GoPhish Login Page Detected – 63[.]35[.]217[.]229:8443
Covenant C2 Detection Alerts
The Information provided at the time of posting was detected as “GoPhish Login Page”. Depending on when you are viewing this article, it may no longer be the case and could be determined as being a false positive. Please do your own additional validation. – RedPacket Security
TimeStamp 2024-04-11T07:19:50.853916
General Information
Cloud Provider | Amazon |
Cloud Region | eu-west-1 |
Service | EC2 |
Domains | aula-ee[.]com, amazonaws[.]com |
Hostnames | phish[.]aula-ee[.]com, ec2-63-35-217-229[.]eu-west-1[.]compute[.]amazonaws[.]com |
HTTP Host | 63[.]35[.]217[.]229 |
ISP | Amazon.com, Inc. |
ORG | Amazon Data Services Ireland Limited |
OS | N/A |
HTTP HTML HASH | 1527723373 |
HTTP LOCATION | /login?next=%2F |
HTTP REDIRECTS | [object Object] |
HTTP ROBOTS | N/A |
HTTP ROBOTS HASH | N/A |
HTTP FAVICON HASH | |
HTTP SECURITY.TXT | N/A |
HTTP SECURITY.TXT HASH | N/A |
HTTP SERVER | N/A |
HTTP SITEMAP | N/A |
HTTP SITEMAP HASH | N/A |
HTTP TITLE | Gophish – Login |
LOCATION (AREA CODE) | N/A |
LOCATION (CITY) | Dublin |
LOCATION (COUNTRY CODE) | IE |
LOCATION (COUNTRY NAME) | Ireland |
LOCATION (LATITUDE) | 53.33306 |
LOCATION (LONGITUDE) | -6.24889 |
LOCATION (POSTAL CODE) | N/A |
SSL SERIAL | 3.0995446475571873e+41|
SSL EXPIRED | N/A |
SSL FINGERPRINT (SHA1) | a57703423509dcb3c0292fd91aaeb2562de32833 |
SSL ISSUED | 20240122215924Z |
SSL EXPIRES | 20240421215923Z |
SSL CYPHER | TLS_AES_128_GCM_SHA256 |
SSL VERSION | TLSv1.3 |
SSL TRUST (REVOKED) | N/A |
TAGS | cloud, c2 |
PRODUCT | GoPhish |
TRANSPORT | tcp |
PORT | 8443 |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.