Brute Ratel C4 Detected – 3[.]36[.]144[.]103:443

The Information provided at the time of posting was detected as “Brute Ratel C4”. Depending on when you are viewing this article, it may no longer be the case and could be determined as being a false positive. Please do your own additional validation. – RedPacket Security

TimeStamp 2024-04-01T19:29:50.279292

Cloud Information

Provider	Amazon
Region	ap-northeast-2
Service	EC2
ASN	AS16509

Domain Information

Domains

amazonaws.com

HTTP Information

Redirects
Headers Hash	-855300220
Host	3[.]36[.]144[.]103
HTML	404 file not found
HTML Hash	-1957161625
Location	/
Robots	N/A
Robots Hash	N/A
Security TXT	N/A
Security TXT Hash	N/A
Server	nginx/1.16.1
Sitemap	N/A
Sitemap hash	N/A
Status	200
Title	N/A

Location Information

Area Code	N/A
City	Incheon
Country Code	KR
Country Name	Korea, Republic of
Latitude	37.45646
Longitude	126.70515
Region Code	28

SSL Information

Cert Fingerprint SHA1	0f7aecb7f2b5ab9654f1b63b8529e5724943dc7a
Cert Fingerprint SHA256	3772fa687b2140fd77fff6aa5da98e442c3f0ee2d64dcac2c2a419ce07083a84
Issuer	Let’s Encrypt
Subject CN	commapi.gamemarket.kr
Expired	N/A
Cipher	ECDHE-RSA-AES256-GCM-SHA384
Version

Tag Information

Tags	cloud
Tags
Tags	eol-product
Tags	N/A

Host Information

OS	N/A
Transport	tcp
Data	HTTP/1.1 200 OK Server: nginx/1.16.1 Date: Mon, 01 Apr 2024 19:29:50 GMT Content-Type: text/html; charset=utf-8 Content-Length: 18 Connection: keep-alive Access-Control-Allow-Origin: * X-DNS-Prefetch-Control: off X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block ETag: W/”12-GiefXfQQN0O4I+wqaghDb99j/jA”
Port	443
IP	3[.]36[.]144[.]103