{"Endpoints":{"http:4499":{"Firsttime":1766445070.6367545,"lasttime":1766445072.2323155,"paths":["/cm","/j.ad"],"port":"4499","protocol":"http","seen_in":[{"arch":"x64","beacon_ip":"156.238.233.21","beacon_port":"4499","config_hash":"f1db62464e01e3c7fb2c5775ec8059521ab1d1ea426d30dfd1ee7409730e1729","trial":false,"ts":1766445072.2323155,"version":"Cobalt Strike 4.7 (Aug 17, 2022)","watermark":987654321},{"arch":"x86","beacon_ip":"156.238.233.21","beacon_port":"4499","config_hash":"be291c5295fd6f9aec3df2e14bc77a59f5117744967910d31849775b7b911465","trial":false,"ts":1766445070.6367545,"version":"Cobalt Strike 4.7 (Aug 17, 2022)","watermark":987654321}],"submituris":["/submit.php"],"urls":["http://172.22.8.18:4499/cm/submit.php","http://172.22.8.18:4499/submit.php","http://172.22.8.18:4499/j.ad/submit.php"]},"http:8056":{"Firsttime":1766445067.4809766,"lasttime":1766445069.0747485,"paths":["/IE9CompatViewList.xml","/activity"],"port":"8056","protocol":"http","seen_in":[{"arch":"x64","beacon_ip":"156.238.233.21","beacon_port":"8056","config_hash":"c860437bea605058669177947fe942a2d66d2e5082679b5b937362933cfd6250","trial":false,"ts":1766445069.0747485,"version":"Cobalt Strike 4.7 (Aug 17, 2022)","watermark":987654321},{"arch":"x86","beacon_ip":"156.238.233.21","beacon_port":"8056","config_hash":"e1f3751db9027c15bc810de693376183ac1fa2af62aa8c3ff38f70adb6fbe200","trial":false,"ts":1766445067.4809766,"version":"Cobalt Strike 4.7 (Aug 17, 2022)","watermark":987654321}],"submituris":["/submit.php"],"urls":["http://172.22.8.18:8056/IE9CompatViewList.xml/submit.php","http://172.22.8.18:8056/submit.php","http://172.22.8.18:8056/activity/submit.php"]}},"Firsttime":1766445067.4809766,"Host":"172.22.8.18","IP":"172.22.8.18","IPs":["172.22.8.18"],"Paths":["/cm","/j.ad","/IE9CompatViewList.xml","/activity"],"Ports":["4499","8056"],"Protocols":["http"],"SubmitURIs":["/submit.php"],"URLs":["http://172.22.8.18:4499/cm/submit.php","http://172.22.8.18:4499/submit.php","http://172.22.8.18:4499/j.ad/submit.php","http://172.22.8.18:8056/IE9CompatViewList.xml/submit.php","http://172.22.8.18:8056/submit.php","http://172.22.8.18:8056/activity/submit.php"],"ip_enrichment":{"172.22.8.18":{"ASN":{"number":0,"org":"Not routed"},"GEO":{"country":"None","country_name":null,"lat":null,"lon":null},"first":1766445067.4809766,"last":1766445072.2323155,"meta":{"build_db":"2025-10-14 12:06:54","db_source":"GeoOpen-Country-ASN"},"source":"ip.circl.lu","updated":1767456639.1464145}},"lasttime":1766445072.2323155}