Cobalt Strike Beacon Detected – 193[.]124[.]41[.]54:80
Cobalt Strike Beacon Detection Alerts
The Information provided at the time of posting was detected as “Cobalt Strike”. Depending on when you are viewing this article, it may no longer be the case and could be determined as being a false positive. Please do your own additional validation. – RedPacket Security
TimeStamp 2025-05-02T09:42:47.832284
General Information
| Cloud Provider | |
| Cloud Region | |
| Service | |
| Domains | N/A |
| Hostnames | N/A |
| HTTP Host | 193[.]124[.]41[.]54 |
| ISP | Baxet Group Inc. |
| ORG | Reliable Communications s.r.o. |
| OS | N/A |
| HTTP |
Welcome to nginx on AlmaLinux!This page is used to test the proper operation of the nginx HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly. Website AdministratorThis is the default index.html page that is distributed with nginx on AlmaLinux. It is located in /usr/share/nginx/html. You should now put your content in a location of your choice and edit the root configuration directive in the nginx configuration file /etc/nginx/nginx.conf. For information on AlmaLinux, please visit the AlmaLinux website. ![[ Powered by nginx ]](nginx-logo.png){kind=logo}
![[ Powered by AlmaLinux ]](poweredby.png){kind=small}
|
| HTTP HTML HASH | 1964416503 |
| HTTP LOCATION | / |
| HTTP REDIRECTS | |
| HTTP ROBOTS | N/A |
| HTTP ROBOTS HASH | N/A |
| HTTP SECURITY.TXT | N/A |
| HTTP SECURITY.TXT HASH | N/A |
| HTTP SERVER | nginx/1.14.1 |
| HTTP SITEMAP | N/A |
| HTTP SITEMAP HASH | N/A |
| HTTP TITLE | Test Page for the Nginx HTTP Server on AlmaLinux |
| LOCATION (AREA CODE) | N/A |
| LOCATION (CITY) | Warsaw |
| LOCATION (COUNTRY CODE) | PL |
| LOCATION (COUNTRY NAME) | Poland |
| LOCATION (LATITUDE) | 52.22977 |
| LOCATION (LONGITUDE) | 21.01178 |
| LOCATION (POSTAL CODE) | N/A |
| SSL SERIAL | |
| SSL EXPIRED | |
| SSL FINGERPRINT (SHA1) | |
| SSL ISSUED | |
| SSL EXPIRES | |
| SSL CYPHER | |
| SSL VERSION | |
| SSL TRUST (REVOKED) | |
| TAGS | eol-product |
Cobalt Strike Beacon Information
| Beacon Type | |
| http-get.client | |
| http-post.client | |
| DNS Beacon MaxDNS | |
| DNS Beacon Idle | |
| Beacon Jitter | |
| dns-beacon.strategy_fail_seconds | |
| dns-beacon.strategy_rotate_seconds | |
| dns-beacon.strategy_fail_x | |
| HTTP GET URI | |
| HTTP POST URI | |
| Max GET Size | |
| Port | |
| post-ex.spawnto_x64 | |
| post-ex.spawnto_x86 | |
| process-inject.startrwx | |
| process-inject.userwx | |
| process-inject.allocator | |
| proxy.behavior | |
| sleeptime | |
| useragent_header | |
| uses_cookies | |
| process-inject.execute | |
| Watermark | |
| Beacon Stage Cleanup |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
