C2

Key: baidu.com · Resolved IP: 111.63.65.247
Protocols: https · Ports: 443
First view: 2025-12-26 08:09:04 CET · Last view: 2026-01-16 16:10:25 CET

Endpoints

ID	Protocole	Port	First view	Last view	SubmitURIs	Paths	URLs	Seen in
https:443	https	443	2025-12-26 08:09:04 CET	2026-01-16 16:10:25 CET	/aircanada/dark.php, /windowsxp/updcheck.php, /hello/flash.php	/updates	6 Sample https://baidu.com:443/aircanada/dark.php https://baidu.com:443/updates/aircanada/dark.php https://baidu.com:443/updates/windowsxp/updcheck.php https://baidu.com:443/windowsxp/updcheck.php https://baidu.com:443/hello/flash.php	4 hashes 1eb88f0332bf14f0270fdb0b3efac5112431482eb1be47baa7b9d7dec06fbe85 70005bca1838429514b47c1ca983be59f9303a259a9987f958e42d8804da42d7 8163627dc2be785def0a2bae6bd47bb67dbe966a19ec5c48b3a6f542dac8e193 bc2b11bd9a1719af02eb95313a9b7b4a724bc17b4e20c54b589d5f5b60731fce

{
  "Endpoints": {
    "https:443": {
      "Firsttime": 1766732944.598988,
      "lasttime": 1768576225.897715,
      "paths": [
        "/updates"
      ],
      "port": "443",
      "protocol": "https",
      "seen_in": [
        {
          "arch": "x64",
          "beacon_ip": "8.219.76.168",
          "beacon_port": "443",
          "config_hash": "70005bca1838429514b47c1ca983be59f9303a259a9987f958e42d8804da42d7",
          "trial": false,
          "ts": 1767740825.6645455,
          "version": "Cobalt Strike 4.8 (Feb 28, 2023)",
          "watermark": 987654321
        },
        {
          "arch": "x86",
          "beacon_ip": "8.219.76.168",
          "beacon_port": "443",
          "config_hash": "8163627dc2be785def0a2bae6bd47bb67dbe966a19ec5c48b3a6f542dac8e193",
          "trial": false,
          "ts": 1767740823.584196,
          "version": "Cobalt Strike 4.8 (Feb 28, 2023)",
          "watermark": 987654321
        },
        {
          "arch": "x86",
          "beacon_ip": "8.219.76.168",
          "beacon_port": "443",
          "config_hash": "1eb88f0332bf14f0270fdb0b3efac5112431482eb1be47baa7b9d7dec06fbe85",
          "trial": false,
          "ts": 1768576223.2205744,
          "version": "Cobalt Strike 4.8 (Feb 28, 2023)",
          "watermark": 987654321
        },
        {
          "arch": "x64",
          "beacon_ip": "8.219.76.168",
          "beacon_port": "443",
          "config_hash": "bc2b11bd9a1719af02eb95313a9b7b4a724bc17b4e20c54b589d5f5b60731fce",
          "trial": false,
          "ts": 1768576225.897715,
          "version": "Cobalt Strike 4.8 (Feb 28, 2023)",
          "watermark": 987654321
        }
      ],
      "submituris": [
        "/aircanada/dark.php",
        "/windowsxp/updcheck.php",
        "/hello/flash.php"
      ],
      "urls": [
        "https://baidu.com:443/aircanada/dark.php",
        "https://baidu.com:443/updates/aircanada/dark.php",
        "https://baidu.com:443/updates/windowsxp/updcheck.php",
        "https://baidu.com:443/windowsxp/updcheck.php",
        "https://baidu.com:443/hello/flash.php",
        "https://baidu.com:443/updates/hello/flash.php"
      ]
    }
  },
  "Firsttime": 1766732944.598988,
  "Host": "baidu.com",
  "IP": "111.63.65.247",
  "IPs": [
    "111.63.65.247",
    "111.63.65.103",
    "110.242.74.102",
    "124.237.177.164"
  ],
  "Paths": [
    "/updates"
  ],
  "Ports": [
    "443"
  ],
  "Protocols": [
    "https"
  ],
  "SubmitURIs": [
    "/aircanada/dark.php",
    "/windowsxp/updcheck.php",
    "/hello/flash.php"
  ],
  "URLs": [
    "https://baidu.com:443/aircanada/dark.php",
    "https://baidu.com:443/updates/aircanada/dark.php",
    "https://baidu.com:443/updates/windowsxp/updcheck.php",
    "https://baidu.com:443/windowsxp/updcheck.php",
    "https://baidu.com:443/hello/flash.php",
    "https://baidu.com:443/updates/hello/flash.php"
  ],
  "ip_enrichment": {
    "110.242.74.102": {
      "ASN": {
        "number": 4837,
        "org": "CHINA169-BACKBONE CHINA UNICOM China169 Backbone"
      },
      "GEO": {
        "country": "CN",
        "country_name": "China",
        "lat": 35.0,
        "lon": 105.0
      },
      "first": 1766732944.598988,
      "last": 1767453183.1832125,
      "meta": {
        "build_db": "2025-10-14 12:06:54",
        "db_source": "GeoOpen-Country-ASN"
      },
      "source": "ip.circl.lu",
      "updated": 1767456638.0221813
    },
    "111.63.65.103": {
      "ASN": {
        "number": 24547,
        "org": "CMNET-V4HEBEI-AS-AP Hebei Mobile Communication Company Limited"
      },
      "GEO": {
        "country": "CN",
        "country_name": "China",
        "lat": 35.0,
        "lon": 105.0
      },
      "first": 1766732944.598988,
      "last": 1767453183.1832125,
      "meta": {
        "build_db": "2025-10-14 12:06:54",
        "db_source": "GeoOpen-Country-ASN"
      },
      "source": "ip.circl.lu",
      "updated": 1767456637.9960608
    },
    "111.63.65.247": {
      "ASN": {
        "number": 24547,
        "org": "CMNET-V4HEBEI-AS-AP Hebei Mobile Communication Company Limited"
      },
      "GEO": {
        "country": "CN",
        "country_name": "China",
        "lat": 35.0,
        "lon": 105.0
      },
      "first": 1766732944.598988,
      "last": 1767453183.1832125,
      "meta": {
        "build_db": "2025-10-14 12:06:54",
        "db_source": "GeoOpen-Country-ASN"
      },
      "source": "ip.circl.lu",
      "updated": 1767456637.9705029
    },
    "124.237.177.164": {
      "ASN": {
        "number": 4134,
        "org": "CHINANET-BACKBONE No.31,Jin-rong Street"
      },
      "GEO": {
        "country": "CN",
        "country_name": "China",
        "lat": 35.0,
        "lon": 105.0
      },
      "first": 1766732944.598988,
      "last": 1767453183.1832125,
      "meta": {
        "build_db": "2025-10-14 12:06:54",
        "db_source": "GeoOpen-Country-ASN"
      },
      "source": "ip.circl.lu",
      "updated": 1767456638.050454
    }
  },
  "lasttime": 1768576225.897715
}