C2
Key: playbook.aes.com · Resolved IP: —
Protocols: https · Ports: 34567
First view: 2025-12-26 08:05:51 CET · Last view: 2026-01-22 08:11:54 CET
Endpoints
| ID |
Protocole |
Port |
First view |
Last view |
SubmitURIs |
Paths |
URLs |
Seen in |
| https:34567 |
https |
34567 |
2025-12-26 08:05:51 CET |
2026-01-22 08:11:54 CET |
/aircanada/dark.php, /hello/flash.php, /aero2/fly.php |
/updates |
6
Sample
- https://playbook.aes.com:34567/aircanada/dark.php
- https://playbook.aes.com:34567/updates/aircanada/dark.php
- https://playbook.aes.com:34567/hello/flash.php
- https://playbook.aes.com:34567/updates/hello/flash.php
- https://playbook.aes.com:34567/aero2/fly.php
|
6
hashes
|
{
"Endpoints": {
"https:34567": {
"Firsttime": 1766732751.463964,
"lasttime": 1769065914.2308686,
"paths": [
"/updates"
],
"port": "34567",
"protocol": "https",
"seen_in": [
{
"arch": "x64",
"beacon_ip": "123.58.64.57",
"beacon_port": "34567",
"config_hash": "da3f4d7c66b21a3838098767fa20feb9fbb615feccb4c768a1dddee8c73a70eb",
"trial": false,
"ts": 1767568061.7442698,
"version": "Cobalt Strike 4.9 (Sep 19, 2023)",
"watermark": 987654321
},
{
"arch": "x86",
"beacon_ip": "123.58.64.57",
"beacon_port": "34567",
"config_hash": "1ebcafd3c6ecacdd4c5df863585a39c22984f66bb3b861341a4e704bd35f15c4",
"trial": false,
"ts": 1767568059.5536354,
"version": "Cobalt Strike 4.9 (Sep 19, 2023)",
"watermark": 987654321
},
{
"arch": "x86",
"beacon_ip": "123.58.64.57",
"beacon_port": "34567",
"config_hash": "45624c8eceff6ee70dbe54c97bebcf3f824f8fb3316936f621b6ebdf9b1c7655",
"trial": false,
"ts": 1769037062.4799738,
"version": "Cobalt Strike 4.9 (Sep 19, 2023)",
"watermark": 987654321
},
{
"arch": "x64",
"beacon_ip": "123.58.64.57",
"beacon_port": "34567",
"config_hash": "abdafbed9fc9ca0ba6633143e083a9365cc17a7e479cd2e9350ae96544427b83",
"trial": false,
"ts": 1769037064.7064962,
"version": "Cobalt Strike 4.9 (Sep 19, 2023)",
"watermark": 987654321
},
{
"arch": "x86",
"beacon_ip": "123.58.64.57",
"beacon_port": "34567",
"config_hash": "8775c9a3d2d9a1e1de0d87c0a1718a8364fbebe289fe8f02adc0f41e238e0d9d",
"trial": false,
"ts": 1769065910.9465375,
"version": "Cobalt Strike 4.9 (Sep 19, 2023)",
"watermark": 987654321
},
{
"arch": "x64",
"beacon_ip": "123.58.64.57",
"beacon_port": "34567",
"config_hash": "c59119145c7e09093f51cc81615b39e3ec60c5f88e54bc66ce41c986dd0cd299",
"trial": false,
"ts": 1769065914.2308686,
"version": "Cobalt Strike 4.9 (Sep 19, 2023)",
"watermark": 987654321
}
],
"submituris": [
"/aircanada/dark.php",
"/hello/flash.php",
"/aero2/fly.php"
],
"urls": [
"https://playbook.aes.com:34567/aircanada/dark.php",
"https://playbook.aes.com:34567/updates/aircanada/dark.php",
"https://playbook.aes.com:34567/hello/flash.php",
"https://playbook.aes.com:34567/updates/hello/flash.php",
"https://playbook.aes.com:34567/aero2/fly.php",
"https://playbook.aes.com:34567/updates/aero2/fly.php"
]
}
},
"Firsttime": 1766732751.463964,
"Host": "playbook.aes.com",
"IP": null,
"IPs": [],
"Paths": [
"/updates"
],
"Ports": [
"34567"
],
"Protocols": [
"https"
],
"SubmitURIs": [
"/aircanada/dark.php",
"/hello/flash.php",
"/aero2/fly.php"
],
"URLs": [
"https://playbook.aes.com:34567/aircanada/dark.php",
"https://playbook.aes.com:34567/updates/aircanada/dark.php",
"https://playbook.aes.com:34567/hello/flash.php",
"https://playbook.aes.com:34567/updates/hello/flash.php",
"https://playbook.aes.com:34567/aero2/fly.php",
"https://playbook.aes.com:34567/updates/aero2/fly.php"
],
"lasttime": 1769065914.2308686
}