minicuper

curl 'https://www.gosparom.ru/local/templates/for_booking/components/bitrix/catalog.element/step3/ajax/ajax_create_order.php' -H 'Pragma: no-cache' -H 'Origin: https://www.gosparom.ru' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.8,ru;q=0.6' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'Accept: */*' -H 'Cache-Control: no-cache' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: PHPSESSID=o6oovbjrce93lc2jt1cf2op3r4; _ym_uid=1504242737224766067; _ym_isad=2; BX_USER_ID=b1f7cbb00b18d2cd993fab15dc2bd75e; BITRIX_SM_TIMESLOT_DATA=%7B%22direction%22%3A%222%22%2C%22category_id%22%3A%222%22%2C%22count%22%3A%223%22%2C%22count_adult%22%3A%222%22%2C%22count_child%22%3A%221%22%2C%22count_baby%22%3A%220%22%2C%22allow_back_search%22%3A%22N%22%2C%22time-slot-forward%22%3A%2272172disabled%22%2C%22time-slot-back%22%3Anull%2C%22vehicle_cat

minicuper

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"\n  "http://www.w3.org/TR/html4/loose.dtd">\n<html>\n  <head>\n    <title>KeyError: \'username\' // Werkzeug Debugger</title>\n    <link rel="stylesheet" href="?__debugger__=yes&amp;cmd=resource&amp;f=style.css"\n        type="text/css">\n    <!-- We need to make sure this has a favicon so that the debugger does\n         not by accident trigger a request to /favicon.ico which might\n         change the application state. -->\n    <link rel="shortcut icon"\n        href="?__debugger__=yes&amp;cmd=resource&amp;f=console.png">\n    <script src="?__debugger__=yes&amp;cmd=resource&amp;f=jquery.js"></script>\n    <script src="?__debugger__=yes&amp;cmd=resource&amp;f=debugger.js"></script>\n    <script type="text/javascript">\n      var TRACEBACK = 139810095890160,\n          CONSOLE_MODE = false,\n          EVALEX = true,\n          EVALEX_TRUSTED = false,\n          SECRET = "R2IXrxCjTItnLPmOBani";\n    </script>\n  </head>\n  <body style="background-c

minicuper

let url = 'https://login.microsoftonline.com/common/discovery/keys'
url = 'https://cortex.deloitte.com'
url = 'https://dauth.us.deloitte.com'

const certs = [
	// cortex 
	"-----BEGIN CERTIFICATE-----\n" +
	"MIIH2zCCBsOgAwIBAgIQbBcEW9Jib3UB0DeE8eLzXjANBgkqhkiG9w0BAQsFADCB\n" +
	"hDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w\n" +
	"HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTUwMwYDVQQDEyxTeW1hbnRl\n" +

minicuper

Hello 

After resetting the password, you will login through the console, to further investigate.

Due to the outbound flood attacks from the droplet, the result of a compromise, we can not allow it back online. 

We have seen this lots of times before, your droplet is compromised. It's sending out flood attacks that are in line with that. 

We do not see any other alerts from the other droplets in this cluster. Only this one is generating FLOOD ALERTS, like we showed you before. Directly from our switches! 

minicuper

/*
 * JavaScript Grammar
 * ==================
 *
 * Based on grammar from ECMA-262, 5.1 Edition [1]. Generated parser builds a
 * syntax tree compatible with Mozilla SpiderMonkey Parser API [2]. Properties
 * and node types reflecting features not present in ECMA-262 are not included.
 *
 * Limitations:
 *

minicuper

"users",
      [
        "_page",
        "userIds"
      ],
      [
        "robot001",
        "robot002",
        "robot003",
        "robot004",

minicuper

#cloud-config

coreos:
  etcd2:
    # generate a new token for each unique cluster from https://discovery.etcd.io/new
    discovery: https://discovery.etcd.io/bcdcbad949c294ee256f5a359f44baad
    # multi-region and multi-cloud deployments need to use 169.254.116.124
    advertise-client-urls: http://10.132.123.55:2379
    initial-advertise-peer-urls: http://10.132.123.55:2380
    # listen on both the official ports and the legacy ports

minicuper

#cloud-config

coreos:
  etcd2:
    # generate a new token for each unique cluster from https://discovery.etcd.io/new
    discovery: https://discovery.etcd.io/dd1b67886bb170346de11d3f5d2d076f
    # multi-region and multi-cloud deployments need to use 169.254.171.147
    advertise-client-urls: http://10.132.48.157:2379
    initial-advertise-peer-urls: http://10.132.48.157:2380
    # listen on both the official ports and the legacy ports

minicuper

c->s {"a":"qunsub","id":3} new-negotiation-cdfa786a2e26f65afbf0826fb829fc75.js:72004:3
c->s {"a":"qsub","id":3,"c":"users","q":{"_id":{"$in":["e2cc2159-4e8c-4daf-b5c0-a8bf15be8681","8bc235fc-6993-472d-953a-c2950a901c03","7d48d26e-b44b-4cfe-af9d-9e6b1fa0ecc9","4d26c823-3056-4cad-a8e0-c93e0362db2f","92c69bad-a1cd-40be-8645-608b0d613759","cdf48035-5213-4f10-87c2-4cb3f831783e","748d7964-f127-496a-bbd8-c6ed86593d4a","b159d250-87c5-4ab4-8c45-770cd55f778d","86100a7e-19bc-4d3e-9ba6-9bc5591ebcc2","ef372699-339d-4067-84d2-6d2c1ce4995d"]}},"vs":{"4d26c823-3056-4cad-a8e0-c93e0362db2f":9,"748d7964-f127-496a-bbd8-c6ed86593d4a":9,"7d48d26e-b44b-4cfe-af9d-9e6b1fa0ecc9":9,"86100a7e-19bc-4d3e-9ba6-9bc5591ebcc2":9,"8bc235fc-6993-472d-953a-c2950a901c03":9,"92c69bad-a1cd-40be-8645-608b0d613759":9,"b159d250-87c5-4ab4-8c45-770cd55f778d":9,"cdf48035-5213-4f10-87c2-4cb3f831783e":9,"df993738-3864-4494-ae63-2ff04da821b7":9,"e2cc2159-4e8c-4daf-b5c0-a8bf15be8681":9,"ef372699-339d-4067-84d2-6d2c1ce4995d":9}} new-negotiation-cdfa786a2e26f6

minicuper

module.exports = Socket;

var BCSocket = require('browserchannel/dist/bcsocket-uncompressed').BCSocket;

function Socket(options) {
  this._options = options;
  this._messageQueue = [];
  this._connectedOnce = false;
  this._attemptNum = 0;
  this._url = getWebSocketURL(options);