{"report_id":"7d0640dd-10c4-42bc-870e-19a5c8ef065f","version":6,"status":"done","tags":[],"date":"2025-03-05T13:48:38Z","url":{"schema":"http","addr":"tomritskes.nl/wp-content/plugins/cached_data/services.exe","fqdn":"tomritskes.nl","domain":"tomritskes.nl","tld":"nl"},"ip":{"addr":"198.185.159.145","port":0,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"tomritskes.nl/wp-content/plugins/cached_data/services.exe","fqdn":"tomritskes.nl","domain":"tomritskes.nl","tld":"nl"},"title":"403 Forbidden"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-14T13:48:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"images.squarespace-cdn.com","ip":{"addr":"151.101.0.238","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2019-01-24","domain_rank":4785,"first_seen":"2019-02-20T22:26:51Z","last_seen":"2025-02-27T10:29:47.006302Z","alert_count":0,"request_count":1,"received_data":5333,"sent_data":553,"comment":"","tags":null,"fingerprints":null},{"fqdn":"tomritskes.nl","ip":{"addr":"198.185.159.144","port":443,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"domain_registered":"2023-04-13","domain_rank":0,"first_seen":"2015-03-26T02:02:36Z","last_seen":"2025-02-22T13:04:34.334665Z","alert_count":4,"request_count":3,"received_data":9471,"sent_data":1360,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.tomritskes.nl","ip":{"addr":"198.185.159.144","port":443,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"domain_registered":"2023-04-13","domain_rank":0,"first_seen":"2015-02-26T12:42:01Z","last_seen":"2025-02-15T12:34:35.481097Z","alert_count":0,"request_count":1,"received_data":5544,"sent_data":435,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-03-05T13:48:16Z","timestamp":1741182496,"ip_dst":{"addr":"198.185.159.144","port":80,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":43446,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious","source":"{\"timestamp\":\"2025-03-05T13:48:16.921996+0000\",\"flow_id\":570096076474508,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":43446,\"dest_ip\":\"198.185.159.144\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.wpphish\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2021697,\"rev\":5,\"signature\":\"ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Wordpress_Plugins\",\"Wordpress\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2015_08_20\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Wordpress\"],\"updated_at\":[\"2020_08_25\"]}},\"http\":{\"hostname\":\"tomritskes.nl\",\"url\":\"/wp-content/plugins/cached_data/services.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":1042},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":713,\"bytes_toclient\":2564,\"start\":\"2025-03-05T13:48:16.870540+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-03-05T13:48:16Z","timestamp":1741182496,"ip_dst":{"addr":"198.185.159.144","port":80,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":43446,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious services.exe in URI","source":"{\"timestamp\":\"2025-03-05T13:48:16.921996+0000\",\"flow_id\":570096076474508,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":43446,\"dest_ip\":\"198.185.159.144\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.wpphish\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016698,\"rev\":16,\"signature\":\"ET HUNTING Suspicious services.exe in URI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2013_04_02\"],\"updated_at\":[\"2020_09_17\"]}},\"http\":{\"hostname\":\"tomritskes.nl\",\"url\":\"/wp-content/plugins/cached_data/services.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":1042},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":713,\"bytes_toclient\":2564,\"start\":\"2025-03-05T13:48:16.870540+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"tomritskes.nl/wp-content/plugins/cached_data/services.exe","fqdn":"tomritskes.nl","domain":"tomritskes.nl","tld":"nl"},"ip":{"addr":"198.185.159.144","port":443,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0df9fb4087eb05250c8b95457f221019","sha1":"40cfc1fb40061361b2c8d04847cd975fd311e351","sha256":"462a7a73af4e82cf4d9c93682dc971485e3763e63a2bef10f17ec456ca6c7f7f","sha512":"ab1adee4a0a6fa9142865a8349266f64cc5ad9497091bbbb4ce4d4bfb255a04feb6ec4c7e0acd748b7b8b8c3fd9dba124de6156a2bf225a248aa9c64ca1a6eb9","ssdeep":"","tlshash":"b0f02b66c1e24829de67b03e6a9ec730bc230c07102bca0d385c43585fa0cf1d02d1f8","size":441,"data":"","first_seen":"2025-03-04T12:02:39.796015Z","last_seen":"2025-05-08T12:39:47.213638Z","times_seen":15,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-03-05T13:48:16Z","timestamp":1741182496,"ip_dst":{"addr":"198.185.159.144","port":80,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":43446,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious","source":"{\"timestamp\":\"2025-03-05T13:48:16.921996+0000\",\"flow_id\":570096076474508,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":43446,\"dest_ip\":\"198.185.159.144\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.wpphish\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2021697,\"rev\":5,\"signature\":\"ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Wordpress_Plugins\",\"Wordpress\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2015_08_20\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Wordpress\"],\"updated_at\":[\"2020_08_25\"]}},\"http\":{\"hostname\":\"tomritskes.nl\",\"url\":\"/wp-content/plugins/cached_data/services.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":1042},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":713,\"bytes_toclient\":2564,\"start\":\"2025-03-05T13:48:16.870540+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-03-05T13:48:16Z","timestamp":1741182496,"ip_dst":{"addr":"198.185.159.144","port":80,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":43446,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious services.exe in URI","source":"{\"timestamp\":\"2025-03-05T13:48:16.921996+0000\",\"flow_id\":570096076474508,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":43446,\"dest_ip\":\"198.185.159.144\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.wpphish\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016698,\"rev\":16,\"signature\":\"ET HUNTING Suspicious services.exe in URI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2013_04_02\"],\"updated_at\":[\"2020_09_17\"]}},\"http\":{\"hostname\":\"tomritskes.nl\",\"url\":\"/wp-content/plugins/cached_data/services.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":1042},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":713,\"bytes_toclient\":2564,\"start\":\"2025-03-05T13:48:16.870540+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"tomritskes.nl/wp-content/plugins/cached_data/services.exe","fqdn":"tomritskes.nl","domain":"tomritskes.nl","tld":"nl"},"ip":{"addr":"198.185.159.144","port":443,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-05T13:48:16.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tomritskes.nl","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Feb 2025 09:16:39 GMT","end":"Fri, 16 May 2025 09:16:38 GMT"},"fingerprint":{"sha1":"DC:B5:93:78:7F:4E:D0:A8:3E:42:BE:58:95:A9:1D:AC:1A:32:5B:9C","sha256":"C0:96:5B:3C:7D:94:3C:86:F4:53:51:06:72:1C:98:04:3B:F6:98:D5:00:28:42:8B:5B:22:4B:98:BB:9B:F4:B4"}}},"request":{"raw":"GET /wp-content/plugins/cached_data/services.exe HTTP/1.1\r\nHost: tomritskes.nl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\nserver: Squarespace\r\nx-contextid: 32ZqsnQP/Mdurewcq\r\nx-sqsp-edge: true\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 2053\r\ndate: Wed, 05 Mar 2025 13:48:16 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":2053,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2178), with no line terminators","md5":"20b8967df3aea2e8aab1ca603ba0ab8f","sha1":"37acbc6f299f4c746f0f520f4f9fd0922f267970","sha256":"5545ff6b01561f988fd0eedb41d45eb169454ba6fb283e54f35ef47447a9e019","sha512":"f79f7c9b00445ed9ed8ba0d661a40b8cd56f5380c702ca5c5ba3ac302d64c07ba84b106edc9d0f6c788fa02c83e1cb7bc33e5752f225d0e9140afcb417215d6c","ssdeep":"","tlshash":"6541dc1bb5a68138ae329fc93bd616b42aa87648143797383f4c535383840f1d82b6ec","first_seen":"2025-03-05T13:48:39.541286Z","last_seen":"2025-03-05T13:48:39.541286Z","times_seen":1,"resource_available":false,"data":null}},"time_used":727,"timings":{"blocked":349,"dns":23,"connect":25,"send":0,"wait":27,"receive":1,"ssl":296},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-03-05T13:48:16Z","timestamp":1741182496,"ip_dst":{"addr":"198.185.159.144","port":80,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":43446,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious","source":"{\"timestamp\":\"2025-03-05T13:48:16.921996+0000\",\"flow_id\":570096076474508,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":43446,\"dest_ip\":\"198.185.159.144\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.wpphish\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2021697,\"rev\":5,\"signature\":\"ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Wordpress_Plugins\",\"Wordpress\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2015_08_20\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Wordpress\"],\"updated_at\":[\"2020_08_25\"]}},\"http\":{\"hostname\":\"tomritskes.nl\",\"url\":\"/wp-content/plugins/cached_data/services.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":1042},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":713,\"bytes_toclient\":2564,\"start\":\"2025-03-05T13:48:16.870540+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-03-05T13:48:16Z","timestamp":1741182496,"ip_dst":{"addr":"198.185.159.144","port":80,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":43446,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious services.exe in URI","source":"{\"timestamp\":\"2025-03-05T13:48:16.921996+0000\",\"flow_id\":570096076474508,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":43446,\"dest_ip\":\"198.185.159.144\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.wpphish\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016698,\"rev\":16,\"signature\":\"ET HUNTING Suspicious services.exe in URI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2013_04_02\"],\"updated_at\":[\"2020_09_17\"]}},\"http\":{\"hostname\":\"tomritskes.nl\",\"url\":\"/wp-content/plugins/cached_data/services.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":1042},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":713,\"bytes_toclient\":2564,\"start\":\"2025-03-05T13:48:16.870540+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"tomritskes.nl/wp-content/plugins/cached_data/services.exe","fqdn":"tomritskes.nl","domain":"tomritskes.nl","tld":"nl"},"ip":{"addr":"198.185.159.144","port":80,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-05T13:48:16.885Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /wp-content/plugins/cached_data/services.exe HTTP/1.1\r\nHost: tomritskes.nl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nConnection: close\r\nServer: Squarespace\r\nX-Contextid: yskN7cjw/xCu5Lv7X\r\nX-Sqsp-Edge: true\r\nDate: Wed, 05 Mar 2025 13:48:16 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":2053,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2178), with no line terminators","md5":"b8ddaca1ad99d0494c8eb1090bcb542f","sha1":"febdaa50f7bb02c7566ac6cf81b15f1ae241894d","sha256":"86e564d45cd30eb403d2c7bd4ae44ff839b0535ea751400e0dcc802856541e17","sha512":"67602d91eda5fd55947709bdb16d52cf909e810272b87d4c95d5751a6dc2146ed321b9a6e81d8442eccb2bf38537e950dc5ad02345bf5d936fef60b9c7152541","ssdeep":"","tlshash":"e341dc1bb5a681386e36afc93bd612b42aa87648143797383f4c535383840f0d82b6ec","first_seen":"2025-03-05T13:48:39.543306Z","last_seen":"2025-03-05T13:48:39.543306Z","times_seen":1,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":11,"dns":0,"connect":24,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-03-05T13:48:16Z","timestamp":1741182496,"ip_dst":{"addr":"198.185.159.144","port":80,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":43446,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious","source":"{\"timestamp\":\"2025-03-05T13:48:16.921996+0000\",\"flow_id\":570096076474508,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":43446,\"dest_ip\":\"198.185.159.144\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.wpphish\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2021697,\"rev\":5,\"signature\":\"ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Wordpress_Plugins\",\"Wordpress\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2015_08_20\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Wordpress\"],\"updated_at\":[\"2020_08_25\"]}},\"http\":{\"hostname\":\"tomritskes.nl\",\"url\":\"/wp-content/plugins/cached_data/services.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":1042},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":713,\"bytes_toclient\":2564,\"start\":\"2025-03-05T13:48:16.870540+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-03-05T13:48:16Z","timestamp":1741182496,"ip_dst":{"addr":"198.185.159.144","port":80,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":43446,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious services.exe in URI","source":"{\"timestamp\":\"2025-03-05T13:48:16.921996+0000\",\"flow_id\":570096076474508,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":43446,\"dest_ip\":\"198.185.159.144\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.wpphish\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016698,\"rev\":16,\"signature\":\"ET HUNTING Suspicious services.exe in URI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2013_04_02\"],\"updated_at\":[\"2020_09_17\"]}},\"http\":{\"hostname\":\"tomritskes.nl\",\"url\":\"/wp-content/plugins/cached_data/services.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":1042},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":713,\"bytes_toclient\":2564,\"start\":\"2025-03-05T13:48:16.870540+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"tomritskes.nl/favicon.ico","fqdn":"tomritskes.nl","domain":"tomritskes.nl","tld":"nl"},"ip":{"addr":"198.185.159.145","port":80,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"http://tomritskes.nl/wp-content/plugins/cached_data/services.exe","date":"2025-03-05T13:48:17.156Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: tomritskes.nl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://tomritskes.nl/wp-content/plugins/cached_data/services.exe\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nAge: 0\r\nDate: Wed, 05 Mar 2025 13:48:17 GMT\r\nLocation: https://www.tomritskes.nl/favicon.ico\r\nServer: Squarespace\r\nX-Contextid: w8WZtim7/RJqGRxWT\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":4728,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T02:47:04.217168Z","times_seen":13356183,"resource_available":true,"data":null}},"time_used":177,"timings":{"blocked":0,"dns":5,"connect":37,"send":0,"wait":134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.tomritskes.nl/favicon.ico","fqdn":"www.tomritskes.nl","domain":"tomritskes.nl","tld":"nl"},"ip":{"addr":"198.185.159.144","port":443,"asn":53831,"as":"SQUARESPACE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"http://tomritskes.nl/wp-content/plugins/cached_data/services.exe","date":"2025-03-05T13:48:17.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.tomritskes.nl","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Feb 2025 07:54:49 GMT","end":"Fri, 16 May 2025 07:54:48 GMT"},"fingerprint":{"sha1":"90:C9:11:8A:4D:2F:5B:41:42:23:29:CF:88:00:8D:1B:07:1C:96:A1","sha256":"A9:38:81:AF:3B:31:34:06:7A:D3:1A:71:B1:05:55:48:9D:7E:F7:04:0D:C2:A2:4E:42:A4:52:12:3B:C0:63:2B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.tomritskes.nl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://tomritskes.nl/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":299,"data":"{\"sdk\":\"js-client\",\"sdk_version\":\"v3.32.0\",\"sdk_snippet_version\":\"v2.3.0\",\"commands\":[{\"name\":\"system/ids\",\"data\":{\"project_id\":\"cdaae8a0-1b66-11ee-bd38-7afc3f43bfcb\",\"tifc\":\"OFoD4FzJx._dxDnlOF_84MpsafeWaeiWhFWuVuU8hM4uny4La9QLauQsVN8.ayp.bIYjhFxpxdhNbIH7OFBL\",\"customer\":{},\"expires\":1835790483}}]}"}},"response":{"raw":"HTTP/2 301 Moved Permanently\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Timing-Allow-Origin\r\nage: 0\r\ncontent-type: image/png\r\ndate: Wed, 05 Mar 2025 13:48:17 GMT\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nlocation: https://images.squarespace-cdn.com/content/6433ffb1292e0f410ce05190/7ad19832-be3f-4373-a520-2c8b7a4ed616/pictogram.png?format=100w\u0026content-type=image%2Fpng\r\npragma: cache\r\nserver: Squarespace\r\nset-cookie: crumb=BUdkvZ9p4df7NTJmZTNiMGRlYzcwNTgyZTQxN2U4NmNiNWYwMzc0;Secure;Path=/\r\nstrict-transport-security: max-age=15552000\r\nsurrogate-key: libraryId-6433ffb1292e0f410ce05190 assetId-7ad19832-be3f-4373-a520-2c8b7a4ed616 contentBucket-5\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nx-contextid: 227LQNJj/YK854o1w\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":4728,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T02:47:04.217168Z","times_seen":13356183,"resource_available":true,"data":null}},"time_used":551,"timings":{"blocked":-1,"dns":91,"connect":23,"send":0,"wait":214,"receive":1,"ssl":221},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.squarespace-cdn.com/content/6433ffb1292e0f410ce05190/7ad19832-be3f-4373-a520-2c8b7a4ed616/pictogram.png?format=100w\u0026content-type=image%2Fpng","fqdn":"images.squarespace-cdn.com","domain":"squarespace-cdn.com","tld":"com"},"ip":{"addr":"151.101.0.238","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"http://tomritskes.nl/wp-content/plugins/cached_data/services.exe","date":"2025-03-05T13:48:17.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.squarespace-cdn.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 25 Jan 2025 14:58:21 GMT","end":"Fri, 25 Apr 2025 14:58:20 GMT"},"fingerprint":{"sha1":"19:7B:FA:8D:C8:AF:1B:2C:DA:19:91:EC:00:C3:5B:F1:10:69:4D:2D","sha256":"3D:C5:1A:84:5E:9F:B5:23:3C:03:5A:89:6F:C4:B9:EA:2C:26:85:FC:79:77:8B:D3:9F:35:B1:C1:93:F0:71:9E"}}},"request":{"raw":"GET /content/6433ffb1292e0f410ce05190/7ad19832-be3f-4373-a520-2c8b7a4ed616/pictogram.png?format=100w\u0026content-type=image%2Fpng HTTP/1.1\r\nHost: images.squarespace-cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://tomritskes.nl/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ntiming-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Timing-Allow-Origin\r\nx-sqsp-is-public: true\r\ncontent-type: image/png\r\naccess-control-allow-origin: *\r\netag: CP7b0N+un/4CEAE=\r\ncache-control: max-age=31536000,s-maxage=31536000\r\nvia: 1.1 google, 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\nage: 248885\r\ndate: Wed, 05 Mar 2025 13:48:18 GMT\r\nx-served-by: cache-iad-kcgs7200160-IAD, cache-hel1410030-HEL\r\nx-cache: HIT, MISS\r\nx-cache-hits: 3, 0\r\nx-timer: S1741182498.039278,VS0,VE98\r\nvary: Accept-Encoding\r\ntracepoint: Fastly\r\ncontent-length: 4728\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4728,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"bc5a097750563058c7034289f737eb42","sha1":"b8dffd6d64f27809fbf2327317e4b3ec5115ffb6","sha256":"9c52c74c82fcc8dcbbbbf57e39c6d7c955af0e2c68c912ac1c23189995a82255","sha512":"8441f49acbee47eac8320ea8d84b358eb31249576099ffe866f2ee9535e14106226913eb83de722e869260f6cb98656fd5283bde08cafc77c0566f0a4193c14b","ssdeep":"96:omIh/2K4muiODgPyQxqxOkhzln6aFr5VBfcX56XXZlAkxAYvSvM9lHHx4o9:nIIK4PiOsP3Mphzln6aF1zU65m21vSv8","tlshash":"c5a18e3ae3e13644a0268ae30cbb8853c1377c348361a194998ad857192e370776b59b","first_seen":"2025-03-05T13:48:39.545096Z","last_seen":"2025-03-05T13:48:39.545096Z","times_seen":1,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":44,"connect":26,"send":0,"wait":126,"receive":1,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}