed" count="997">
  6220. <extrareasons reason="conn-refused" count="997"/>
  6221. </extraports>
  6222. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6223. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6224. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 46.166.129.169,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6225. </ports>
  6226. <times srtt="95347" rttvar="2383" to="104879"/>
  6227. </host>
  6228. <host starttime="1606751263" endtime="1606764531"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6229. <address addr="47.92.93.180" addrtype="ipv4"/>
  6230. <hostnames>
  6231. </hostnames>
  6232. <ports><extraports state="closed" count="994">
  6233. <extrareasons reason="conn-refused" count="994"/>
  6234. </extraports>
  6235. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6236. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.92.93.180,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.92.93.180,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MDDCJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6237. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6238. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6239. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  6240. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  6241. </ports>
  6242. <times srtt="232229" rttvar="2762" to="243277"/>
  6243. </host>
  6244. <host starttime="1606751262" endtime="1606764531"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6245. <address addr="45.147.231.51" addrtype="ipv4"/>
  6246. <hostnames>
  6247. </hostnames>
  6248. <ports><extraports state="closed" count="994">
  6249. <extrareasons reason="conn-refused" count="994"/>
  6250. </extraports>
  6251. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6252. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6253. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.site,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.site,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6254. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.site,/match&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6255. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6256. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  6257. </ports>
  6258. <times srtt="98508" rttvar="2009" to="106544"/>
  6259. </host>
  6260. <host starttime="1606751262" endtime="1606764529"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6261. <address addr="45.153.184.167" addrtype="ipv4"/>
  6262. <hostnames>
  6263. <hostname name="no-reverse-yet.local" type="PTR"/>
  6264. </hostnames>
  6265. <ports><extraports state="filtered" count="997">
  6266. <extrareasons reason="no-responses" count="997"/>
  6267. </extraports>
  6268. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6269. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 45.153.184.167,/__utm.gif,openmsdn.xyz,/__utm.gif&#xa;HTTP Method Path 2: /___utm.gif&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 45.153.184.167,/__utm.gif,openmsdn.xyz,/__utm.gif&#xa;HTTP Method Path 2: /___utm.gif&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6270. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 45.153.184.167,/__utm.gif,openmsdn.xyz,/__utm.gif&#xa;HTTP Method Path 2: /___utm.gif&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6271. </ports>
  6272. <times srtt="97500" rttvar="2945" to="109280"/>
  6273. </host>
  6274. <host starttime="1606751262" endtime="1606764525"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6275. <address addr="45.138.172.80" addrtype="ipv4"/>
  6276. <hostnames>
  6277. </hostnames>
  6278. <ports><extraports state="closed" count="995">
  6279. <extrareasons reason="conn-refused" count="995"/>
  6280. </extraports>
  6281. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6282. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6283. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 57000&#xa;Jitter: 41&#xa;C2 Server: 45.138.172.80,/fo.html&#xa;HTTP Method Path 2: /default&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\regsvr32.exe&#xa;Spawnto_x64: %windir%\sysnative\regsvr32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 57000&#xa;Jitter: 41&#xa;C2 Server: 45.138.172.80,/fo.html&#xa;HTTP Method Path 2: /default&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\regsvr32.exe&#xa;Spawnto_x64: %windir%\sysnative\regsvr32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6284. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6285. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 57000&#xa;Jitter: 41&#xa;C2 Server: 45.138.172.80,/ab.css&#xa;HTTP Method Path 2: /fo&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\regsvr32.exe&#xa;Spawnto_x64: %windir%\sysnative\regsvr32.exe&#xa;Proxy_Hostname: http://10.59.24.32:8080&#xa;Proxy_AccessType: 0 (Unknown)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 57000&#xa;Jitter: 41&#xa;C2 Server: 45.138.172.80,/RELEASES.css&#xa;HTTP Method Path 2: /fo&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\regsvr32.exe&#xa;Spawnto_x64: %windir%\sysnative\regsvr32.exe&#xa;Proxy_Hostname: http://10.59.24.32:8080&#xa;Proxy_AccessType: 0 (Unknown)&#xa;&#xa;"/></port>
  6286. </ports>
  6287. <times srtt="97870" rttvar="1470" to="103750"/>
  6288. </host>
  6289. <host starttime="1606751263" endtime="1606764467"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6290. <address addr="45.10.20.166" addrtype="ipv4"/>
  6291. <hostnames>
  6292. </hostnames>
  6293. <ports><extraports state="closed" count="996">
  6294. <extrareasons reason="conn-refused" count="996"/>
  6295. </extraports>
  6296. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6297. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6298. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6299. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6300. </ports>
  6301. <times srtt="93914" rttvar="1831" to="101238"/>
  6302. </host>
  6303. <host starttime="1606751262" endtime="1606764546"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6304. <address addr="46.166.128.234" addrtype="ipv4"/>
  6305. <hostnames>
  6306. </hostnames>
  6307. <ports><extraports state="closed" count="996">
  6308. <extrareasons reason="conn-refused" count="996"/>
  6309. </extraports>
  6310. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6311. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6312. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 46.166.128.234,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 46.166.128.234,/pixel.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6313. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 46.166.128.234,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 46.166.128.234,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6314. </ports>
  6315. <times srtt="94220" rttvar="1824" to="101516"/>
  6316. </host>
  6317. <host starttime="1606751262" endtime="1606764497"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6318. <address addr="46.166.129.182" addrtype="ipv4"/>
  6319. <hostnames>
  6320. <hostname name="gov.earthanman.com" type="PTR"/>
  6321. </hostnames>
  6322. <ports><extraports state="closed" count="997">
  6323. <extrareasons reason="conn-refused" count="997"/>
  6324. </extraports>
  6325. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6326. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6327. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6328. </ports>
  6329. <times srtt="93737" rttvar="1076" to="100000"/>
  6330. </host>
  6331. <host starttime="1606751262" endtime="1606764523"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6332. <address addr="35.203.173.196" addrtype="ipv4"/>
  6333. <hostnames>
  6334. <hostname name="196.173.203.35.bc.googleusercontent.com" type="PTR"/>
  6335. </hostnames>
  6336. <ports><extraports state="filtered" count="998">
  6337. <extrareasons reason="no-responses" count="998"/>
  6338. </extraports>
  6339. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  6340. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6341. </ports>
  6342. <times srtt="90284" rttvar="2502" to="100292"/>
  6343. </host>
  6344. <host starttime="1606751262" endtime="1606764460"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6345. <address addr="49.232.1.114" addrtype="ipv4"/>
  6346. <hostnames>
  6347. </hostnames>
  6348. <ports><extraports state="closed" count="991">
  6349. <extrareasons reason="conn-refused" count="991"/>
  6350. </extraports>
  6351. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6352. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6353. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6354. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6355. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  6356. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  6357. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  6358. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  6359. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  6360. </ports>
  6361. <times srtt="227978" rttvar="1477" to="233886"/>
  6362. </host>
  6363. <host starttime="1606751262" endtime="1606764525"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6364. <address addr="45.14.149.202" addrtype="ipv4"/>
  6365. <hostnames>
  6366. </hostnames>
  6367. <ports><extraports state="closed" count="995">
  6368. <extrareasons reason="conn-refused" count="995"/>
  6369. </extraports>
  6370. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6371. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6372. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6373. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.14.149.202,/activity&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6374. <port protocol="tcp" portid="8899"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ospf-lite" method="table" conf="3"/></port>
  6375. </ports>
  6376. <times srtt="132243" rttvar="2517" to="142311"/>
  6377. </host>
  6378. <host starttime="1606751262" endtime="1606764523"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6379. <address addr="47.56.144.122" addrtype="ipv4"/>
  6380. <hostnames>
  6381. </hostnames>
  6382. <ports><extraports state="closed" count="990">
  6383. <extrareasons reason="conn-refused" count="990"/>
  6384. </extraports>
  6385. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6386. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6387. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: sb.flashfack.ren,/load&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: sb.flashfack.ren,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6388. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6389. <port protocol="tcp" portid="8007"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ajp12" method="table" conf="3"/></port>
  6390. <port protocol="tcp" portid="64623"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6391. <port protocol="tcp" portid="64680"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6392. <port protocol="tcp" portid="65000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6393. <port protocol="tcp" portid="65129"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6394. <port protocol="tcp" portid="65389"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6395. </ports>
  6396. <times srtt="229379" rttvar="1324" to="234675"/>
  6397. </host>
  6398. <host starttime="1606751261" endtime="1606764533"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6399. <address addr="45.141.84.32" addrtype="ipv4"/>
  6400. <hostnames>
  6401. </hostnames>
  6402. <ports><extraports state="closed" count="996">
  6403. <extrareasons reason="conn-refused" count="996"/>
  6404. </extraports>
  6405. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6406. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6407. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.141.84.32,/dpixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.141.84.32,/visit.js&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6408. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6409. </ports>
  6410. <times srtt="146665" rttvar="3887" to="162213"/>
  6411. </host>
  6412. <host starttime="1606751263" endtime="1606764501"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6413. <address addr="46.166.173.24" addrtype="ipv4"/>
  6414. <hostnames>
  6415. </hostnames>
  6416. <ports><extraports state="closed" count="996">
  6417. <extrareasons reason="conn-refused" count="996"/>
  6418. </extraports>
  6419. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6420. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6421. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6422. <port protocol="tcp" portid="12345"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbus" method="table" conf="3"/></port>
  6423. </ports>
  6424. <times srtt="129521" rttvar="2170" to="138201"/>
  6425. </host>
  6426. <host starttime="1606751262" endtime="1606764498"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6427. <address addr="45.227.255.189" addrtype="ipv4"/>
  6428. <hostnames>
  6429. <hostname name="hosting-by.web4net.org" type="PTR"/>
  6430. </hostnames>
  6431. <ports><extraports state="closed" count="996">
  6432. <extrareasons reason="conn-refused" count="996"/>
  6433. </extraports>
  6434. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6435. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6436. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6437. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6438. </ports>
  6439. <times srtt="94522" rttvar="1293" to="100000"/>
  6440. </host>
  6441. <host starttime="1606751262" endtime="1606764464"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6442. <address addr="18.130.155.157" addrtype="ipv4"/>
  6443. <hostnames>
  6444. <hostname name="ec2-18-130-155-157.eu-west-2.compute.amazonaws.com" type="PTR"/>
  6445. </hostnames>
  6446. <ports><extraports state="filtered" count="998">
  6447. <extrareasons reason="no-responses" count="998"/>
  6448. </extraports>
  6449. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  6450. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6451. </ports>
  6452. <times srtt="87017" rttvar="1613" to="100000"/>
  6453. </host>
  6454. <host starttime="1606751262" endtime="1606764508"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6455. <address addr="45.146.165.140" addrtype="ipv4"/>
  6456. <hostnames>
  6457. </hostnames>
  6458. <ports><extraports state="closed" count="994">
  6459. <extrareasons reason="conn-refused" count="994"/>
  6460. </extraports>
  6461. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6462. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.146.165.140,/g.pixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.146.165.140,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6463. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6464. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6465. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6466. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6467. </ports>
  6468. <times srtt="129652" rttvar="2872" to="141140"/>
  6469. </host>
  6470. <host starttime="1606751262" endtime="1606764506"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6471. <address addr="34.217.55.137" addrtype="ipv4"/>
  6472. <hostnames>
  6473. <hostname name="ec2-34-217-55-137.us-west-2.compute.amazonaws.com" type="PTR"/>
  6474. </hostnames>
  6475. <ports><extraports state="filtered" count="998">
  6476. <extrareasons reason="no-responses" count="998"/>
  6477. </extraports>
  6478. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 34.217.55.137,/en_US/all.js&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 34.217.55.137,/ga.js&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6479. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 54.212.192.157,/g.pixel&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6480. </ports>
  6481. <times srtt="91006" rttvar="1599" to="100000"/>
  6482. </host>
  6483. <host starttime="1606751262" endtime="1606764504"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6484. <address addr="39.107.246.25" addrtype="ipv4"/>
  6485. <hostnames>
  6486. </hostnames>
  6487. <ports><extraports state="closed" count="994">
  6488. <extrareasons reason="conn-refused" count="994"/>
  6489. </extraports>
  6490. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6491. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6492. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6493. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6494. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  6495. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  6496. </ports>
  6497. <times srtt="224656" rttvar="2386" to="234200"/>
  6498. </host>
  6499. <host starttime="1606751262" endtime="1606764467"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6500. <address addr="46.8.177.137" addrtype="ipv4"/>
  6501. <hostnames>
  6502. </hostnames>
  6503. <ports><extraports state="closed" count="995">
  6504. <extrareasons reason="conn-refused" count="995"/>
  6505. </extraports>
  6506. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6507. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6508. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6509. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6510. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6511. </ports>
  6512. <times srtt="220392" rttvar="5627" to="242900"/>
  6513. </host>
  6514. <host starttime="1606751262" endtime="1606766388"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6515. <address addr="45.254.64.7" addrtype="ipv4"/>
  6516. <hostnames>
  6517. </hostnames>
  6518. <ports><extraports state="closed" count="985">
  6519. <extrareasons reason="conn-refused" count="985"/>
  6520. </extraports>
  6521. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6522. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6523. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6524. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  6525. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6526. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6527. <port protocol="tcp" portid="1234"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hotline" method="table" conf="3"/></port>
  6528. <port protocol="tcp" portid="1433"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3"/></port>
  6529. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  6530. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  6531. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  6532. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  6533. <port protocol="tcp" portid="8087"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="simplifymedia" method="table" conf="3"/></port>
  6534. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6535. <port protocol="tcp" portid="55555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6536. </ports>
  6537. <times srtt="226300" rttvar="1765" to="233360"/>
  6538. </host>
  6539. <host starttime="1606751261" endtime="1606766427"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6540. <address addr="47.242.148.4" addrtype="ipv4"/>
  6541. <hostnames>
  6542. </hostnames>
  6543. <ports><extraports state="closed" count="995">
  6544. <extrareasons reason="conn-refused" count="995"/>
  6545. </extraports>
  6546. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6547. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6548. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.242.148.4,/dpixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.242.148.4,/visit.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MALNJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6549. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6550. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6551. </ports>
  6552. <times srtt="229575" rttvar="1346" to="234959"/>
  6553. </host>
  6554. <host starttime="1606751262" endtime="1606766384"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6555. <address addr="3.122.109.210" addrtype="ipv4"/>
  6556. <hostnames>
  6557. <hostname name="ec2-3-122-109-210.eu-central-1.compute.amazonaws.com" type="PTR"/>
  6558. </hostnames>
  6559. <ports><extraports state="filtered" count="998">
  6560. <extrareasons reason="no-responses" count="998"/>
  6561. </extraports>
  6562. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  6563. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6564. </ports>
  6565. <times srtt="100704" rttvar="6085" to="125044"/>
  6566. </host>
  6567. <host starttime="1606751262" endtime="1606766429"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6568. <address addr="45.76.210.100" addrtype="ipv4"/>
  6569. <hostnames>
  6570. <hostname name="45.76.210.100.vultr.com" type="PTR"/>
  6571. </hostnames>
  6572. <ports><extraports state="closed" count="994">
  6573. <extrareasons reason="conn-refused" count="994"/>
  6574. </extraports>
  6575. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6576. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6577. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: microsofts.network,/__utm.gif,http.microsoftsupdate.workers.dev,/__utm.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /___utm.gif&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: microsofts.network,/__utm.gif,http.microsoftsupdate.workers.dev,/__utm.gif&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /___utm.gif&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6578. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6579. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6580. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6581. </ports>
  6582. <times srtt="182100" rttvar="1823" to="189392"/>
  6583. </host>
  6584. <host starttime="1606751261" endtime="1606766404"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6585. <address addr="39.109.116.2" addrtype="ipv4"/>
  6586. <hostnames>
  6587. </hostnames>
  6588. <ports><extraports state="closed" count="984">
  6589. <extrareasons reason="conn-refused" count="984"/>
  6590. </extraports>
  6591. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  6592. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6593. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 100000&#xa;Jitter: 20&#xa;Maxdns: 255&#xa;C2 Server: 59.151.40.186,/box-static/disk-header/header/img/logo.png,120.132.70.253,/box-static/disk-header/header/img/logo.png,222.73.162.46,/img/flexible/logo/pc/result.png&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36&#xa;HTTP Method Path 2: /search/index&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 100000&#xa;Jitter: 20&#xa;Maxdns: 255&#xa;C2 Server: 59.151.40.186,/static/superman/img/topnav/baiduyun.png,120.132.70.253,/img/flexible/logo/pc/result.png,222.73.162.46,/img/flexible/logo/pc/result.png&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36&#xa;HTTP Method Path 2: /search/index&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6594. <port protocol="tcp" portid="109"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop2" method="table" conf="3"/></port>
  6595. <port protocol="tcp" portid="110"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop3" method="table" conf="3"/></port>
  6596. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  6597. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6598. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6599. <port protocol="tcp" portid="143"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="imap" method="table" conf="3"/></port>
  6600. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6601. <port protocol="tcp" portid="444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snpp" method="table" conf="3"/></port>
  6602. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6603. <port protocol="tcp" portid="465"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  6604. <port protocol="tcp" portid="993"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="imaps" method="table" conf="3"/></port>
  6605. <port protocol="tcp" portid="995"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop3s" method="table" conf="3"/></port>
  6606. <port protocol="tcp" portid="9111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="DragonIDSConsole" method="table" conf="3"/></port>
  6607. </ports>
  6608. <times srtt="224889" rttvar="7903" to="256501"/>
  6609. </host>
  6610. <host starttime="1606751263" endtime="1606766355"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6611. <address addr="46.166.129.176" addrtype="ipv4"/>
  6612. <hostnames>
  6613. <hostname name="gov.earthaninternational.com" type="PTR"/>
  6614. </hostnames>
  6615. <ports><extraports state="closed" count="997">
  6616. <extrareasons reason="conn-refused" count="997"/>
  6617. </extraports>
  6618. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6619. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6620. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6621. </ports>
  6622. <times srtt="93950" rttvar="1631" to="100474"/>
  6623. </host>
  6624. <host starttime="1606751266" endtime="1606766410"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6625. <address addr="3.16.1.87" addrtype="ipv4"/>
  6626. <hostnames>
  6627. <hostname name="ec2-3-16-1-87.us-east-2.compute.amazonaws.com" type="PTR"/>
  6628. </hostnames>
  6629. <ports><extraports state="filtered" count="996">
  6630. <extrareasons reason="no-responses" count="996"/>
  6631. </extraports>
  6632. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  6633. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6634. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  6635. <port protocol="tcp" portid="8090"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="opsmessaging" method="table" conf="3"/></port>
  6636. </ports>
  6637. <times srtt="35517" rttvar="5226" to="100000"/>
  6638. </host>
  6639. <host starttime="1606751261" endtime="1606766424"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6640. <address addr="45.147.230.0" addrtype="ipv4"/>
  6641. <hostnames>
  6642. </hostnames>
  6643. <ports><extraports state="closed" count="994">
  6644. <extrareasons reason="conn-refused" count="994"/>
  6645. </extraports>
  6646. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6647. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6648. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.online,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.online,/pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6649. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6650. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.online,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.online,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6651. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  6652. </ports>
  6653. <times srtt="97375" rttvar="571" to="100000"/>
  6654. </host>
  6655. <host starttime="1606751262" endtime="1606766429"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6656. <address addr="45.77.23.203" addrtype="ipv4"/>
  6657. <hostnames>
  6658. <hostname name="45.77.23.203.vultr.com" type="PTR"/>
  6659. </hostnames>
  6660. <ports><extraports state="closed" count="994">
  6661. <extrareasons reason="conn-refused" count="994"/>
  6662. </extraports>
  6663. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6664. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6665. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.77.23.203,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.77.23.203,/dpixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6666. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6667. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  6668. <port protocol="tcp" portid="55555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6669. </ports>
  6670. <times srtt="182818" rttvar="2115" to="191278"/>
  6671. </host>
  6672. <host starttime="1606751262" endtime="1606766420"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6673. <address addr="47.242.76.173" addrtype="ipv4"/>
  6674. <hostnames>
  6675. </hostnames>
  6676. <ports><extraports state="closed" count="986">
  6677. <extrareasons reason="conn-refused" count="986"/>
  6678. </extraports>
  6679. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6680. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6681. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6682. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6683. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.242.76.173,/cx,os.kuaiqukan.com,/fwlink&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6684. <port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6685. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  6686. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6687. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6688. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6689. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6690. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6691. <port protocol="tcp" portid="49157"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6692. <port protocol="tcp" portid="49158"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6693. </ports>
  6694. <times srtt="229621" rttvar="2419" to="239297"/>
  6695. </host>
  6696. <host starttime="1606751263" endtime="1606766424"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6697. <address addr="46.161.27.220" addrtype="ipv4"/>
  6698. <hostnames>
  6699. </hostnames>
  6700. <ports><extraports state="closed" count="997">
  6701. <extrareasons reason="conn-refused" count="997"/>
  6702. </extraports>
  6703. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6704. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6705. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6706. </ports>
  6707. <times srtt="95402" rttvar="1978" to="103314"/>
  6708. </host>
  6709. <host starttime="1606751262" endtime="1606766439"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6710. <address addr="47.91.242.27" addrtype="ipv4"/>
  6711. <hostnames>
  6712. </hostnames>
  6713. <ports><extraports state="filtered" count="726">
  6714. <extrareasons reason="no-responses" count="726"/>
  6715. </extraports>
  6716. <extraports state="closed" count="269">
  6717. <extrareasons reason="conn-refused" count="269"/>
  6718. </extraports>
  6719. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6720. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6721. <port protocol="tcp" portid="2288"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netml" method="table" conf="3"/></port>
  6722. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  6723. <port protocol="tcp" portid="6006"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:6" method="table" conf="3"/></port>
  6724. </ports>
  6725. <times srtt="296691" rttvar="35979" to="440607"/>
  6726. </host>
  6727. <host starttime="1606751262" endtime="1606766396"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6728. <address addr="45.149.16.218" addrtype="ipv4"/>
  6729. <hostnames>
  6730. </hostnames>
  6731. <ports><extraports state="closed" count="987">
  6732. <extrareasons reason="conn-refused" count="987"/>
  6733. </extraports>
  6734. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6735. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  6736. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6737. <port protocol="tcp" portid="109"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop2" method="table" conf="3"/></port>
  6738. <port protocol="tcp" portid="110"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pop3" method="table" conf="3"/></port>
  6739. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6740. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6741. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6742. <port protocol="tcp" portid="888"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  6743. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  6744. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6745. <port protocol="tcp" portid="10617"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6746. <port protocol="tcp" portid="65000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6747. </ports>
  6748. <times srtt="225118" rttvar="3965" to="240978"/>
  6749. </host>
  6750. <host starttime="1606751262" endtime="1606766351"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6751. <address addr="46.166.162.97" addrtype="ipv4"/>
  6752. <hostnames>
  6753. </hostnames>
  6754. <ports><extraports state="closed" count="997">
  6755. <extrareasons reason="conn-refused" count="997"/>
  6756. </extraports>
  6757. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6758. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6759. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6760. </ports>
  6761. <times srtt="130070" rttvar="1371" to="135554"/>
  6762. </host>
  6763. <host starttime="1606751263" endtime="1606766441"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6764. <address addr="42.192.129.232" addrtype="ipv4"/>
  6765. <hostnames>
  6766. </hostnames>
  6767. <ports><extraports state="closed" count="971">
  6768. <extrareasons reason="conn-refused" count="971"/>
  6769. </extraports>
  6770. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6771. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  6772. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6773. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6774. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6775. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6776. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6777. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6778. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  6779. <port protocol="tcp" portid="990"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ftps" method="table" conf="3"/></port>
  6780. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  6781. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  6782. <port protocol="tcp" portid="1073"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bridgecontrol" method="table" conf="3"/></port>
  6783. <port protocol="tcp" portid="1111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="lmsocialserver" method="table" conf="3"/></port>
  6784. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  6785. <port protocol="tcp" portid="2222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="EtherNetIP-1" method="table" conf="3"/></port>
  6786. <port protocol="tcp" portid="2301"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="compaqdiag" method="table" conf="3"/></port>
  6787. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  6788. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  6789. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  6790. <port protocol="tcp" portid="5922"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6791. <port protocol="tcp" portid="6000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11" method="table" conf="3"/></port>
  6792. <port protocol="tcp" portid="6666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  6793. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: ,/fwlink&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: ,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASAJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6794. <port protocol="tcp" portid="9999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="abyss" method="table" conf="3"/></port>
  6795. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6796. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6797. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6798. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  6799. </ports>
  6800. <times srtt="208431" rttvar="1739" to="215387"/>
  6801. </host>
  6802. <host starttime="1606751262" endtime="1606766420"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6803. <address addr="42.192.145.157" addrtype="ipv4"/>
  6804. <hostnames>
  6805. </hostnames>
  6806. <ports><extraports state="closed" count="984">
  6807. <extrareasons reason="conn-refused" count="984"/>
  6808. </extraports>
  6809. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6810. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  6811. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6812. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 42.192.145.157,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 42.192.145.157,/cm&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; InfoPath.2)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6813. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6814. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6815. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6816. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6817. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  6818. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  6819. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  6820. <port protocol="tcp" portid="1234"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hotline" method="table" conf="3"/></port>
  6821. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  6822. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  6823. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  6824. <port protocol="tcp" portid="12345"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbus" method="table" conf="3"/></port>
  6825. </ports>
  6826. <times srtt="210399" rttvar="11500" to="256399"/>
  6827. </host>
  6828. <host starttime="1606751262" endtime="1606766392"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6829. <address addr="42.192.145.124" addrtype="ipv4"/>
  6830. <hostnames>
  6831. </hostnames>
  6832. <ports><extraports state="closed" count="986">
  6833. <extrareasons reason="conn-refused" count="986"/>
  6834. </extraports>
  6835. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6836. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  6837. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6838. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 42.192.145.124,/j.ad&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 42.192.145.124,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6839. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6840. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6841. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6842. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6843. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  6844. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  6845. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  6846. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  6847. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  6848. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  6849. </ports>
  6850. <times srtt="213019" rttvar="6848" to="240411"/>
  6851. </host>
  6852. <host starttime="1606751272" endtime="1606766410"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6853. <address addr="34.203.235.59" addrtype="ipv4"/>
  6854. <hostnames>
  6855. <hostname name="ec2-34-203-235-59.compute-1.amazonaws.com" type="PTR"/>
  6856. </hostnames>
  6857. <ports><extraports state="filtered" count="997">
  6858. <extrareasons reason="no-responses" count="997"/>
  6859. </extraports>
  6860. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6861. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 20000&#xa;Jitter: 20&#xa;C2 Server: sitehealthcheck.org,/oscp/&#xa;HTTP Method Path 2: /oscp/a/&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 20000&#xa;Jitter: 20&#xa;C2 Server: sitehealthcheck.org,/oscp/&#xa;HTTP Method Path 2: /oscp/a/&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6862. <port protocol="tcp" portid="3000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ppp" method="table" conf="3"/></port>
  6863. </ports>
  6864. <times srtt="12394" rttvar="3203" to="100000"/>
  6865. </host>
  6866. <host starttime="1606751262" endtime="1606766420"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6867. <address addr="13.76.216.122" addrtype="ipv4"/>
  6868. <hostnames>
  6869. </hostnames>
  6870. <ports><extraports state="closed" count="995">
  6871. <extrareasons reason="conn-refused" count="995"/>
  6872. </extraports>
  6873. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6874. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6875. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6876. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6877. <port protocol="tcp" portid="7000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-fileserver" method="table" conf="3"/></port>
  6878. </ports>
  6879. <times srtt="231811" rttvar="1464" to="237667"/>
  6880. </host>
  6881. <host starttime="1606751263" endtime="1606766423"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6882. <address addr="31.44.184.165" addrtype="ipv4"/>
  6883. <hostnames>
  6884. </hostnames>
  6885. <ports><extraports state="closed" count="997">
  6886. <extrareasons reason="conn-refused" count="997"/>
  6887. </extraports>
  6888. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6889. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.165,/__utm.gif&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.165,/match&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6890. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6891. </ports>
  6892. <times srtt="151976" rttvar="4124" to="168472"/>
  6893. </host>
  6894. <host starttime="1606751268" endtime="1606766379"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6895. <address addr="31.44.184.73" addrtype="ipv4"/>
  6896. <hostnames>
  6897. </hostnames>
  6898. <ports><extraports state="closed" count="997">
  6899. <extrareasons reason="conn-refused" count="997"/>
  6900. </extraports>
  6901. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6902. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.73,/IE9CompatViewList.xml&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.73,/en_US/all.js&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6903. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6904. </ports>
  6905. <times srtt="146532" rttvar="3358" to="159964"/>
  6906. </host>
  6907. <host starttime="1606751263" endtime="1606766353"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6908. <address addr="31.44.184.174" addrtype="ipv4"/>
  6909. <hostnames>
  6910. </hostnames>
  6911. <ports><extraports state="closed" count="997">
  6912. <extrareasons reason="conn-refused" count="997"/>
  6913. </extraports>
  6914. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6915. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.174,/ga.js&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.174,/match&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6916. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6917. </ports>
  6918. <times srtt="151702" rttvar="5469" to="173578"/>
  6919. </host>
  6920. <host starttime="1606751263" endtime="1606766342"><status state="up" reason="conn-refused" reason_ttl="0"/>
  6921. <address addr="23.106.160.191" addrtype="ipv4"/>
  6922. <hostnames>
  6923. </hostnames>
  6924. <ports><extraports state="closed" count="994">
  6925. <extrareasons reason="conn-refused" count="994"/>
  6926. </extraports>
  6927. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6928. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6929. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6930. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6931. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6932. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6933. </ports>
  6934. <times srtt="82290" rttvar="1274" to="100000"/>
  6935. </host>
  6936. <host starttime="1606751261" endtime="1606766410"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6937. <address addr="23.106.215.40" addrtype="ipv4"/>
  6938. <hostnames>
  6939. </hostnames>
  6940. <ports><extraports state="closed" count="993">
  6941. <extrareasons reason="conn-refused" count="993"/>
  6942. </extraports>
  6943. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6944. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6945. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6946. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6947. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6948. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6949. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6950. </ports>
  6951. <times srtt="83730" rttvar="3064" to="100000"/>
  6952. </host>
  6953. <host starttime="1606751262" endtime="1606766430"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6954. <address addr="31.44.184.181" addrtype="ipv4"/>
  6955. <hostnames>
  6956. </hostnames>
  6957. <ports><extraports state="closed" count="997">
  6958. <extrareasons reason="conn-refused" count="997"/>
  6959. </extraports>
  6960. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6961. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.181,/ga.js&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.181,/fwlink&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6962. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6963. </ports>
  6964. <times srtt="153077" rttvar="4518" to="171149"/>
  6965. </host>
  6966. <host starttime="1606751262" endtime="1606766382"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6967. <address addr="31.44.184.56" addrtype="ipv4"/>
  6968. <hostnames>
  6969. </hostnames>
  6970. <ports><extraports state="closed" count="997">
  6971. <extrareasons reason="conn-refused" count="997"/>
  6972. </extraports>
  6973. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6974. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.56,/updates.rss&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.56,/__utm.gif&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6975. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 31.44.184.56,/pixel.gif&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6976. </ports>
  6977. <times srtt="146063" rttvar="4236" to="163007"/>
  6978. </host>
  6979. <host starttime="1606751262" endtime="1606766402"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6980. <address addr="23.106.160.137" addrtype="ipv4"/>
  6981. <hostnames>
  6982. </hostnames>
  6983. <ports><extraports state="closed" count="993">
  6984. <extrareasons reason="conn-refused" count="993"/>
  6985. </extraports>
  6986. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  6987. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  6988. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.work,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.work,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  6989. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  6990. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  6991. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  6992. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  6993. </ports>
  6994. <times srtt="83341" rttvar="3232" to="100000"/>
  6995. </host>
  6996. <host starttime="1606751262" endtime="1606766420"><status state="up" reason="syn-ack" reason_ttl="0"/>
  6997. <address addr="13.56.8.205" addrtype="ipv4"/>
  6998. <hostnames>
  6999. <hostname name="ec2-13-56-8-205.us-west-1.compute.amazonaws.com" type="PTR"/>
  7000. </hostnames>
  7001. <ports><extraports state="filtered" count="999">
  7002. <extrareasons reason="no-responses" count="999"/>
  7003. </extraports>
  7004. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7005. </ports>
  7006. <times srtt="80509" rttvar="3610" to="100000"/>
  7007. </host>
  7008. <host starttime="1606751262" endtime="1606766351"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7009. <address addr="18.141.196.104" addrtype="ipv4"/>
  7010. <hostnames>
  7011. <hostname name="ec2-18-141-196-104.ap-southeast-1.compute.amazonaws.com" type="PTR"/>
  7012. </hostnames>
  7013. <ports><extraports state="filtered" count="998">
  7014. <extrareasons reason="no-responses" count="998"/>
  7015. </extraports>
  7016. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7017. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7018. </ports>
  7019. <times srtt="230743" rttvar="4849" to="250139"/>
  7020. </host>
  7021. <host starttime="1606751268" endtime="1606766381"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7022. <address addr="23.101.204.40" addrtype="ipv4"/>
  7023. <hostnames>
  7024. </hostnames>
  7025. <ports><extraports state="filtered" count="999">
  7026. <extrareasons reason="no-responses" count="999"/>
  7027. </extraports>
  7028. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 30000&#xa;Jitter: 20&#xa;Maxdns: 255&#xa;C2 Server: 23.101.204.40,/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7029. </ports>
  7030. <times srtt="75795" rttvar="1534" to="100000"/>
  7031. </host>
  7032. <host starttime="1606751262" endtime="1606766399"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7033. <address addr="23.106.223.53" addrtype="ipv4"/>
  7034. <hostnames>
  7035. </hostnames>
  7036. <ports><extraports state="closed" count="987">
  7037. <extrareasons reason="conn-refused" count="987"/>
  7038. </extraports>
  7039. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7040. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7041. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 61312&#xa;Jitter: 41&#xa;Maxdns: 252&#xa;C2 Server: 23.106.223.53,/mobile-ipad-home.css&#xa;User Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0&#xa;HTTP Method Path 2: /tab_home&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: 9\x9C\xA0\xBE&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\svchost.exe&#xa;Spawnto_x64: %windir%\sysnative\svchost.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 61312&#xa;Jitter: 41&#xa;Maxdns: 252&#xa;C2 Server: 23.106.223.53,/mobile-ipad-home.css&#xa;User Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0&#xa;HTTP Method Path 2: /tab_home&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: 9\x9C\xA0\xBE&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\svchost.exe&#xa;Spawnto_x64: %windir%\sysnative\svchost.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7042. <port protocol="tcp" portid="82"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xfer" method="table" conf="3"/></port>
  7043. <port protocol="tcp" portid="83"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mit-ml-dev" method="table" conf="3"/></port>
  7044. <port protocol="tcp" portid="84"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ctf" method="table" conf="3"/></port>
  7045. <port protocol="tcp" portid="85"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mit-ml-dev" method="table" conf="3"/></port>
  7046. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7047. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7048. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7049. <port protocol="tcp" portid="444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snpp" method="table" conf="3"/></port>
  7050. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7051. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 61312&#xa;Jitter: 41&#xa;Maxdns: 252&#xa;C2 Server: 23.106.223.53,/br&#xa;User Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0&#xa;HTTP Method Path 2: /case&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: 9\x9C\xA0\xBE&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\svchost.exe&#xa;Spawnto_x64: %windir%\sysnative\svchost.exe&#xa;Proxy_Hostname: http://10.142.158.206:8080&#xa;Proxy_AccessType: 0 (Unknown)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 61312&#xa;Jitter: 41&#xa;Maxdns: 252&#xa;C2 Server: 23.106.223.53,/Content&#xa;User Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0&#xa;HTTP Method Path 2: /case&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: 9\x9C\xA0\xBE&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\svchost.exe&#xa;Spawnto_x64: %windir%\sysnative\svchost.exe&#xa;Proxy_Hostname: http://10.142.158.206:8080&#xa;Proxy_AccessType: 0 (Unknown)&#xa;&#xa;"/></port>
  7052. </ports>
  7053. <times srtt="84424" rttvar="3690" to="100000"/>
  7054. </host>
  7055. <host starttime="1606751263" endtime="1606766420"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7056. <address addr="31.14.40.143" addrtype="ipv4"/>
  7057. <hostnames>
  7058. </hostnames>
  7059. <ports><extraports state="closed" count="996">
  7060. <extrareasons reason="conn-refused" count="996"/>
  7061. </extraports>
  7062. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7063. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 31.14.40.143,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 31.14.40.143,/load&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7064. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7065. <port protocol="tcp" portid="4000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="remoteanything" method="table" conf="3"/></port>
  7066. </ports>
  7067. <times srtt="130823" rttvar="6062" to="155071"/>
  7068. </host>
  7069. <host starttime="1606751262" endtime="1606766419"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7070. <address addr="23.108.57.27" addrtype="ipv4"/>
  7071. <hostnames>
  7072. </hostnames>
  7073. <ports><extraports state="closed" count="993">
  7074. <extrareasons reason="conn-refused" count="993"/>
  7075. </extraports>
  7076. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7077. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7078. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7079. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7080. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7081. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 104.243.46.74,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7082. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7083. </ports>
  7084. <times srtt="35319" rttvar="3518" to="100000"/>
  7085. </host>
  7086. <host starttime="1606751262" endtime="1606766379"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7087. <address addr="23.106.160.229" addrtype="ipv4"/>
  7088. <hostnames>
  7089. </hostnames>
  7090. <ports><extraports state="closed" count="993">
  7091. <extrareasons reason="conn-refused" count="993"/>
  7092. </extraports>
  7093. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7094. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7095. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7096. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7097. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7098. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7099. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7100. </ports>
  7101. <times srtt="82268" rttvar="1724" to="100000"/>
  7102. </host>
  7103. <host starttime="1606751262" endtime="1606766396"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7104. <address addr="3.137.206.229" addrtype="ipv4"/>
  7105. <hostnames>
  7106. <hostname name="ec2-3-137-206-229.us-east-2.compute.amazonaws.com" type="PTR"/>
  7107. </hostnames>
  7108. <ports><extraports state="filtered" count="997">
  7109. <extrareasons reason="no-responses" count="997"/>
  7110. </extraports>
  7111. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7112. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7113. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7114. </ports>
  7115. <times srtt="35998" rttvar="4654" to="100000"/>
  7116. </host>
  7117. <host starttime="1606751263" endtime="1606766425"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7118. <address addr="20.36.203.162" addrtype="ipv4"/>
  7119. <hostnames>
  7120. </hostnames>
  7121. <ports><extraports state="filtered" count="995">
  7122. <extrareasons reason="no-responses" count="995"/>
  7123. </extraports>
  7124. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7125. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7126. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 20.36.203.162,/fwlink&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 20.36.203.162,/load&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7127. <port protocol="tcp" portid="444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snpp" method="table" conf="3"/></port>
  7128. <port protocol="tcp" portid="445"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7129. </ports>
  7130. <times srtt="21917" rttvar="8356" to="100000"/>
  7131. </host>
  7132. <host starttime="1606751262" endtime="1606766434"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7133. <address addr="18.180.199.201" addrtype="ipv4"/>
  7134. <hostnames>
  7135. <hostname name="ec2-18-180-199-201.ap-northeast-1.compute.amazonaws.com" type="PTR"/>
  7136. </hostnames>
  7137. <ports><extraports state="closed" count="996">
  7138. <extrareasons reason="conn-refused" count="996"/>
  7139. </extraports>
  7140. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7141. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7142. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7143. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7144. </ports>
  7145. <times srtt="185674" rttvar="2072" to="193962"/>
  7146. </host>
  7147. <host starttime="1606751262" endtime="1606766346"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7148. <address addr="23.106.160.138" addrtype="ipv4"/>
  7149. <hostnames>
  7150. </hostnames>
  7151. <ports><extraports state="closed" count="992">
  7152. <extrareasons reason="conn-refused" count="992"/>
  7153. </extraports>
  7154. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7155. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7156. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.world,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amajai-technologies.world,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7157. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7158. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7159. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7160. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7161. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  7162. </ports>
  7163. <times srtt="82844" rttvar="1572" to="100000"/>
  7164. </host>
  7165. <host starttime="1606751262" endtime="1606766405"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7166. <address addr="3.137.217.140" addrtype="ipv4"/>
  7167. <hostnames>
  7168. <hostname name="ec2-3-137-217-140.us-east-2.compute.amazonaws.com" type="PTR"/>
  7169. </hostnames>
  7170. <ports><extraports state="filtered" count="997">
  7171. <extrareasons reason="no-responses" count="997"/>
  7172. </extraports>
  7173. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7174. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7175. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7176. </ports>
  7177. <times srtt="34851" rttvar="2651" to="100000"/>
  7178. </host>
  7179. <host starttime="1606751261" endtime="1606766414"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7180. <address addr="18.163.120.26" addrtype="ipv4"/>
  7181. <hostnames>
  7182. <hostname name="ec2-18-163-120-26.ap-east-1.compute.amazonaws.com" type="PTR"/>
  7183. </hostnames>
  7184. <ports><extraports state="closed" count="996">
  7185. <extrareasons reason="conn-refused" count="996"/>
  7186. </extraports>
  7187. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7188. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7189. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7190. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7191. </ports>
  7192. <times srtt="213826" rttvar="581" to="216150"/>
  7193. </host>
  7194. <host starttime="1606751262" endtime="1606766405"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7195. <address addr="3.236.164.118" addrtype="ipv4"/>
  7196. <hostnames>
  7197. <hostname name="ec2-3-236-164-118.compute-1.amazonaws.com" type="PTR"/>
  7198. </hostnames>
  7199. <ports><extraports state="filtered" count="998">
  7200. <extrareasons reason="no-responses" count="998"/>
  7201. </extraports>
  7202. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7203. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7204. </ports>
  7205. <times srtt="14517" rttvar="7614" to="100000"/>
  7206. </host>
  7207. <host starttime="1606751262" endtime="1606766410"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7208. <address addr="3.17.176.47" addrtype="ipv4"/>
  7209. <hostnames>
  7210. <hostname name="ec2-3-17-176-47.us-east-2.compute.amazonaws.com" type="PTR"/>
  7211. </hostnames>
  7212. <ports><extraports state="filtered" count="998">
  7213. <extrareasons reason="no-responses" count="998"/>
  7214. </extraports>
  7215. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7216. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7217. </ports>
  7218. <times srtt="43291" rttvar="14792" to="102459"/>
  7219. </host>
  7220. <host starttime="1606751268" endtime="1606766414"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7221. <address addr="13.91.4.128" addrtype="ipv4"/>
  7222. <hostnames>
  7223. </hostnames>
  7224. <ports><extraports state="filtered" count="999">
  7225. <extrareasons reason="no-responses" count="999"/>
  7226. </extraports>
  7227. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 480000&#xa;Jitter: 25&#xa;Maxdns: 255&#xa;C2 Server: deloitte-services.azureedge.net,/en-gb/previous-versions/dn292944&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36&#xa;HTTP Method Path 2: /Areas/Epx/Themes/Base/Content/SearchBox.js&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\WerFault.exe&#xa;Spawnto_x64: %windir%\sysnative\WerFault.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7228. </ports>
  7229. <times srtt="77778" rttvar="5552" to="100000"/>
  7230. </host>
  7231. <host starttime="1606751263" endtime="1606766412"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7232. <address addr="5.149.253.199" addrtype="ipv4"/>
  7233. <hostnames>
  7234. <hostname name="found.tzeroci.com" type="PTR"/>
  7235. </hostnames>
  7236. <ports><extraports state="closed" count="997">
  7237. <extrareasons reason="conn-refused" count="997"/>
  7238. </extraports>
  7239. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7240. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.149.253.199,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.149.253.199,/dpixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7241. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7242. </ports>
  7243. <times srtt="31417" rttvar="4639" to="100000"/>
  7244. </host>
  7245. <host starttime="1606751262" endtime="1606766384"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7246. <address addr="3.80.164.184" addrtype="ipv4"/>
  7247. <hostnames>
  7248. <hostname name="ec2-3-80-164-184.compute-1.amazonaws.com" type="PTR"/>
  7249. </hostnames>
  7250. <ports><extraports state="filtered" count="998">
  7251. <extrareasons reason="no-responses" count="998"/>
  7252. </extraports>
  7253. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7254. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7255. </ports>
  7256. <times srtt="18091" rttvar="13526" to="100000"/>
  7257. </host>
  7258. <host starttime="1606751262" endtime="1606766408"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7259. <address addr="5.34.180.166" addrtype="ipv4"/>
  7260. <hostnames>
  7261. <hostname name="vds-624491.hosted-by-itldc.com" type="PTR"/>
  7262. </hostnames>
  7263. <ports><extraports state="closed" count="992">
  7264. <extrareasons reason="conn-refused" count="992"/>
  7265. </extraports>
  7266. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7267. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7268. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.180.166,/j.ad&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.180.166,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7269. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7270. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7271. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7272. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7273. <port protocol="tcp" portid="587"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="submission" method="table" conf="3"/></port>
  7274. </ports>
  7275. <times srtt="97500" rttvar="2491" to="107464"/>
  7276. </host>
  7277. <host starttime="1606751271" endtime="1606766420"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7278. <address addr="3.133.100.221" addrtype="ipv4"/>
  7279. <hostnames>
  7280. <hostname name="ec2-3-133-100-221.us-east-2.compute.amazonaws.com" type="PTR"/>
  7281. </hostnames>
  7282. <ports><extraports state="filtered" count="997">
  7283. <extrareasons reason="no-responses" count="997"/>
  7284. </extraports>
  7285. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7286. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7287. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 3.133.100.221,/dot.gif&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7288. </ports>
  7289. <times srtt="34060" rttvar="2031" to="100000"/>
  7290. </host>
  7291. <host starttime="1606751262" endtime="1606766396"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7292. <address addr="3.83.145.77" addrtype="ipv4"/>
  7293. <hostnames>
  7294. <hostname name="ec2-3-83-145-77.compute-1.amazonaws.com" type="PTR"/>
  7295. </hostnames>
  7296. <ports><extraports state="filtered" count="996">
  7297. <extrareasons reason="no-responses" count="996"/>
  7298. </extraports>
  7299. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7300. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 20&#xa;C2 Server: d18apeaghqw12n.cloudfront.net,/w/api.php&#xa;HTTP Method Path 2: /wiki&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 20&#xa;C2 Server: d18apeaghqw12n.cloudfront.net,/w/api.php&#xa;HTTP Method Path 2: /wiki&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7301. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7302. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  7303. </ports>
  7304. <times srtt="13481" rttvar="7673" to="100000"/>
  7305. </host>
  7306. <host starttime="1606751261" endtime="1606766398"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7307. <address addr="13.64.101.24" addrtype="ipv4"/>
  7308. <hostnames>
  7309. </hostnames>
  7310. <ports><extraports state="filtered" count="998">
  7311. <extrareasons reason="no-responses" count="998"/>
  7312. </extraports>
  7313. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7314. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 64489&#xa;Jitter: 39&#xa;Maxdns: 248&#xa;C2 Server: http://daiwa-cm-us.azureedge.net/,/ro,13.64.101.24,/aa&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36&#xa;HTTP Method Path 2: /mobile-ipad-home&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: ^\x16\xC1\x88&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\regsvr32.exe&#xa;Spawnto_x64: %windir%\sysnative\regsvr32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7315. </ports>
  7316. <times srtt="75805" rttvar="1881" to="100000"/>
  7317. </host>
  7318. <host starttime="1606751270" endtime="1606766434"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7319. <address addr="5.196.114.192" addrtype="ipv4"/>
  7320. <hostnames>
  7321. <hostname name="ip192.ip-5-196-114.eu" type="PTR"/>
  7322. </hostnames>
  7323. <ports><extraports state="closed" count="995">
  7324. <extrareasons reason="conn-refused" count="995"/>
  7325. </extraports>
  7326. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7327. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7328. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7329. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amazoning.sytes.net,/dpixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7330. <port protocol="tcp" portid="5960"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  7331. </ports>
  7332. <times srtt="91411" rttvar="963" to="100000"/>
  7333. </host>
  7334. <host starttime="1606751262" endtime="1606766351"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7335. <address addr="5.180.99.65" addrtype="ipv4"/>
  7336. <hostnames>
  7337. </hostnames>
  7338. <ports><extraports state="closed" count="994">
  7339. <extrareasons reason="conn-refused" count="994"/>
  7340. </extraports>
  7341. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7342. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7343. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7344. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7345. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7346. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7347. </ports>
  7348. <times srtt="236418" rttvar="4670" to="255098"/>
  7349. </host>
  7350. <host starttime="1606751262" endtime="1606766384"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7351. <address addr="5.34.180.165" addrtype="ipv4"/>
  7352. <hostnames>
  7353. <hostname name="vds-624485.hosted-by-itldc.com" type="PTR"/>
  7354. </hostnames>
  7355. <ports><extraports state="closed" count="992">
  7356. <extrareasons reason="conn-refused" count="992"/>
  7357. </extraports>
  7358. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7359. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7360. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.180.165,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.180.165,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7361. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7362. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7363. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7364. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7365. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.180.165,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_Hostname: http://10.227.200.27:9090&#xa;Proxy_AccessType: 0 (Unknown)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.180.165,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_Hostname: http://10.227.200.27:9090&#xa;Proxy_AccessType: 0 (Unknown)&#xa;&#xa;"/></port>
  7366. </ports>
  7367. <times srtt="95646" rttvar="1499" to="101642"/>
  7368. </host>
  7369. <host starttime="1606751263" endtime="1606766387"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7370. <address addr="8.210.253.122" addrtype="ipv4"/>
  7371. <hostnames>
  7372. </hostnames>
  7373. <ports><extraports state="closed" count="998">
  7374. <extrareasons reason="conn-refused" count="998"/>
  7375. </extraports>
  7376. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7377. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7378. </ports>
  7379. <times srtt="233319" rttvar="2938" to="245071"/>
  7380. </host>
  7381. <host starttime="1606751273" endtime="1606766342"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7382. <address addr="3.137.139.119" addrtype="ipv4"/>
  7383. <hostnames>
  7384. <hostname name="ec2-3-137-139-119.us-east-2.compute.amazonaws.com" type="PTR"/>
  7385. </hostnames>
  7386. <ports><extraports state="filtered" count="997">
  7387. <extrareasons reason="no-responses" count="997"/>
  7388. </extraports>
  7389. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7390. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7391. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: service.office247.tech,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7392. </ports>
  7393. <times srtt="38280" rttvar="9888" to="100000"/>
  7394. </host>
  7395. <host starttime="1606751263" endtime="1606766388"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7396. <address addr="8.210.39.131" addrtype="ipv4"/>
  7397. <hostnames>
  7398. </hostnames>
  7399. <ports><extraports state="closed" count="997">
  7400. <extrareasons reason="conn-refused" count="997"/>
  7401. </extraports>
  7402. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7403. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7404. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7405. </ports>
  7406. <times srtt="234449" rttvar="2623" to="244941"/>
  7407. </host>
  7408. <host starttime="1606751262" endtime="1606766388"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7409. <address addr="8.131.67.68" addrtype="ipv4"/>
  7410. <hostnames>
  7411. </hostnames>
  7412. <ports><extraports state="filtered" count="826">
  7413. <extrareasons reason="no-responses" count="826"/>
  7414. </extraports>
  7415. <extraports state="closed" count="167">
  7416. <extrareasons reason="conn-refused" count="167"/>
  7417. </extraports>
  7418. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7419. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7420. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7421. <port protocol="tcp" portid="9080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="glrpc" method="table" conf="3"/></port>
  7422. <port protocol="tcp" portid="9081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-aqos" method="table" conf="3"/></port>
  7423. <port protocol="tcp" portid="10000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snet-sensor-mgmt" method="table" conf="3"/></port>
  7424. <port protocol="tcp" portid="10001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="scp-config" method="table" conf="3"/></port>
  7425. </ports>
  7426. <times srtt="237786" rttvar="3710" to="252626"/>
  7427. </host>
  7428. <host starttime="1606751263" endtime="1606766384"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7429. <address addr="3.236.183.143" addrtype="ipv4"/>
  7430. <hostnames>
  7431. <hostname name="ec2-3-236-183-143.compute-1.amazonaws.com" type="PTR"/>
  7432. </hostnames>
  7433. <ports><extraports state="filtered" count="998">
  7434. <extrareasons reason="no-responses" count="998"/>
  7435. </extraports>
  7436. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7437. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7438. </ports>
  7439. <times srtt="10280" rttvar="2001" to="100000"/>
  7440. </host>
  7441. <host starttime="1606751263" endtime="1606766436"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7442. <address addr="5.34.180.164" addrtype="ipv4"/>
  7443. <hostnames>
  7444. <hostname name="vds-624497.hosted-by-itldc.com" type="PTR"/>
  7445. </hostnames>
  7446. <ports><extraports state="closed" count="992">
  7447. <extrareasons reason="conn-refused" count="992"/>
  7448. </extraports>
  7449. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7450. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  7451. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7452. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.180.164,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.180.164,/dot.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7453. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7454. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7455. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7456. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7457. </ports>
  7458. <times srtt="95376" rttvar="1540" to="101536"/>
  7459. </host>
  7460. <host starttime="1606751262" endtime="1606766618"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7461. <address addr="8.210.155.96" addrtype="ipv4"/>
  7462. <hostnames>
  7463. </hostnames>
  7464. <ports><extraports state="closed" count="996">
  7465. <extrareasons reason="conn-refused" count="996"/>
  7466. </extraports>
  7467. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7468. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: www.csmu.website,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: www.csmu.website,/en_US/all.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7469. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7470. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7471. </ports>
  7472. <times srtt="644127" rttvar="257268" to="1673199"/>
  7473. </host>
  7474. <host starttime="1606751262" endtime="1606766382"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7475. <address addr="8.210.149.96" addrtype="ipv4"/>
  7476. <hostnames>
  7477. </hostnames>
  7478. <ports><extraports state="filtered" count="994">
  7479. <extrareasons reason="no-responses" count="994"/>
  7480. </extraports>
  7481. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7482. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7483. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 8.210.149.96,/ptj&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7484. <port protocol="tcp" portid="8000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/></port>
  7485. <port protocol="tcp" portid="8001"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="vcom-tunnel" method="table" conf="3"/></port>
  7486. <port protocol="tcp" portid="8002"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="teradataordbms" method="table" conf="3"/></port>
  7487. </ports>
  7488. <times srtt="230249" rttvar="1596" to="236633"/>
  7489. </host>
  7490. <host starttime="1606751261" endtime="1606766350"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7491. <address addr="3.234.255.7" addrtype="ipv4"/>
  7492. <hostnames>
  7493. <hostname name="ec2-3-234-255-7.compute-1.amazonaws.com" type="PTR"/>
  7494. </hostnames>
  7495. <ports><extraports state="filtered" count="998">
  7496. <extrareasons reason="no-responses" count="998"/>
  7497. </extraports>
  7498. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7499. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7500. </ports>
  7501. <times srtt="18816" rttvar="15142" to="100000"/>
  7502. </host>
  7503. <host starttime="1606751261" endtime="1606766379"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7504. <address addr="3.95.159.27" addrtype="ipv4"/>
  7505. <hostnames>
  7506. <hostname name="ec2-3-95-159-27.compute-1.amazonaws.com" type="PTR"/>
  7507. </hostnames>
  7508. <ports><extraports state="filtered" count="997">
  7509. <extrareasons reason="no-responses" count="997"/>
  7510. </extraports>
  7511. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7512. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7513. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 32051&#xa;Jitter: 57&#xa;Maxdns: 255&#xa;C2 Server: sharkfishinguk.com,/jquery-1.12.1.min.js&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62&#xa;HTTP Method Path 2: /jquery-1.12.2.min.js&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\svchost.exe&#xa;Spawnto_x64: %windir%\sysnative\spoolsv.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7514. </ports>
  7515. <times srtt="10314" rttvar="2419" to="100000"/>
  7516. </host>
  7517. <host starttime="1606751262" endtime="1606766381"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7518. <address addr="124.70.27.147" addrtype="ipv4"/>
  7519. <hostnames>
  7520. <hostname name="ecs-124-70-27-147.compute.hwclouds-dns.com" type="PTR"/>
  7521. </hostnames>
  7522. <ports><extraports state="closed" count="990">
  7523. <extrareasons reason="conn-refused" count="990"/>
  7524. </extraports>
  7525. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7526. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7527. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7528. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7529. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7530. <port protocol="tcp" portid="5431"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="park-agent" method="table" conf="3"/></port>
  7531. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  7532. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  7533. <port protocol="tcp" portid="6666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  7534. <port protocol="tcp" portid="55555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  7535. </ports>
  7536. <times srtt="272601" rttvar="28246" to="385585"/>
  7537. </host>
  7538. <host starttime="1606751266" endtime="1606766438"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7539. <address addr="175.24.81.217" addrtype="ipv4"/>
  7540. <hostnames>
  7541. </hostnames>
  7542. <ports><extraports state="closed" count="980">
  7543. <extrareasons reason="conn-refused" count="980"/>
  7544. </extraports>
  7545. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7546. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  7547. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7548. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7549. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  7550. <port protocol="tcp" portid="83"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mit-ml-dev" method="table" conf="3"/></port>
  7551. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7552. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7553. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7554. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  7555. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  7556. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  7557. <port protocol="tcp" portid="1234"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hotline" method="table" conf="3"/></port>
  7558. <port protocol="tcp" portid="1433"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3"/></port>
  7559. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  7560. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  7561. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  7562. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  7563. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  7564. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7565. </ports>
  7566. <times srtt="205500" rttvar="4257" to="222528"/>
  7567. </host>
  7568. <taskprogress task="Connect Scan" time="1606767931" percent="63.09" remaining="769" etc="1606768699"/>
  7569. <host starttime="1606751262" endtime="1606768709"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7570. <address addr="144.202.13.108" addrtype="ipv4"/>
  7571. <hostnames>
  7572. <hostname name="144.202.13.108.vultr.com" type="PTR"/>
  7573. </hostnames>
  7574. <ports><extraports state="closed" count="994">
  7575. <extrareasons reason="conn-refused" count="994"/>
  7576. </extraports>
  7577. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7578. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7579. <port protocol="tcp" portid="80"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7580. <port protocol="tcp" portid="1521"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oracle" method="table" conf="3"/></port>
  7581. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  7582. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7583. </ports>
  7584. <times srtt="18129" rttvar="6272" to="100000"/>
  7585. </host>
  7586. <host starttime="1606751262" endtime="1606768707"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7587. <address addr="141.164.55.159" addrtype="ipv4"/>
  7588. <hostnames>
  7589. <hostname name="141.164.55.159.vultr.com" type="PTR"/>
  7590. </hostnames>
  7591. <ports><extraports state="closed" count="995">
  7592. <extrareasons reason="conn-refused" count="995"/>
  7593. </extraports>
  7594. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7595. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7596. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7597. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7598. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  7599. </ports>
  7600. <times srtt="208366" rttvar="1386" to="213910"/>
  7601. </host>
  7602. <host starttime="1606751262" endtime="1606768791"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7603. <address addr="87.120.254.113" addrtype="ipv4"/>
  7604. <hostnames>
  7605. </hostnames>
  7606. <ports><extraports state="closed" count="991">
  7607. <extrareasons reason="conn-refused" count="991"/>
  7608. </extraports>
  7609. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7610. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7611. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: h22.club,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/amzn.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: h22.club,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/amzn.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7612. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  7613. <port protocol="tcp" portid="389"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ldap" method="table" conf="3"/></port>
  7614. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7615. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  7616. <port protocol="tcp" portid="8254"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  7617. <port protocol="tcp" portid="49153"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  7618. </ports>
  7619. <times srtt="127777" rttvar="3305" to="140997"/>
  7620. </host>
  7621. <host starttime="1606751263" endtime="1606768752"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7622. <address addr="47.52.113.152" addrtype="ipv4"/>
  7623. <hostnames>
  7624. </hostnames>
  7625. <ports><extraports state="filtered" count="982">
  7626. <extrareasons reason="no-responses" count="982"/>
  7627. </extraports>
  7628. <port protocol="tcp" portid="20"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp-data" method="table" conf="3"/></port>
  7629. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  7630. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7631. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7632. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  7633. <port protocol="tcp" portid="1099"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="rmiregistry" method="table" conf="3"/></port>
  7634. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  7635. <port protocol="tcp" portid="4444"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  7636. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7637. <port protocol="tcp" portid="8001"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="vcom-tunnel" method="table" conf="3"/></port>
  7638. <port protocol="tcp" portid="8002"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="teradataordbms" method="table" conf="3"/></port>
  7639. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7640. <port protocol="tcp" portid="8088"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/></port>
  7641. <port protocol="tcp" portid="8099"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  7642. <port protocol="tcp" portid="8180"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8180&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.52.113.152,/load&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8180&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.52.113.152,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7643. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  7644. <port protocol="tcp" portid="9999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="abyss" method="table" conf="3"/></port>
  7645. <port protocol="tcp" portid="31337"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="Elite" method="table" conf="3"/></port>
  7646. </ports>
  7647. <times srtt="227884" rttvar="900" to="231484"/>
  7648. </host>
  7649. <host starttime="1606751262" endtime="1606768791"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7650. <address addr="34.92.63.193" addrtype="ipv4"/>
  7651. <hostnames>
  7652. <hostname name="193.63.92.34.bc.googleusercontent.com" type="PTR"/>
  7653. </hostnames>
  7654. <ports><extraports state="closed" count="995">
  7655. <extrareasons reason="conn-refused" count="995"/>
  7656. </extraports>
  7657. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7658. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7659. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7660. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  7661. <port protocol="tcp" portid="9000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cslistener" method="table" conf="3"/></port>
  7662. </ports>
  7663. <times srtt="212453" rttvar="2553" to="222665"/>
  7664. </host>
  7665. <host starttime="1606751262" endtime="1606768784"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7666. <address addr="23.236.69.96" addrtype="ipv4"/>
  7667. <hostnames>
  7668. </hostnames>
  7669. <ports><extraports state="closed" count="993">
  7670. <extrareasons reason="conn-refused" count="993"/>
  7671. </extraports>
  7672. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7673. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7674. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7675. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  7676. <port protocol="tcp" portid="500"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
  7677. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  7678. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  7679. </ports>
  7680. <times srtt="81740" rttvar="2654" to="100000"/>
  7681. </host>
  7682. <host starttime="1606751262" endtime="1606768745"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7683. <address addr="8.210.253.129" addrtype="ipv4"/>
  7684. <hostnames>
  7685. </hostnames>
  7686. <ports><extraports state="closed" count="994">
  7687. <extrareasons reason="conn-refused" count="994"/>
  7688. </extraports>
  7689. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7690. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7691. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7692. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  7693. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7694. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  7695. </ports>
  7696. <times srtt="230964" rttvar="2870" to="242444"/>
  7697. </host>
  7698. <host starttime="1606751263" endtime="1606768733"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7699. <address addr="5.180.76.245" addrtype="ipv4"/>
  7700. <hostnames>
  7701. <hostname name="no-rdns.kddi.peering.digital-vm.com" type="PTR"/>
  7702. </hostnames>
  7703. <ports><extraports state="closed" count="985">
  7704. <extrareasons reason="conn-refused" count="985"/>
  7705. </extraports>
  7706. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7707. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7708. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7709. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7710. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  7711. <port protocol="tcp" portid="1433"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3"/></port>
  7712. <port protocol="tcp" portid="3000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ppp" method="table" conf="3"/></port>
  7713. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  7714. <port protocol="tcp" portid="5222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmpp-client" method="table" conf="3"/></port>
  7715. <port protocol="tcp" portid="5269"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmpp-server" method="table" conf="3"/></port>
  7716. <port protocol="tcp" portid="5280"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmpp-bosh" method="table" conf="3"/></port>
  7717. <port protocol="tcp" portid="6001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:1" method="table" conf="3"/></port>
  7718. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  7719. <port protocol="tcp" portid="9090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zeus-admin" method="table" conf="3"/></port>
  7720. <port protocol="tcp" portid="9593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="cba8" method="table" conf="3"/></port>
  7721. </ports>
  7722. <times srtt="183716" rttvar="1418" to="189388"/>
  7723. </host>
  7724. <host starttime="1606751262" endtime="1606768744"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7725. <address addr="192.51.188.134" addrtype="ipv4"/>
  7726. <hostnames>
  7727. </hostnames>
  7728. <ports><extraports state="closed" count="989">
  7729. <extrareasons reason="conn-refused" count="989"/>
  7730. </extraports>
  7731. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7732. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7733. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7734. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7735. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 443&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.51.188.134,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/amzn.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 443&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.51.188.134,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/amzn.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7736. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7737. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  7738. <port protocol="tcp" portid="8085"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  7739. <port protocol="tcp" portid="8088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7740. <port protocol="tcp" portid="8089"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  7741. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7742. </ports>
  7743. <times srtt="181635" rttvar="9413" to="219287"/>
  7744. </host>
  7745. <host starttime="1606751263" endtime="1606768451"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7746. <address addr="120.53.239.167" addrtype="ipv4"/>
  7747. <hostnames>
  7748. </hostnames>
  7749. <ports><extraports state="closed" count="996">
  7750. <extrareasons reason="conn-refused" count="996"/>
  7751. </extraports>
  7752. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7753. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7754. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  7755. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  7756. </ports>
  7757. <times srtt="222714" rttvar="1824" to="230010"/>
  7758. </host>
  7759. <host starttime="1606751263" endtime="1606768744"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7760. <address addr="34.121.230.223" addrtype="ipv4"/>
  7761. <hostnames>
  7762. <hostname name="223.230.121.34.bc.googleusercontent.com" type="PTR"/>
  7763. </hostnames>
  7764. <ports><extraports state="filtered" count="995">
  7765. <extrareasons reason="no-responses" count="995"/>
  7766. </extraports>
  7767. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7768. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: about.inno-finance.com,/match&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7769. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  7770. <port protocol="tcp" portid="8081"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  7771. <port protocol="tcp" portid="8443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  7772. </ports>
  7773. <times srtt="45374" rttvar="5710" to="100000"/>
  7774. </host>
  7775. <host starttime="1606751262" endtime="1606768739"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7776. <address addr="206.166.251.75" addrtype="ipv4"/>
  7777. <hostnames>
  7778. </hostnames>
  7779. <ports><extraports state="filtered" count="998">
  7780. <extrareasons reason="no-responses" count="998"/>
  7781. </extraports>
  7782. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7783. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7784. </ports>
  7785. <times srtt="93786" rttvar="2544" to="103962"/>
  7786. </host>
  7787. <host starttime="1606751266" endtime="1606768799"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7788. <address addr="211.149.143.218" addrtype="ipv4"/>
  7789. <hostnames>
  7790. </hostnames>
  7791. <ports><extraports state="closed" count="993">
  7792. <extrareasons reason="conn-refused" count="993"/>
  7793. </extraports>
  7794. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  7795. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7796. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7797. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7798. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 211.149.143.218,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7799. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7800. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 211.149.143.218,/push&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 211.149.143.218,/cx&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LEN2)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7801. </ports>
  7802. <times srtt="260815" rttvar="5188" to="281567"/>
  7803. </host>
  7804. <host starttime="1606751262" endtime="1606768764"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7805. <address addr="206.189.223.152" addrtype="ipv4"/>
  7806. <hostnames>
  7807. </hostnames>
  7808. <ports><extraports state="filtered" count="997">
  7809. <extrareasons reason="no-responses" count="997"/>
  7810. </extraports>
  7811. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  7812. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 206.189.223.152,/push&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 206.189.223.152,/j.ad&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7813. <port protocol="tcp" portid="8443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  7814. </ports>
  7815. <times srtt="80841" rttvar="1457" to="100000"/>
  7816. </host>
  7817. <host starttime="1606751262" endtime="1606768782"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7818. <address addr="185.52.3.205" addrtype="ipv4"/>
  7819. <hostnames>
  7820. </hostnames>
  7821. <ports><extraports state="closed" count="993">
  7822. <extrareasons reason="conn-refused" count="993"/>
  7823. </extraports>
  7824. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7825. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7826. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7827. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.52.3.205,/activity&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7828. <port protocol="tcp" portid="1461"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ibm_wrless_lan" method="table" conf="3"/></port>
  7829. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.52.3.205,/load&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.52.3.205,/en_US/all.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7830. <port protocol="tcp" portid="8443"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  7831. </ports>
  7832. <times srtt="93560" rttvar="2492" to="103528"/>
  7833. </host>
  7834. <host starttime="1606751263" endtime="1606768731"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7835. <address addr="104.198.151.234" addrtype="ipv4"/>
  7836. <hostnames>
  7837. <hostname name="234.151.198.104.bc.googleusercontent.com" type="PTR"/>
  7838. </hostnames>
  7839. <ports><extraports state="filtered" count="999">
  7840. <extrareasons reason="no-responses" count="999"/>
  7841. </extraports>
  7842. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7843. </ports>
  7844. <times srtt="44575" rttvar="6539" to="100000"/>
  7845. </host>
  7846. <host starttime="1606751262" endtime="1606768788"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7847. <address addr="192.236.248.176" addrtype="ipv4"/>
  7848. <hostnames>
  7849. <hostname name="hwsrv-805728.hostwindsdns.com" type="PTR"/>
  7850. </hostnames>
  7851. <ports><extraports state="closed" count="995">
  7852. <extrareasons reason="conn-refused" count="995"/>
  7853. </extraports>
  7854. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7855. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7856. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7857. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: amapai-technologies.digital,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7858. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  7859. </ports>
  7860. <times srtt="95434" rttvar="3166" to="108098"/>
  7861. </host>
  7862. <host starttime="1606751262" endtime="1606768779"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7863. <address addr="185.162.235.61" addrtype="ipv4"/>
  7864. <hostnames>
  7865. <hostname name="nl.dnsme.in" type="PTR"/>
  7866. </hostnames>
  7867. <ports><extraports state="closed" count="994">
  7868. <extrareasons reason="conn-refused" count="994"/>
  7869. </extraports>
  7870. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7871. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.162.235.61,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.162.235.61,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7872. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7873. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.162.235.61,/pixel.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.162.235.61,/ca&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7874. <port protocol="tcp" portid="445"><state state="filtered" reason="host-unreach" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7875. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  7876. </ports>
  7877. <times srtt="95762" rttvar="1296" to="100946"/>
  7878. </host>
  7879. <host starttime="1606751262" endtime="1606768707"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7880. <address addr="185.158.251.113" addrtype="ipv4"/>
  7881. <hostnames>
  7882. <hostname name="vm12393.ru" type="PTR"/>
  7883. </hostnames>
  7884. <ports><extraports state="closed" count="997">
  7885. <extrareasons reason="conn-refused" count="997"/>
  7886. </extraports>
  7887. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7888. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7889. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  7890. </ports>
  7891. <times srtt="97201" rttvar="418" to="100000"/>
  7892. </host>
  7893. <host starttime="1606751262" endtime="1606768784"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7894. <address addr="167.99.200.45" addrtype="ipv4"/>
  7895. <hostnames>
  7896. </hostnames>
  7897. <ports><extraports state="closed" count="997">
  7898. <extrareasons reason="conn-refused" count="997"/>
  7899. </extraports>
  7900. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7901. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 30000&#xa;Jitter: 20&#xa;Maxdns: 235&#xa;C2 Server: outlook-1.azureedge.net,/static/css/main.d22d3525.chunk.css&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36&#xa;HTTP Method Path 2: /owamail/calendar/service.svc&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: &#xd;Z\xD5\xCC&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7902. <port protocol="tcp" portid="1077"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imgames" method="table" conf="3"/></port>
  7903. </ports>
  7904. <times srtt="90403" rttvar="3164" to="103059"/>
  7905. </host>
  7906. <host starttime="1606751262" endtime="1606768739"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7907. <address addr="157.230.184.142" addrtype="ipv4"/>
  7908. <hostnames>
  7909. </hostnames>
  7910. <ports><extraports state="closed" count="996">
  7911. <extrareasons reason="conn-refused" count="996"/>
  7912. </extraports>
  7913. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7914. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7915. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7916. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 15&#xa;Jitter: 20&#xa;Maxdns: 235&#xa;C2 Server: 157.230.184.142,/5aq/XP/SY75Qyw.htm&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E )&#xa;HTTP Method Path 2: /RCg/vp6rBcQ.htm&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 15&#xa;Jitter: 20&#xa;Maxdns: 235&#xa;C2 Server: 157.230.184.142,/5aq/XP/SY75Qyw.htm&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E )&#xa;HTTP Method Path 2: /RCg/vp6rBcQ.htm&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7917. </ports>
  7918. <times srtt="17117" rttvar="4169" to="100000"/>
  7919. </host>
  7920. <host starttime="1606751262" endtime="1606768791"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7921. <address addr="108.160.140.17" addrtype="ipv4"/>
  7922. <hostnames>
  7923. <hostname name="108.160.140.17.vultr.com" type="PTR"/>
  7924. </hostnames>
  7925. <ports><extraports state="closed" count="997">
  7926. <extrareasons reason="conn-refused" count="997"/>
  7927. </extraports>
  7928. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7929. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7930. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7931. </ports>
  7932. <times srtt="180373" rttvar="1449" to="186169"/>
  7933. </host>
  7934. <host starttime="1606751262" endtime="1606768707"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7935. <address addr="139.196.21.224" addrtype="ipv4"/>
  7936. <hostnames>
  7937. </hostnames>
  7938. <ports><extraports state="closed" count="988">
  7939. <extrareasons reason="conn-refused" count="988"/>
  7940. </extraports>
  7941. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7942. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  7943. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7944. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7945. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7946. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7947. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  7948. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  7949. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  7950. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  7951. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  7952. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  7953. </ports>
  7954. <times srtt="203174" rttvar="3654" to="217790"/>
  7955. </host>
  7956. <host starttime="1606751262" endtime="1606768744"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7957. <address addr="139.59.230.84" addrtype="ipv4"/>
  7958. <hostnames>
  7959. </hostnames>
  7960. <ports><extraports state="closed" count="996">
  7961. <extrareasons reason="conn-refused" count="996"/>
  7962. </extraports>
  7963. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7964. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7965. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 139.59.230.84,/ga.js&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  7966. <port protocol="tcp" portid="1594"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="sixtrak" method="table" conf="3"/></port>
  7967. </ports>
  7968. <times srtt="238875" rttvar="1708" to="245707"/>
  7969. </host>
  7970. <host starttime="1606751262" endtime="1606768791"><status state="up" reason="syn-ack" reason_ttl="0"/>
  7971. <address addr="139.196.224.35" addrtype="ipv4"/>
  7972. <hostnames>
  7973. </hostnames>
  7974. <ports><extraports state="closed" count="986">
  7975. <extrareasons reason="conn-refused" count="986"/>
  7976. </extraports>
  7977. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  7978. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  7979. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  7980. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7981. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  7982. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  7983. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  7984. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  7985. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  7986. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  7987. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  7988. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  7989. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  7990. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  7991. </ports>
  7992. <times srtt="204843" rttvar="2914" to="216499"/>
  7993. </host>
  7994. <host starttime="1606751263" endtime="1606768707"><status state="up" reason="conn-refused" reason_ttl="0"/>
  7995. <address addr="124.71.15.157" addrtype="ipv4"/>
  7996. <hostnames>
  7997. <hostname name="ecs-124-71-15-157.compute.hwclouds-dns.com" type="PTR"/>
  7998. </hostnames>
  7999. <ports><extraports state="closed" count="996">
  8000. <extrareasons reason="conn-refused" count="996"/>
  8001. </extraports>
  8002. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8003. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8004. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8005. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8006. </ports>
  8007. <times srtt="236110" rttvar="905" to="239730"/>
  8008. </host>
  8009. <host starttime="1606751262" endtime="1606768724"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8010. <address addr="103.254.75.240" addrtype="ipv4"/>
  8011. <hostnames>
  8012. </hostnames>
  8013. <ports><extraports state="closed" count="984">
  8014. <extrareasons reason="conn-refused" count="984"/>
  8015. </extraports>
  8016. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  8017. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8018. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  8019. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8020. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  8021. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8022. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8023. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8024. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  8025. <port protocol="tcp" portid="888"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  8026. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  8027. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  8028. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  8029. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  8030. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8031. <port protocol="tcp" portid="6669"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  8032. </ports>
  8033. <times srtt="221384" rttvar="4340" to="238744"/>
  8034. </host>
  8035. <host starttime="1606751262" endtime="1606768707"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8036. <address addr="123.57.107.185" addrtype="ipv4"/>
  8037. <hostnames>
  8038. </hostnames>
  8039. <ports><extraports state="filtered" count="988">
  8040. <extrareasons reason="no-responses" count="988"/>
  8041. </extraports>
  8042. <port protocol="tcp" portid="3"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="compressnet" method="table" conf="3"/></port>
  8043. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8044. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  8045. <port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  8046. <port protocol="tcp" portid="6005"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="X11:5" method="table" conf="3"/></port>
  8047. <port protocol="tcp" portid="6006"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="X11:6" method="table" conf="3"/></port>
  8048. <port protocol="tcp" portid="8000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/></port>
  8049. <port protocol="tcp" portid="8099"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8050. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  8051. <port protocol="tcp" portid="32768"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="filenet-tms" method="table" conf="3"/></port>
  8052. <port protocol="tcp" portid="32769"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="filenet-rpc" method="table" conf="3"/></port>
  8053. <port protocol="tcp" portid="32770"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="sometimes-rpc3" method="table" conf="3"/></port>
  8054. </ports>
  8055. <times srtt="229427" rttvar="920" to="233107"/>
  8056. </host>
  8057. <host starttime="1606751273" endtime="1606768719"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8058. <address addr="114.215.86.71" addrtype="ipv4"/>
  8059. <hostnames>
  8060. </hostnames>
  8061. <ports><extraports state="closed" count="984">
  8062. <extrareasons reason="conn-refused" count="984"/>
  8063. </extraports>
  8064. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8065. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  8066. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8067. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8068. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  8069. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8070. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8071. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8072. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  8073. <port protocol="tcp" portid="1027"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="IIS" method="table" conf="3"/></port>
  8074. <port protocol="tcp" portid="1028"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8075. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  8076. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  8077. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  8078. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8079. <port protocol="tcp" portid="6669"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  8080. </ports>
  8081. <times srtt="214729" rttvar="3392" to="228297"/>
  8082. </host>
  8083. <host starttime="1606751263" endtime="1606768795"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8084. <address addr="35.221.158.178" addrtype="ipv4"/>
  8085. <hostnames>
  8086. <hostname name="178.158.221.35.bc.googleusercontent.com" type="PTR"/>
  8087. </hostnames>
  8088. <ports><extraports state="closed" count="995">
  8089. <extrareasons reason="conn-refused" count="995"/>
  8090. </extraports>
  8091. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8092. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8093. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 34.92.118.176,/dpixel&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 34.92.118.176,/ca&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8094. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 34.92.118.176,/visit.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8095. <port protocol="tcp" portid="50500"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8096. </ports>
  8097. <times srtt="205881" rttvar="4576" to="224185"/>
  8098. </host>
  8099. <host starttime="1606751262" endtime="1606768751"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8100. <address addr="106.14.0.74" addrtype="ipv4"/>
  8101. <hostnames>
  8102. </hostnames>
  8103. <ports><extraports state="closed" count="985">
  8104. <extrareasons reason="conn-refused" count="985"/>
  8105. </extraports>
  8106. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8107. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  8108. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8109. <port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  8110. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  8111. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8112. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8113. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8114. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  8115. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  8116. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  8117. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  8118. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  8119. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8120. <port protocol="tcp" portid="8088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8088&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 106.14.0.74,/pixel.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8088&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 106.14.0.74,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8121. </ports>
  8122. <times srtt="208873" rttvar="5543" to="231045"/>
  8123. </host>
  8124. <host starttime="1606751262" endtime="1606768732"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8125. <address addr="40.122.106.213" addrtype="ipv4"/>
  8126. <hostnames>
  8127. </hostnames>
  8128. <ports><extraports state="filtered" count="998">
  8129. <extrareasons reason="no-responses" count="998"/>
  8130. </extraports>
  8131. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  8132. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 37000&#xa;Jitter: 25&#xa;C2 Server: api.aperture.network,/functionalStatus&#xa;HTTP Method Path 2: /rest/2/meetings&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8133. </ports>
  8134. <times srtt="47051" rttvar="2117" to="100000"/>
  8135. </host>
  8136. <host starttime="1606751262" endtime="1606768791"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8137. <address addr="81.17.16.106" addrtype="ipv4"/>
  8138. <hostnames>
  8139. </hostnames>
  8140. <ports><extraports state="closed" count="997">
  8141. <extrareasons reason="conn-refused" count="997"/>
  8142. </extraports>
  8143. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8144. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8145. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8146. </ports>
  8147. <times srtt="112219" rttvar="2710" to="123059"/>
  8148. </host>
  8149. <host starttime="1606751261" endtime="1606768728"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8150. <address addr="46.101.254.28" addrtype="ipv4"/>
  8151. <hostnames>
  8152. </hostnames>
  8153. <ports><extraports state="closed" count="997">
  8154. <extrareasons reason="conn-refused" count="997"/>
  8155. </extraports>
  8156. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8157. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8158. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 139.59.204.7,/visit.js&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8159. </ports>
  8160. <times srtt="100517" rttvar="3149" to="113113"/>
  8161. </host>
  8162. <host starttime="1606751263" endtime="1606768739"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8163. <address addr="18.181.239.157" addrtype="ipv4"/>
  8164. <hostnames>
  8165. <hostname name="ec2-18-181-239-157.ap-northeast-1.compute.amazonaws.com" type="PTR"/>
  8166. </hostnames>
  8167. <ports><extraports state="filtered" count="999">
  8168. <extrareasons reason="no-responses" count="999"/>
  8169. </extraports>
  8170. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8171. </ports>
  8172. <times srtt="185424" rttvar="1418" to="191096"/>
  8173. </host>
  8174. <host starttime="1606751262" endtime="1606768768"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8175. <address addr="54.242.70.107" addrtype="ipv4"/>
  8176. <hostnames>
  8177. <hostname name="ec2-54-242-70-107.compute-1.amazonaws.com" type="PTR"/>
  8178. </hostnames>
  8179. <ports><extraports state="filtered" count="999">
  8180. <extrareasons reason="no-responses" count="999"/>
  8181. </extraports>
  8182. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 54.242.70.107,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8183. </ports>
  8184. <times srtt="11611" rttvar="3537" to="100000"/>
  8185. </host>
  8186. <host starttime="1606751263" endtime="1606768786"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8187. <address addr="51.83.180.153" addrtype="ipv4"/>
  8188. <hostnames>
  8189. <hostname name="ip153.ip-51-83-180.eu" type="PTR"/>
  8190. </hostnames>
  8191. <ports><extraports state="closed" count="997">
  8192. <extrareasons reason="conn-refused" count="997"/>
  8193. </extraports>
  8194. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8195. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8196. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: updatesourcehealth.com,/en_US/all.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8197. </ports>
  8198. <times srtt="118965" rttvar="2299" to="128161"/>
  8199. </host>
  8200. <host starttime="1606751262" endtime="1606768707"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8201. <address addr="8.210.84.140" addrtype="ipv4"/>
  8202. <hostnames>
  8203. </hostnames>
  8204. <ports><extraports state="closed" count="996">
  8205. <extrareasons reason="conn-refused" count="996"/>
  8206. </extraports>
  8207. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8208. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8209. <port protocol="tcp" portid="1066"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="fpo-fns" method="table" conf="3"/></port>
  8210. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  8211. </ports>
  8212. <times srtt="228404" rttvar="981" to="232328"/>
  8213. </host>
  8214. <host starttime="1606751263" endtime="1606768663"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8215. <address addr="54.238.147.138" addrtype="ipv4"/>
  8216. <hostnames>
  8217. <hostname name="ec2-54-238-147-138.ap-northeast-1.compute.amazonaws.com" type="PTR"/>
  8218. </hostnames>
  8219. <ports><extraports state="filtered" count="613">
  8220. <extrareasons reason="no-responses" count="613"/>
  8221. </extraports>
  8222. <extraports state="closed" count="387">
  8223. <extrareasons reason="conn-refused" count="387"/>
  8224. </extraports>
  8225. </ports>
  8226. <times srtt="185964" rttvar="2350" to="195364"/>
  8227. </host>
  8228. <host starttime="1606751262" endtime="1606768759"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8229. <address addr="49.232.42.92" addrtype="ipv4"/>
  8230. <hostnames>
  8231. </hostnames>
  8232. <ports><extraports state="closed" count="993">
  8233. <extrareasons reason="conn-refused" count="993"/>
  8234. </extraports>
  8235. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8236. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8237. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 49.232.42.92,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LEN2)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 49.232.42.92,/dpixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8238. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8239. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8240. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  8241. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  8242. </ports>
  8243. <times srtt="224000" rttvar="2130" to="232520"/>
  8244. </host>
  8245. <host starttime="1606751262" endtime="1606768772"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8246. <address addr="176.121.14.140" addrtype="ipv4"/>
  8247. <hostnames>
  8248. <hostname name="ns1648.ztomy.com" type="PTR"/>
  8249. </hostnames>
  8250. <ports><extraports state="closed" count="995">
  8251. <extrareasons reason="conn-refused" count="995"/>
  8252. </extraports>
  8253. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8254. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8255. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 176.121.14.140,/image/foo.jpg&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /history/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 176.121.14.140,/image/foo.jpg&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /history/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8256. <port protocol="tcp" portid="5950"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8257. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 194.76.227.16,/image/foo.jpg&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /history/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 194.76.227.16,/image/foo.jpg&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /history/&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8258. </ports>
  8259. <times srtt="125673" rttvar="1395" to="131253"/>
  8260. </host>
  8261. <host starttime="1606751262" endtime="1606768745"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8262. <address addr="154.209.86.57" addrtype="ipv4"/>
  8263. <hostnames>
  8264. </hostnames>
  8265. <ports><extraports state="closed" count="980">
  8266. <extrareasons reason="conn-refused" count="980"/>
  8267. </extraports>
  8268. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  8269. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  8270. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8271. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  8272. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8273. <port protocol="tcp" portid="366"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="odmr" method="table" conf="3"/></port>
  8274. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8275. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8276. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  8277. <port protocol="tcp" portid="5555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="freeciv" method="table" conf="3"/></port>
  8278. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8279. <port protocol="tcp" portid="61532"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8280. <port protocol="tcp" portid="61900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8281. <port protocol="tcp" portid="62078"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="iphone-sync" method="table" conf="3"/></port>
  8282. <port protocol="tcp" portid="63331"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8283. <port protocol="tcp" portid="64623"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8284. <port protocol="tcp" portid="64680"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8285. <port protocol="tcp" portid="65000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8286. <port protocol="tcp" portid="65129"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8287. <port protocol="tcp" portid="65389"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8288. </ports>
  8289. <times srtt="218295" rttvar="4756" to="237319"/>
  8290. </host>
  8291. <host starttime="1606751262" endtime="1606768739"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8292. <address addr="172.104.121.109" addrtype="ipv4"/>
  8293. <hostnames>
  8294. <hostname name="li1731-109.members.linode.com" type="PTR"/>
  8295. </hostnames>
  8296. <ports><extraports state="filtered" count="992">
  8297. <extrareasons reason="no-responses" count="992"/>
  8298. </extraports>
  8299. <port protocol="tcp" portid="22"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8300. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  8301. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8302. <port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  8303. <port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8304. <port protocol="tcp" portid="3333"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dec-notes" method="table" conf="3"/></port>
  8305. <port protocol="tcp" portid="5901"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="vnc-1" method="table" conf="3"/></port>
  8306. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8307. </ports>
  8308. <times srtt="192673" rttvar="4284" to="209809"/>
  8309. </host>
  8310. <host starttime="1606751262" endtime="1606768784"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8311. <address addr="185.243.41.224" addrtype="ipv4"/>
  8312. <hostnames>
  8313. </hostnames>
  8314. <ports><extraports state="closed" count="994">
  8315. <extrareasons reason="conn-refused" count="994"/>
  8316. </extraports>
  8317. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8318. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8319. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8320. <port protocol="tcp" portid="7201"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="dlip" method="table" conf="3"/></port>
  8321. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8322. <port protocol="tcp" portid="9100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jetdirect" method="table" conf="3"/></port>
  8323. </ports>
  8324. <times srtt="178544" rttvar="6314" to="203800"/>
  8325. </host>
  8326. <host starttime="1606751261" endtime="1606768780"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8327. <address addr="194.156.228.12" addrtype="ipv4"/>
  8328. <hostnames>
  8329. </hostnames>
  8330. <ports><extraports state="closed" count="992">
  8331. <extrareasons reason="conn-refused" count="992"/>
  8332. </extraports>
  8333. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  8334. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8335. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8336. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  8337. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8338. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8339. <port protocol="tcp" portid="8011"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8340. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8341. </ports>
  8342. <times srtt="14603" rttvar="1512" to="100000"/>
  8343. </host>
  8344. <host starttime="1606751262" endtime="1606768766"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8345. <address addr="185.45.193.114" addrtype="ipv4"/>
  8346. <hostnames>
  8347. </hostnames>
  8348. <ports><extraports state="closed" count="995">
  8349. <extrareasons reason="conn-refused" count="995"/>
  8350. </extraports>
  8351. <port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  8352. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8353. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8354. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  8355. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8356. </ports>
  8357. <times srtt="93749" rttvar="1046" to="100000"/>
  8358. </host>
  8359. <host starttime="1606751271" endtime="1606768766"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8360. <address addr="167.71.145.138" addrtype="ipv4"/>
  8361. <hostnames>
  8362. </hostnames>
  8363. <ports><extraports state="closed" count="984">
  8364. <extrareasons reason="conn-refused" count="984"/>
  8365. </extraports>
  8366. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8367. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8368. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8369. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  8370. <port protocol="tcp" portid="389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ldap" method="table" conf="3"/></port>
  8371. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8372. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8373. <port protocol="tcp" portid="61532"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8374. <port protocol="tcp" portid="61900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8375. <port protocol="tcp" portid="62078"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="iphone-sync" method="table" conf="3"/></port>
  8376. <port protocol="tcp" portid="63331"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8377. <port protocol="tcp" portid="64623"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8378. <port protocol="tcp" portid="64680"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8379. <port protocol="tcp" portid="65000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8380. <port protocol="tcp" portid="65129"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8381. <port protocol="tcp" portid="65389"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8382. </ports>
  8383. <times srtt="84963" rttvar="7871" to="116447"/>
  8384. </host>
  8385. <host starttime="1606751262" endtime="1606768744"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8386. <address addr="146.185.132.43" addrtype="ipv4"/>
  8387. <hostnames>
  8388. </hostnames>
  8389. <ports><extraports state="closed" count="997">
  8390. <extrareasons reason="conn-refused" count="997"/>
  8391. </extraports>
  8392. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8393. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8394. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8395. </ports>
  8396. <times srtt="99272" rttvar="3839" to="114628"/>
  8397. </host>
  8398. <host starttime="1606751262" endtime="1606768776"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8399. <address addr="167.179.78.159" addrtype="ipv4"/>
  8400. <hostnames>
  8401. <hostname name="167.179.78.159.vultr.com" type="PTR"/>
  8402. </hostnames>
  8403. <ports><extraports state="closed" count="992">
  8404. <extrareasons reason="conn-refused" count="992"/>
  8405. </extraports>
  8406. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8407. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8408. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8409. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8410. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 167.179.78.159,/cm&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 167.179.78.159,/push&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS125526)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8411. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8412. <port protocol="tcp" portid="8088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8413. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8414. </ports>
  8415. <times srtt="181266" rttvar="843" to="184638"/>
  8416. </host>
  8417. <host starttime="1606751262" endtime="1606768756"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8418. <address addr="159.69.211.104" addrtype="ipv4"/>
  8419. <hostnames>
  8420. <hostname name="static.104.211.69.159.clients.your-server.de" type="PTR"/>
  8421. </hostnames>
  8422. <ports><extraports state="closed" count="996">
  8423. <extrareasons reason="conn-refused" count="996"/>
  8424. </extraports>
  8425. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8426. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8427. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 159.69.211.104,/cm&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;C2 Server: 159.69.211.104,/IE9CompatViewList.xml&#xa;HTTP Method Path 2: /submit.php&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8428. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8429. </ports>
  8430. <times srtt="103395" rttvar="1697" to="110183"/>
  8431. </host>
  8432. <host starttime="1606751263" endtime="1606768791"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8433. <address addr="141.164.61.249" addrtype="ipv4"/>
  8434. <hostnames>
  8435. <hostname name="141.164.61.249.vultr.com" type="PTR"/>
  8436. </hostnames>
  8437. <ports><extraports state="closed" count="991">
  8438. <extrareasons reason="conn-refused" count="991"/>
  8439. </extraports>
  8440. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8441. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8442. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: autotoll.net,/activity&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: autotoll.net,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8443. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  8444. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8445. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8446. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  8447. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8448. <port protocol="tcp" portid="8800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sunwebadmin" method="table" conf="3"/></port>
  8449. </ports>
  8450. <times srtt="207197" rttvar="1368" to="212669"/>
  8451. </host>
  8452. <host starttime="1606751262" endtime="1606768791"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8453. <address addr="141.164.59.234" addrtype="ipv4"/>
  8454. <hostnames>
  8455. <hostname name="141.164.59.234.vultr.com" type="PTR"/>
  8456. </hostnames>
  8457. <ports><extraports state="closed" count="988">
  8458. <extrareasons reason="conn-refused" count="988"/>
  8459. </extraports>
  8460. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8461. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8462. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8463. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  8464. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8465. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8466. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8467. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  8468. <port protocol="tcp" portid="5555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="freeciv" method="table" conf="3"/></port>
  8469. <port protocol="tcp" portid="8010"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmpp" method="table" conf="3"/></port>
  8470. <port protocol="tcp" portid="8011"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8471. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8472. </ports>
  8473. <times srtt="208171" rttvar="1333" to="213503"/>
  8474. </host>
  8475. <host starttime="1606751262" endtime="1606768791"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8476. <address addr="103.40.243.91" addrtype="ipv4"/>
  8477. <hostnames>
  8478. </hostnames>
  8479. <ports><extraports state="closed" count="990">
  8480. <extrareasons reason="conn-refused" count="990"/>
  8481. </extraports>
  8482. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8483. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8484. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  8485. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8486. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8487. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8488. <port protocol="tcp" portid="7443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oracleas-https" method="table" conf="3"/></port>
  8489. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 103.40.243.91,/dot.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 103.40.243.91,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; LBBROWSER)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8490. <port protocol="tcp" portid="8090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="opsmessaging" method="table" conf="3"/></port>
  8491. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8492. </ports>
  8493. <times srtt="228241" rttvar="2320" to="237521"/>
  8494. </host>
  8495. <host starttime="1606751262" endtime="1606768766"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8496. <address addr="119.29.89.253" addrtype="ipv4"/>
  8497. <hostnames>
  8498. </hostnames>
  8499. <ports><extraports state="closed" count="992">
  8500. <extrareasons reason="conn-refused" count="992"/>
  8501. </extraports>
  8502. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8503. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8504. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8505. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8506. <port protocol="tcp" portid="4444"><state state="filtered" reason="host-unreach" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8507. <port protocol="tcp" portid="8291"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8508. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8509. <port protocol="tcp" portid="9503"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8510. </ports>
  8511. <times srtt="230064" rttvar="928" to="233776"/>
  8512. </host>
  8513. <host starttime="1606751262" endtime="1606768751"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8514. <address addr="119.29.196.179" addrtype="ipv4"/>
  8515. <hostnames>
  8516. </hostnames>
  8517. <ports><extraports state="closed" count="994">
  8518. <extrareasons reason="conn-refused" count="994"/>
  8519. </extraports>
  8520. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8521. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8522. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8523. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8524. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8525. <port protocol="tcp" portid="9877"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8526. </ports>
  8527. <times srtt="235709" rttvar="2132" to="244237"/>
  8528. </host>
  8529. <host starttime="1606751262" endtime="1606768747"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8530. <address addr="119.45.236.153" addrtype="ipv4"/>
  8531. <hostnames>
  8532. </hostnames>
  8533. <ports><extraports state="closed" count="990">
  8534. <extrareasons reason="conn-refused" count="990"/>
  8535. </extraports>
  8536. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8537. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8538. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8539. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8540. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8541. <port protocol="tcp" portid="5000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  8542. <port protocol="tcp" portid="5003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="filemaker" method="table" conf="3"/></port>
  8543. <port protocol="tcp" portid="8011"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8544. <port protocol="tcp" portid="8022"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oa-system" method="table" conf="3"/></port>
  8545. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8546. </ports>
  8547. <times srtt="207954" rttvar="4193" to="224726"/>
  8548. </host>
  8549. <host starttime="1606751263" endtime="1606768741"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8550. <address addr="45.63.15.251" addrtype="ipv4"/>
  8551. <hostnames>
  8552. <hostname name="45.63.15.251.vultr.com" type="PTR"/>
  8553. </hostnames>
  8554. <ports><extraports state="closed" count="994">
  8555. <extrareasons reason="conn-refused" count="994"/>
  8556. </extraports>
  8557. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8558. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8559. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8560. <port protocol="tcp" portid="1688"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nsjtp-data" method="table" conf="3"/></port>
  8561. <port protocol="tcp" portid="8045"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8562. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 8443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 45.63.15.251,/en_US/all.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8563. </ports>
  8564. <times srtt="18427" rttvar="4056" to="100000"/>
  8565. </host>
  8566. <host starttime="1606751262" endtime="1606768744"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8567. <address addr="106.12.39.243" addrtype="ipv4"/>
  8568. <hostnames>
  8569. </hostnames>
  8570. <ports><extraports state="closed" count="991">
  8571. <extrareasons reason="conn-refused" count="991"/>
  8572. </extraports>
  8573. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8574. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8575. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8576. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8577. <port protocol="tcp" portid="800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mdbs_daemon" method="table" conf="3"/></port>
  8578. <port protocol="tcp" portid="801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="device" method="table" conf="3"/></port>
  8579. <port protocol="tcp" portid="1234"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hotline" method="table" conf="3"/></port>
  8580. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8581. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8582. </ports>
  8583. <times srtt="222296" rttvar="4672" to="240984"/>
  8584. </host>
  8585. <host starttime="1606751263" endtime="1606768788"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8586. <address addr="47.91.237.42" addrtype="ipv4"/>
  8587. <hostnames>
  8588. </hostnames>
  8589. <ports><extraports state="filtered" count="985">
  8590. <extrareasons reason="no-responses" count="985"/>
  8591. </extraports>
  8592. <port protocol="tcp" portid="20"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp-data" method="table" conf="3"/></port>
  8593. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  8594. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8595. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8596. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  8597. <port protocol="tcp" portid="1099"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="rmiregistry" method="table" conf="3"/></port>
  8598. <port protocol="tcp" portid="4444"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8599. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8600. <port protocol="tcp" portid="8001"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="vcom-tunnel" method="table" conf="3"/></port>
  8601. <port protocol="tcp" portid="8002"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="teradataordbms" method="table" conf="3"/></port>
  8602. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  8603. <port protocol="tcp" portid="8099"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8604. <port protocol="tcp" portid="8180"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8605. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8606. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  8607. </ports>
  8608. <times srtt="232551" rttvar="899" to="236147"/>
  8609. </host>
  8610. <host starttime="1606751262" endtime="1606768741"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8611. <address addr="47.75.55.181" addrtype="ipv4"/>
  8612. <hostnames>
  8613. </hostnames>
  8614. <ports><extraports state="closed" count="996">
  8615. <extrareasons reason="conn-refused" count="996"/>
  8616. </extraports>
  8617. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8618. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8619. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8620. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8621. </ports>
  8622. <times srtt="227932" rttvar="936" to="231676"/>
  8623. </host>
  8624. <host starttime="1606751263" endtime="1606768802"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8625. <address addr="47.92.242.153" addrtype="ipv4"/>
  8626. <hostnames>
  8627. </hostnames>
  8628. <ports><extraports state="closed" count="990">
  8629. <extrareasons reason="conn-refused" count="990"/>
  8630. </extraports>
  8631. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8632. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8633. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.92.242.153,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.92.242.153,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8634. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8635. <port protocol="tcp" portid="801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="device" method="table" conf="3"/></port>
  8636. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  8637. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  8638. <port protocol="tcp" portid="7001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-callback" method="table" conf="3"/></port>
  8639. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 8443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.92.242.153,/g.pixel&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 8443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.92.242.153,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MATMJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8640. <port protocol="tcp" portid="9081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-aqos" method="table" conf="3"/></port>
  8641. </ports>
  8642. <times srtt="234111" rttvar="2637" to="244659"/>
  8643. </host>
  8644. <host starttime="1606751262" endtime="1606768788"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8645. <address addr="47.100.139.80" addrtype="ipv4"/>
  8646. <hostnames>
  8647. </hostnames>
  8648. <ports><extraports state="closed" count="981">
  8649. <extrareasons reason="conn-refused" count="981"/>
  8650. </extraports>
  8651. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  8652. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8653. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  8654. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8655. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8656. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  8657. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8658. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8659. <port protocol="tcp" portid="444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snpp" method="table" conf="3"/></port>
  8660. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8661. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  8662. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  8663. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  8664. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  8665. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  8666. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  8667. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8668. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8669. <port protocol="tcp" portid="12345"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbus" method="table" conf="3"/></port>
  8670. </ports>
  8671. <times srtt="218023" rttvar="12132" to="266551"/>
  8672. </host>
  8673. <host starttime="1606751262" endtime="1606768751"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8674. <address addr="49.235.110.247" addrtype="ipv4"/>
  8675. <hostnames>
  8676. </hostnames>
  8677. <ports><extraports state="closed" count="987">
  8678. <extrareasons reason="conn-refused" count="987"/>
  8679. </extraports>
  8680. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8681. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  8682. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8683. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  8684. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8685. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8686. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  8687. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  8688. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  8689. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  8690. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  8691. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8692. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8693. </ports>
  8694. <times srtt="203024" rttvar="2364" to="212480"/>
  8695. </host>
  8696. <host starttime="1606751262" endtime="1606768786"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8697. <address addr="34.80.203.249" addrtype="ipv4"/>
  8698. <hostnames>
  8699. <hostname name="249.203.80.34.bc.googleusercontent.com" type="PTR"/>
  8700. </hostnames>
  8701. <ports><extraports state="closed" count="996">
  8702. <extrareasons reason="conn-refused" count="996"/>
  8703. </extraports>
  8704. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8705. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8706. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8707. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8708. </ports>
  8709. <times srtt="203246" rttvar="4411" to="220890"/>
  8710. </host>
  8711. <host starttime="1606751262" endtime="1606771904"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8712. <address addr="13.231.182.195" addrtype="ipv4"/>
  8713. <hostnames>
  8714. <hostname name="ec2-13-231-182-195.ap-northeast-1.compute.amazonaws.com" type="PTR"/>
  8715. </hostnames>
  8716. <ports><extraports state="closed" count="993">
  8717. <extrareasons reason="conn-refused" count="993"/>
  8718. </extraports>
  8719. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8720. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 34.92.17.205,/col/col2649/index&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0 Safari/537.36 QQBrowser/10.5.3739.400&#xa;HTTP Method Path 2: /jrobot/search.do&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 34.92.17.205,/col/col2649/index&#xa;User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0 Safari/537.36 QQBrowser/10.5.3739.400&#xa;HTTP Method Path 2: /jrobot/search.do&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8721. <port protocol="tcp" portid="808"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ccproxy-http" method="table" conf="3"/></port>
  8722. <port protocol="tcp" portid="1000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cadlock" method="table" conf="3"/></port>
  8723. <port protocol="tcp" portid="4321"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rwhois" method="table" conf="3"/></port>
  8724. <port protocol="tcp" portid="5000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  8725. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8726. </ports>
  8727. <times srtt="184765" rttvar="1366" to="190229"/>
  8728. </host>
  8729. <host starttime="1606751262" endtime="1606771908"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8730. <address addr="193.218.39.208" addrtype="ipv4"/>
  8731. <hostnames>
  8732. </hostnames>
  8733. <ports><extraports state="filtered" count="993">
  8734. <extrareasons reason="no-responses" count="993"/>
  8735. </extraports>
  8736. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8737. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 193.218.39.208,/ptj&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 193.218.39.208,/__utm.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8738. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  8739. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8740. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8741. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8742. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8743. </ports>
  8744. <times srtt="221976" rttvar="2829" to="233292"/>
  8745. </host>
  8746. <host starttime="1606751262" endtime="1606771912"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8747. <address addr="182.163.74.90" addrtype="ipv4"/>
  8748. <hostnames>
  8749. <hostname name="hypnolab.site" type="PTR"/>
  8750. </hostnames>
  8751. <ports><extraports state="closed" count="987">
  8752. <extrareasons reason="conn-refused" count="987"/>
  8753. </extraports>
  8754. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8755. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8756. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8757. <port protocol="tcp" portid="1521"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oracle" method="table" conf="3"/></port>
  8758. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  8759. <port protocol="tcp" portid="3920"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="exasoftport1" method="table" conf="3"/></port>
  8760. <port protocol="tcp" portid="4848"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="appserv-http" method="table" conf="3"/></port>
  8761. <port protocol="tcp" portid="7676"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imqbrokerd" method="table" conf="3"/></port>
  8762. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8763. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  8764. <port protocol="tcp" portid="8089"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8765. <port protocol="tcp" portid="8181"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="intermapper" method="table" conf="3"/></port>
  8766. <port protocol="tcp" portid="10000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="snet-sensor-mgmt" method="table" conf="3"/></port>
  8767. </ports>
  8768. <times srtt="179190" rttvar="6288" to="204342"/>
  8769. </host>
  8770. <host starttime="1606751262" endtime="1606771895"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8771. <address addr="39.96.9.238" addrtype="ipv4"/>
  8772. <hostnames>
  8773. </hostnames>
  8774. <ports><extraports state="closed" count="991">
  8775. <extrareasons reason="conn-refused" count="991"/>
  8776. </extraports>
  8777. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8778. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8779. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8780. <port protocol="tcp" portid="1972"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="intersys-cache" method="table" conf="3"/></port>
  8781. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  8782. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  8783. <port protocol="tcp" portid="7000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-fileserver" method="table" conf="3"/></port>
  8784. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8785. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  8786. </ports>
  8787. <times srtt="223615" rttvar="1437" to="229363"/>
  8788. </host>
  8789. <host starttime="1606751261" endtime="1606771870"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8790. <address addr="13.59.54.32" addrtype="ipv4"/>
  8791. <hostnames>
  8792. <hostname name="ec2-13-59-54-32.us-east-2.compute.amazonaws.com" type="PTR"/>
  8793. </hostnames>
  8794. <ports><extraports state="filtered" count="995">
  8795. <extrareasons reason="no-responses" count="995"/>
  8796. </extraports>
  8797. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8798. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8799. <port protocol="tcp" portid="7777"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cbt" method="table" conf="3"/></port>
  8800. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8801. <port protocol="tcp" portid="9200"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wap-wsp" method="table" conf="3"/></port>
  8802. </ports>
  8803. <times srtt="34728" rttvar="3071" to="100000"/>
  8804. </host>
  8805. <host starttime="1606751262" endtime="1606771872"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8806. <address addr="3.129.218.157" addrtype="ipv4"/>
  8807. <hostnames>
  8808. <hostname name="ec2-3-129-218-157.us-east-2.compute.amazonaws.com" type="PTR"/>
  8809. </hostnames>
  8810. <ports><extraports state="filtered" count="997">
  8811. <extrareasons reason="no-responses" count="997"/>
  8812. </extraports>
  8813. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8814. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8815. <port protocol="tcp" portid="9200"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="wap-wsp" method="table" conf="3"/></port>
  8816. </ports>
  8817. <times srtt="33664" rttvar="2358" to="100000"/>
  8818. </host>
  8819. <host starttime="1606751262" endtime="1606771879"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8820. <address addr="54.233.105.164" addrtype="ipv4"/>
  8821. <hostnames>
  8822. <hostname name="ec2-54-233-105-164.sa-east-1.compute.amazonaws.com" type="PTR"/>
  8823. </hostnames>
  8824. <ports><extraports state="filtered" count="994">
  8825. <extrareasons reason="no-responses" count="994"/>
  8826. </extraports>
  8827. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8828. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8829. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8830. <port protocol="tcp" portid="4848"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="appserv-http" method="table" conf="3"/></port>
  8831. <port protocol="tcp" portid="5432"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="postgresql" method="table" conf="3"/></port>
  8832. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  8833. </ports>
  8834. <times srtt="125409" rttvar="822" to="128697"/>
  8835. </host>
  8836. <host starttime="1606751262" endtime="1606771908"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8837. <address addr="47.75.249.112" addrtype="ipv4"/>
  8838. <hostnames>
  8839. </hostnames>
  8840. <ports><extraports state="closed" count="993">
  8841. <extrareasons reason="conn-refused" count="993"/>
  8842. </extraports>
  8843. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8844. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8845. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8846. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8847. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  8848. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  8849. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  8850. </ports>
  8851. <times srtt="228843" rttvar="1826" to="236147"/>
  8852. </host>
  8853. <host starttime="1606751262" endtime="1606770985"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8854. <address addr="47.103.150.221" addrtype="ipv4"/>
  8855. <hostnames>
  8856. </hostnames>
  8857. <ports><extraports state="closed" count="983">
  8858. <extrareasons reason="conn-refused" count="983"/>
  8859. </extraports>
  8860. <port protocol="tcp" portid="1"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="tcpmux" method="table" conf="3"/></port>
  8861. <port protocol="tcp" portid="3"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="compressnet" method="table" conf="3"/></port>
  8862. <port protocol="tcp" portid="4"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8863. <port protocol="tcp" portid="6"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8864. <port protocol="tcp" portid="7"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="echo" method="table" conf="3"/></port>
  8865. <port protocol="tcp" portid="9"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="discard" method="table" conf="3"/></port>
  8866. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  8867. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8868. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  8869. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8870. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8871. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  8872. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  8873. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  8874. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  8875. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  8876. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8877. </ports>
  8878. <times srtt="224580" rttvar="20952" to="308388"/>
  8879. </host>
  8880. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8881. <address addr="212.129.236.42" addrtype="ipv4"/>
  8882. <hostnames>
  8883. </hostnames>
  8884. <ports><extraports state="closed" count="988">
  8885. <extrareasons reason="conn-refused" count="988"/>
  8886. </extraports>
  8887. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8888. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  8889. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8890. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  8891. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  8892. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8893. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  8894. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  8895. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  8896. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  8897. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  8898. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  8899. </ports>
  8900. <times srtt="207886" rttvar="3509" to="221922"/>
  8901. </host>
  8902. <host starttime="1606751262" endtime="1606771908"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8903. <address addr="139.217.110.192" addrtype="ipv4"/>
  8904. <hostnames>
  8905. </hostnames>
  8906. <ports><extraports state="closed" count="994">
  8907. <extrareasons reason="conn-refused" count="994"/>
  8908. </extraports>
  8909. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8910. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8911. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8912. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8913. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  8914. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  8915. </ports>
  8916. <times srtt="245563" rttvar="2318" to="254835"/>
  8917. </host>
  8918. <host starttime="1606751261" endtime="1606771008"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8919. <address addr="103.140.186.16" addrtype="ipv4"/>
  8920. <hostnames>
  8921. </hostnames>
  8922. <ports><extraports state="closed" count="997">
  8923. <extrareasons reason="conn-refused" count="997"/>
  8924. </extraports>
  8925. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8926. <port protocol="tcp" portid="1122"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="availant-mgr" method="table" conf="3"/></port>
  8927. <port protocol="tcp" portid="8010"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="xmpp" method="table" conf="3"/></port>
  8928. </ports>
  8929. <times srtt="236116" rttvar="1942" to="243884"/>
  8930. </host>
  8931. <host starttime="1606751262" endtime="1606771884"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8932. <address addr="117.50.37.182" addrtype="ipv4"/>
  8933. <hostnames>
  8934. </hostnames>
  8935. <ports><extraports state="closed" count="993">
  8936. <extrareasons reason="conn-refused" count="993"/>
  8937. </extraports>
  8938. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8939. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8940. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 3000&#xa;Jitter: 20&#xa;Maxdns: 235&#xa;C2 Server: 117.50.37.182,/update_wapp2.aspx&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)&#xa;HTTP Method Path 2: /update_Wapp2.aspx&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 3000&#xa;Jitter: 20&#xa;Maxdns: 235&#xa;C2 Server: 117.50.37.182,/update_wapp2.aspx&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /update_Wapp2.aspx&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  8941. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8942. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  8943. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  8944. <port protocol="tcp" portid="9001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tor-orport" method="table" conf="3"/></port>
  8945. </ports>
  8946. <times srtt="230123" rttvar="3426" to="243827"/>
  8947. </host>
  8948. <host starttime="1606751263" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  8949. <address addr="39.106.83.167" addrtype="ipv4"/>
  8950. <hostnames>
  8951. </hostnames>
  8952. <ports><extraports state="closed" count="986">
  8953. <extrareasons reason="conn-refused" count="986"/>
  8954. </extraports>
  8955. <port protocol="tcp" portid="1"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="tcpmux" method="table" conf="3"/></port>
  8956. <port protocol="tcp" portid="3"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="compressnet" method="table" conf="3"/></port>
  8957. <port protocol="tcp" portid="4"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8958. <port protocol="tcp" portid="6"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8959. <port protocol="tcp" portid="7"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="echo" method="table" conf="3"/></port>
  8960. <port protocol="tcp" portid="9"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="discard" method="table" conf="3"/></port>
  8961. <port protocol="tcp" portid="13"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="daytime" method="table" conf="3"/></port>
  8962. <port protocol="tcp" portid="17"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="qotd" method="table" conf="3"/></port>
  8963. <port protocol="tcp" portid="19"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="chargen" method="table" conf="3"/></port>
  8964. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8965. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  8966. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  8967. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  8968. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  8969. </ports>
  8970. <times srtt="230087" rttvar="3343" to="243459"/>
  8971. </host>
  8972. <host starttime="1606751262" endtime="1606771909"><status state="up" reason="syn-ack" reason_ttl="0"/>
  8973. <address addr="106.12.132.186" addrtype="ipv4"/>
  8974. <hostnames>
  8975. </hostnames>
  8976. <ports><extraports state="filtered" count="978">
  8977. <extrareasons reason="host-unreaches" count="968"/>
  8978. <extrareasons reason="no-responses" count="10"/>
  8979. </extraports>
  8980. <port protocol="tcp" portid="20"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp-data" method="table" conf="3"/></port>
  8981. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  8982. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  8983. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  8984. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  8985. <port protocol="tcp" portid="1521"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="oracle" method="table" conf="3"/></port>
  8986. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  8987. <port protocol="tcp" portid="5003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="filemaker" method="table" conf="3"/></port>
  8988. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  8989. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  8990. <port protocol="tcp" portid="9080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="glrpc" method="table" conf="3"/></port>
  8991. <port protocol="tcp" portid="10000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="snet-sensor-mgmt" method="table" conf="3"/></port>
  8992. <port protocol="tcp" portid="10001"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="scp-config" method="table" conf="3"/></port>
  8993. <port protocol="tcp" portid="10002"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="documentum" method="table" conf="3"/></port>
  8994. <port protocol="tcp" portid="10003"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="documentum_s" method="table" conf="3"/></port>
  8995. <port protocol="tcp" portid="10004"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="emcrmirccd" method="table" conf="3"/></port>
  8996. <port protocol="tcp" portid="10009"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="swdtp-sv" method="table" conf="3"/></port>
  8997. <port protocol="tcp" portid="10010"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="rxapi" method="table" conf="3"/></port>
  8998. <port protocol="tcp" portid="10012"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  8999. <port protocol="tcp" portid="10024"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9000. <port protocol="tcp" portid="10025"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9001. <port protocol="tcp" portid="10082"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="amandaidx" method="table" conf="3"/></port>
  9002. </ports>
  9003. <times srtt="226512" rttvar="2375" to="236012"/>
  9004. </host>
  9005. <host starttime="1606751262" endtime="1606770943"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9006. <address addr="185.25.48.54" addrtype="ipv4"/>
  9007. <hostnames>
  9008. <hostname name="11567-21123.bacloud.info" type="PTR"/>
  9009. </hostnames>
  9010. <ports><extraports state="closed" count="998">
  9011. <extrareasons reason="conn-refused" count="998"/>
  9012. </extraports>
  9013. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9014. <port protocol="tcp" portid="179"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bgp" method="table" conf="3"/></port>
  9015. </ports>
  9016. <times srtt="128624" rttvar="815" to="131884"/>
  9017. </host>
  9018. <host starttime="1606751262" endtime="1606771902"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9019. <address addr="34.96.251.166" addrtype="ipv4"/>
  9020. <hostnames>
  9021. <hostname name="166.251.96.34.bc.googleusercontent.com" type="PTR"/>
  9022. </hostnames>
  9023. <ports><extraports state="closed" count="992">
  9024. <extrareasons reason="conn-refused" count="992"/>
  9025. </extraports>
  9026. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9027. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9028. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9029. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  9030. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9031. <port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9032. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  9033. <port protocol="tcp" portid="9876"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sd" method="table" conf="3"/></port>
  9034. </ports>
  9035. <times srtt="214055" rttvar="4705" to="232875"/>
  9036. </host>
  9037. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9038. <address addr="107.173.42.131" addrtype="ipv4"/>
  9039. <hostnames>
  9040. <hostname name="107-173-42-131-host.colocrossing.com" type="PTR"/>
  9041. </hostnames>
  9042. <ports><extraports state="closed" count="998">
  9043. <extrareasons reason="conn-refused" count="998"/>
  9044. </extraports>
  9045. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9046. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9047. </ports>
  9048. <times srtt="25669" rttvar="3285" to="100000"/>
  9049. </host>
  9050. <host starttime="1606751263" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9051. <address addr="154.8.218.172" addrtype="ipv4"/>
  9052. <hostnames>
  9053. </hostnames>
  9054. <ports><extraports state="closed" count="994">
  9055. <extrareasons reason="conn-refused" count="994"/>
  9056. </extraports>
  9057. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9058. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9059. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9060. <port protocol="tcp" portid="4444"><state state="filtered" reason="host-unreach" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  9061. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  9062. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  9063. </ports>
  9064. <times srtt="248379" rttvar="2802" to="259587"/>
  9065. </host>
  9066. <host starttime="1606751262" endtime="1606771879"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9067. <address addr="51.79.42.149" addrtype="ipv4"/>
  9068. <hostnames>
  9069. <hostname name="ip149.ip-51-79-42.net" type="PTR"/>
  9070. </hostnames>
  9071. <ports><extraports state="closed" count="996">
  9072. <extrareasons reason="conn-refused" count="996"/>
  9073. </extraports>
  9074. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9075. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9076. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9077. <port protocol="tcp" portid="801"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="device" method="table" conf="3"/></port>
  9078. </ports>
  9079. <times srtt="24700" rttvar="4525" to="100000"/>
  9080. </host>
  9081. <host starttime="1606751261" endtime="1606771908"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9082. <address addr="103.234.72.32" addrtype="ipv4"/>
  9083. <hostnames>
  9084. </hostnames>
  9085. <ports><extraports state="closed" count="997">
  9086. <extrareasons reason="conn-refused" count="997"/>
  9087. </extraports>
  9088. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9089. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9090. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9091. </ports>
  9092. <times srtt="225117" rttvar="6138" to="249669"/>
  9093. </host>
  9094. <host starttime="1606751262" endtime="1606771908"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9095. <address addr="103.56.53.100" addrtype="ipv4"/>
  9096. <hostnames>
  9097. </hostnames>
  9098. <ports><extraports state="closed" count="991">
  9099. <extrareasons reason="conn-refused" count="991"/>
  9100. </extraports>
  9101. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9102. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9103. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: www.aliiyunn.cn,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: www.aliiyunn.cn,/IE9CompatViewList.xml&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9104. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  9105. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9106. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9107. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  9108. <port protocol="tcp" portid="6881"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bittorrent-tracker" method="table" conf="3"/></port>
  9109. <port protocol="tcp" portid="8008"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9110. </ports>
  9111. <times srtt="233113" rttvar="4996" to="253097"/>
  9112. </host>
  9113. <host starttime="1606751265" endtime="1606771901"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9114. <address addr="3.95.206.74" addrtype="ipv4"/>
  9115. <hostnames>
  9116. <hostname name="ec2-3-95-206-74.compute-1.amazonaws.com" type="PTR"/>
  9117. </hostnames>
  9118. <ports><extraports state="closed" count="996">
  9119. <extrareasons reason="conn-refused" count="996"/>
  9120. </extraports>
  9121. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9122. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9123. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9124. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9125. </ports>
  9126. <times srtt="12064" rttvar="4674" to="100000"/>
  9127. </host>
  9128. <host starttime="1606751263" endtime="1606771908"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9129. <address addr="80.82.77.164" addrtype="ipv4"/>
  9130. <hostnames>
  9131. </hostnames>
  9132. <ports><extraports state="closed" count="990">
  9133. <extrareasons reason="conn-refused" count="990"/>
  9134. </extraports>
  9135. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9136. <port protocol="tcp" portid="23"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="telnet" method="table" conf="3"/></port>
  9137. <port protocol="tcp" portid="32"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9138. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9139. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 80.82.77.164,/load&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 80.82.77.164,/updates.rss&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9140. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 80.82.77.164,/load&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9141. <port protocol="tcp" portid="2222"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="EtherNetIP-1" method="table" conf="3"/></port>
  9142. <port protocol="tcp" portid="2323"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="3d-nfsd" method="table" conf="3"/></port>
  9143. <port protocol="tcp" portid="5555"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="freeciv" method="table" conf="3"/></port>
  9144. <port protocol="tcp" portid="6789"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ibm-db2-admin" method="table" conf="3"/></port>
  9145. </ports>
  9146. <times srtt="102342" rttvar="2714" to="113198"/>
  9147. </host>
  9148. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9149. <address addr="124.70.1.140" addrtype="ipv4"/>
  9150. <hostnames>
  9151. <hostname name="ecs-124-70-1-140.compute.hwclouds-dns.com" type="PTR"/>
  9152. </hostnames>
  9153. <ports><extraports state="closed" count="990">
  9154. <extrareasons reason="conn-refused" count="990"/>
  9155. </extraports>
  9156. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9157. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9158. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9159. <port protocol="tcp" portid="1026"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="LSA-or-nterm" method="table" conf="3"/></port>
  9160. <port protocol="tcp" portid="1093"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="proofd" method="table" conf="3"/></port>
  9161. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  9162. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  9163. <port protocol="tcp" portid="7000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-fileserver" method="table" conf="3"/></port>
  9164. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  9165. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  9166. </ports>
  9167. <times srtt="224297" rttvar="1065" to="228557"/>
  9168. </host>
  9169. <host starttime="1606751263" endtime="1606771882"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9170. <address addr="80.211.200.179" addrtype="ipv4"/>
  9171. <hostnames>
  9172. <hostname name="179.200.forpsi.net" type="PTR"/>
  9173. </hostnames>
  9174. <ports><extraports state="closed" count="995">
  9175. <extrareasons reason="conn-refused" count="995"/>
  9176. </extraports>
  9177. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9178. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9179. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 80.211.200.179,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 80.211.200.179,/visit.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9180. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.168.161.128,/activity&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 192.168.161.128,/load&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9181. <port protocol="tcp" portid="16993"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="amt-soap-https" method="table" conf="3"/></port>
  9182. </ports>
  9183. <times srtt="109735" rttvar="2438" to="119487"/>
  9184. </host>
  9185. <host starttime="1606751262" endtime="1606771887"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9186. <address addr="59.11.209.223" addrtype="ipv4"/>
  9187. <hostnames>
  9188. </hostnames>
  9189. <ports><extraports state="closed" count="982">
  9190. <extrareasons reason="conn-refused" count="982"/>
  9191. </extraports>
  9192. <port protocol="tcp" portid="1"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="tcpmux" method="table" conf="3"/></port>
  9193. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9194. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: www.kwwwing.com,/updates.rss&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: www.kwwwing.com,/dot.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9195. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  9196. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9197. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9198. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9199. <port protocol="tcp" portid="808"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ccproxy-http" method="table" conf="3"/></port>
  9200. <port protocol="tcp" portid="1080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="socks" method="table" conf="3"/></port>
  9201. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  9202. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  9203. <port protocol="tcp" portid="6667"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="irc" method="table" conf="3"/></port>
  9204. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9205. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9206. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9207. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9208. <port protocol="tcp" portid="49157"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9209. <port protocol="tcp" portid="49158"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9210. </ports>
  9211. <times srtt="199907" rttvar="2129" to="208423"/>
  9212. </host>
  9213. <host starttime="1606751262" endtime="1606771872"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9214. <address addr="49.234.94.85" addrtype="ipv4"/>
  9215. <hostnames>
  9216. </hostnames>
  9217. <ports><extraports state="closed" count="983">
  9218. <extrareasons reason="conn-refused" count="983"/>
  9219. </extraports>
  9220. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9221. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  9222. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9223. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  9224. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9225. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9226. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  9227. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  9228. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  9229. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  9230. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  9231. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  9232. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9233. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  9234. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  9235. <port protocol="tcp" portid="8085"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9236. <port protocol="tcp" portid="8086"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="d-s-n" method="table" conf="3"/></port>
  9237. </ports>
  9238. <times srtt="202510" rttvar="830" to="205830"/>
  9239. </host>
  9240. <host starttime="1606751262" endtime="1606771894"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9241. <address addr="49.12.104.241" addrtype="ipv4"/>
  9242. <hostnames>
  9243. <hostname name="static.241.104.12.49.clients.your-server.de" type="PTR"/>
  9244. </hostnames>
  9245. <ports><extraports state="closed" count="991">
  9246. <extrareasons reason="conn-refused" count="991"/>
  9247. </extraports>
  9248. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9249. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9250. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 49.12.104.241,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 49.12.104.241,/push&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9251. <port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  9252. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9253. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9254. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  9255. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  9256. <port protocol="tcp" portid="8083"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="us-srv" method="table" conf="3"/></port>
  9257. </ports>
  9258. <times srtt="100320" rttvar="1916" to="107984"/>
  9259. </host>
  9260. <host starttime="1606751262" endtime="1606771908"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9261. <address addr="47.113.103.131" addrtype="ipv4"/>
  9262. <hostnames>
  9263. </hostnames>
  9264. <ports><extraports state="filtered" count="940">
  9265. <extrareasons reason="no-responses" count="940"/>
  9266. </extraports>
  9267. <extraports state="closed" count="54">
  9268. <extrareasons reason="conn-refused" count="54"/>
  9269. </extraports>
  9270. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9271. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9272. <port protocol="tcp" portid="8001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vcom-tunnel" method="table" conf="3"/></port>
  9273. <port protocol="tcp" portid="8100"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xprint-server" method="table" conf="3"/></port>
  9274. <port protocol="tcp" portid="8200"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="trivnet1" method="table" conf="3"/></port>
  9275. <port protocol="tcp" portid="9090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zeus-admin" method="table" conf="3"/></port>
  9276. </ports>
  9277. <times srtt="236590" rttvar="2326" to="245894"/>
  9278. </host>
  9279. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9280. <address addr="211.159.180.120" addrtype="ipv4"/>
  9281. <hostnames>
  9282. </hostnames>
  9283. <ports><extraports state="closed" count="994">
  9284. <extrareasons reason="conn-refused" count="994"/>
  9285. </extraports>
  9286. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9287. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9288. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9289. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  9290. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  9291. <port protocol="tcp" portid="8181"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="intermapper" method="table" conf="3"/></port>
  9292. </ports>
  9293. <times srtt="229183" rttvar="1239" to="234139"/>
  9294. </host>
  9295. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9296. <address addr="150.109.4.202" addrtype="ipv4"/>
  9297. <hostnames>
  9298. </hostnames>
  9299. <ports><extraports state="closed" count="997">
  9300. <extrareasons reason="conn-refused" count="997"/>
  9301. </extraports>
  9302. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9303. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9304. <port protocol="tcp" portid="8181"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="intermapper" method="table" conf="3"/></port>
  9305. </ports>
  9306. <times srtt="244791" rttvar="7366" to="274255"/>
  9307. </host>
  9308. <host starttime="1606751263" endtime="1606771892"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9309. <address addr="160.124.49.205" addrtype="ipv4"/>
  9310. <hostnames>
  9311. </hostnames>
  9312. <ports><extraports state="filtered" count="991">
  9313. <extrareasons reason="no-responses" count="991"/>
  9314. </extraports>
  9315. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9316. <port protocol="tcp" portid="7777"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cbt" method="table" conf="3"/></port>
  9317. <port protocol="tcp" portid="8088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="radan-http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9318. <port protocol="tcp" portid="9103"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="jetdirect" method="table" conf="3"/></port>
  9319. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9320. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9321. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9322. <port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9323. <port protocol="tcp" portid="49157"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9324. </ports>
  9325. <times srtt="232686" rttvar="3088" to="245038"/>
  9326. </host>
  9327. <host starttime="1606751262" endtime="1606771892"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9328. <address addr="217.12.201.123" addrtype="ipv4"/>
  9329. <hostnames>
  9330. <hostname name="hans.me" type="PTR"/>
  9331. </hostnames>
  9332. <ports><extraports state="closed" count="987">
  9333. <extrareasons reason="conn-refused" count="987"/>
  9334. </extraports>
  9335. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9336. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9337. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9338. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  9339. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9340. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9341. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9342. <port protocol="tcp" portid="4444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  9343. <port protocol="tcp" portid="5050"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mmcc" method="table" conf="3"/></port>
  9344. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9345. <port protocol="tcp" portid="8300"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tmi" method="table" conf="3"/></port>
  9346. <port protocol="tcp" portid="9090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zeus-admin" method="table" conf="3"/></port>
  9347. <port protocol="tcp" portid="9999"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="abyss" method="table" conf="3"/></port>
  9348. </ports>
  9349. <times srtt="95593" rttvar="823" to="100000"/>
  9350. </host>
  9351. <host starttime="1606751262" endtime="1606771870"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9352. <address addr="192.236.194.99" addrtype="ipv4"/>
  9353. <hostnames>
  9354. <hostname name="hwsrv-758605.hostwindsdns.com" type="PTR"/>
  9355. </hostnames>
  9356. <ports><extraports state="closed" count="997">
  9357. <extrareasons reason="conn-refused" count="997"/>
  9358. </extraports>
  9359. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9360. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9361. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9362. </ports>
  9363. <times srtt="94178" rttvar="1755" to="101198"/>
  9364. </host>
  9365. <host starttime="1606751261" endtime="1606771902"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9366. <address addr="172.247.164.40" addrtype="ipv4"/>
  9367. <hostnames>
  9368. </hostnames>
  9369. <ports><extraports state="closed" count="988">
  9370. <extrareasons reason="conn-refused" count="988"/>
  9371. </extraports>
  9372. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9373. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9374. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  9375. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9376. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9377. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9378. <port protocol="tcp" portid="992"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="telnets" method="table" conf="3"/></port>
  9379. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  9380. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  9381. <port protocol="tcp" portid="5555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="freeciv" method="table" conf="3"/></port>
  9382. <port protocol="tcp" portid="6689"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="tsa" method="table" conf="3"/></port>
  9383. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9384. </ports>
  9385. <times srtt="232165" rttvar="4533" to="250297"/>
  9386. </host>
  9387. <host starttime="1606751262" endtime="1606771911"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9388. <address addr="144.48.10.16" addrtype="ipv4"/>
  9389. <hostnames>
  9390. </hostnames>
  9391. <ports><extraports state="filtered" count="915">
  9392. <extrareasons reason="host-unreaches" count="905"/>
  9393. <extrareasons reason="no-responses" count="10"/>
  9394. </extraports>
  9395. <extraports state="closed" count="81">
  9396. <extrareasons reason="conn-refused" count="81"/>
  9397. </extraports>
  9398. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9399. <port protocol="tcp" portid="8001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vcom-tunnel" method="table" conf="3"/></port>
  9400. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9401. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  9402. </ports>
  9403. <times srtt="296956" rttvar="1966" to="304820"/>
  9404. </host>
  9405. <host starttime="1606751262" endtime="1606771901"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9406. <address addr="140.82.19.26" addrtype="ipv4"/>
  9407. <hostnames>
  9408. <hostname name="where.the.fuck.i.am" type="PTR"/>
  9409. </hostnames>
  9410. <ports><extraports state="filtered" count="917">
  9411. <extrareasons reason="no-responses" count="917"/>
  9412. </extraports>
  9413. <extraports state="closed" count="79">
  9414. <extrareasons reason="conn-refused" count="79"/>
  9415. </extraports>
  9416. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9417. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9418. <port protocol="tcp" portid="666"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="doom" method="table" conf="3"/></port>
  9419. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9420. </ports>
  9421. <times srtt="66889" rttvar="2188" to="100000"/>
  9422. </host>
  9423. <host starttime="1606751271" endtime="1606771879"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9424. <address addr="43.243.171.226" addrtype="ipv4"/>
  9425. <hostnames>
  9426. </hostnames>
  9427. <ports><extraports state="filtered" count="996">
  9428. <extrareasons reason="host-unreaches" count="970"/>
  9429. <extrareasons reason="no-responses" count="26"/>
  9430. </extraports>
  9431. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9432. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  9433. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9434. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  9435. </ports>
  9436. <times srtt="233610" rttvar="3213" to="246462"/>
  9437. </host>
  9438. <host starttime="1606751262" endtime="1606771906"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9439. <address addr="47.104.108.112" addrtype="ipv4"/>
  9440. <hostnames>
  9441. </hostnames>
  9442. <ports><extraports state="filtered" count="989">
  9443. <extrareasons reason="no-responses" count="989"/>
  9444. </extraports>
  9445. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9446. <port protocol="tcp" portid="53"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9447. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.104.108.112,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 47.104.108.112,/push&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9448. <port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  9449. <port protocol="tcp" portid="3389"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  9450. <port protocol="tcp" portid="6000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11" method="table" conf="3"/></port>
  9451. <port protocol="tcp" portid="6001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="X11:1" method="table" conf="3"/></port>
  9452. <port protocol="tcp" portid="6002"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="X11:2" method="table" conf="3"/></port>
  9453. <port protocol="tcp" portid="6003"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="X11:3" method="table" conf="3"/></port>
  9454. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9455. <port protocol="tcp" portid="8443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  9456. </ports>
  9457. <times srtt="239002" rttvar="2051" to="247206"/>
  9458. </host>
  9459. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9460. <address addr="159.203.16.149" addrtype="ipv4"/>
  9461. <hostnames>
  9462. </hostnames>
  9463. <ports><extraports state="closed" count="997">
  9464. <extrareasons reason="conn-refused" count="997"/>
  9465. </extraports>
  9466. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9467. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9468. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  9469. </ports>
  9470. <times srtt="24286" rttvar="866" to="100000"/>
  9471. </host>
  9472. <host starttime="1606751261" endtime="1606771894"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9473. <address addr="45.76.99.2" addrtype="ipv4"/>
  9474. <hostnames>
  9475. <hostname name="45.76.99.2.vultr.com" type="PTR"/>
  9476. </hostnames>
  9477. <ports><extraports state="closed" count="989">
  9478. <extrareasons reason="conn-refused" count="989"/>
  9479. </extraports>
  9480. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9481. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9482. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9483. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9484. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9485. <port protocol="tcp" portid="8082"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  9486. <port protocol="tcp" portid="8086"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="d-s-n" method="table" conf="3"/></port>
  9487. <port protocol="tcp" portid="8087"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="simplifymedia" method="table" conf="3"/></port>
  9488. <port protocol="tcp" portid="9000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="cslistener" method="table" conf="3"/></port>
  9489. <port protocol="tcp" portid="10082"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="amandaidx" method="table" conf="3"/></port>
  9490. <port protocol="tcp" portid="11111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vce" method="table" conf="3"/></port>
  9491. </ports>
  9492. <times srtt="180959" rttvar="1201" to="185763"/>
  9493. </host>
  9494. <host starttime="1606751262" endtime="1606771908"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9495. <address addr="45.91.24.205" addrtype="ipv4"/>
  9496. <hostnames>
  9497. </hostnames>
  9498. <ports><extraports state="closed" count="988">
  9499. <extrareasons reason="conn-refused" count="988"/>
  9500. </extraports>
  9501. <port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  9502. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9503. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9504. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  9505. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9506. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9507. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9508. <port protocol="tcp" portid="500"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="isakmp" method="table" conf="3"/></port>
  9509. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  9510. <port protocol="tcp" portid="2179"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vmrdp" method="table" conf="3"/></port>
  9511. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  9512. <port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9513. </ports>
  9514. <times srtt="207625" rttvar="6752" to="234633"/>
  9515. </host>
  9516. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9517. <address addr="176.121.14.241" addrtype="ipv4"/>
  9518. <hostnames>
  9519. <hostname name="ns1648.ztomy.com" type="PTR"/>
  9520. </hostnames>
  9521. <ports><extraports state="filtered" count="1000">
  9522. <extrareasons reason="no-responses" count="1000"/>
  9523. </extraports>
  9524. </ports>
  9525. <times srtt="125159" rttvar="125159" to="625795"/>
  9526. </host>
  9527. <host starttime="1606751263" endtime="1606771908"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9528. <address addr="8.210.129.133" addrtype="ipv4"/>
  9529. <hostnames>
  9530. </hostnames>
  9531. <ports><extraports state="closed" count="994">
  9532. <extrareasons reason="conn-refused" count="994"/>
  9533. </extraports>
  9534. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9535. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9536. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9537. <port protocol="tcp" portid="5432"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="postgresql" method="table" conf="3"/></port>
  9538. <port protocol="tcp" portid="9876"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sd" method="table" conf="3"/></port>
  9539. <port protocol="tcp" portid="20000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="dnp" method="table" conf="3"/></port>
  9540. </ports>
  9541. <times srtt="232158" rttvar="1075" to="236458"/>
  9542. </host>
  9543. <host starttime="1606751262" endtime="1606771887"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9544. <address addr="118.24.85.85" addrtype="ipv4"/>
  9545. <hostnames>
  9546. </hostnames>
  9547. <ports><extraports state="closed" count="994">
  9548. <extrareasons reason="conn-refused" count="994"/>
  9549. </extraports>
  9550. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9551. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9552. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9553. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9554. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  9555. <port protocol="tcp" portid="7000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-fileserver" method="table" conf="3"/></port>
  9556. </ports>
  9557. <times srtt="268555" rttvar="2059" to="276791"/>
  9558. </host>
  9559. <host starttime="1606751263" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9560. <address addr="120.92.18.192" addrtype="ipv4"/>
  9561. <hostnames>
  9562. </hostnames>
  9563. <ports><extraports state="closed" count="994">
  9564. <extrareasons reason="conn-refused" count="994"/>
  9565. </extraports>
  9566. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9567. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9568. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9569. <port protocol="tcp" portid="5003"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="filemaker" method="table" conf="3"/></port>
  9570. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  9571. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  9572. </ports>
  9573. <times srtt="228165" rttvar="1417" to="233833"/>
  9574. </host>
  9575. <host starttime="1606751263" endtime="1606771897"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9576. <address addr="81.70.154.226" addrtype="ipv4"/>
  9577. <hostnames>
  9578. </hostnames>
  9579. <ports><extraports state="closed" count="991">
  9580. <extrareasons reason="conn-refused" count="991"/>
  9581. </extraports>
  9582. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9583. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9584. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 220.194.224.244,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/amzn.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 5000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 220.194.224.244,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko&#xa;HTTP Method Path 2: /N4215/adj/amzn.us.sr.aps&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9585. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9586. <port protocol="tcp" portid="1000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cadlock" method="table" conf="3"/></port>
  9587. <port protocol="tcp" portid="1001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="webpush" method="table" conf="3"/></port>
  9588. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  9589. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  9590. <port protocol="tcp" portid="7443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="oracleas-https" method="table" conf="3"/></port>
  9591. </ports>
  9592. <times srtt="222558" rttvar="920" to="226238"/>
  9593. </host>
  9594. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9595. <address addr="192.3.81.214" addrtype="ipv4"/>
  9596. <hostnames>
  9597. </hostnames>
  9598. <ports><extraports state="closed" count="998">
  9599. <extrareasons reason="conn-refused" count="998"/>
  9600. </extraports>
  9601. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9602. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9603. </ports>
  9604. <times srtt="29165" rttvar="7310" to="100000"/>
  9605. </host>
  9606. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9607. <address addr="103.234.72.154" addrtype="ipv4"/>
  9608. <hostnames>
  9609. </hostnames>
  9610. <ports><extraports state="closed" count="998">
  9611. <extrareasons reason="conn-refused" count="998"/>
  9612. </extraports>
  9613. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9614. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9615. </ports>
  9616. <times srtt="225205" rttvar="4611" to="243649"/>
  9617. </host>
  9618. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9619. <address addr="139.199.185.41" addrtype="ipv4"/>
  9620. <hostnames>
  9621. </hostnames>
  9622. <ports><extraports state="closed" count="996">
  9623. <extrareasons reason="conn-refused" count="996"/>
  9624. </extraports>
  9625. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9626. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9627. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9628. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  9629. </ports>
  9630. <times srtt="233190" rttvar="2322" to="242478"/>
  9631. </host>
  9632. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9633. <address addr="123.58.211.116" addrtype="ipv4"/>
  9634. <hostnames>
  9635. </hostnames>
  9636. <ports><extraports state="closed" count="996">
  9637. <extrareasons reason="conn-refused" count="996"/>
  9638. </extraports>
  9639. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9640. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9641. <port protocol="tcp" portid="497"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="retrospect" method="table" conf="3"/></port>
  9642. <port protocol="tcp" portid="7000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="afs3-fileserver" method="table" conf="3"/></port>
  9643. </ports>
  9644. <times srtt="266792" rttvar="45946" to="450576"/>
  9645. </host>
  9646. <host starttime="1606751263" endtime="1606771879"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9647. <address addr="132.232.94.126" addrtype="ipv4"/>
  9648. <hostnames>
  9649. </hostnames>
  9650. <ports><extraports state="filtered" count="987">
  9651. <extrareasons reason="host-unreaches" count="948"/>
  9652. <extrareasons reason="no-responses" count="39"/>
  9653. </extraports>
  9654. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9655. <port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  9656. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  9657. <port protocol="tcp" portid="110"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pop3" method="table" conf="3"/></port>
  9658. <port protocol="tcp" portid="143"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imap" method="table" conf="3"/></port>
  9659. <port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  9660. <port protocol="tcp" portid="465"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtps" method="table" conf="3"/></port>
  9661. <port protocol="tcp" portid="587"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="submission" method="table" conf="3"/></port>
  9662. <port protocol="tcp" portid="993"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="imaps" method="table" conf="3"/></port>
  9663. <port protocol="tcp" portid="995"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pop3s" method="table" conf="3"/></port>
  9664. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9665. <port protocol="tcp" portid="8010"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="xmpp" method="table" conf="3"/></port>
  9666. <port protocol="tcp" portid="9090"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="zeus-admin" method="table" conf="3"/></port>
  9667. </ports>
  9668. <times srtt="254303" rttvar="3432" to="268031"/>
  9669. </host>
  9670. <host starttime="1606751270" endtime="1606771892"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9671. <address addr="120.78.128.250" addrtype="ipv4"/>
  9672. <hostnames>
  9673. </hostnames>
  9674. <ports><extraports state="filtered" count="997">
  9675. <extrareasons reason="no-responses" count="995"/>
  9676. <extrareasons reason="host-unreaches" count="2"/>
  9677. </extraports>
  9678. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9679. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 37500&#xa;Jitter: 33&#xa;Maxdns: 245&#xa;C2 Server: 121.194.7.193,/login,118.180.56.216,/config,60.217.246.181,/admin,124.165.213.221,/login,112.54.108.68,/login,119.84.129.240,/login,111.6.180.143,/admin,123.138.154.70,/config,36.102.212.82,/login,111.7.163.218,/config,122.193.130.97,/login&#xa;User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36&#xa;HTTP Method Path 2: /Login&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x08\x08\x08\x08&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\gpupdate.exe&#xa;Spawnto_x64: %windir%\sysnative\gpupdate.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9680. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  9681. </ports>
  9682. <times srtt="232164" rttvar="2485" to="242104"/>
  9683. </host>
  9684. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9685. <address addr="34.84.137.228" addrtype="ipv4"/>
  9686. <hostnames>
  9687. <hostname name="228.137.84.34.bc.googleusercontent.com" type="PTR"/>
  9688. </hostnames>
  9689. <ports><extraports state="closed" count="998">
  9690. <extrareasons reason="conn-refused" count="998"/>
  9691. </extraports>
  9692. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9693. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9694. </ports>
  9695. <times srtt="173622" rttvar="5165" to="194282"/>
  9696. </host>
  9697. <host starttime="1606751270" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9698. <address addr="88.85.118.13" addrtype="ipv4"/>
  9699. <hostnames>
  9700. </hostnames>
  9701. <ports><extraports state="closed" count="994">
  9702. <extrareasons reason="conn-refused" count="994"/>
  9703. </extraports>
  9704. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9705. <port protocol="tcp" portid="646"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ldp" method="table" conf="3"/></port>
  9706. <port protocol="tcp" portid="1723"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  9707. <port protocol="tcp" portid="2000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cisco-sccp" method="table" conf="3"/></port>
  9708. <port protocol="tcp" portid="8002"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="teradataordbms" method="table" conf="3"/></port>
  9709. <port protocol="tcp" portid="8291"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  9710. </ports>
  9711. <times srtt="130786" rttvar="683" to="133518"/>
  9712. </host>
  9713. <host starttime="1606751262" endtime="1606771919"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9714. <address addr="49.235.158.131" addrtype="ipv4"/>
  9715. <hostnames>
  9716. </hostnames>
  9717. <ports><extraports state="closed" count="984">
  9718. <extrareasons reason="conn-refused" count="984"/>
  9719. </extraports>
  9720. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9721. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  9722. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9723. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9724. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  9725. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9726. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9727. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9728. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  9729. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  9730. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  9731. <port protocol="tcp" portid="1088"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="cplscrambler-al" method="table" conf="3"/></port>
  9732. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  9733. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  9734. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  9735. <port protocol="tcp" portid="9876"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="sd" method="table" conf="3"/></port>
  9736. </ports>
  9737. <times srtt="210269" rttvar="3866" to="225733"/>
  9738. </host>
  9739. <host starttime="1606751263" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9740. <address addr="47.74.39.152" addrtype="ipv4"/>
  9741. <hostnames>
  9742. </hostnames>
  9743. <ports><extraports state="filtered" count="986">
  9744. <extrareasons reason="no-responses" count="986"/>
  9745. </extraports>
  9746. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9747. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  9748. <port protocol="tcp" portid="81"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="hosts2-ns" method="table" conf="3"/></port>
  9749. <port protocol="tcp" portid="389"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ldap" method="table" conf="3"/></port>
  9750. <port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  9751. <port protocol="tcp" portid="1080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="socks" method="table" conf="3"/></port>
  9752. <port protocol="tcp" portid="1099"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="rmiregistry" method="table" conf="3"/></port>
  9753. <port protocol="tcp" portid="3000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ppp" method="table" conf="3"/></port>
  9754. <port protocol="tcp" portid="3389"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  9755. <port protocol="tcp" portid="4444"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  9756. <port protocol="tcp" portid="7777"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="cbt" method="table" conf="3"/></port>
  9757. <port protocol="tcp" portid="8000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/></port>
  9758. <port protocol="tcp" portid="8080"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/></port>
  9759. <port protocol="tcp" portid="8443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  9760. </ports>
  9761. <times srtt="182283" rttvar="5162" to="202931"/>
  9762. </host>
  9763. <host starttime="1606751262" endtime="1606771872"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9764. <address addr="18.162.32.44" addrtype="ipv4"/>
  9765. <hostnames>
  9766. <hostname name="ec2-18-162-32-44.ap-east-1.compute.amazonaws.com" type="PTR"/>
  9767. </hostnames>
  9768. <ports><extraports state="filtered" count="995">
  9769. <extrareasons reason="no-responses" count="995"/>
  9770. </extraports>
  9771. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9772. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  9773. <port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  9774. <port protocol="tcp" portid="8001"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vcom-tunnel" method="table" conf="3"/></port>
  9775. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9776. </ports>
  9777. <times srtt="213265" rttvar="1536" to="219409"/>
  9778. </host>
  9779. <host starttime="1606751275" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9780. <address addr="5.2.73.137" addrtype="ipv4"/>
  9781. <hostnames>
  9782. </hostnames>
  9783. <ports><extraports state="closed" count="998">
  9784. <extrareasons reason="conn-refused" count="998"/>
  9785. </extraports>
  9786. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9787. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9788. </ports>
  9789. <times srtt="93693" rttvar="903" to="100000"/>
  9790. </host>
  9791. <host starttime="1606751271" endtime="1606771880"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9792. <address addr="185.181.102.197" addrtype="ipv4"/>
  9793. <hostnames>
  9794. <hostname name="no-rdns.m247.ro" type="PTR"/>
  9795. </hostnames>
  9796. <ports><extraports state="closed" count="998">
  9797. <extrareasons reason="conn-refused" count="998"/>
  9798. </extraports>
  9799. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9800. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9801. </ports>
  9802. <times srtt="128381" rttvar="2515" to="138441"/>
  9803. </host>
  9804. <host starttime="1606751262" endtime="1606771869"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9805. <address addr="119.27.162.66" addrtype="ipv4"/>
  9806. <hostnames>
  9807. </hostnames>
  9808. <ports><extraports state="closed" count="997">
  9809. <extrareasons reason="conn-refused" count="997"/>
  9810. </extraports>
  9811. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9812. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9813. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9814. </ports>
  9815. <times srtt="261108" rttvar="5184" to="281844"/>
  9816. </host>
  9817. <host starttime="1606751261" endtime="1606770908"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9818. <address addr="5.149.254.28" addrtype="ipv4"/>
  9819. <hostnames>
  9820. <hostname name="hosted-by.hostzealot.com" type="PTR"/>
  9821. </hostnames>
  9822. <ports><extraports state="closed" count="999">
  9823. <extrareasons reason="conn-refused" count="999"/>
  9824. </extraports>
  9825. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9826. </ports>
  9827. <times srtt="92894" rttvar="2132" to="101422"/>
  9828. </host>
  9829. <host starttime="1606751262" endtime="1606771877"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9830. <address addr="158.247.195.228" addrtype="ipv4"/>
  9831. <hostnames>
  9832. <hostname name="158.247.195.228.vultr.com" type="PTR"/>
  9833. </hostnames>
  9834. <ports><extraports state="closed" count="994">
  9835. <extrareasons reason="conn-refused" count="994"/>
  9836. </extraports>
  9837. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9838. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9839. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9840. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9841. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9842. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9843. </ports>
  9844. <times srtt="206495" rttvar="936" to="210239"/>
  9845. </host>
  9846. <taskprogress task="Connect Scan" time="1606773701" percent="99.25" remaining="14" etc="1606773714"/>
  9847. <host starttime="1606751262" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9848. <address addr="101.36.102.73" addrtype="ipv4"/>
  9849. <hostnames>
  9850. </hostnames>
  9851. <ports><extraports state="closed" count="995">
  9852. <extrareasons reason="conn-refused" count="995"/>
  9853. </extraports>
  9854. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9855. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9856. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  9857. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9858. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9859. </ports>
  9860. <times srtt="256169" rttvar="4045" to="272349"/>
  9861. </host>
  9862. <host starttime="1606751262" endtime="1606774460"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9863. <address addr="185.162.235.111" addrtype="ipv4"/>
  9864. <hostnames>
  9865. </hostnames>
  9866. <ports><extraports state="closed" count="993">
  9867. <extrareasons reason="conn-refused" count="993"/>
  9868. </extraports>
  9869. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9870. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9871. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.162.235.111,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.162.235.111,/en_US/all.js&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9872. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9873. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 185.162.235.111,/j.ad&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9874. <port protocol="tcp" portid="445"><state state="filtered" reason="host-unreach" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9875. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  9876. </ports>
  9877. <times srtt="95158" rttvar="1878" to="102670"/>
  9878. </host>
  9879. <host starttime="1606751262" endtime="1606774439"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9880. <address addr="176.107.133.47" addrtype="ipv4"/>
  9881. <hostnames>
  9882. <hostname name="host47-133-107-176.static.arubacloud.pl" type="PTR"/>
  9883. </hostnames>
  9884. <ports><extraports state="closed" count="995">
  9885. <extrareasons reason="conn-refused" count="995"/>
  9886. </extraports>
  9887. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9888. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9889. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9890. <port protocol="tcp" portid="179"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bgp" method="table" conf="3"/></port>
  9891. <port protocol="tcp" portid="443"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  9892. </ports>
  9893. <times srtt="119545" rttvar="1441" to="125309"/>
  9894. </host>
  9895. <host starttime="1606751263" endtime="1606773337"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9896. <address addr="185.81.114.123" addrtype="ipv4"/>
  9897. <hostnames>
  9898. <hostname name="wszhb.weddingplannernest.com" type="PTR"/>
  9899. </hostnames>
  9900. <ports><extraports state="closed" count="999">
  9901. <extrareasons reason="conn-refused" count="999"/>
  9902. </extraports>
  9903. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9904. </ports>
  9905. <times srtt="92485" rttvar="1048" to="100000"/>
  9906. </host>
  9907. <host starttime="1606751263" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9908. <address addr="176.121.14.197" addrtype="ipv4"/>
  9909. <hostnames>
  9910. <hostname name="ns1648.ztomy.com" type="PTR"/>
  9911. </hostnames>
  9912. <ports><extraports state="filtered" count="1000">
  9913. <extrareasons reason="no-responses" count="1000"/>
  9914. </extraports>
  9915. </ports>
  9916. <times srtt="123128" rttvar="123128" to="615640"/>
  9917. </host>
  9918. <host starttime="1606751262" endtime="1606774433"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9919. <address addr="167.179.83.166" addrtype="ipv4"/>
  9920. <hostnames>
  9921. <hostname name="8.8.8.8" type="PTR"/>
  9922. </hostnames>
  9923. <ports><extraports state="closed" count="991">
  9924. <extrareasons reason="conn-refused" count="991"/>
  9925. </extraports>
  9926. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9927. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9928. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9929. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  9930. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9931. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  9932. <port protocol="tcp" portid="1688"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nsjtp-data" method="table" conf="3"/></port>
  9933. <port protocol="tcp" portid="3306"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  9934. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  9935. </ports>
  9936. <times srtt="180197" rttvar="998" to="184189"/>
  9937. </host>
  9938. <host starttime="1606751262" endtime="1606774443"><status state="up" reason="syn-ack" reason_ttl="0"/>
  9939. <address addr="139.217.83.230" addrtype="ipv4"/>
  9940. <hostnames>
  9941. </hostnames>
  9942. <ports><extraports state="closed" count="992">
  9943. <extrareasons reason="conn-refused" count="992"/>
  9944. </extraports>
  9945. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9946. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9947. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9948. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 55054&#xa;Jitter: 43&#xa;Maxdns: 247&#xa;C2 Server: 139.217.83.230,/groupcp&#xa;User Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202&#xa;HTTP Method Path 2: /d_config&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \xF2\xDE\x18M&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\WUAUCLT.exe&#xa;Spawnto_x64: %windir%\sysnative\WUAUCLT.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  9949. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9950. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  9951. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  9952. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  9953. </ports>
  9954. <times srtt="241947" rttvar="2344" to="251323"/>
  9955. </host>
  9956. <host starttime="1606751262" endtime="1606773305"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9957. <address addr="89.38.225.140" addrtype="ipv4"/>
  9958. <hostnames>
  9959. </hostnames>
  9960. <ports><extraports state="closed" count="999">
  9961. <extrareasons reason="conn-refused" count="999"/>
  9962. </extraports>
  9963. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9964. </ports>
  9965. <times srtt="227305" rttvar="1792" to="234473"/>
  9966. </host>
  9967. <host starttime="1606751262" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9968. <address addr="47.107.145.96" addrtype="ipv4"/>
  9969. <hostnames>
  9970. </hostnames>
  9971. <ports><extraports state="closed" count="996">
  9972. <extrareasons reason="conn-refused" count="996"/>
  9973. </extraports>
  9974. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9975. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  9976. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  9977. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  9978. </ports>
  9979. <times srtt="241846" rttvar="5491" to="263810"/>
  9980. </host>
  9981. <host starttime="1606751262" endtime="1606774429"><status state="up" reason="conn-refused" reason_ttl="0"/>
  9982. <address addr="39.108.229.236" addrtype="ipv4"/>
  9983. <hostnames>
  9984. </hostnames>
  9985. <ports><extraports state="filtered" count="989">
  9986. <extrareasons reason="no-responses" count="989"/>
  9987. </extraports>
  9988. <port protocol="tcp" portid="20"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ftp-data" method="table" conf="3"/></port>
  9989. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  9990. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  9991. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  9992. <port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  9993. <port protocol="tcp" portid="888"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  9994. <port protocol="tcp" portid="7443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="oracleas-https" method="table" conf="3"/></port>
  9995. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  9996. <port protocol="tcp" portid="8081"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  9997. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  9998. <port protocol="tcp" portid="9080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="glrpc" method="table" conf="3"/></port>
  9999. </ports>
  10000. <times srtt="293938" rttvar="46019" to="478014"/>
  10001. </host>
  10002. <host starttime="1606751262" endtime="1606774442"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10003. <address addr="159.203.86.116" addrtype="ipv4"/>
  10004. <hostnames>
  10005. <hostname name="inlinecms.com" type="PTR"/>
  10006. </hostnames>
  10007. <ports><extraports state="filtered" count="987">
  10008. <extrareasons reason="no-responses" count="987"/>
  10009. </extraports>
  10010. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10011. <port protocol="tcp" portid="88"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="kerberos-sec" method="table" conf="3"/></port>
  10012. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10013. <port protocol="tcp" portid="444"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="snpp" method="table" conf="3"/></port>
  10014. <port protocol="tcp" portid="545"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ekshell" method="table" conf="3"/></port>
  10015. <port protocol="tcp" portid="5000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  10016. <port protocol="tcp" portid="5001"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="commplex-link" method="table" conf="3"/></port>
  10017. <port protocol="tcp" portid="5002"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="rfe" method="table" conf="3"/></port>
  10018. <port protocol="tcp" portid="5003"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="filemaker" method="table" conf="3"/></port>
  10019. <port protocol="tcp" portid="5004"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="avt-profile-1" method="table" conf="3"/></port>
  10020. <port protocol="tcp" portid="5009"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="airport-admin" method="table" conf="3"/></port>
  10021. <port protocol="tcp" portid="5050"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="mmcc" method="table" conf="3"/></port>
  10022. <port protocol="tcp" portid="8443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https-alt" method="table" conf="3"/></port>
  10023. </ports>
  10024. <times srtt="20456" rttvar="10878" to="100000"/>
  10025. </host>
  10026. <host starttime="1606751262" endtime="1606774443"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10027. <address addr="103.237.102.22" addrtype="ipv4"/>
  10028. <hostnames>
  10029. </hostnames>
  10030. <ports><extraports state="closed" count="986">
  10031. <extrareasons reason="conn-refused" count="986"/>
  10032. </extraports>
  10033. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10034. <port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="smtp" method="table" conf="3"/></port>
  10035. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10036. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10037. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  10038. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  10039. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  10040. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 8 (HTTPS)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 103.237.102.22,/c/msdownload/update/others/2016/12/29136388_&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)&#xa;HTTP Method Path 2: /c/msdownload/update/others/2016/12/3215234_&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: GET&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  10041. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10042. <port protocol="tcp" portid="1900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  10043. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  10044. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  10045. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  10046. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10047. </ports>
  10048. <times srtt="225599" rttvar="3177" to="238307"/>
  10049. </host>
  10050. <host starttime="1606751263" endtime="1606774450"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10051. <address addr="121.37.23.161" addrtype="ipv4"/>
  10052. <hostnames>
  10053. <hostname name="ecs-121-37-23-161.compute.hwclouds-dns.com" type="PTR"/>
  10054. </hostnames>
  10055. <ports><extraports state="closed" count="994">
  10056. <extrareasons reason="conn-refused" count="994"/>
  10057. </extraports>
  10058. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10059. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10060. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10061. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10062. <port protocol="tcp" portid="4444"><state state="filtered" reason="host-unreach" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  10063. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10064. </ports>
  10065. <times srtt="238231" rttvar="2023" to="246323"/>
  10066. </host>
  10067. <host starttime="1606751262" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10068. <address addr="47.94.195.242" addrtype="ipv4"/>
  10069. <hostnames>
  10070. </hostnames>
  10071. <ports><extraports state="closed" count="994">
  10072. <extrareasons reason="conn-refused" count="994"/>
  10073. </extraports>
  10074. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10075. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10076. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10077. <port protocol="tcp" portid="4444"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  10078. <port protocol="tcp" portid="5800"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/></port>
  10079. <port protocol="tcp" portid="5900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="vnc" method="table" conf="3"/></port>
  10080. </ports>
  10081. <times srtt="226281" rttvar="1013" to="230333"/>
  10082. </host>
  10083. <host starttime="1606751261" endtime="1606774454"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10084. <address addr="85.194.241.41" addrtype="ipv4"/>
  10085. <hostnames>
  10086. <hostname name="ip-41.85-194-241-0.net.eco.atman.pl" type="PTR"/>
  10087. </hostnames>
  10088. <ports><extraports state="filtered" count="997">
  10089. <extrareasons reason="no-responses" count="997"/>
  10090. </extraports>
  10091. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10092. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10093. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10094. </ports>
  10095. <times srtt="120719" rttvar="1525" to="126819"/>
  10096. </host>
  10097. <host starttime="1606751262" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10098. <address addr="23.91.97.112" addrtype="ipv4"/>
  10099. <hostnames>
  10100. </hostnames>
  10101. <ports><extraports state="filtered" count="978">
  10102. <extrareasons reason="no-responses" count="978"/>
  10103. </extraports>
  10104. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10105. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  10106. <port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  10107. <port protocol="tcp" portid="3389"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  10108. <port protocol="tcp" portid="4000"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="remoteanything" method="table" conf="3"/></port>
  10109. <port protocol="tcp" portid="4001"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="newoak" method="table" conf="3"/></port>
  10110. <port protocol="tcp" portid="4002"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="mlchat-proxy" method="table" conf="3"/></port>
  10111. <port protocol="tcp" portid="4003"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="pxc-splr-ft" method="table" conf="3"/></port>
  10112. <port protocol="tcp" portid="4004"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="pxc-roid" method="table" conf="3"/></port>
  10113. <port protocol="tcp" portid="4005"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="pxc-pin" method="table" conf="3"/></port>
  10114. <port protocol="tcp" portid="4006"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="pxc-spvr" method="table" conf="3"/></port>
  10115. <port protocol="tcp" portid="4045"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="lockd" method="table" conf="3"/></port>
  10116. <port protocol="tcp" portid="4111"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="xgrid" method="table" conf="3"/></port>
  10117. <port protocol="tcp" portid="4125"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="rww" method="table" conf="3"/></port>
  10118. <port protocol="tcp" portid="4126"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ddrepl" method="table" conf="3"/></port>
  10119. <port protocol="tcp" portid="4129"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="nuauth" method="table" conf="3"/></port>
  10120. <port protocol="tcp" portid="4224"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="xtell" method="table" conf="3"/></port>
  10121. <port protocol="tcp" portid="4242"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="vrml-multi-use" method="table" conf="3"/></port>
  10122. <port protocol="tcp" portid="4279"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="vrml-multi-use" method="table" conf="3"/></port>
  10123. <port protocol="tcp" portid="7777"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="cbt" method="table" conf="3"/></port>
  10124. <port protocol="tcp" portid="8888"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  10125. <port protocol="tcp" portid="60020"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  10126. </ports>
  10127. <times srtt="222424" rttvar="5423" to="244116"/>
  10128. </host>
  10129. <host starttime="1606751262" endtime="1606774430"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10130. <address addr="157.245.88.21" addrtype="ipv4"/>
  10131. <hostnames>
  10132. <hostname name="507956.cloudwaysapps.com" type="PTR"/>
  10133. </hostnames>
  10134. <ports><extraports state="filtered" count="997">
  10135. <extrareasons reason="no-responses" count="997"/>
  10136. </extraports>
  10137. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10138. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10139. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10140. </ports>
  10141. <times srtt="19688" rttvar="3548" to="100000"/>
  10142. </host>
  10143. <host starttime="1606751262" endtime="1606774442"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10144. <address addr="141.164.41.118" addrtype="ipv4"/>
  10145. <hostnames>
  10146. <hostname name="141.164.41.118.vultr.com" type="PTR"/>
  10147. </hostnames>
  10148. <ports><extraports state="filtered" count="997">
  10149. <extrareasons reason="host-unreaches" count="890"/>
  10150. <extrareasons reason="no-responses" count="107"/>
  10151. </extraports>
  10152. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10153. <port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
  10154. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10155. </ports>
  10156. <times srtt="212648" rttvar="1265" to="217708"/>
  10157. </host>
  10158. <host starttime="1606751262" endtime="1606774456"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10159. <address addr="139.155.10.226" addrtype="ipv4"/>
  10160. <hostnames>
  10161. </hostnames>
  10162. <ports><extraports state="closed" count="996">
  10163. <extrareasons reason="conn-refused" count="996"/>
  10164. </extraports>
  10165. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10166. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10167. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10168. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10169. </ports>
  10170. <times srtt="263505" rttvar="1727" to="270413"/>
  10171. </host>
  10172. <host starttime="1606751262" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10173. <address addr="119.28.112.140" addrtype="ipv4"/>
  10174. <hostnames>
  10175. </hostnames>
  10176. <ports><extraports state="closed" count="997">
  10177. <extrareasons reason="conn-refused" count="997"/>
  10178. </extraports>
  10179. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10180. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10181. <port protocol="tcp" portid="9900"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="iua" method="table" conf="3"/></port>
  10182. </ports>
  10183. <times srtt="245792" rttvar="6629" to="272308"/>
  10184. </host>
  10185. <host starttime="1606751262" endtime="1606774450"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10186. <address addr="80.211.250.62" addrtype="ipv4"/>
  10187. <hostnames>
  10188. <hostname name="host62-250-211-80.static.arubacloud.pl" type="PTR"/>
  10189. </hostnames>
  10190. <ports><extraports state="closed" count="994">
  10191. <extrareasons reason="conn-refused" count="994"/>
  10192. </extraports>
  10193. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10194. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10195. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10196. <port protocol="tcp" portid="179"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bgp" method="table" conf="3"/></port>
  10197. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10198. <port protocol="tcp" portid="1900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  10199. </ports>
  10200. <times srtt="118976" rttvar="1976" to="126880"/>
  10201. </host>
  10202. <host starttime="1606751262" endtime="1606774431"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10203. <address addr="35.201.178.226" addrtype="ipv4"/>
  10204. <hostnames>
  10205. <hostname name="226.178.201.35.bc.googleusercontent.com" type="PTR"/>
  10206. </hostnames>
  10207. <ports><extraports state="closed" count="997">
  10208. <extrareasons reason="conn-refused" count="997"/>
  10209. </extraports>
  10210. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10211. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10212. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10213. </ports>
  10214. <times srtt="202964" rttvar="4953" to="222776"/>
  10215. </host>
  10216. <host starttime="1606751262" endtime="1606774451"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10217. <address addr="204.44.83.89" addrtype="ipv4"/>
  10218. <hostnames>
  10219. <hostname name="204.44.83.89.static.quadranet.com" type="PTR"/>
  10220. </hostnames>
  10221. <ports><extraports state="closed" count="992">
  10222. <extrareasons reason="conn-refused" count="992"/>
  10223. </extraports>
  10224. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  10225. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10226. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10227. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10228. <port protocol="tcp" portid="616"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="sco-sysmgr" method="table" conf="3"/></port>
  10229. <port protocol="tcp" portid="2222"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="EtherNetIP-1" method="table" conf="3"/></port>
  10230. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  10231. <port protocol="tcp" portid="5633"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="beorl" method="table" conf="3"/></port>
  10232. </ports>
  10233. <times srtt="72301" rttvar="6255" to="100000"/>
  10234. </host>
  10235. <host starttime="1606751262" endtime="1606774445"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10236. <address addr="172.86.75.37" addrtype="ipv4"/>
  10237. <hostnames>
  10238. </hostnames>
  10239. <ports><extraports state="filtered" count="994">
  10240. <extrareasons reason="no-responses" count="994"/>
  10241. </extraports>
  10242. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10243. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10244. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10245. <port protocol="tcp" portid="888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  10246. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  10247. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  10248. </ports>
  10249. <times srtt="93069" rttvar="2099" to="101465"/>
  10250. </host>
  10251. <host starttime="1606751262" endtime="1606774453"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10252. <address addr="156.251.174.109" addrtype="ipv4"/>
  10253. <hostnames>
  10254. </hostnames>
  10255. <ports><extraports state="closed" count="994">
  10256. <extrareasons reason="conn-refused" count="994"/>
  10257. </extraports>
  10258. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10259. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10260. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10261. <port protocol="tcp" portid="888"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="accessbuilder" method="table" conf="3"/></port>
  10262. <port protocol="tcp" portid="1900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  10263. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  10264. </ports>
  10265. <times srtt="217080" rttvar="5161" to="237724"/>
  10266. </host>
  10267. <host starttime="1606751263" endtime="1606774456"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10268. <address addr="144.202.113.237" addrtype="ipv4"/>
  10269. <hostnames>
  10270. <hostname name="144.202.113.237.vultr.com" type="PTR"/>
  10271. </hostnames>
  10272. <ports><extraports state="closed" count="991">
  10273. <extrareasons reason="conn-refused" count="991"/>
  10274. </extraports>
  10275. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ftp" method="table" conf="3"/></port>
  10276. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10277. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10278. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 144.202.113.237,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LBBROWSER)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 144.202.113.237,/visit.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  10279. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  10280. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10281. <port protocol="tcp" portid="800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mdbs_daemon" method="table" conf="3"/></port>
  10282. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  10283. <port protocol="tcp" portid="55555"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  10284. </ports>
  10285. <times srtt="71209" rttvar="8719" to="106085"/>
  10286. </host>
  10287. <host starttime="1606751262" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10288. <address addr="47.57.147.243" addrtype="ipv4"/>
  10289. <hostnames>
  10290. </hostnames>
  10291. <ports><extraports state="closed" count="998">
  10292. <extrareasons reason="conn-refused" count="998"/>
  10293. </extraports>
  10294. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10295. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  10296. </ports>
  10297. <times srtt="602265" rttvar="198377" to="1395773"/>
  10298. </host>
  10299. <host starttime="1606751261" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10300. <address addr="49.235.134.8" addrtype="ipv4"/>
  10301. <hostnames>
  10302. </hostnames>
  10303. <ports><extraports state="closed" count="985">
  10304. <extrareasons reason="conn-refused" count="985"/>
  10305. </extraports>
  10306. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10307. <port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3"/></port>
  10308. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10309. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  10310. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  10311. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10312. <port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3"/></port>
  10313. <port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3"/></port>
  10314. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  10315. <port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3"/></port>
  10316. <port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3"/></port>
  10317. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  10318. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  10319. <port protocol="tcp" portid="5050"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mmcc" method="table" conf="3"/></port>
  10320. <port protocol="tcp" portid="8888"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="sun-answerbook" method="table" conf="3"/></port>
  10321. </ports>
  10322. <times srtt="207694" rttvar="2501" to="217698"/>
  10323. </host>
  10324. <host starttime="1606751274" endtime="1606774442"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10325. <address addr="47.106.239.62" addrtype="ipv4"/>
  10326. <hostnames>
  10327. </hostnames>
  10328. <ports><extraports state="closed" count="989">
  10329. <extrareasons reason="conn-refused" count="989"/>
  10330. </extraports>
  10331. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10332. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10333. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10334. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10335. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10336. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  10337. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  10338. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  10339. <port protocol="tcp" portid="8254"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  10340. <port protocol="tcp" portid="10082"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="amandaidx" method="table" conf="3"/></port>
  10341. <port protocol="tcp" portid="60020"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  10342. </ports>
  10343. <times srtt="229214" rttvar="1504" to="235230"/>
  10344. </host>
  10345. <host starttime="1606751262" endtime="1606774450"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10346. <address addr="31.14.40.230" addrtype="ipv4"/>
  10347. <hostnames>
  10348. </hostnames>
  10349. <ports><extraports state="closed" count="993">
  10350. <extrareasons reason="conn-refused" count="993"/>
  10351. </extraports>
  10352. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10353. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10354. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 31.14.40.230,/fwlink&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 31.14.40.230,/pixel.gif&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  10355. <port protocol="tcp" portid="873"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rsync" method="table" conf="3"/></port>
  10356. <port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="pharos" method="table" conf="3"/></port>
  10357. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 31.14.40.230,/push&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 31.14.40.230,/ca&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  10358. <port protocol="tcp" portid="8090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="opsmessaging" method="table" conf="3"/></port>
  10359. </ports>
  10360. <times srtt="125694" rttvar="958" to="129526"/>
  10361. </host>
  10362. <host starttime="1606751262" endtime="1606774445"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10363. <address addr="103.45.98.227" addrtype="ipv4"/>
  10364. <hostnames>
  10365. </hostnames>
  10366. <ports><extraports state="closed" count="991">
  10367. <extrareasons reason="conn-refused" count="991"/>
  10368. </extraports>
  10369. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10370. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10371. <port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rpcbind" method="table" conf="3"/></port>
  10372. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  10373. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  10374. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10375. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10376. <port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3"/></port>
  10377. <port protocol="tcp" portid="1900"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3"/></port>
  10378. </ports>
  10379. <times srtt="266538" rttvar="1955" to="274358"/>
  10380. </host>
  10381. <host starttime="1606751262" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10382. <address addr="103.51.140.139" addrtype="ipv4"/>
  10383. <hostnames>
  10384. </hostnames>
  10385. <ports><extraports state="closed" count="998">
  10386. <extrareasons reason="conn-refused" count="998"/>
  10387. </extraports>
  10388. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10389. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10390. </ports>
  10391. <times srtt="210561" rttvar="7830" to="241881"/>
  10392. </host>
  10393. <host starttime="1606751262" endtime="1606774442"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10394. <address addr="66.42.40.220" addrtype="ipv4"/>
  10395. <hostnames>
  10396. <hostname name="66.42.40.220.vultr.com" type="PTR"/>
  10397. </hostnames>
  10398. <ports><extraports state="closed" count="997">
  10399. <extrareasons reason="conn-refused" count="997"/>
  10400. </extraports>
  10401. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10402. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10403. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10404. </ports>
  10405. <times srtt="181522" rttvar="2400" to="191122"/>
  10406. </host>
  10407. <host starttime="1606751262" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10408. <address addr="5.61.38.180" addrtype="ipv4"/>
  10409. <hostnames>
  10410. </hostnames>
  10411. <ports><extraports state="closed" count="994">
  10412. <extrareasons reason="conn-refused" count="994"/>
  10413. </extraports>
  10414. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10415. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10416. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  10417. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  10418. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10419. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  10420. </ports>
  10421. <times srtt="97038" rttvar="1948" to="104830"/>
  10422. </host>
  10423. <host starttime="1606751262" endtime="1606772908"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10424. <address addr="31.24.229.200" addrtype="ipv4"/>
  10425. <hostnames>
  10426. <hostname name="ramplo.mall-woodeodunnwe.com" type="PTR"/>
  10427. </hostnames>
  10428. <ports><extraports state="filtered" count="999">
  10429. <extrareasons reason="no-responses" count="999"/>
  10430. </extraports>
  10431. <port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  10432. </ports>
  10433. <times srtt="85764" rttvar="814" to="100000"/>
  10434. </host>
  10435. <host starttime="1606751262" endtime="1606774431"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10436. <address addr="101.32.29.242" addrtype="ipv4"/>
  10437. <hostnames>
  10438. </hostnames>
  10439. <ports><extraports state="closed" count="996">
  10440. <extrareasons reason="conn-refused" count="996"/>
  10441. </extraports>
  10442. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10443. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10444. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10445. <port protocol="tcp" portid="5087"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="biotic" method="table" conf="3"/></port>
  10446. </ports>
  10447. <times srtt="223707" rttvar="4665" to="242367"/>
  10448. </host>
  10449. <host starttime="1606751262" endtime="1606774428"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10450. <address addr="85.143.223.144" addrtype="ipv4"/>
  10451. <hostnames>
  10452. <hostname name="254285.simplecloud.ru" type="PTR"/>
  10453. </hostnames>
  10454. <ports><extraports state="closed" count="997">
  10455. <extrareasons reason="conn-refused" count="997"/>
  10456. </extraports>
  10457. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10458. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10459. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10460. </ports>
  10461. <times srtt="126864" rttvar="1804" to="134080"/>
  10462. </host>
  10463. <host starttime="1606751262" endtime="1606774445"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10464. <address addr="169.61.11.75" addrtype="ipv4"/>
  10465. <hostnames>
  10466. <hostname name="4b.0b.3da9.ip4.static.sl-reverse.com" type="PTR"/>
  10467. </hostnames>
  10468. <ports><extraports state="closed" count="995">
  10469. <extrareasons reason="conn-refused" count="995"/>
  10470. </extraports>
  10471. <port protocol="tcp" portid="19"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="chargen" method="table" conf="3"/></port>
  10472. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10473. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10474. <port protocol="tcp" portid="1053"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="remote-as" method="table" conf="3"/></port>
  10475. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10476. </ports>
  10477. <times srtt="40119" rttvar="3650" to="100000"/>
  10478. </host>
  10479. <host starttime="1606751262" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10480. <address addr="185.136.159.207" addrtype="ipv4"/>
  10481. <hostnames>
  10482. </hostnames>
  10483. <ports><extraports state="closed" count="997">
  10484. <extrareasons reason="conn-refused" count="997"/>
  10485. </extraports>
  10486. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10487. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10488. <port protocol="tcp" portid="443"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
  10489. </ports>
  10490. <times srtt="93916" rttvar="796" to="100000"/>
  10491. </host>
  10492. <host starttime="1606751262" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10493. <address addr="47.110.90.89" addrtype="ipv4"/>
  10494. <hostnames>
  10495. </hostnames>
  10496. <ports><extraports state="closed" count="994">
  10497. <extrareasons reason="conn-refused" count="994"/>
  10498. </extraports>
  10499. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10500. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10501. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10502. <port protocol="tcp" portid="1068"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="instl_bootc" method="table" conf="3"/></port>
  10503. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  10504. <port protocol="tcp" portid="5678"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="rrac" method="table" conf="3"/></port>
  10505. </ports>
  10506. <times srtt="207248" rttvar="4519" to="225324"/>
  10507. </host>
  10508. <host starttime="1606751261" endtime="1606774427"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10509. <address addr="153.92.4.32" addrtype="ipv4"/>
  10510. <hostnames>
  10511. <hostname name="supanadit.com" type="PTR"/>
  10512. </hostnames>
  10513. <ports><extraports state="closed" count="998">
  10514. <extrareasons reason="conn-refused" count="998"/>
  10515. </extraports>
  10516. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10517. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10518. </ports>
  10519. <times srtt="260536" rttvar="3272" to="273624"/>
  10520. </host>
  10521. <host starttime="1606751262" endtime="1606774458"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10522. <address addr="149.28.204.108" addrtype="ipv4"/>
  10523. <hostnames>
  10524. <hostname name="149.28.204.108.vultr.com" type="PTR"/>
  10525. </hostnames>
  10526. <ports><extraports state="closed" count="991">
  10527. <extrareasons reason="conn-refused" count="991"/>
  10528. </extraports>
  10529. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10530. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10531. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10532. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  10533. <port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="https" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 149.28.204.108,/fwlink&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 443&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 149.28.204.108,/ga.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  10534. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10535. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10536. <port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3"/></port>
  10537. <port protocol="tcp" portid="8082"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="blackice-alerts" method="table" conf="3"/></port>
  10538. </ports>
  10539. <times srtt="81226" rttvar="1777" to="100000"/>
  10540. </host>
  10541. <host starttime="1606751262" endtime="1606774454"><status state="up" reason="conn-refused" reason_ttl="0"/>
  10542. <address addr="47.107.82.49" addrtype="ipv4"/>
  10543. <hostnames>
  10544. </hostnames>
  10545. <ports><extraports state="closed" count="987">
  10546. <extrareasons reason="conn-refused" count="987"/>
  10547. </extraports>
  10548. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10549. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config"/></port>
  10550. <port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  10551. <port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  10552. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10553. <port protocol="tcp" portid="646"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ldp" method="table" conf="3"/></port>
  10554. <port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="mysql" method="table" conf="3"/></port>
  10555. <port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ms-wbt-server" method="table" conf="3"/></port>
  10556. <port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3"/></port>
  10557. <port protocol="tcp" portid="8009"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ajp13" method="table" conf="3"/></port>
  10558. <port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  10559. <port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  10560. <port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="unknown" method="table" conf="3"/></port>
  10561. </ports>
  10562. <times srtt="230537" rttvar="2681" to="241261"/>
  10563. </host>
  10564. <host starttime="1606751262" endtime="1606774451"><status state="up" reason="syn-ack" reason_ttl="0"/>
  10565. <address addr="5.34.181.12" addrtype="ipv4"/>
  10566. <hostnames>
  10567. <hostname name="hans.me" type="PTR"/>
  10568. </hostnames>
  10569. <ports><extraports state="closed" count="990">
  10570. <extrareasons reason="conn-refused" count="990"/>
  10571. </extraports>
  10572. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
  10573. <port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3"/></port>
  10574. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.181.12,/updates.rss&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 80&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.181.12,/match&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  10575. <port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3"/></port>
  10576. <port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3"/></port>
  10577. <port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
  10578. <port protocol="tcp" portid="5800"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="vnc-http" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 5800&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.181.12,/cm&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 5800&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.181.12,/fwlink&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  10579. <port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-alt" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.181.12,/__utm.gif&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8000&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.181.12,/ptj&#xa;User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  10580. <port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http-proxy" method="table" conf="3"/><script id="grab_beacon_config" output="&#xa;x86 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.181.12,/visit.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;&#xa;x64 URI Response: &#xa;BeaconType: 0 (HTTP)&#xa;Port: 8080&#xa;Polling: 60000&#xa;Jitter: 0&#xa;Maxdns: 255&#xa;C2 Server: 5.34.181.12,/visit.js&#xa;User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER&#xa;HTTP Method Path 2: /submit.php&#xa;Header1: &#xa;Header2: &#xa;PipeName: &#xa;DNS Idle: \x00\x00\x00\x00&#xa;DNS Sleep: 0&#xa;Method1: GET&#xa;Method2: POST&#xa;Spawnto_x86: %windir%\syswow64\rundll32.exe&#xa;Spawnto_x64: %windir%\sysnative\rundll32.exe&#xa;Proxy_AccessType: 2 (Use IE settings)&#xa;&#xa;"/></port>
  10581. <port protocol="tcp" portid="9090"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="zeus-admin" method="table" conf="3"/></port>
  10582. </ports>
  10583. <times srtt="95276" rttvar="710" to="100000"/>
  10584. </host>
  10585. <runstats><finished time="1606774460" timestr="Mon Nov 30 17:14:20 2020" elapsed="23198.75" summary="Nmap done at Mon Nov 30 17:14:20 2020; 628 IP addresses (556 hosts up) scanned in 23198.75 seconds" exit="success"/><hosts up="556" down="72" total="628"/>
  10586. </runstats>
  10587. </nmaprun>
  10588.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!