An Ongoing Attack – Attacker Metadata Information

Christopher Truncer Development, IT Security , , ,

It appears that my personal, and the Veil-Framework server, are under attack from someone attempting to brute force their way into our mail servers.  I noticed this yesterday (5/12) around noon (Eastern Time Zone), and is still underway as of the time of this article.  I’ve been monitoring the logs, and these attacks aren’t coming from a single IP address, but IPs from all over the world.

I have a tool that I am working on that can be used in this scenario.  Right now, I want to try to find as much information about the systems attacking me as I can from publicly available information, without directly interrogating the attacking systems.  Some of the information that I try to gather is stuff such as:

  • Geo-location information
    • Country
    • City
    • Timezone
    • GPS Coordinates
  • ISP
  • Is it a known attacker documented by the Animus Project?
  • Do the attacking IP addresses share any common traits
    • SSH Keys
    • HTTPS Certificates
    • Certificate Chains
  • What common ports are open across the attacking IPs?
  • Are any of the IPs known by VirusTotal?

For anyone that is interested in obtaining the attacking IPs from me, just feel free to reach out to me.  This tool will still need some work in it’s output formatting, but I figured I’d want to give a dump of the raw output in case anyone found its information useful.  Ideally, this attacker metadata information can be helpful to others, but I’d also love to hear if there are tweaks that would make this information more useful.

Here’s some of the data about the systems that are currently attacking my servers (OBVIOUS NOTE: The information here is just about the systems attacking me, and where they are coming from.  An IP address does not equal attribution.  Also, the information that is calculated for “Top X” output is only calculated if the information is available.)

Top 10 Countries
(Country : Number of Occurances)
===================================
India : 300
Vietnam : 292
Peru : 206
Russia : 164
Germany : 134
Iran : 127
Kazakhstan : 126
Belarus : 94
Ukraine : 71
Mexico : 69


Top 10 Cities
(City : Number of Occurances)
===================================
Hanoi, Vietnam : 146
Lima, Peru : 115
Ho Chi Minh City, Vietnam : 101
Minsk, Belarus : 66
Bangalore, India : 47
Mumbai, India : 34
Yerevan, Armenia : 33
Tashkent, Uzbekistan : 32
Karagandy, Kazakhstan : 32
Jeddah, Saudi Arabia : 23


Top 10 Regions
(Region : Number of Occurances)
===================================
Thanh Pho Ha Noi, Vietnam : 146
Provincia de Lima, Peru : 115
Ho Chi Minh City, Vietnam : 101
Maharashtra, India : 83
Minsk, Belarus : 70
Karnataka, India : 47
Qaraghandy Oblysy, Kazakhstan : 37
Yerevan, Armenia : 33
Toshkent Shahri, Uzbekistan : 32
Makkah Province, Saudi Arabia : 23


Top 10 Timezones
(Timezone : Number of Occurances)
===================================
Asia/Kolkata : 300
Asia/Ho_Chi_Minh : 292
America/Lima : 206
Asia/Tehran : 127
Europe/Moscow : 103
Asia/Almaty : 97
Europe/Minsk : 94
Europe/Kiev : 54
America/Mexico_City : 50
Asia/Yerevan : 50


Top 10 GPS Coordinates
(GPS Coordinates : Number of Occurances)
===================================
21.0333, 105.85 : 146
51, 9 : 129
-12.05, -77.05 : 115
10.8142, 106.6438 : 101
53.9, 27.5667 : 66
35.6961, 51.4231 : 66
-12.0433, -77.0283 : 59
12.9833, 77.5833 : 47
18.975, 72.8258 : 36
40.1811, 44.5136 : 33


Top 10 ZipCodes
(ZipCode : Number of Occurances)
===================================
368608 : 21
334001 : 15
443201 : 14
781005 : 14
1871 : 14
677022 : 13
55842 : 12
421301 : 12
400015 : 8
21061 : 8


Top 10 ISPs
(ISPs : Number of Occurances)
===================================
Telefonica del Peru : 183
1&1 Internet AG : 129
JSC Kazakhtelecom : 117
FPT Telecom Company : 107
VDC : 107
BSNL : 104
Belpak : 71
OJSC Rostelecom : 70
Viettel Corporation : 62
Information Technology Company (ITC) : 58


Top 10 Organizations
(Organizations : Number of Occurances)
===================================
Telefonica del Peru : 183
1&1 Internet AG : 129
BSNL : 111
FPT Telecom Company : 107
Vietnam Posts and Telecommunications(VNPT) : 107
JSC Kazakhtelecom : 74
OJSC Rostelecom : 72
Viettel Corporation : 62
Belpak : 61
SaudiNet : 44

**********************************************************************
Shared Detected Communicating Samples
**********************************************************************
b5235e178c6f2f48c8b398a2db1ae71f12eedcf58be28b895b9dd1fc2eee7c30
****************************************************************
Hash is shared across the following IPs:
190.234.106.146

7b1071b68a07d09dd81b219ddb8cd27d2c61ed53c2cfac97071d205ea4d58dfa
****************************************************************
Hash is shared across the following IPs:
182.73.212.254

374dd6d85fc34d26eaae14a718a096f2d15f29bb4e05ed44555e399fbb9b248d
****************************************************************
Hash is shared across the following IPs:
203.176.181.51

8659860339a765982d25f7093e807689c843e5b96e23716e750aa5b925f9ade7
****************************************************************
Hash is shared across the following IPs:
213.230.75.27

5b876999d1617d18a96ced544d2abe2b476f9d6d1120c7874b3b7c72f6b05399
****************************************************************
Hash is shared across the following IPs:
203.171.242.20

08bc4811e159a3c905f522e94c08a7f1154e2b9ddd7bea6df37dfe99d1c76cc2
****************************************************************
Hash is shared across the following IPs:
37.122.62.254

48ca16c4acef865aa3dc45de122386fb8f68b2879396d41fa03a5a602c6a1b28
****************************************************************
Hash is shared across the following IPs:
181.66.157.109

15656382b57c607e008f727dd40d6aa383cc6a3a5be117d642f9dc40c47e7d2b
****************************************************************
Hash is shared across the following IPs:
203.171.242.20

1a184abf688cb5055744bee0173e4ed419e74e84cf8c3432d761300d3a5d4897
****************************************************************
Hash is shared across the following IPs:
82.194.10.53

764882ed7e117ded46598ca46cec0f6889c3c62c63d2beabd1d39dd645126b1f
****************************************************************
Hash is shared across the following IPs:
95.153.169.211

**********************************************************************
IPs and Total Detected Samples
**********************************************************************
****************************************************************
95.57.114.113: 2 detected samples
****************************************************************
203.176.181.51: 2 detected samples
****************************************************************
145.255.172.223: 2 detected samples
****************************************************************
203.171.242.20: 2 detected samples
****************************************************************
83.149.35.40: 1 detected sample
****************************************************************
181.66.157.109: 1 detected sample
****************************************************************
82.194.10.53: 1 detected sample
****************************************************************
213.110.98.167: 1 detected sample
****************************************************************
94.228.16.25: 1 detected sample
****************************************************************
182.73.212.254: 1 detected sample

**********************************************************************
Undetected Communicating Samples
**********************************************************************
138a3d4ca91c54eccb67698613c45b12ee3f8619f5d9d4977ec99a82f900f4cd
****************************************************************
Hash is shared across the following IPs:
182.73.212.254

d58bc6fb6f92026f1562a80f1d438fe7453b9ce98758269cd5ba4cf6bd2fab15
****************************************************************
Hash is shared across the following IPs:
80.87.145.19

e8b574e3154b50ba337b675f68013b07859fbc3aaf68317b99e7eeaff4c1107b
****************************************************************
Hash is shared across the following IPs:
213.110.98.167

a6e26a218d0f8ab1a2d53aef9990b6af6a158a326043af85a377c85dffd1bf1a
****************************************************************
Hash is shared across the following IPs:
194.28.75.229

**********************************************************************
IPs and Total Undetected Samples
**********************************************************************
****************************************************************
213.110.98.167: 1 detected sample
****************************************************************
194.28.75.229: 1 detected sample
****************************************************************
80.87.145.19: 1 detected sample
****************************************************************
182.73.212.254: 1 detected sample

**********************************************************************
Detected Referrers Samples
**********************************************************************

**********************************************************************
IPs and Total Detected Referrers
**********************************************************************

**********************************************************************
Detected Communicating URLs
**********************************************************************

**********************************************************************
IPs and Total Detected Communicating URLs
**********************************************************************

 

**********************************************************************
Shared SSH Keys
**********************************************************************
AAAAB3NzaC1yc2EAAAADAQABAAAAgnXPHgULMdoHD+/t2maLTseWSMmXRtSyLZs7pA6stFGV3b7j
id9JVLlAnCd6GcAOpNYM01Ia/TKZGb/XUsrKuD7yT3+LrR/1q3onOjq7q+p50xU33Fa+dwYSo3m5
7i5tszFQbKbe6NQgYMA/mAzj25CiB05xTgrbE9/B3zR48Tj3V8c=
****************************************************************
SSH Key is shared across the following IPs:
125.16.58.238
117.239.11.210

AAAAB3NzaC1kc3MAAACBAIl7cwm4xVE53UxpXCgpNWWxPoIydlwEHCLYEdgwmSWNVG/FxjykRo6Q
6iWeeRRivAv+qfcWa6+83nm7RAQkobSVtYlpZFbhufAcC0b+53ze8otw6HST5APvMnGJ7CppjChA
JxUyCuqm9gk9w7bATTiOe8jP4Csk+veWcSGVeZL7AAAAFQDaLqffPkKJLC+4B91zctp2rFfHlQAA
AIBkm45h1XWYQ8XR7CM4wf9SHwkUR5Fbqd3dGpFC3dzLSo9J7GhSGxPPhvVELzHsp3ftrJKfO4B2
aXD9ukvW5lJkS2i6w3acJCUkMHiLSc580VoGoPDQHKlC2qz9Gt0vjOTseVXzIzpp9H8YHnyHuNHn
vXajH0EwSKrkdeAzOp1kwQAAAIAcj5233l1r7XmMtu1Is/YzSvDBbnAfRKeNba5Yr2uyWZooLz4V
Evrk92/xBbs/x5U32J2NCz35bbZuM1WiGH5EaTxadTpFrhB2rY4CBTbnLr4i5yPku9rkXSM3y7HX
T1NBCy5GN3srBIerZN9Hy9QiBiLjcD5azlpKO6Ck6bQ2Mw==
****************************************************************
SSH Key is shared across the following IPs:
130.0.25.115

AAAAB3NzaC1yc2EAAAADAQABAAAAgwCPP9CoRpVtXwWvZXhqhWNqREIdEcCrtqI+XdVAuMH43MLi
zZUmIrQHRSTCyEjwTnFJ4FudjL//nkrdPuZVg5dDP4njXb8nxAk6JC3ULDCjLWsCG2vpzaPi3sxG
r2H6AFTFNB3H/dyVlLEX6t5tFSboa45SnQF0vz2OE8dugN5qw1+N
****************************************************************
SSH Key is shared across the following IPs:
182.189.2.163

AAAAB3NzaC1yc2EAAAADAQABAAABAQC5idULwqPMkvLQyO+0Z7InH3jlaJLgjAT66Qh4IHtf4xPA
S6ydoIv2HyQqizsMbaTJIJRfO8e6c8AfD79VlgYjCWXEG25zSLNUizHfuoWEmtCCKgFr+NN+YvLr
xkm8rLOC5/rwV18HZWW6XiJ8EhXiNfqPlXDfqjVsYp3/fdp7EqjUVZMmgzjZDUyMx2dedc0Ke4PC
6Q+kypaHlV+duuGahE8MObmr8W1bQXI8r+gmPgYfuW9b4ceLS1UPhEjxLBKT4D1o1iu/sGZSHllv
oTAJaxwzS+/w5U4aDjRPJwowFM4QDRXvA8DYUyOHxtWWWMbR32J/jhhqAv5/VitnJGcd
****************************************************************
SSH Key is shared across the following IPs:
200.87.125.34

AAAAB3NzaC1kc3MAAACBAOx76Kfbz2mwLwOPfgK9zYEhF3oPaHj5QyJbxtycGg2DhtqrPZYwwTB8
T3wZ06F335OydJ3dSLid1sfyf4dtzLThKQ+uw3rQIh0iz0QWnDiMFfxCySFoCaGshRw01h2fd4Y3
0CcmjX27GgGlRmnGflzNcoSUmT2ILNuaIuGIUkyLAAAAFQDEiymbXU9/nmr9uYxcsxHsBDzBuQAA
AIEAhEr/+unrP2DgvOav3j8vwt/FMwcb3bOIwOkHQm2aq82cmFfoaHU4a1mc7XPhe3WWV6m5IYPs
y/bQyPde7x9N3Dl6NHTs8v/j2A5mIUUlcnk1WIR/N+swaBD+8bJFhT30GoIFHqcYdeJvHkzeaOMK
ZKhqn8aFyYmkkPsoJuEKow8AAACBAIFZ//LHitJ4/02RkaGRJtatKhPF6f3zQ+WiqVVgIysf8dqW
T4l+IvokBnDBFOMIyqpxbWEcXU18T95dJGohdvyqUe1f7mlMnHxz30BlMn0LwXXOJnfk3UZgbcQg
omJr7zp+uD4eGsmOrxCkejESGt2erkumQDci/QNTm+1TkiQu
****************************************************************
SSH Key is shared across the following IPs:
185.25.105.253

AAAAB3NzaC1yc2EAAAADAQABAAAAgwDh+jRrA8DSW4Euj9XNH4xVda+hp1E/vxxqkLF1k73SsUA9
l+9z3Fm8kvefX7H0f2Bcg3t9mqy33JtGuVqq89S9Hyn5tmSfSBVY/J0NM9WWSqbMw6GUwCvFZq+U
oh2furY7dAQrfVyI97kufDnRyDbJQNnn8oCyFaWyd14d2O7wDrCz
****************************************************************
SSH Key is shared across the following IPs:
109.165.111.200

AAAAB3NzaC1yc2EAAAADAQABAAAAgwCCQGAYNL+06xWWuwIyn0CFQRXDhDLtmpuApD9cM4qtiv4A
/V4UpleFkIoq+cuFa7roMfL4gEEFDx92IAeA1occfNsk6i0TVNKU+Ff0KCY8Ac2hnH1AwoSdMZ7f
+iYgco3nLud+2J5nQa6F/z7oS9Jz8o4VxP6YQmntjqZYc34+HqKT
****************************************************************
SSH Key is shared across the following IPs:
91.234.136.14
AAAAB3NzaC1kc3MAAACBAKRINLMSyYFL77mcbG/rwgP5mi35uKyzg6PsyloWFmWkymlSFpXZCDgT
dDluVlUj4LGw+2NisKmp/vmWJCNtrawO3zT2Zb7JnTHnEx62DQfk/96VCTm06ro5ogLeJVCzBa1H
sU9Yso5yiMETiM8uQ5SGqBN1JQd+d6eMMfWZT+KbAAAAFQClacPNFC3nDGX23Y73ZDRMr+ilpwAA
AIB//LTTr8wGRvZ3K6wTw49V5bsVQkx32IP37CproD/kYvgUTvfthHARDCo97V2In96izPnmy4sk
1FfXRSY9W/jTYUMytlzd4Alfz39p+OfUoJnRo9BHNIw4oYt9oQ/xPCaUpVfjfav70udnqv5y6Tdw
p8VWH2hwDSfmkz1vroBe+AAAAIACvR5E6NbBvz/fJy5YPbL6TPJrudhn+qdzpcRTZ2PTlYliuXRX
WT1ZW7KOEkfEDyR97n/gRo/XwVT9r8Ruexm9I1wdroJ9E0tDehqJ/AYp3C8nF/UN9AntSJEYC89L
JJBNUyh0IvKRcyIi46AhXciX0HXwDzqNdWQxFYlOQRUl1g==
****************************************************************
SSH Key is shared across the following IPs:
14.102.74.178

AAAAB3NzaC1yc2EAAAADAQABAAAAgwDBhFBF14SQri/8DYGdiFDHvWr5bjdm+RyJ5FPAerdLOQZV
13TU/vu5IGSGA5feDFPth1sm/l4Cxwjj39DxCJaozkpeL0xwWXEtiKQTVL2AOY0j8i1MoQ2nVrSV
ytnujedTtBnSoKtxJCAynbYQ/kiwW8xmHPhJ/QDR8nICzrNTto4j
****************************************************************
SSH Key is shared across the following IPs:
109.236.43.198

AAAAB3NzaC1yc2EAAAADAQABAAABAQCc6ZPrY0l3ASxHG/eSgGyMqXTnt14+NFBRYh0+Kc0k3oYq
r9Wj3KFX2CBlM+QW4cJ/y2ZaF1m7TYnlX62Mm6kM6P5feltQw1mSBaZO58tlPpfBYnsrLT3GEVEc
2bokGkJkYv7uImLjSIWB17/cBhMJSYdaaQH2LoFfWCzOqV2Cwy0FjziNe3E8aI25ZZGuK039Gaia
QYedkDw4FVkoDwIbA/mMABzyGYbuHcj+K4g4XAru61EmbaJwS6tUqnbEPn6oMxFvjgbjQ/C1H6nD
owSRCKHApM/dBgP+viUf5LDu64NseskZxfcMU3SdAUGRAX6y/nuYGlOazuMx4UofEsTn
****************************************************************
SSH Key is shared across the following IPs:
93.178.219.134

**********************************************************************
Shared HTTPS Public Keys
**********************************************************************
—–BEGIN CERTIFICATE—–
MIICeTCCAeKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJJTjES
MBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxEjAQBgNVBAoT
CU11bHRpdGVjaDEMMAoGA1UECxMDT0RDMR4wHAYDVQQDExVsb2NhbGhvc3QubG9j
YWxkb21haW4wHhcNMDYwNDI0MTQzODM5WhcNMDcwNDI0MTQzODM5WjB3MQswCQYD
VQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUx
EjAQBgNVBAoTCU11bHRpdGVjaDEMMAoGA1UECxMDT0RDMR4wHAYDVQQDExVsb2Nh
bGhvc3QubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANBM
lwGnFDZrx2WbrDdvxZSc6x1FAeHNrl16kXUIvczzkNzOzEApq/+xb4scNlzhrbRE
AVwMk4CB/n2ST+pheIk1K3wZHocAOj3TBkc24L02UZdJl+TC4/vgOGHnXRpb49sI
5Zl8ndI6JTz8NNIeS0Eu1557Ly4JmsDTXMxGoLgbAgMBAAGjFTATMBEGCWCGSAGG
+EIBAQQEAwIGQDANBgkqhkiG9w0BAQQFAAOBgQArtbvuLm63Iq1dyY2NBV3UqyKI
S6gjcbdKwlfjVeXONrPql94N7gWRuwuFwbWG/qtPsR/eL3soSQymGzno6KmkgXUI
Njw8r3CnHlqn2f+Ho4gcaE3j+W+nROb49LZXuc/IuJJ2LUYAKg/2EZkssUXd76qu
Q0yn7pzP9UPx7r5RQQ==
—–END CERTIFICATE—–
****************************************************************
HTTPS Public Key is shared across the following IPs:
59.94.11.15
201.228.42.110
117.203.229.191
117.208.124.99
117.199.145.72

—–BEGIN CERTIFICATE—–
MIICrTCCAhYCCQC6Ffdh27eytzANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAkNBMREwDwYDVQQHEwhTYW4gSm9zZTEfMB0GA1UEChMWVWJp
cXVpdGkgTmV0d29ya3MgSW5jLjEaMBgGA1UECxMRVGVjaG5pY2FsIFN1cHBvcnQx
DTALBgNVBAMTBFVCTlQxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAdWJudC5jb20w
HhcNMTEwNjAyMDgzNTAyWhcNMjAwMTAxMDgzNTAyWjCBmjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMREwDwYDVQQHEwhTYW4gSm9zZTEfMB0GA1UEChMWVWJpcXVp
dGkgTmV0d29ya3MgSW5jLjEaMBgGA1UECxMRVGVjaG5pY2FsIFN1cHBvcnQxDTAL
BgNVBAMTBFVCTlQxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAdWJudC5jb20wgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4JnxQ69+7lisl2siYXAHsMhRyUjr1/
9aGlbQosZMx/eLwR7tzZ5irL4Z7YF6acNaraxcE6pUjcr7yZN1l+iDws07vnYG3j
GflOGExMOv1eNW+jULlQwI6L+qDuxJbFuk7t2PEYBTaJVMLcJ+t1dBy+mkzI5c7+
R0SWp68QB+sVAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAAFoxgToVbTCVjQORR6oj
4rTALtQBzdUha2lePHEnEBz1h9QoGRfCPew2/e6TB48LMGUOKDVsJZ7YJBaFZSna
R98wCYQzLLS0+vAkQLnuHvAcM8PhBnAua/6g0KqBb88bcGdDATKg2ryMqJHzy7GX
MATyxnfoiZcs0x/PA/H8Nvo=
—–END CERTIFICATE—–
****************************************************************
HTTPS Public Key is shared across the following IPs:
201.161.49.82
195.88.67.120
91.234.136.14
37.238.120.28

—–BEGIN CERTIFICATE—–
MIICVjCCAb+gAwIBAgIJAJ26TbBanwlxMA0GCSqGSIb3DQEBBQUAMCcxDjAMBgNV
BAoTBVp5WEVMMRUwEwYDVQQDEwx6eXhlbC5jb20udHcwHhcNMDkxMDA3MDA0ODA3
WhcNMTkxMDA1MDA0ODA3WjAnMQ4wDAYDVQQKEwVaeVhFTDEVMBMGA1UEAxMMenl4
ZWwuY29tLnR3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNsbY3ZaioANsX
/Mr+CIIobfSQ1SeslDlSbmt6RfKL3mG/XNT8C0LTs9WTiBP1Q3JZuediM6jrRWVR
Td2lE5TtJcbyKneIHs6c0yzdeECIyLkWXlUDtv0dsoS/W8TKbSw0c7zgDRxzYV0q
JRNPBOC6RplIFEXDMpHo+rOAHotlTQIDAQABo4GJMIGGMB0GA1UdDgQWBBRHLJPK
ZyM0vG2YAN2AxLj6NUnNszBXBgNVHSMEUDBOgBRHLJPKZyM0vG2YAN2AxLj6NUnN
s6ErpCkwJzEOMAwGA1UEChMFWnlYRUwxFTATBgNVBAMTDHp5eGVsLmNvbS50d4IJ
AJ26TbBanwlxMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEADPiAehLY
aahxbdXo03Nw6Lwo1MP5K0pH+7S7wGXdAmlihanwn7QN7rLU+79ah7/aAZb0LFHT
cLoYc0MnCb7oxGcy7nUwgeF+LyVBB+cSOeWGHzy0k/jxG67YKrOeCU2Cv5bOcauD
zFbDFjkptn5VoV7rcn/34nvQEp4MYQ/3VwE=
—–END CERTIFICATE—–
****************************************************************
HTTPS Public Key is shared across the following IPs:
190.238.173.81
190.236.240.129
190.236.131.233
181.67.161.103

—–BEGIN CERTIFICATE—–
MIIB+TCCAWICCQD+Z2uWxwcU+TANBgkqhkiG9w0BAQQFADBBMQswCQYDVQQGEwJD
TjERMA8GA1UECBMIU2hhbmdoYWkxETAPBgNVBAcTCFNoYW5naGFpMQwwCgYDVQQK
EwNDSUcwHhcNMTIwNTA5MDc1NTE0WhcNMzIwNTA0MDc1NTE0WjBBMQswCQYDVQQG
EwJDTjERMA8GA1UECBMIU2hhbmdoYWkxETAPBgNVBAcTCFNoYW5naGFpMQwwCgYD
VQQKEwNDSUcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANa3t4PRm1P4nA9W
fDIYXlKAWbb90NdgpF1TePheNqVQN8SO5jL+5DE2ew7kFxNdcepDRKt2VIqRZR/j
Z0VWrEYoREO8omxZk8QcS0kCdMNOKRK0BDeX7WaHqN/Aqp60430E1BeSuMQAh2wP
wXzMDN9IHl+XYLV6v3ZieXDrDysjAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAj3K+
dqJtI4FrDJ8WVM3wqV9+KKGKojeSBtcKwupNhh9aktfakPi/B8fh6h9WzC74rDNW
0qKyL7qGBfgyMXA2/flXsgpEJNDx+YrGd3kmhQQxIE1KQDfRhq3jNwrMfGU+OdAU
csVsz+0eth/2pwIxMVtSz1Sl7ovtwtOCZzbMjS4=
—–END CERTIFICATE—–
****************************************************************
HTTPS Public Key is shared across the following IPs:
42.112.124.100
5.251.181.34
5.251.12.71

—–BEGIN CERTIFICATE—–
MIIErDCCA5SgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBsjELMAkGA1UEBhMCSU4x
EDAOBgNVBAgMB0d1amFyYXQxEjAQBgNVBAcMCUFobWVkYWJhZDERMA8GA1UECgwI
Q3liZXJvYW0xGzAZBgNVBAsMEkN5YmVyb2FtIEFwcGxpYW5jZTErMCkGA1UEAwwi
Q3liZXJvYW0gQXBwbGlhbmNlIENBX0MxNjIxMzA1NjA5MTEgMB4GCSqGSIb3DQEJ
ARYRaW5mb0BjeWJlcm9hbS5jb20wHhcNMTMwMzI2MTI0NjI0WhcNMzYxMjMxMTI0
NjI0WjCBuTELMAkGA1UEBhMCSU4xEDAOBgNVBAgTB0d1amFyYXQxEjAQBgNVBAcT
CUFobWVkYWJhZDERMA8GA1UEChMIQ3liZXJvYW0xGzAZBgNVBAsTEkN5YmVyb2Ft
IEFwcGxpYW5jZTEyMDAGA1UEAxQpQ3liZXJvYW1BcHBsaWFuY2VDZXJ0aWZpY2F0
ZV9DMTYyMTMwNTYwOTExIDAeBgkqhkiG9w0BCQEWEWluZm9AY3liZXJvYW0uY29t
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7Ol1WCu/EHNYdcgH77tNkIgc7
hiLrUrDV4MritRzEbFF7ST/TTAhEXmZ3eRUHwxOb1ZeQ/MLuBUckY8bxu+eE7N+5
4j2Xco4DYUkW5hTVjjnRGU4iG/T0u8oOzIvazOPvuIXAe8v7klFOspOJL4giG6Gk
EbBrmIV3cWNGmSnHWQIDAQABo4IBRjCCAUIwCQYDVR0TBAIwADAsBglghkgBhvhC
AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFGRM
wM7mDNEVNWboJeY6tE6R42W4MIHnBgNVHSMEgd8wgdyAFB4IpmdN8Hi5EkGC3WMw
OM6PdMHQoYG4pIG1MIGyMQswCQYDVQQGEwJJTjEQMA4GA1UECAwHR3VqYXJhdDES
MBAGA1UEBwwJQWhtZWRhYmFkMREwDwYDVQQKDAhDeWJlcm9hbTEbMBkGA1UECwwS
Q3liZXJvYW0gQXBwbGlhbmNlMSswKQYDVQQDDCJDeWJlcm9hbSBBcHBsaWFuY2Ug
Q0FfQzE2MjEzMDU2MDkxMSAwHgYJKoZIhvcNAQkBFhFpbmZvQGN5YmVyb2FtLmNv
bYIJAP3WJ9QLRkdJMA0GCSqGSIb3DQEBBAUAA4IBAQANli17Oqp2UEjmEjKNg0DH
E0dYe9RVTLY9zcm3rtT7pVxtmsC96oYhFTQG/1TBJAzhYxZxq6ElckUw01O3hXVc
EBq8poumW8s94CBj0C94rsg8KNqtD4Wr7VTgZheX5acCrr1xYVCTINBqkdYXYT0h
AjAmUOK5skq0PDONrani/OOHPFrGlbL6ia09AMjfPy3PAZqZOOXQ8CPgze7zkPDC
Ea8OAEl20PlUtbsHoZl8eS9T9IqO3cZohp98rBG5zefRlrUP+W4146BkCSc1dY9n
abU+mEk4OomF4cZdpOk856RhDhReE90KQul/gXN17wSlbIrkanMXYfJRAtqjhqO2
—–END CERTIFICATE—–
****************************************************************
HTTPS Public Key is shared across the following IPs:
125.16.58.238
117.239.11.210

—–BEGIN CERTIFICATE—–
MIIDdTCCAl2gAwIBAgIJAK9q70K1X0cYMA0GCSqGSIb3DQEBCwUAMFExJTAjBgNV
BAoMHFdlYm1pbiBXZWJzZXJ2ZXIgb24gaG90c3BvdDQxCjAIBgNVBAMMASoxHDAa
BgkqhkiG9w0BCQEWDXJvb3RAaG90c3BvdDQwHhcNMTQwOTE3MDc1ODIxWhcNMTkw
OTE2MDc1ODIxWjBRMSUwIwYDVQQKDBxXZWJtaW4gV2Vic2VydmVyIG9uIGhvdHNw
b3Q0MQowCAYDVQQDDAEqMRwwGgYJKoZIhvcNAQkBFg1yb290QGhvdHNwb3Q0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnXYMMimsgUpa4966Cn7LlbA
pn9nIdrRws0rdRIkDpt/Cfo/uEACI2gesGz5+n21bKZ3uGsbdxJmx1tCE+iXiOHh
835QUGd/3WlbyYAhtEKLMp931Iiqcn1UrAwEoucArwwE0U7mz7jdrfT2tMFTsRuq
D4kHQ0/1QX2EzEsr5e7PzNMO54DR9br0ig7d9hOnnb037WL6t2UxEhBV0mY7CTzR
y4LPfdnbAa+wzxBbF6EFF9i0nagNBxD/CP9nYQKOflt4BYy3p9Pc3kIYZSydZ+5Q
Jvv5/08PDpsulWcnYGWen2B8icczvh+vSUtddh3smBVUxMvHa5uihdPZuhq9hwID
AQABo1AwTjAdBgNVHQ4EFgQUQYU0UYDyce7+9AWpBBF9xwEJYHswHwYDVR0jBBgw
FoAUQYU0UYDyce7+9AWpBBF9xwEJYHswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAPIcfZNRSVceNFUw7x7W7gd9Ulj7WcUwSqKsVJnjZLW6+msQ4BKoq
R2Vb0+9J7X+zhBxjGgaAWQqB8YIXVjdK+FdU+NCthfa6fJV5H8fXJ2bZ8miJ5pCL
F0ir33QnGE+MQwBPl/gya9foSXQSlWPVfSENVGFNg7tIsEDHfX/s/2eyovrMkK6v
xTZxGfXV1zeVQP/aAYflfG1dxB39J/QLPiQyV/zr/t9AR1eSUqwWzXl7TffgGuoZ
PVTvHtaMsvwyfhVIrZnGAyBeiPZa7H78wQGcW8lVqucdtn3+Ji7nWjmaO9TphVCm
hzarAR99AemE5B9nNFWE/Zs+ACSc9JXn9w==
—–END CERTIFICATE—–
****************************************************************
HTTPS Public Key is shared across the following IPs:
94.228.16.25

—–BEGIN CERTIFICATE—–
MIIDvjCCAqagAwIBAgIJAP77vh+XN0EIMA0GCSqGSIb3DQEBBQUAMEgxCzAJBgNV
BAYTAlVBMRMwEQYDVQQIEwpTb21lLVN0YXRlMREwDwYDVQQKEwhsMy5kcC51YTER
MA8GA1UECxMIbDMuZHAudWEwHhcNMTQwOTA5MTE1ODA0WhcNMTYxMTE3MTE1ODA0
WjBIMQswCQYDVQQGEwJVQTETMBEGA1UECBMKU29tZS1TdGF0ZTERMA8GA1UEChMI
bDMuZHAudWExETAPBgNVBAsTCGwzLmRwLnVhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAypdwpm4IltNiESBM4KN5oziUqyE8kzRDAqZlNMjbBdlDOgdz
nOloXx3kSwprnMcKtaLDlanb2hF16FbmTMwMGjIZa2jmcaLEwIOnKmLeLADFyi4z
hHpNULDU4IEVQYfcEcRHrGSAaImurBA7O6kS9gSq8FNJMcBvg9/GmlqUb5Kzk2/G
X0JIJv5Aom15STSFKeG7yq0PbmwVph0qlB43Gg1tkfcg4W9qngN4pTZavTBrvtnH
WA6KXLCLBm72C9ugGctHavcrY3FXc60eSAaAj/ttXXOJww+FJIrawmeVjfa7vhZb
gwdNdnm1tQw2qUEdqo0AEwdFz8Xvgolvawjv/wIDAQABo4GqMIGnMB0GA1UdDgQW
BBQvbRujQhqgGk11SWi7NiLmj1gXgTB4BgNVHSMEcTBvgBQvbRujQhqgGk11SWi7
NiLmj1gXgaFMpEowSDELMAkGA1UEBhMCVUExEzARBgNVBAgTClNvbWUtU3RhdGUx
ETAPBgNVBAoTCGwzLmRwLnVhMREwDwYDVQQLEwhsMy5kcC51YYIJAP77vh+XN0EI
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAID00o5Ki5cXIju6m96M
zuByNd1FXrVs1KgSknnQdCHE/HrwFw0bhU7IRCIuau1FE8UUe3tfwIp134zDIQ4P
eBsMGZKfKsaQ5/rl8/R/ACSTDmdsrs3NpSpCGnXDK4kgla2RCYbZ9q3oRgMtHWS1
HIHbsk7GHnPyXKOw/mVh1jRljiZHA2XzzE0XsKcw7Vgo3EriSTaOluMvauUeRzwD
7AH9GUwAEmSgBe9wXJfwpHNW8qTidkxOouvT8RUuZzd1SdnDtDttMWCIVw4fAb54
mhBi2n2tP6BfLqKijcmmQjeuNtIpDXmH1WHv8I1DA/zqvtlad3GPcbKDDtUgY/cB
SPk=
—–END CERTIFICATE—–
****************************************************************
HTTPS Public Key is shared across the following IPs:
93.178.219.134

—–BEGIN CERTIFICATE—–
MIIDtjCCAx+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnzELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRUwEwYD
VQQKEwxORVRHRUFSIEluYy4xGDAWBgNVBAsTD05ldGdlYXIgUHJvc2FmZTEQMA4G
A1UEAxMHTmV0R2VhcjEiMCAGCSqGSIb3DQEJARYTc3VwcG9ydEBuZXRnZWFyLmNv
bTAeFw0wNzA4MjQxNjI2MDRaFw0zNzA4MjQxNjI2MDRaMIGfMQswCQYDVQQGEwJV
UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExFTAT
BgNVBAoTDE5FVEdFQVIgSW5jLjEYMBYGA1UECxMPTmV0Z2VhciBQcm9zYWZlMRAw
DgYDVQQDEwdOZXRHZWFyMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QG5ldGdlYXIu
Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEd8qPR/+JzMIFMfaxx1Zb
Ku8CXp5QfuAxoxGgbzTMGPQ/3qIbrgSLVftwqfJR2z4DHZrl/imRyrh1dReKE5RG
eBXpsts0VBONipQ2EfqUgRZSX4V+l1oORkAUfcwmBCo4+Yvz5l/OeinhY5UJMntv
RrWHLSc1V5t4oR9Q762UhwIDAQABo4H/MIH8MB0GA1UdDgQWBBTiDIMuQ+s8PYER
CUeb8zEQAg1TCzCBzAYDVR0jBIHEMIHBgBTiDIMuQ+s8PYERCUeb8zEQAg1TC6GB
paSBojCBnzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNV
BAcTC1NhbnRhIENsYXJhMRUwEwYDVQQKEwxORVRHRUFSIEluYy4xGDAWBgNVBAsT
D05ldGdlYXIgUHJvc2FmZTEQMA4GA1UEAxMHTmV0R2VhcjEiMCAGCSqGSIb3DQEJ
ARYTc3VwcG9ydEBuZXRnZWFyLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBBAUAA4GBADNChnYO5lp2mXg3Ds67RQshgvP97YUr5AO82MSGrnELvHIoIO9g
ontaC/M8O8qeJO5ZvW40sltLddiWMk9c+sn203Cc5kt4+99Dd+xPGsb5weG02WJ5
gqIGEQAOsZoV74e+PPKBISyHIy+QHOjKKEfNshOS0cME5TOhSUL/3mts
—–END CERTIFICATE—–
****************************************************************
HTTPS Public Key is shared across the following IPs:
187.141.244.130

—–BEGIN CERTIFICATE—–
MIIDKzCCApSgAwIBAgIJALzFFfO8b2dxMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
BAYTAlRXMQ8wDQYDVQQIEwZUYWl3YW4xDzANBgNVBAcTBlRhaXBpZTEPMA0GA1UE
ChMGRC1MSU5LMRMwEQYDVQQLEwpESFBEIERlcHQuMRYwFAYDVQQDEw13d3cuZGxp
bmsuY29tMB4XDTE1MDIwNzEyMjk0OVoXDTIwMDIwNjEyMjk0OVowbTELMAkGA1UE
BhMCVFcxDzANBgNVBAgTBlRhaXdhbjEPMA0GA1UEBxMGVGFpcGllMQ8wDQYDVQQK
EwZELUxJTksxEzARBgNVBAsTCkRIUEQgRGVwdC4xFjAUBgNVBAMTDXd3dy5kbGlu
ay5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL63Hb02Kw2EFS9zhv3W
1TYqZYToIAzV/leAwbg/oc6/CVfguoiRbFa62Q3QRk6qkp6ap+jhyrH3qLG0m0iD
9LzbWl9Y0TE1iKSz4MmxcWCJXj1EQq7kl1SvOAc46sVhO/x87Keo0zGzisgXlUS3
caiKSZ0A49C0up0DCmIixpkXAgMBAAGjgdIwgc8wHQYDVR0OBBYEFAvkSBN5AvRe
RzBHUbZIDZLqHz74MIGfBgNVHSMEgZcwgZSAFAvkSBN5AvReRzBHUbZIDZLqHz74
oXGkbzBtMQswCQYDVQQGEwJUVzEPMA0GA1UECBMGVGFpd2FuMQ8wDQYDVQQHEwZU
YWlwaWUxDzANBgNVBAoTBkQtTElOSzETMBEGA1UECxMKREhQRCBEZXB0LjEWMBQG
A1UEAxMNd3d3LmRsaW5rLmNvbYIJALzFFfO8b2dxMAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQEFBQADgYEAZyzKRv6XJRlofgXeleNm32Dy8753CNv9G4Ct4JTBrOt1
FS39ekOvKTwo9L/6APlXGTKMcTkwIPAG10My2qB1IwhfHzQfwmfgk/AByWlJ7CUr
A97cJAFnxzexRr+1QTD1gD00TBxhuqKdH4Ukh3eW6wLVl3CZn1LTaPZzi3EUAyo=
—–END CERTIFICATE—–
****************************************************************
HTTPS Public Key is shared across the following IPs:
105.106.71.119

—–BEGIN CERTIFICATE—–
MIICHDCCAYWgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGEwJVUzEU
MBIGA1UEChMLZXhhbXBsZS5jb20xGjAYBgNVBAMTEUNlcnRpZmljYXRlIFNoYWNr
MB4XDTEzMDMwODA2Mjg0MloXDTE3MDMwODA2Mjg0MlowRTELMAkGA1UEBhMCVVMx
FDASBgNVBAoTC2V4YW1wbGUuY29tMSAwHgYDVQQDExdsb2NhbGhvc3Q0LmxvY2Fs
ZG9tYWluNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt14kc7Mec7IvXsLM
a3EdoInBXQZBRFK8+KB/PJtKFp2ux39skNkI4EvF8rQF9PoE0A+denOdKEwe/fOc
t349IVWFduKgDfUo+JFOx8x3BidjXHV+Y0GT13IQ4RyfIYb63ON8zQAPrPTGtwlK
W9VPFhWnKn95vLHygPxuuPqSnZkCAwEAAaMiMCAwEQYJYIZIAYb4QgEBBAQDAgZA
MAsGA1UdDwQEAwIFIDANBgkqhkiG9w0BAQUFAAOBgQB2oT+OVR53RG9ZIYmghYPJ
U1cT9TQ4b5I7aujs7Q5ufd+eTpQ7JmgjrV1SRqF3z2wOeKt1TWEgRnICttfxLSUz
Iet6K8ai4EllZXgR1IMXDU2nDi8Vpt9X+oCq1lhj/mdtwuFHRdMdhR11gHggX8FA
8V+SlqPYcQtK7ZvJIvoWrw==
—–END CERTIFICATE—–
****************************************************************
HTTPS Public Key is shared across the following IPs:
190.107.183.236

**********************************************************************
Shared Certificate Chain
**********************************************************************
—–BEGIN CERTIFICATE—–
MIICeTCCAeKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJJTjES
MBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxEjAQBgNVBAoT
CU11bHRpdGVjaDEMMAoGA1UECxMDT0RDMR4wHAYDVQQDExVsb2NhbGhvc3QubG9j
YWxkb21haW4wHhcNMDYwNDI0MTQzODM5WhcNMDcwNDI0MTQzODM5WjB3MQswCQYD
VQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUx
EjAQBgNVBAoTCU11bHRpdGVjaDEMMAoGA1UECxMDT0RDMR4wHAYDVQQDExVsb2Nh
bGhvc3QubG9jYWxkb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANBM
lwGnFDZrx2WbrDdvxZSc6x1FAeHNrl16kXUIvczzkNzOzEApq/+xb4scNlzhrbRE
AVwMk4CB/n2ST+pheIk1K3wZHocAOj3TBkc24L02UZdJl+TC4/vgOGHnXRpb49sI
5Zl8ndI6JTz8NNIeS0Eu1557Ly4JmsDTXMxGoLgbAgMBAAGjFTATMBEGCWCGSAGG
+EIBAQQEAwIGQDANBgkqhkiG9w0BAQQFAAOBgQArtbvuLm63Iq1dyY2NBV3UqyKI
S6gjcbdKwlfjVeXONrPql94N7gWRuwuFwbWG/qtPsR/eL3soSQymGzno6KmkgXUI
Njw8r3CnHlqn2f+Ho4gcaE3j+W+nROb49LZXuc/IuJJ2LUYAKg/2EZkssUXd76qu
Q0yn7pzP9UPx7r5RQQ==
—–END CERTIFICATE—–
****************************************************************
Certificate Chain is shared across the following IPs:
59.94.11.15
201.228.42.110
117.203.229.191
117.208.124.99
117.199.145.72

—–BEGIN CERTIFICATE—–
MIICrTCCAhYCCQC6Ffdh27eytzANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAkNBMREwDwYDVQQHEwhTYW4gSm9zZTEfMB0GA1UEChMWVWJp
cXVpdGkgTmV0d29ya3MgSW5jLjEaMBgGA1UECxMRVGVjaG5pY2FsIFN1cHBvcnQx
DTALBgNVBAMTBFVCTlQxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAdWJudC5jb20w
HhcNMTEwNjAyMDgzNTAyWhcNMjAwMTAxMDgzNTAyWjCBmjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMREwDwYDVQQHEwhTYW4gSm9zZTEfMB0GA1UEChMWVWJpcXVp
dGkgTmV0d29ya3MgSW5jLjEaMBgGA1UECxMRVGVjaG5pY2FsIFN1cHBvcnQxDTAL
BgNVBAMTBFVCTlQxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAdWJudC5jb20wgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4JnxQ69+7lisl2siYXAHsMhRyUjr1/
9aGlbQosZMx/eLwR7tzZ5irL4Z7YF6acNaraxcE6pUjcr7yZN1l+iDws07vnYG3j
GflOGExMOv1eNW+jULlQwI6L+qDuxJbFuk7t2PEYBTaJVMLcJ+t1dBy+mkzI5c7+
R0SWp68QB+sVAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAAFoxgToVbTCVjQORR6oj
4rTALtQBzdUha2lePHEnEBz1h9QoGRfCPew2/e6TB48LMGUOKDVsJZ7YJBaFZSna
R98wCYQzLLS0+vAkQLnuHvAcM8PhBnAua/6g0KqBb88bcGdDATKg2ryMqJHzy7GX
MATyxnfoiZcs0x/PA/H8Nvo=
—–END CERTIFICATE—–
****************************************************************
Certificate Chain is shared across the following IPs:
201.161.49.82
195.88.67.120
91.234.136.14
37.238.120.28

—–BEGIN CERTIFICATE—–
MIICVjCCAb+gAwIBAgIJAJ26TbBanwlxMA0GCSqGSIb3DQEBBQUAMCcxDjAMBgNV
BAoTBVp5WEVMMRUwEwYDVQQDEwx6eXhlbC5jb20udHcwHhcNMDkxMDA3MDA0ODA3
WhcNMTkxMDA1MDA0ODA3WjAnMQ4wDAYDVQQKEwVaeVhFTDEVMBMGA1UEAxMMenl4
ZWwuY29tLnR3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNsbY3ZaioANsX
/Mr+CIIobfSQ1SeslDlSbmt6RfKL3mG/XNT8C0LTs9WTiBP1Q3JZuediM6jrRWVR
Td2lE5TtJcbyKneIHs6c0yzdeECIyLkWXlUDtv0dsoS/W8TKbSw0c7zgDRxzYV0q
JRNPBOC6RplIFEXDMpHo+rOAHotlTQIDAQABo4GJMIGGMB0GA1UdDgQWBBRHLJPK
ZyM0vG2YAN2AxLj6NUnNszBXBgNVHSMEUDBOgBRHLJPKZyM0vG2YAN2AxLj6NUnN
s6ErpCkwJzEOMAwGA1UEChMFWnlYRUwxFTATBgNVBAMTDHp5eGVsLmNvbS50d4IJ
AJ26TbBanwlxMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEADPiAehLY
aahxbdXo03Nw6Lwo1MP5K0pH+7S7wGXdAmlihanwn7QN7rLU+79ah7/aAZb0LFHT
cLoYc0MnCb7oxGcy7nUwgeF+LyVBB+cSOeWGHzy0k/jxG67YKrOeCU2Cv5bOcauD
zFbDFjkptn5VoV7rcn/34nvQEp4MYQ/3VwE=
—–END CERTIFICATE—–
****************************************************************
Certificate Chain is shared across the following IPs:
190.238.173.81
190.236.240.129
190.236.131.233
181.67.161.103

—–BEGIN CERTIFICATE—–
MIIB+TCCAWICCQD+Z2uWxwcU+TANBgkqhkiG9w0BAQQFADBBMQswCQYDVQQGEwJD
TjERMA8GA1UECBMIU2hhbmdoYWkxETAPBgNVBAcTCFNoYW5naGFpMQwwCgYDVQQK
EwNDSUcwHhcNMTIwNTA5MDc1NTE0WhcNMzIwNTA0MDc1NTE0WjBBMQswCQYDVQQG
EwJDTjERMA8GA1UECBMIU2hhbmdoYWkxETAPBgNVBAcTCFNoYW5naGFpMQwwCgYD
VQQKEwNDSUcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANa3t4PRm1P4nA9W
fDIYXlKAWbb90NdgpF1TePheNqVQN8SO5jL+5DE2ew7kFxNdcepDRKt2VIqRZR/j
Z0VWrEYoREO8omxZk8QcS0kCdMNOKRK0BDeX7WaHqN/Aqp60430E1BeSuMQAh2wP
wXzMDN9IHl+XYLV6v3ZieXDrDysjAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAj3K+
dqJtI4FrDJ8WVM3wqV9+KKGKojeSBtcKwupNhh9aktfakPi/B8fh6h9WzC74rDNW
0qKyL7qGBfgyMXA2/flXsgpEJNDx+YrGd3kmhQQxIE1KQDfRhq3jNwrMfGU+OdAU
csVsz+0eth/2pwIxMVtSz1Sl7ovtwtOCZzbMjS4=
—–END CERTIFICATE—–
****************************************************************
Certificate Chain is shared across the following IPs:
42.112.124.100
5.251.181.34
5.251.12.71

—–BEGIN CERTIFICATE—–
MIIFBjCCA+6gAwIBAgIJAP3WJ9QLRkdJMA0GCSqGSIb3DQEBBQUAMIGyMQswCQYD
VQQGEwJJTjEQMA4GA1UECAwHR3VqYXJhdDESMBAGA1UEBwwJQWhtZWRhYmFkMREw
DwYDVQQKDAhDeWJlcm9hbTEbMBkGA1UECwwSQ3liZXJvYW0gQXBwbGlhbmNlMSsw
KQYDVQQDDCJDeWJlcm9hbSBBcHBsaWFuY2UgQ0FfQzE2MjEzMDU2MDkxMSAwHgYJ
KoZIhvcNAQkBFhFpbmZvQGN5YmVyb2FtLmNvbTAeFw0xMzAzMjYxMjQ2MjRaFw0z
NjEyMzExMjQ2MjRaMIGyMQswCQYDVQQGEwJJTjEQMA4GA1UECAwHR3VqYXJhdDES
MBAGA1UEBwwJQWhtZWRhYmFkMREwDwYDVQQKDAhDeWJlcm9hbTEbMBkGA1UECwwS
Q3liZXJvYW0gQXBwbGlhbmNlMSswKQYDVQQDDCJDeWJlcm9hbSBBcHBsaWFuY2Ug
Q0FfQzE2MjEzMDU2MDkxMSAwHgYJKoZIhvcNAQkBFhFpbmZvQGN5YmVyb2FtLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJkINgPP53ub4NfQ0Hme
SO/ZyQfR4E8/D+MMniwJm0N29KTjx6j27hBavaukFD8N47SYCP0DmXKgTAMC2aO0
YGgBe711v5S4RAKsv+whVhjs+SVB7VBpViD2f5L9NmMrF7DFxFcn86alvDFpCd8Z
FwoNGZ2vLwdes/IwHY9fKnYu8NNi+T92/nLV08vc3BDC4DFvHfaB/RQe/CuLRHEd
ql7BtBkc+WJh1yGuVndCiBVUjGh2Ur8Rd1ST6aLzZWNdkUzpKdmawlamVz/ipGeU
rp1JVJgTBI9a3QI+M04t2ykdMEk/jrlAQN6aYW+08vceeSlEtDViAXSSs2mneDTr
jp0CAwEAAaOCARswggEXMB0GA1UdDgQWBBQeCKZnTfB4uRJBgt1jMDjOj3TB0DCB
5wYDVR0jBIHfMIHcgBQeCKZnTfB4uRJBgt1jMDjOj3TB0KGBuKSBtTCBsjELMAkG
A1UEBhMCSU4xEDAOBgNVBAgMB0d1amFyYXQxEjAQBgNVBAcMCUFobWVkYWJhZDER
MA8GA1UECgwIQ3liZXJvYW0xGzAZBgNVBAsMEkN5YmVyb2FtIEFwcGxpYW5jZTEr
MCkGA1UEAwwiQ3liZXJvYW0gQXBwbGlhbmNlIENBX0MxNjIxMzA1NjA5MTEgMB4G
CSqGSIb3DQEJARYRaW5mb0BjeWJlcm9hbS5jb22CCQD91ifUC0ZHSTAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQA0XDFde09+HpQ5NtK84iizW9OXFGNK
IQgfYp5hr/gYoER2gML4oLumasjgjTOb1HUKN6wNTao8WwvAZcSxKFWfTKyN/s4s
J55/cnSDFKm5Dt7ok3C9fEQnSPHh8fAgEyIIB7kCGZgyVn7oshBuBEtXPQQ1slJg
I/YKO/zSUj0A2XoZPfLrZ2D8KE/sa+Z3nxSx3+EtXPtOh+9dFZ9p/YDuGll7AjYh
QDEIWJEEBbiI3km5z2rWlL+IG4lvAwI7uel4wIOxafr+7DvcPB9YeNHpHFgBTJKE
aSMx+1SHM5uQJqA4wNMvK5pRinWHUWrysV3cjsKraObdBJlOTR2LIvU0
—–END CERTIFICATE—–
****************************************************************
Certificate Chain is shared across the following IPs:
125.16.58.238
117.239.11.210

—–BEGIN CERTIFICATE—–
MIIErDCCA5SgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBsjELMAkGA1UEBhMCSU4x
EDAOBgNVBAgMB0d1amFyYXQxEjAQBgNVBAcMCUFobWVkYWJhZDERMA8GA1UECgwI
Q3liZXJvYW0xGzAZBgNVBAsMEkN5YmVyb2FtIEFwcGxpYW5jZTErMCkGA1UEAwwi
Q3liZXJvYW0gQXBwbGlhbmNlIENBX0MxNjIxMzA1NjA5MTEgMB4GCSqGSIb3DQEJ
ARYRaW5mb0BjeWJlcm9hbS5jb20wHhcNMTMwMzI2MTI0NjI0WhcNMzYxMjMxMTI0
NjI0WjCBuTELMAkGA1UEBhMCSU4xEDAOBgNVBAgTB0d1amFyYXQxEjAQBgNVBAcT
CUFobWVkYWJhZDERMA8GA1UEChMIQ3liZXJvYW0xGzAZBgNVBAsTEkN5YmVyb2Ft
IEFwcGxpYW5jZTEyMDAGA1UEAxQpQ3liZXJvYW1BcHBsaWFuY2VDZXJ0aWZpY2F0
ZV9DMTYyMTMwNTYwOTExIDAeBgkqhkiG9w0BCQEWEWluZm9AY3liZXJvYW0uY29t
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7Ol1WCu/EHNYdcgH77tNkIgc7
hiLrUrDV4MritRzEbFF7ST/TTAhEXmZ3eRUHwxOb1ZeQ/MLuBUckY8bxu+eE7N+5
4j2Xco4DYUkW5hTVjjnRGU4iG/T0u8oOzIvazOPvuIXAe8v7klFOspOJL4giG6Gk
EbBrmIV3cWNGmSnHWQIDAQABo4IBRjCCAUIwCQYDVR0TBAIwADAsBglghkgBhvhC
AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFGRM
wM7mDNEVNWboJeY6tE6R42W4MIHnBgNVHSMEgd8wgdyAFB4IpmdN8Hi5EkGC3WMw
OM6PdMHQoYG4pIG1MIGyMQswCQYDVQQGEwJJTjEQMA4GA1UECAwHR3VqYXJhdDES
MBAGA1UEBwwJQWhtZWRhYmFkMREwDwYDVQQKDAhDeWJlcm9hbTEbMBkGA1UECwwS
Q3liZXJvYW0gQXBwbGlhbmNlMSswKQYDVQQDDCJDeWJlcm9hbSBBcHBsaWFuY2Ug
Q0FfQzE2MjEzMDU2MDkxMSAwHgYJKoZIhvcNAQkBFhFpbmZvQGN5YmVyb2FtLmNv
bYIJAP3WJ9QLRkdJMA0GCSqGSIb3DQEBBAUAA4IBAQANli17Oqp2UEjmEjKNg0DH
E0dYe9RVTLY9zcm3rtT7pVxtmsC96oYhFTQG/1TBJAzhYxZxq6ElckUw01O3hXVc
EBq8poumW8s94CBj0C94rsg8KNqtD4Wr7VTgZheX5acCrr1xYVCTINBqkdYXYT0h
AjAmUOK5skq0PDONrani/OOHPFrGlbL6ia09AMjfPy3PAZqZOOXQ8CPgze7zkPDC
Ea8OAEl20PlUtbsHoZl8eS9T9IqO3cZohp98rBG5zefRlrUP+W4146BkCSc1dY9n
abU+mEk4OomF4cZdpOk856RhDhReE90KQul/gXN17wSlbIrkanMXYfJRAtqjhqO2
—–END CERTIFICATE—–
****************************************************************
Certificate Chain is shared across the following IPs:
125.16.58.238
117.239.11.210

—–BEGIN CERTIFICATE—–
MIIDdTCCAl2gAwIBAgIJAK9q70K1X0cYMA0GCSqGSIb3DQEBCwUAMFExJTAjBgNV
BAoMHFdlYm1pbiBXZWJzZXJ2ZXIgb24gaG90c3BvdDQxCjAIBgNVBAMMASoxHDAa
BgkqhkiG9w0BCQEWDXJvb3RAaG90c3BvdDQwHhcNMTQwOTE3MDc1ODIxWhcNMTkw
OTE2MDc1ODIxWjBRMSUwIwYDVQQKDBxXZWJtaW4gV2Vic2VydmVyIG9uIGhvdHNw
b3Q0MQowCAYDVQQDDAEqMRwwGgYJKoZIhvcNAQkBFg1yb290QGhvdHNwb3Q0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnXYMMimsgUpa4966Cn7LlbA
pn9nIdrRws0rdRIkDpt/Cfo/uEACI2gesGz5+n21bKZ3uGsbdxJmx1tCE+iXiOHh
835QUGd/3WlbyYAhtEKLMp931Iiqcn1UrAwEoucArwwE0U7mz7jdrfT2tMFTsRuq
D4kHQ0/1QX2EzEsr5e7PzNMO54DR9br0ig7d9hOnnb037WL6t2UxEhBV0mY7CTzR
y4LPfdnbAa+wzxBbF6EFF9i0nagNBxD/CP9nYQKOflt4BYy3p9Pc3kIYZSydZ+5Q
Jvv5/08PDpsulWcnYGWen2B8icczvh+vSUtddh3smBVUxMvHa5uihdPZuhq9hwID
AQABo1AwTjAdBgNVHQ4EFgQUQYU0UYDyce7+9AWpBBF9xwEJYHswHwYDVR0jBBgw
FoAUQYU0UYDyce7+9AWpBBF9xwEJYHswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAPIcfZNRSVceNFUw7x7W7gd9Ulj7WcUwSqKsVJnjZLW6+msQ4BKoq
R2Vb0+9J7X+zhBxjGgaAWQqB8YIXVjdK+FdU+NCthfa6fJV5H8fXJ2bZ8miJ5pCL
F0ir33QnGE+MQwBPl/gya9foSXQSlWPVfSENVGFNg7tIsEDHfX/s/2eyovrMkK6v
xTZxGfXV1zeVQP/aAYflfG1dxB39J/QLPiQyV/zr/t9AR1eSUqwWzXl7TffgGuoZ
PVTvHtaMsvwyfhVIrZnGAyBeiPZa7H78wQGcW8lVqucdtn3+Ji7nWjmaO9TphVCm
hzarAR99AemE5B9nNFWE/Zs+ACSc9JXn9w==
—–END CERTIFICATE—–
****************************************************************
Certificate Chain is shared across the following IPs:
94.228.16.25

—–BEGIN CERTIFICATE—–
MIIDvjCCAqagAwIBAgIJAP77vh+XN0EIMA0GCSqGSIb3DQEBBQUAMEgxCzAJBgNV
BAYTAlVBMRMwEQYDVQQIEwpTb21lLVN0YXRlMREwDwYDVQQKEwhsMy5kcC51YTER
MA8GA1UECxMIbDMuZHAudWEwHhcNMTQwOTA5MTE1ODA0WhcNMTYxMTE3MTE1ODA0
WjBIMQswCQYDVQQGEwJVQTETMBEGA1UECBMKU29tZS1TdGF0ZTERMA8GA1UEChMI
bDMuZHAudWExETAPBgNVBAsTCGwzLmRwLnVhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAypdwpm4IltNiESBM4KN5oziUqyE8kzRDAqZlNMjbBdlDOgdz
nOloXx3kSwprnMcKtaLDlanb2hF16FbmTMwMGjIZa2jmcaLEwIOnKmLeLADFyi4z
hHpNULDU4IEVQYfcEcRHrGSAaImurBA7O6kS9gSq8FNJMcBvg9/GmlqUb5Kzk2/G
X0JIJv5Aom15STSFKeG7yq0PbmwVph0qlB43Gg1tkfcg4W9qngN4pTZavTBrvtnH
WA6KXLCLBm72C9ugGctHavcrY3FXc60eSAaAj/ttXXOJww+FJIrawmeVjfa7vhZb
gwdNdnm1tQw2qUEdqo0AEwdFz8Xvgolvawjv/wIDAQABo4GqMIGnMB0GA1UdDgQW
BBQvbRujQhqgGk11SWi7NiLmj1gXgTB4BgNVHSMEcTBvgBQvbRujQhqgGk11SWi7
NiLmj1gXgaFMpEowSDELMAkGA1UEBhMCVUExEzARBgNVBAgTClNvbWUtU3RhdGUx
ETAPBgNVBAoTCGwzLmRwLnVhMREwDwYDVQQLEwhsMy5kcC51YYIJAP77vh+XN0EI
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAID00o5Ki5cXIju6m96M
zuByNd1FXrVs1KgSknnQdCHE/HrwFw0bhU7IRCIuau1FE8UUe3tfwIp134zDIQ4P
eBsMGZKfKsaQ5/rl8/R/ACSTDmdsrs3NpSpCGnXDK4kgla2RCYbZ9q3oRgMtHWS1
HIHbsk7GHnPyXKOw/mVh1jRljiZHA2XzzE0XsKcw7Vgo3EriSTaOluMvauUeRzwD
7AH9GUwAEmSgBe9wXJfwpHNW8qTidkxOouvT8RUuZzd1SdnDtDttMWCIVw4fAb54
mhBi2n2tP6BfLqKijcmmQjeuNtIpDXmH1WHv8I1DA/zqvtlad3GPcbKDDtUgY/cB
SPk=
—–END CERTIFICATE—–
****************************************************************
Certificate Chain is shared across the following IPs:
93.178.219.134

—–BEGIN CERTIFICATE—–
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
—–END CERTIFICATE—–
****************************************************************
Certificate Chain is shared across the following IPs:
93.171.129.151

—–BEGIN CERTIFICATE—–
MIIDtjCCAx+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnzELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRUwEwYD
VQQKEwxORVRHRUFSIEluYy4xGDAWBgNVBAsTD05ldGdlYXIgUHJvc2FmZTEQMA4G
A1UEAxMHTmV0R2VhcjEiMCAGCSqGSIb3DQEJARYTc3VwcG9ydEBuZXRnZWFyLmNv
bTAeFw0wNzA4MjQxNjI2MDRaFw0zNzA4MjQxNjI2MDRaMIGfMQswCQYDVQQGEwJV
UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExFTAT
BgNVBAoTDE5FVEdFQVIgSW5jLjEYMBYGA1UECxMPTmV0Z2VhciBQcm9zYWZlMRAw
DgYDVQQDEwdOZXRHZWFyMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QG5ldGdlYXIu
Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEd8qPR/+JzMIFMfaxx1Zb
Ku8CXp5QfuAxoxGgbzTMGPQ/3qIbrgSLVftwqfJR2z4DHZrl/imRyrh1dReKE5RG
eBXpsts0VBONipQ2EfqUgRZSX4V+l1oORkAUfcwmBCo4+Yvz5l/OeinhY5UJMntv
RrWHLSc1V5t4oR9Q762UhwIDAQABo4H/MIH8MB0GA1UdDgQWBBTiDIMuQ+s8PYER
CUeb8zEQAg1TCzCBzAYDVR0jBIHEMIHBgBTiDIMuQ+s8PYERCUeb8zEQAg1TC6GB
paSBojCBnzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNV
BAcTC1NhbnRhIENsYXJhMRUwEwYDVQQKEwxORVRHRUFSIEluYy4xGDAWBgNVBAsT
D05ldGdlYXIgUHJvc2FmZTEQMA4GA1UEAxMHTmV0R2VhcjEiMCAGCSqGSIb3DQEJ
ARYTc3VwcG9ydEBuZXRnZWFyLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBBAUAA4GBADNChnYO5lp2mXg3Ds67RQshgvP97YUr5AO82MSGrnELvHIoIO9g
ontaC/M8O8qeJO5ZvW40sltLddiWMk9c+sn203Cc5kt4+99Dd+xPGsb5weG02WJ5
gqIGEQAOsZoV74e+PPKBISyHIy+QHOjKKEfNshOS0cME5TOhSUL/3mts
—–END CERTIFICATE—–
****************************************************************
Certificate Chain is shared across the following IPs:
187.141.244.130

 

**********************************************************************
Top Ports : Number of Instances
**********************************************************************
Port: 80 – 137 instances
Port: 7547 – 105 instances
Port: 443 – 35 instances
Port: 1900 – 28 instances
Port: 22 – 25 instances
Port: 23 – 24 instances
Port: 161 – 21 instances
Port: 53 – 20 instances
Port: 49152 – 15 instances
Port: 3389 – 13 instances

2 thoughts on “An Ongoing Attack – Attacker Metadata Information

  1. Chris,
    I’ve been using JustMetaData for a short time and had a question regarding the shared keys information. What information or intelligence (beyond the obvious) do you forsee being able to garner from the fact that multiple IPs share the same HTTPS public key?

    So far, I think this tool has been quite useful!
    Thanks
    Kb

    Reply

    • My thought process on that is if you identify systems using the same HTTPS Certificate, or SSH key, or both, that you could hypothesize that they might be admined by the same person/group, even if distributed geographically. It’s trying to identify relationships/similarities across different systems over a large data set that might not otherwise be obvious.

      Reply

Leave a Reply