Home Beacons C2 Search SuperSearch API

C2

Key: playbook.aes.com · Resolved IP:
Protocols: https · Ports: 34567
First view: 2025-12-26 08:05:51 CET · Last view: 2026-01-05 00:07:41 CET

Endpoints

ID Protocole Port First view Last view SubmitURIs Paths URLs Seen in
https:34567 https 34567 2025-12-26 08:05:51 CET 2026-01-05 00:07:41 CET /aircanada/dark.php, /hello/flash.php /updates 4
Sample
  • https://playbook.aes.com:34567/aircanada/dark.php
  • https://playbook.aes.com:34567/updates/aircanada/dark.php
  • https://playbook.aes.com:34567/hello/flash.php
  • https://playbook.aes.com:34567/updates/hello/flash.php
 2
hashes 
{
  "Endpoints": {
    "https:34567": {
      "Firsttime": 1766732751.463964,
      "lasttime": 1767568061.7442698,
      "paths": [
        "/updates"
      ],
      "port": "34567",
      "protocol": "https",
      "seen_in": [
        {
          "arch": "x64",
          "beacon_ip": "123.58.64.57",
          "beacon_port": "34567",
          "config_hash": "da3f4d7c66b21a3838098767fa20feb9fbb615feccb4c768a1dddee8c73a70eb",
          "trial": false,
          "ts": 1767568061.7442698,
          "version": "Cobalt Strike 4.9 (Sep 19, 2023)",
          "watermark": 987654321
        },
        {
          "arch": "x86",
          "beacon_ip": "123.58.64.57",
          "beacon_port": "34567",
          "config_hash": "1ebcafd3c6ecacdd4c5df863585a39c22984f66bb3b861341a4e704bd35f15c4",
          "trial": false,
          "ts": 1767568059.5536354,
          "version": "Cobalt Strike 4.9 (Sep 19, 2023)",
          "watermark": 987654321
        }
      ],
      "submituris": [
        "/aircanada/dark.php",
        "/hello/flash.php"
      ],
      "urls": [
        "https://playbook.aes.com:34567/aircanada/dark.php",
        "https://playbook.aes.com:34567/updates/aircanada/dark.php",
        "https://playbook.aes.com:34567/hello/flash.php",
        "https://playbook.aes.com:34567/updates/hello/flash.php"
      ]
    }
  },
  "Firsttime": 1766732751.463964,
  "Host": "playbook.aes.com",
  "IP": null,
  "IPs": [],
  "Paths": [
    "/updates"
  ],
  "Ports": [
    "34567"
  ],
  "Protocols": [
    "https"
  ],
  "SubmitURIs": [
    "/aircanada/dark.php",
    "/hello/flash.php"
  ],
  "URLs": [
    "https://playbook.aes.com:34567/aircanada/dark.php",
    "https://playbook.aes.com:34567/updates/aircanada/dark.php",
    "https://playbook.aes.com:34567/hello/flash.php",
    "https://playbook.aes.com:34567/updates/hello/flash.php"
  ],
  "lasttime": 1767568061.7442698
}