{"report_id":"0064d2bf-a831-4205-a47b-a68988b0bb90","version":6,"status":"done","tags":[],"date":"2023-09-23T08:12:27Z","url":{"schema":"http","addr":"pylon.kesug.com","fqdn":"pylon.kesug.com","domain":"kesug.com","tld":"com"},"ip":{"addr":"185.27.134.215","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"http","addr":"pylon.kesug.com/?i=1","fqdn":"pylon.kesug.com","domain":"kesug.com","tld":"com"},"title":"pylon.kesug.com/?i=1"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T21:54:59Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"pylon.kesug.com","ip":{"addr":"185.27.134.215","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":4,"received_data":33112,"sent_data":1575,"comment":"","tags":null,"fingerprints":null},{"fqdn":"errors.infinityfree.net","ip":{"addr":"172.67.71.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2015-04-18","domain_rank":0,"first_seen":"2022-05-27 03:14:37","last_seen":"2023-09-22 04:16:07","alert_count":0,"request_count":1,"received_data":687,"sent_data":433,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-09-23T08:12:10Z","timestamp":1695456730,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59419,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO infinityfree .net Domain in DNS Lookup","source":"{\"timestamp\":\"2023-09-23T08:12:10.936472+0000\",\"flow_id\":2128562666352057,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.199\",\"src_port\":59419,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035538,\"rev\":2,\"signature\":\"ET INFO infinityfree .net Domain in DNS Lookup\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_03_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_03_18\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":22942,\"rrname\":\"errors.infinityfree.net\",\"rrtype\":\"A\",\"tx_id\":2}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":1,\"bytes_toserver\":193,\"bytes_toclient\":99,\"start\":\"2023-09-23T08:11:08.273849+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-09-23T08:12:10Z","timestamp":1695456730,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":41144,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO infinityfree .net Domain in DNS Lookup","source":"{\"timestamp\":\"2023-09-23T08:12:10.936778+0000\",\"flow_id\":1392014433864522,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.199\",\"src_port\":41144,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035538,\"rev\":2,\"signature\":\"ET INFO infinityfree .net Domain in DNS Lookup\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_03_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_03_18\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":30247,\"rrname\":\"errors.infinityfree.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-09-23T08:12:10.936778+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"pylon.kesug.com/","fqdn":"pylon.kesug.com","domain":"kesug.com","tld":"com"},"ip":{"addr":"185.27.134.215","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T08:12:10.136071618Z","timestamp":1695456730136,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: pylon.kesug.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 08:12:09 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":554,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with very long lines (826), with no line terminators","md5":"db706214a9e9363ecc37cb69d1a1714a","sha1":"ad62fa84718a67f0c332692c54f924875205d52e","sha256":"f505a377961ca9407598b9afb154de865314e5be858f4a74bf3da1ac39e0a5df","sha512":"7a88d781d13e8f20c8362c6caebfd49355d4cd8b7b938211f7a362815d217694ff75f9c4ba322c115e930ac2d3a0fca41c631b646a8c60cf136cb316ca6850f1","ssdeep":"","tlshash":"e30141fcfca1e4c9dbc000d1143ac91e641195d1a502c99fc4c141a512d0bdd0e46d7a","first_seen":"2023-09-23T10:12:34Z","last_seen":"2023-09-23T10:12:34Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"pylon.kesug.com/aes.js","fqdn":"pylon.kesug.com","domain":"kesug.com","tld":"com"},"ip":{"addr":"185.27.134.215","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-23T08:12:10.580315795Z","timestamp":1695456730580,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /aes.js HTTP/1.1\r\nHost: pylon.kesug.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://pylon.kesug.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 08:12:10 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 31206\r\nLast-Modified: Fri, 18 Aug 2023 19:17:07 GMT\r\nConnection: keep-alive\r\nETag: \"64dfc3b3-79e6\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":31206,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"78a66859739b0c9e18bc5b4538c03bf9","sha1":"77aa2fbbc258645904620937b387d3deedbd16ea","sha256":"d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc","sha512":"69941c2e73a0894731bda171369d1d3ad09f6d30a0a02caa2340fac4b50c2082b353988b45911f01d0d95d12e78d33c7fce05003f4102f8127c8b7df2f5721ae","ssdeep":"768:1yopGg+XzZFJSYWSKmpLThmSCSKB5VLLTqm5T712:1JpH+XzlSum5T712","tlshash":"c4e21fdb776e28ad4d83327d9676d1c3ee9ec1704431528efcec9828f0da03982a5975","first_seen":"2023-03-07T01:03:52Z","last_seen":"2023-10-29T08:51:10Z","times_seen":680,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"pylon.kesug.com/?i=1","fqdn":"pylon.kesug.com","domain":"kesug.com","tld":"com"},"ip":{"addr":"185.27.134.215","port":80,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-23T08:12:10.797Z","timestamp":1695456730797,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /?i=1 HTTP/1.1\r\nHost: pylon.kesug.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://pylon.kesug.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 08:12:10 GMT\r\nContent-Type: text/html\r\nContent-Length: 4\r\nConnection: keep-alive\r\nLast-Modified: Sun, 17 Sep 2023 04:59:01 GMT\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate\r\nExpires: Mon, 23 Oct 2023 08:12:10 GMT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"098f6bcd4621d373cade4e832627b4f6","sha1":"a94a8fe5ccb19ba61c4c0873d391e987982fbbd3","sha256":"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08","sha512":"ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff","ssdeep":"","tlshash":"4840000000030000000030000000000000000000000000000000000000000000000000","first_seen":"2023-03-13T04:35:57Z","last_seen":"2026-05-12T02:01:47.024412Z","times_seen":279,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"pylon.kesug.com/favicon.ico","fqdn":"pylon.kesug.com","domain":"kesug.com","tld":"com"},"ip":{"addr":"185.27.134.215","port":80,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://pylon.kesug.com/?i=1","date":"2023-09-23T08:12:10.870Z","timestamp":1695456730870,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: pylon.kesug.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://pylon.kesug.com/?i=1\r\nCookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Sat, 23 Sep 2023 08:12:10 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 227\r\nConnection: keep-alive\r\nLocation: https://errors.infinityfree.net/errors/404/\r\nCache-Control: max-age=2592000\r\nExpires: Mon, 23 Oct 2023 08:12:10 GMT\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":227,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"062083477478aac3073dc04e65b37ca7","sha1":"23384c8e312715b238ad2996f9bd2b020e3d55b7","sha256":"924f0f4dea114255f599c39bfe3ed86330193e32d9f43563c6159c10f465193b","sha512":"ceb6b9f870c72a6d8b21f593bcaa2f942ec5b9ced34e03ef64f754caad7b588e8716c6a13a12fa71bd655ce39c871127fe5d2b23ba2fda58c5716d4be3de77fb","ssdeep":"","tlshash":"49d0a7fe548330478963364098c131d1140618bab66656c92ac72846c0159789cca25a","first_seen":"2023-04-05T22:00:11Z","last_seen":"2025-02-26T17:01:30.657616Z","times_seen":953,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"errors.infinityfree.net/errors/404/","fqdn":"errors.infinityfree.net","domain":"infinityfree.net","tld":"net"},"ip":{"addr":"172.67.71.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://pylon.kesug.com/?i=1","date":"2023-09-23T08:12:10.937Z","timestamp":1695456730937,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sni.cloudflaressl.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Sun, 16 Apr 2023 00:00:00 GMT","end":"Mon, 15 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"DA:51:59:52:65:D6:57:48:F7:11:99:9C:BE:81:CA:F5:F1:A3:12:2D","sha256":"34:79:A8:FF:53:A7:93:D8:D4:A5:1D:48:5D:25:6A:0C:E2:93:ED:B1:B6:49:73:46:47:78:7E:08:29:32:BE:49"}}},"request":{"raw":"GET /errors/404/ HTTP/1.1\r\nHost: errors.infinityfree.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://pylon.kesug.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 23 Sep 2023 08:12:10 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\nstrict-transport-security: max-age=15724800; includeSubDomains\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=rxL4Z3lDAbfPMAPjT2%2BfyF%2B9daKxUu7EXdxZIr4JkqNj%2BA7pW8LLUgbmdmiAUPwwbpkOm4Vrv4Vw4LVOM7OM%2Ff9bnSo1vu17rdZ90CjazxNWR4rZgOWiT%2B1EWThHSOb1tXsJUmzq%2FUht\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 80b1523709ee5696-OSL\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-30T17:03:16.761265Z","times_seen":15924132,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":5,"connect":1,"send":0,"wait":100,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}