Threat Intel Solutions

* [Cobalt Strike](https://www.redpacketsecurity.com/category/cobalt-strike/)Cobalt Strike Beacon Detected — 34-[.-]244-[.-]213-[.-]212:443===============================================================[December 15, 2024](https://www.redpacketsecurity.com/2024/12/) Cobalt Strike Beacon Detection Alerts > The Information provided at the time of posting was detected as ‘Cobalt Strike’. Depending on when you are viewing this article, it may no longer be the case and could be determined as being a false positive. Please do your own additional validation. — RedPacket Security >TimeStamp 2024-12-15T00:30:24.783601  Cobalt Strike**General Information**———————–**Cloud Provider** Amazon **Cloud Region** eu-west-1 **Service** EC2 **Domains** itp-interpipe-[.-]org, amazonaws-[.-]com **Hostnames** itp-interpipe-[.-]org, ec2-34-244-213-212-[.-]eu-west-1-[.-]compute-[.-]amazonaws-[.-]com **HTTP Host** 34-[.-]244-[.-]213-[.-]212 **ISP** Amazon.com, Inc. **ORG** Amazon Data Services Ireland Limited **OS** N/A **HTTP** N/A **HTTP HTML HASH** N/A **HTTP LOCATION** / **HTTP REDIRECTS** **HTTP ROBOTS** N/A **HTTP ROBOTS HASH** N/A **HTTP SECURITY.TXT** N/A **HTTP SECURITY.TXT HASH** N/A **HTTP SERVER** Apache/2.4.58 (Ubuntu) **HTTP SITEMAP** N/A **HTTP SITEMAP HASH** N/A **HTTP TITLE** N/A **LOCATION (AREA CODE)** N/A **LOCATION (CITY)** Dublin **LOCATION (COUNTRY CODE)** IE **LOCATION (COUNTRY NAME)** Ireland **LOCATION (LATITUDE)** 53.33306 **LOCATION (LONGITUDE)** -6.24889 **LOCATION (POSTAL CODE)** N/A **SSL SERIAL** 4.303483462115047e+41 **SSL EXPIRED** N/A **SSL FINGERPRINT (SHA1)** a46fcb98c9bc82fbd5b3476bcb534bbe9c3afe81 **SSL ISSUED** 20241016144058Z **SSL EXPIRES** 20250114144057Z **SSL CYPHER** TLS_AES_256_GCM_SHA384 **SSL VERSION** TLSv1.3 **SSL TRUST (REVOKED)** N/A **TAGS** cloud**Cobalt Strike Beacon Information**————————————**Beacon Type** N/A **http-get.client** Host: account-[.-]itp-interpipe-[.-]com, Accept: text/html,application/xhtml+xml,application/xml;q=0-[.-]9,-*/-*;q=0-[.-]8, Accept-Language: en-US,en;q=0-[.-]5, Accept-Encoding: text/plain, User-Agent: Mozilla5-[.-]0 (X11 Linux x86_64v128-[.-]0) ElGecko, Referrer: account-[.-]itp-interpipe-[.-]com, Content-Type: application/x-www-form-urltrytryd, SESSION-ID=JArJarB1nKs2Ws8, Cookie **http-post.client** Host: account-[.-]itp-interpipe-[.-]com, Accept: text/html,application/xhtml+xml,application/xml;q=0-[.-]9,-*/-*;q=0-[.-]8, Accept-Language: en-US,en;q=0-[.-]5, Referrer: account-[.-]itp-interpipe-[.-]com, User-Agent: Mozilla5-[.-]0 (X11 Linux x86_64v128-[.-]0) ElGecko, Accept-Encoding: text/plain, U=JArJarB1nKs2Ws8, SESSIN-ID=, Cookie **DNS Beacon MaxDNS** N/A **DNS Beacon Idle** N/A **Beacon Jitter** N/A **dns-beacon.strategy_fail_seconds** N/A **dns-beacon.strategy_rotate_seconds** N/A **dns-beacon.strategy_fail_x** N/A **HTTP GET URI** 192-[.-]168-[.-]1-[.-]147,/safebrowsing/MbeSbUWS/ZuYn2qTVP8QyuFs1Q59i1aEQvNTi **HTTP POST URI** N/A **Max GET Size** N/A **Port** N/A **post-ex.spawnto_x64** %windir%–sysnative–wbem–wmiprvse-[.-]exe -Embedding **post-ex.spawnto_x86** %windir%–syswow64–wbem–wmiprvse-[.-]exe -Embedding **process-inject.startrwx** N/A **process-inject.userwx** N/A **process-inject.allocator** N/A **proxy.behavior** N/A **sleeptime** N/A **useragent_header** N/A **uses_cookies** N/A **process-inject.execute** ntdll.dll:RtlUserThreadStart, NtQueueApcThread-s, SetThreadContext, CreateRemoteThread, kernel32.dll:LoadLibraryA, RtlCreateUserThread **Watermark** N/A **Beacon Stage Cleanup** N/A
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.If you like the site, please support us on ‘Patreon’ or ‘Buy Me A Coffee’ using the buttons below [Buy Me A Coffee](https://www.buymeacoffee.com/redpacketsec) [Patreon](https://www.patreon.com/bePatron?u=37301876)To keep up to date follow us on the below channels. [Telegram](https://t.me/RedPacketSecurity) [Discord](https://discord.gg/xZY94PXXs4) [Reddit](https://www.reddit.com/r/RedPacketSecurity/) [LinkedIn](https://www.linkedin.com/company/redpacket-security/) [Mastodon](https://mastodon.social/@RedPacketSecurity) Tags: [CobaltStrikeBeaconDetected](https://www.redpacketsecurity.com/tag/cobaltstrikebeacondetected/), [OSINT](https://www.redpacketsecurity.com/tag/osint/), [Security](https://www.redpacketsecurity.com/tag/security/), [threatintel](https://www.redpacketsecurity.com/tag/threatintel/)Post Navigation—————[Previous Cobalt Strike Beacon Detected — 47-[.-]92-[.-]29-[.-]21:9999](https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-47-92-29-21-port-9999/) [Next Cobalt Strike Beacon Detected — 43-[.-]242-[.-]202-[.-]166:80](https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-43-242-202-166-port-80/)

Related Tags:
NAICS: 52 – Finance And Insurance

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 92 – Public Administration

NAICS: 523 – Securities

Commodity Contracts

Other Financial Investments And Related Activities

NAICS: 51 – Information

NAICS: 924 – Administration Of Environmental Quality Programs

Cobalt Strike

Application Layer Protocol: Web Protocols

Application Layer Protocol

Associated Indicators:
itp-interpipe.org

A46FCB98C9BC82FBD5B3476BCB534BBE9C3AFE81

34.244.213.212