C2
Key: 43.138.30.109 · Resolved IP: 43.138.30.109
Protocols: http, https · Ports: 7524, 7777, 8888, 9999
First view: 2026-01-21 00:08:26 CET · Last view: 2026-01-25 16:14:13 CET
Endpoints
| ID |
Protocole |
Port |
First view |
Last view |
SubmitURIs |
Paths |
URLs |
Seen in |
| http:7524 |
http |
7524 |
2026-01-21 00:08:26 CET |
2026-01-24 16:13:20 CET |
/submit.php |
/visit.js, /updates.rss |
3
Sample
- http://43.138.30.109:7524/submit.php
- http://43.138.30.109:7524/visit.js/submit.php
- http://43.138.30.109:7524/updates.rss/submit.php
|
2
hashes
|
| http:8888 |
http |
8888 |
2026-01-21 00:08:33 CET |
2026-01-25 16:14:13 CET |
/submit.php |
/dot.gif, /cm |
3
Sample
- http://43.138.30.109:8888/dot.gif/submit.php
- http://43.138.30.109:8888/submit.php
- http://43.138.30.109:8888/cm/submit.php
|
2
hashes
|
| http:9999 |
http |
9999 |
2026-01-21 00:08:37 CET |
2026-01-24 16:13:24 CET |
/submit.php |
/visit.js, /dot.gif |
3
Sample
- http://43.138.30.109:9999/submit.php
- http://43.138.30.109:9999/visit.js/submit.php
- http://43.138.30.109:9999/dot.gif/submit.php
|
2
hashes
|
| https:7777 |
https |
7777 |
2026-01-21 00:08:30 CET |
2026-01-24 16:13:17 CET |
/submit.php |
/fwlink, /pixel |
3
Sample
- https://43.138.30.109:7777/fwlink/submit.php
- https://43.138.30.109:7777/submit.php
- https://43.138.30.109:7777/pixel/submit.php
|
2
hashes
|
{
"Endpoints": {
"http:7524": {
"Firsttime": 1768950506.9749634,
"lasttime": 1769267600.6291463,
"paths": [
"/visit.js",
"/updates.rss"
],
"port": "7524",
"protocol": "http",
"seen_in": [
{
"arch": "x86",
"beacon_ip": "43.138.30.109",
"beacon_port": "7524",
"config_hash": "9ff61dc382b7fc6c9dc6acb0c5844cef7d6e955e6bcd5bed037b98549b76c3ee",
"trial": false,
"ts": 1769267598.909761,
"version": "Cobalt Strike 4.7 (Aug 17, 2022)",
"watermark": 391144938
},
{
"arch": "x64",
"beacon_ip": "43.138.30.109",
"beacon_port": "7524",
"config_hash": "c3808f38d208d2159fa89d74dbe4aa28ebc5ed9996900754d47923c47273b4e6",
"trial": false,
"ts": 1769267600.6291463,
"version": "Cobalt Strike 4.7 (Aug 17, 2022)",
"watermark": 391144938
}
],
"submituris": [
"/submit.php"
],
"urls": [
"http://43.138.30.109:7524/submit.php",
"http://43.138.30.109:7524/visit.js/submit.php",
"http://43.138.30.109:7524/updates.rss/submit.php"
]
},
"http:8888": {
"Firsttime": 1768950513.6669583,
"lasttime": 1769354053.3301668,
"paths": [
"/dot.gif",
"/cm"
],
"port": "8888",
"protocol": "http",
"seen_in": [
{
"arch": "x86",
"beacon_ip": "43.138.30.109",
"beacon_port": "8888",
"config_hash": "301892879f087783b0f68b4b0cc3b117fbb83ec7ae0c75fd4fbf5ff20ee5b544",
"trial": false,
"ts": 1769354051.7063181,
"version": "Cobalt Strike 4.7 (Aug 17, 2022)",
"watermark": 391144938
},
{
"arch": "x64",
"beacon_ip": "43.138.30.109",
"beacon_port": "8888",
"config_hash": "68e018c9def4e837b118ce25832805de15a740eff6fb490f02fa4c8dffa1f142",
"trial": false,
"ts": 1769354053.3301668,
"version": "Cobalt Strike 4.7 (Aug 17, 2022)",
"watermark": 391144938
}
],
"submituris": [
"/submit.php"
],
"urls": [
"http://43.138.30.109:8888/dot.gif/submit.php",
"http://43.138.30.109:8888/submit.php",
"http://43.138.30.109:8888/cm/submit.php"
]
},
"http:9999": {
"Firsttime": 1768950517.9775765,
"lasttime": 1769267604.6053336,
"paths": [
"/visit.js",
"/dot.gif"
],
"port": "9999",
"protocol": "http",
"seen_in": [
{
"arch": "x86",
"beacon_ip": "43.138.30.109",
"beacon_port": "9999",
"config_hash": "75d7fb481488e7c76bede1286208a0bfa0b30d53a79e4250dbf205b2bc8aad45",
"trial": false,
"ts": 1769267602.5885866,
"version": "Cobalt Strike 4.7 (Aug 17, 2022)",
"watermark": 391144938
},
{
"arch": "x64",
"beacon_ip": "43.138.30.109",
"beacon_port": "9999",
"config_hash": "631dd878d479fc6d5f2a73f6f4a5ecbaf8c2faadce4b7114d1bfe90667dff22e",
"trial": false,
"ts": 1769267604.6053336,
"version": "Cobalt Strike 4.7 (Aug 17, 2022)",
"watermark": 391144938
}
],
"submituris": [
"/submit.php"
],
"urls": [
"http://43.138.30.109:9999/submit.php",
"http://43.138.30.109:9999/visit.js/submit.php",
"http://43.138.30.109:9999/dot.gif/submit.php"
]
},
"https:7777": {
"Firsttime": 1768950510.3058708,
"lasttime": 1769267597.6265626,
"paths": [
"/fwlink",
"/pixel"
],
"port": "7777",
"protocol": "https",
"seen_in": [
{
"arch": "x86",
"beacon_ip": "43.138.30.109",
"beacon_port": "7777",
"config_hash": "ee078636c104847c09290842fc9d29c73b2b61d985104b3bb0d5972c78049038",
"trial": false,
"ts": 1769267596.3605077,
"version": "Cobalt Strike 4.7 (Aug 17, 2022)",
"watermark": 391144938
},
{
"arch": "x64",
"beacon_ip": "43.138.30.109",
"beacon_port": "7777",
"config_hash": "cbec30d49009cc11836ccafc1a1e58e511682df8f2b79b48e6b8ad7597ab1db3",
"trial": false,
"ts": 1769267597.6265626,
"version": "Cobalt Strike 4.7 (Aug 17, 2022)",
"watermark": 391144938
}
],
"submituris": [
"/submit.php"
],
"urls": [
"https://43.138.30.109:7777/fwlink/submit.php",
"https://43.138.30.109:7777/submit.php",
"https://43.138.30.109:7777/pixel/submit.php"
]
}
},
"Firsttime": 1768950506.9749634,
"Host": "43.138.30.109",
"IP": "43.138.30.109",
"IPs": [
"43.138.30.109"
],
"Paths": [
"/visit.js",
"/updates.rss",
"/fwlink",
"/pixel",
"/dot.gif",
"/cm"
],
"Ports": [
"7524",
"7777",
"8888",
"9999"
],
"Protocols": [
"http",
"https"
],
"SubmitURIs": [
"/submit.php"
],
"URLs": [
"http://43.138.30.109:7524/submit.php",
"http://43.138.30.109:7524/visit.js/submit.php",
"http://43.138.30.109:7524/updates.rss/submit.php",
"https://43.138.30.109:7777/fwlink/submit.php",
"https://43.138.30.109:7777/submit.php",
"https://43.138.30.109:7777/pixel/submit.php",
"http://43.138.30.109:8888/dot.gif/submit.php",
"http://43.138.30.109:8888/submit.php",
"http://43.138.30.109:8888/cm/submit.php",
"http://43.138.30.109:9999/submit.php",
"http://43.138.30.109:9999/visit.js/submit.php",
"http://43.138.30.109:9999/dot.gif/submit.php"
],
"ip_enrichment": {
"43.138.30.109": {
"ASN": {
"number": 45090,
"org": "TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited"
},
"GEO": {
"country": "CN",
"country_name": "China",
"lat": 35.0,
"lon": 105.0
},
"first": 1768950506.9749634,
"last": 1768950521.0719912,
"meta": {
"build_db": "2025-10-14 12:06:54",
"db_source": "GeoOpen-Country-ASN"
},
"source": "ip.circl.lu",
"updated": 1768950800.4537094
}
},
"lasttime": 1769354053.3301668
}