paste #7 :: BLACKVINE C2 panel - found exposed

found something tonight that should not be on the public internet: https://bv-c2.rootthisbox.org/ login looks active but i did not try anything. forwarding to people who can do something with it. the directory listing at /.listing.html is the interesting part. they left it indexable. there is a config.bak.html with what looks like deployment notes. attribution? the host name kind of gives it away. no, i am not the threat actor. i am a person who runs scans and gets excited when i find something. please do not arrest me.