{"report_id":"a0f7ccf8-ef59-4ca0-bec6-50315fb1ae84","version":6,"status":"done","tags":[],"date":"2023-09-11T03:38:18Z","url":{"schema":"http","addr":"ksgupta.com/x/ZXJpYy5hbGxlbkBvd2Vuc2Nvcm5pbmcuY29t","fqdn":"ksgupta.com","domain":"ksgupta.com","tld":"com"},"ip":{"addr":"116.206.104.120","port":0,"asn":394695,"as":"PUBLIC-DOMAIN-REGISTRY","country":"Seychelles","country_code":"SC"},"final":{"url":{"schema":"https","addr":"ksgupta.com/x/ZXJpYy5hbGxlbkBvd2Vuc2Nvcm5pbmcuY29t","fqdn":"ksgupta.com","domain":"ksgupta.com","tld":"com"},"title":"ksgupta.com/x/ZXJpYy5hbGxlbkBvd2Vuc2Nvcm5pbmcuY29t"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-28T07:35:00Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"ksgupta.com","ip":{"addr":"116.206.104.120","port":0,"asn":394695,"as":"PUBLIC-DOMAIN-REGISTRY","country":"Seychelles","country_code":"SC"},"domain_registered":"2017-06-26","domain_rank":0,"first_seen":"2017-07-05 07:13:00","last_seen":"2023-09-10 04:47:32","alert_count":0,"request_count":3,"received_data":4977,"sent_data":1476,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-09-11T03:38:00Z","timestamp":1694403480,"ip_dst":{"addr":"Client IP","port":56290,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"54.37.238.86","port":80,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"severity":"high","alert":"ET POLICY PE EXE or DLL Windows file download HTTP","source":"{\"timestamp\":\"2023-09-11T03:38:00.576530+0000\",\"flow_id\":1797428968921602,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"54.37.238.86\",\"src_port\":80,\"dest_ip\":\"10.70.215.51\",\"dest_port\":56290,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.http.binary\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018959,\"rev\":4,\"signature\":\"ET POLICY PE EXE or DLL Windows file download HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2014_08_19\"],\"former_category\":[\"POLICY\"],\"updated_at\":[\"2017_02_01\"]}},\"http\":{\"hostname\":\"20230911t102917_052.ltiapmyzmjxrvrts.info\",\"url\":\"/v4/20230911T102917_052.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1283},\"files\":[{\"filename\":\"/v4/20230911T102917_052.exe\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1283,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":9,\"bytes_toserver\":1050,\"bytes_toclient\":6399,\"start\":\"2023-09-11T03:36:19.498178+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"ksgupta.com/x/ZXJpYy5hbGxlbkBvd2Vuc2Nvcm5pbmcuY29t","fqdn":"ksgupta.com","domain":"ksgupta.com","tld":"com"},"ip":{"addr":"116.206.104.120","port":0,"asn":394695,"as":"PUBLIC-DOMAIN-REGISTRY","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-11T03:38:01.774923085Z","timestamp":1694403481774,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /x/ZXJpYy5hbGxlbkBvd2Vuc2Nvcm5pbmcuY29t HTTP/1.1\r\nHost: ksgupta.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 Sep 2023 03:38:01 GMT\r\nserver: nginx/1.17.6\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 87\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-server-cache: false\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":87,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"b7f9df7ffed806ccd67c2746045d21b2","sha1":"0e9182db1badd21e6127e4eb35eb4a13cc2cb896","sha256":"d0d0c55a9de21aadb0ed8ab024df7f6a0a1cf30b2caf797a684567da6ef7106f","sha512":"d9f4cc2c7f22c3c44b0fdd62794f99a04230ca86cbd11b21896209cf7509ecbaad836baa5e325c407a5a0c7e6e31d5c03ed4b704fb3c3c163e0d9d867953483a","ssdeep":"","tlshash":"37a0240743d110301f540041c05d0074c173cd1f10c0344153cf700411455100134037","first_seen":"2023-09-11T05:38:21Z","last_seen":"2025-12-30T10:49:57.595595Z","times_seen":3,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ksgupta.com/favicon.ico","fqdn":"ksgupta.com","domain":"ksgupta.com","tld":"com"},"ip":{"addr":"116.206.104.120","port":0,"asn":394695,"as":"PUBLIC-DOMAIN-REGISTRY","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-11T03:38:03.521258687Z","timestamp":1694403483521,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ksgupta.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ksgupta.com/x/ZXJpYy5hbGxlbkBvd2Vuc2Nvcm5pbmcuY29t\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 302 Found\r\ndate: Mon, 11 Sep 2023 03:38:03 GMT\r\nserver: nginx/1.17.6\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlink: \u003chttps://ksgupta.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nx-redirect-by: WordPress\r\nlocation: https://ksgupta.com/wp-includes/images/w-logo-blue-white-bg.png\r\nx-server-cache: false\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ksgupta.com/wp-includes/images/w-logo-blue-white-bg.png","fqdn":"ksgupta.com","domain":"ksgupta.com","tld":"com"},"ip":{"addr":"116.206.104.120","port":0,"asn":394695,"as":"PUBLIC-DOMAIN-REGISTRY","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-11T03:38:03.680248975Z","timestamp":1694403483680,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1\r\nHost: ksgupta.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ksgupta.com/x/ZXJpYy5hbGxlbkBvd2Vuc2Nvcm5pbmcuY29t\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Jun 2020 06:57:29 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4119\r\ncontent-type: image/png\r\ndate: Mon, 11 Sep 2023 03:38:03 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":4119,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\\012- data","md5":"000bf649cc8f6bf27cfb04d1bcdcd3c7","sha1":"d73d2f6d74ec6cdcbae07955592962e77d8ae814","sha256":"6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0","sha512":"73d2ea5ffc572c1ae73f37f8f0ff25e945afee8e077b6ee42ce969e575cdc2d8444f90848ea1cb4d1c9ee4bd725aee2b4576afc25f17d7295a90e1cbfe6edfd5","ssdeep":"96:h3bdWfcmTY+aRF1pXWZL2+42HGhIUc8KeLEd:hgXTY+as02mOB8XLEd","tlshash":"00814b63df38c566e66a2b189ff6bca56b290fd50ca1194c0eecb025632c06d1065089","first_seen":"2023-04-08T12:31:37Z","last_seen":"2026-04-04T15:51:18.919524Z","times_seen":55314,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}