{"report_id":"ea518888-baf6-4f76-b52e-3020f1daed1d","version":6,"status":"done","tags":[],"date":"2025-10-12T07:29:13Z","url":{"schema":"http","addr":"bestgnew.co.in/gal/144","fqdn":"bestgnew.co.in","domain":"bestgnew.co.in","tld":"co.in"},"ip":{"addr":"195.66.25.59","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"final":{"url":{"schema":"http","addr":"supersites.es/i.html","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"title":"Lolita sites 2024"},"submit":{"url":{"schema":"http","addr":"bestgnew.co.in/gal/144","fqdn":"bestgnew.co.in","domain":"bestgnew.co.in","tld":"co.in"},"ip":{"addr":"195.66.25.59","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-16T07:29:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":6,"urlquery":0,"analyzer":6}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.143762+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014546,\"rev\":6,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":872,\"bytes_toclient\":899,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - cookie set RULEZ","source":"{\"timestamp\":\"2025-10-12T07:28:57.143762+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014611,\"rev\":5,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - cookie set RULEZ\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_18\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_11_05\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":872,\"bytes_toclient\":899,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.340670+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":290},\"files\":[{\"filename\":\"/bqubtg.cgi\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":280,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1504,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.340670+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014546,\"rev\":6,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":290},\"files\":[{\"filename\":\"/bqubtg.cgi\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":280,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1504,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"ip_src":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - request in.cgi","source":"{\"timestamp\":\"2025-10-12T07:28:57.340701+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":60816,\"dest_ip\":\"62.192.174.14\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014543,\"rev\":3,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - request in.cgi\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://supersites.es/cookie37.php\",\"length\":217},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1570,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"ip_src":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ","source":"{\"timestamp\":\"2025-10-12T07:28:57.340701+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":60816,\"dest_ip\":\"62.192.174.14\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014612,\"rev\":5,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_18\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_11_05\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://supersites.es/cookie37.php\",\"length\":217},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1570,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"bestgnew.co.in","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"bestgnew.co.in","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"bestgnew.co.in","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"bestgnew.co.in","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ta.wsgisnew.in.net","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-11-04","domain_rank":0,"first_seen":"2025-02-13T20:13:48.913656Z","last_seen":"2025-03-22T03:07:02.782258Z","alert_count":12,"request_count":4,"received_data":663,"sent_data":2072,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"supersites.es","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":667100,"first_seen":"2025-06-18T14:56:20.639313Z","last_seen":"2025-08-12T21:52:45.733222Z","alert_count":44,"request_count":22,"received_data":539871,"sent_data":8749,"comment":"","tags":null,"fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"PHP:5.4.16","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"bestgnew.co.in","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-08-19","domain_rank":373779,"first_seen":"2024-09-16T12:36:04Z","last_seen":"2025-09-27T11:25:53.374336Z","alert_count":8,"request_count":2,"received_data":695,"sent_data":896,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.143762+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014546,\"rev\":6,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":872,\"bytes_toclient\":899,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - cookie set RULEZ","source":"{\"timestamp\":\"2025-10-12T07:28:57.143762+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014611,\"rev\":5,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - cookie set RULEZ\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_18\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_11_05\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":872,\"bytes_toclient\":899,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.340670+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":290},\"files\":[{\"filename\":\"/bqubtg.cgi\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":280,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1504,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.340670+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014546,\"rev\":6,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":290},\"files\":[{\"filename\":\"/bqubtg.cgi\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":280,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1504,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"ip_src":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - request in.cgi","source":"{\"timestamp\":\"2025-10-12T07:28:57.340701+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":60816,\"dest_ip\":\"62.192.174.14\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014543,\"rev\":3,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - request in.cgi\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://supersites.es/cookie37.php\",\"length\":217},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1570,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"ip_src":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ","source":"{\"timestamp\":\"2025-10-12T07:28:57.340701+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":60816,\"dest_ip\":\"62.192.174.14\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014612,\"rev\":5,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_18\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_11_05\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://supersites.es/cookie37.php\",\"length\":217},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1570,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"bestgnew.co.in/gal/144","fqdn":"bestgnew.co.in","domain":"bestgnew.co.in","tld":"co.in"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T07:28:50.705Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gal/144 HTTP/1.1\r\nHost: bestgnew.co.in\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":28,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"bestgnew.co.in","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"bestgnew.co.in","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"bestgnew.co.in","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"bestgnew.co.in","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ta.wsgisnew.in.net/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php","fqdn":"ta.wsgisnew.in.net","domain":"wsgisnew.in.net","tld":"in.net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T07:28:50.838Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php HTTP/1.1\r\nHost: ta.wsgisnew.in.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":998,"timings":{"blocked":998,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.143762+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014546,\"rev\":6,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":872,\"bytes_toclient\":899,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - cookie set RULEZ","source":"{\"timestamp\":\"2025-10-12T07:28:57.143762+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014611,\"rev\":5,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - cookie set RULEZ\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_18\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_11_05\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":872,\"bytes_toclient\":899,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.340670+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":290},\"files\":[{\"filename\":\"/bqubtg.cgi\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":280,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1504,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.340670+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014546,\"rev\":6,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":290},\"files\":[{\"filename\":\"/bqubtg.cgi\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":280,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1504,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"supersites.es/i.html","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T07:28:57.828Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /i.html HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nCookie: accessid=12345\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":15,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/annya.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.079Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/annya.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 44462\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:25 GMT\r\nETag: \"adae-608b00cf65340\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":44462,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"f4f0d7be8eb956c5961d400ba8e91264","sha1":"320ebe62e30550ccfc483dff162569a73b99c5c1","sha256":"80ea8ba94108f45a9507fa41cda96ea860dec4d3d2c21c561b39c406b783a7b4","sha512":"dc4da980dfc3b730fd5571a4b37167abf41eaa23f63d4b8bd01a562edfc552700787eb04126ad33fd9c782272e48fbe4f4e480658f1af416cf8654024597f3e3","ssdeep":"768:N9SKmLzwjCNAAr01hcc2VyVTgDkBC4oDAkKU/gHmCyl4n5uc49FS9UUF:N9y7lQbcc2pkBC4oDAzAen5r49GUUF","tlshash":"d313024cfe967789d2fa06513a71824f45f1d812dca0d691d71c2325a6a20fb7c0bbbb","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.793379Z","times_seen":13,"resource_available":false,"data":null}},"time_used":311,"timings":{"blocked":82,"dns":0,"connect":0,"send":0,"wait":100,"receive":129,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/nature.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.083Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/nature.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 44218\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:27 GMT\r\nETag: \"acba-608b00d14d7c0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]}],"data":{"size":44218,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"e4567d200c8583a74006914d567ec099","sha1":"a13d5c45b7dcb7be649d495ba5036ebb150ba098","sha256":"524cdc2a634dd74d19f6568add62a44c86c13c7ce2fe16df0929e477cbcc6da3","sha512":"4213de7d5020581805e3db334cac7b5811331e61c845447381b442d92ee3c7b94e6129d41afeafbb50f94e736270d79eb564dcec88c9470b4b4c9484896f1220","ssdeep":"768:QuEdwI8IXkoNqQtaHcZqhC3jbSVM/9BEgrd722YKQapWiqDFWbH3PuYa3NkaS:dTB0lNpyQ2mfEgrd72jKNhqDFWbXPuYn","tlshash":"b213f13b97426baaa8dc79cc0b72019f8e728004e591c73edcf2b1bde5843cd5185ca8","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.79218Z","times_seen":13,"resource_available":false,"data":null}},"time_used":595,"timings":{"blocked":362,"dns":0,"connect":0,"send":0,"wait":102,"receive":131,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/red.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.086Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/red.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 41687\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:30 GMT\r\nETag: \"a2d7-608b00d429e80\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]}],"data":{"size":41687,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"68d8b4779a724be9fcf57103d4ede2a5","sha1":"225ba1f2842340b66f30eecd35c1e52961287cb1","sha256":"aeef206bffcf7deca7b5acf9ac3e920150bb376c11c7d336ec3ca45eec05d3dc","sha512":"31bdc51dbff677c52005f03df65948d393b10294c43c1982bc9cafe6b7ad7a62f6c6f2aa55d7361246f0211f487ac3da1017768064c47eba6aaddff89e6de65f","ssdeep":"768:9dAcMyjLQe3turb/dcK1H1KkNRV+jdK67bC7W2V5G6Mma//uKWbyLrvWCj:9wyjrdmbVtH+j4YbWW2TG6MhQbyLrOCj","tlshash":"a713f19ff06aa4c6ecd6ecb12db3c3205e35980c2ec1e1b054b59270d3e8146df6ad55","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.802624Z","times_seen":13,"resource_available":false,"data":null}},"time_used":679,"timings":{"blocked":450,"dns":0,"connect":0,"send":0,"wait":101,"receive":128,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/sunny.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.087Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/sunny.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 35884\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:31 GMT\r\nETag: \"8c2c-608b00d51e0c0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":35884,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"4bb0740e9d948cc8582b575a30fd8282","sha1":"c971b84d161060f879cf292e12cc91f8aad1f722","sha256":"2cbdbb683f740f232f5f68e24116173384b931e0580e49d688d63a6e344c4cfc","sha512":"c6dbdd1f80366cc8fd5f26f08e194820aa8bc72109078576ae71ca584be674f9f731083f96bb0245240abb38a5945f17c48f3b4bf21cf7023fad06f547360dde","ssdeep":"768:J/AMXp0CbuYV2JpvMyStgxXaUM3fu7Pp+xAYkReExovGw:JFXp0CCY3DJUB+xlkYEGB","tlshash":"13f2f13dbd19578bfe886431217d37775c86a93b915a96c780190a3e733843288375e3","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.801608Z","times_seen":13,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":73,"dns":1,"connect":14,"send":0,"wait":99,"receive":85,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/p.png","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.169Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /p.png HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/png\r\nContent-Length: 1026\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 09:47:32 GMT\r\nETag: \"402-608af93c93500\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}],"data":{"size":1026,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"d776191f3840b110151c91e1a4ff616b","sha1":"8655816518e41b28f597e2c12d8fa89ef91e4bae","sha256":"b1f65f9017e00c5cc5b275d66e9ace87e77ed6b513b9fa96846e9c8dedfb7b3d","sha512":"46e8f9c61c7cfb5c6a7c692df53b41b1573405bd7ba37cf64eec6efa2215d45334f62f2fda1ee57c4ff420586410f420b76b975cb51e7848c8fd2c9ffae744bd","ssdeep":"","tlshash":"e7118953df308a968b071e33c422342adf3654cb4e06032a323ea8755f2501cfdda5b9","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.796024Z","times_seen":13,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":176,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/i.html","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T07:28:57.867Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /i.html HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: accessid=12345\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 2715\r\nConnection: keep-alive\r\nLast-Modified: Fri, 14 Feb 2025 19:35:30 GMT\r\nETag: \"a9b-62e1f46fb4480\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":2715,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"27586420232a40430f25f77198104b9d","sha1":"24dd9e384d8b3d6347a9351306e7e6b994bf62e0","sha256":"a45313bd4e01e70c8523ae271497c2ce832268e06e71560c98b1902ac0b367bf","sha512":"380bf177ef012cc45a4b33c84ad54f1ed4e0af518e8eb4dae8c6a895e8be0ca2a67265fca0ecd41a060d75e82c21c5ed85fd0872a42075a22a952b85f3ca1fa1","ssdeep":"","tlshash":"0e51be6159c5613fc203c6e0ebb09ff859b600bdcb321604e9f5761f4746a9248677a8","first_seen":"2025-10-12T07:29:16.732175Z","last_seen":"2025-10-25T05:18:01.796898Z","times_seen":3,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/styles.css","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.071Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /styles.css HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: text/css\r\nContent-Length: 594\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 09:47:35 GMT\r\nETag: \"252-608af93f6fbc0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}],"data":{"size":594,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"d3bd0256d7d0af61001173915c848baa","sha1":"349426808c7458c2332913b9e7dcc4652adf8bb3","sha256":"7d06ab39ad928538755dc9c276e48ddee68ad09d64524a19aaeb206e9e1fbd42","sha512":"9b743e46612a0afb70176368a2522394b1de0d1b2a51e816b55217ef7e2eb77b14b39e689355597afba8bb5f15cea555924d24b667cfe682a16b85a3bff1b682","ssdeep":"","tlshash":"65f028928a0d1206321f5c163333fe216d2916d1dc73e738767ca6dcc08985b3387b44","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.797994Z","times_seen":13,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/kindex.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.073Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/kindex.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 37631\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:26 GMT\r\nETag: \"92ff-608b00d059580\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":37631,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"0eaf6fc7c423e1e254c603eeffb31f58","sha1":"f42ffc5b8c5d7a52661b78b8ce8ae572710673ec","sha256":"94c8e1eff685bb6fd8a99655e307cd47ebe04d8b6422aa3ccef4544b61b36130","sha512":"e1feacbd20e1d14a31859aab1d2cfc8ea9d804ebdb01368b09f8d4add9f60beb90bfc5ff5571b41c130e1c75d57d7462a8e28625ad9a41c469fe4521b31fd01b","ssdeep":"768:TzMClDNHKCsljBrondLB4I99cQyLoZifrNwKO4GTu+vT/VXszyXELpxoMGE6Wz5g:vBlDNEljVoNn9bwogDc5tvT/Vczy0Ysc","tlshash":"5cf2e1116de7f249f5c24dfd39be0e360d5907a601992d83ea3ce4ea66584b31d04dac","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.808615Z","times_seen":13,"resource_available":false,"data":null}},"time_used":373,"timings":{"blocked":87,"dns":0,"connect":14,"send":0,"wait":101,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/passion2.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.074Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/passion2.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 28236\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:28 GMT\r\nETag: \"6e4c-608b00d241a00\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":28236,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"141458b259f5010b8fd857a53b705b8c","sha1":"310a69213ece8695c584123653b1df33ff69107e","sha256":"f287dd35bb3b853117bb0c56ff7d310913554ed4b60ce08aaeff7adb4246f321","sha512":"0c1c6bc775f2f31f7f602fb5bf534e245405ef495f28899a923daef2cb947010176ebe11bb1bca3263244dc69ac07afb4c31b4dc5450a2bcc4b64d48d1b5f84b","ssdeep":"384:hToUjpChFaRHv4g443HFxYvKNQ5hV3eqdrLboWUJQFms6zU9awkjtaUiOPgnydx6:aUOkvBjY2QDYyV64HsYwx4K35vY","tlshash":"09c2e0f89ea5ff8b2887dc791174487f9b161c1295a536a022788033b67e694db40dcb","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.815599Z","times_seen":13,"resource_available":false,"data":null}},"time_used":373,"timings":{"blocked":86,"dns":1,"connect":14,"send":0,"wait":101,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/passion.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.075Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/passion.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 28519\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:27 GMT\r\nETag: \"6f67-608b00d14d7c0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":28519,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"828a651ef7dcc827f97144ac9a3792c1","sha1":"a6445e8d272b87f53c380855750b8e652d45837f","sha256":"817ca21beb63529abdc5ba211bb7460dad274939049866c93fa8293cfa02dc03","sha512":"e00102672e96ecfbf2f1f3d0424161c19fb79dd40b3ab21987c3646c4f5a6b8e425533a0d174405a4fbb4f26b8198949d888831f7e8e746fe52d8a6883621a31","ssdeep":"768:fvg1psYx9Lfhp3BGgsytvMqtCDLNWMcGsIqoA:fI1psYfhp3BGgwqtGhWM9sIqoA","tlshash":"6ed2e098bb437347ae90f5ba2771963091e8ef53224b7177a5f8c01931c177a9c045db","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.798815Z","times_seen":13,"resource_available":false,"data":null}},"time_used":455,"timings":{"blocked":271,"dns":0,"connect":0,"send":0,"wait":99,"receive":85,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/collection.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.082Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/collection.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 35004\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:25 GMT\r\nETag: \"88bc-608b00cf65340\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]}],"data":{"size":35004,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"f2642912effa1df5f8e7c560462e21aa","sha1":"6ba7787d3321c759d14751e2a71285663d047974","sha256":"8c2ba8399d3f97095dbe39c5b6d3ad4e388210ad64fe3e4b1a09413fd288f0ec","sha512":"5e8f0ec0cdda42a899be6a44916898053c57d36c7208208a1dcf894cb13811b8c5530a4c551b8a67595a09f70dd8ba48026fea0b9f7e5533d97cc10ed34ec3d5","ssdeep":"768:pEJikl05c+uzop4ENn5z6mZX7bd8BL2IxBdUA/YzcPEZKTgR4c3NC:uzjA3jz6mZXdkTx0zcPRCs","tlshash":"c0f2f2e3d70a4f35619b75a52e77492aec880b73be16f912dd36adc3d1a0a004d1d17c","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.793977Z","times_seen":13,"resource_available":false,"data":null}},"time_used":455,"timings":{"blocked":268,"dns":0,"connect":0,"send":0,"wait":101,"receive":86,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"bestgnew.co.in/gal/144","fqdn":"bestgnew.co.in","domain":"bestgnew.co.in","tld":"co.in"},"ip":{"addr":"195.66.25.59","port":80,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T07:28:50.762Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gal/144 HTTP/1.1\r\nHost: bestgnew.co.in\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nContent-Length: 0\r\nContent-Type: text/html; charset=UTF-8\r\nDate: Sun, 12 Oct 2025 07:28:50 GMT\r\nLocation: http://ta.wsgisnew.in.net/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\r\nServer: nginx\r\nSet-Cookie: from=noref; expires=Mon, 13-Oct-2025 07:28:50 GMT; Max-Age=86400; path=/\nlfrom=noref; expires=Mon, 13-Oct-2025 07:28:50 GMT; Max-Age=86400; path=/\nidcheck=1760254130; expires=Mon, 13-Oct-2025 07:28:50 GMT; Max-Age=86400; path=/\nlp=%2Fgal%2F144; expires=Mon, 13-Oct-2025 07:28:50 GMT; Max-Age=86400; path=/\ncurrent_click=1; expires=Mon, 13-Oct-2025 07:28:50 GMT; Max-Age=86400; path=/\nscj_tr_sell_0=1; expires=Mon, 13-Oct-2025 07:28:50 GMT; Max-Age=86400; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":19,"dns":1,"connect":19,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"bestgnew.co.in","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"bestgnew.co.in","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"bestgnew.co.in","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"bestgnew.co.in","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1","fqdn":"ta.wsgisnew.in.net","domain":"wsgisnew.in.net","tld":"in.net"},"ip":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T07:28:57.243Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1 HTTP/1.1\r\nHost: ta.wsgisnew.in.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: CS=1234567890sutraRULEZcookiessupport\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nContent-Length: 217\r\nContent-Type: text/html; charset=iso-8859-1\r\nDate: Sun, 12 Oct 2025 07:28:57 GMT\r\nLocation: http://supersites.es/cookie37.php\r\nServer: nginx\r\nSet-Cookie: wbugu=CPIcADIwAAIAAgC5WOto__.5WOtoQAABAAAAuVjraAA-; expires=Mon, 12-Oct-2026 07:28:57 GMT; path=/; domain=ta.wsgisnew.in.net\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"ip_src":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - request in.cgi","source":"{\"timestamp\":\"2025-10-12T07:28:57.340701+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":60816,\"dest_ip\":\"62.192.174.14\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014543,\"rev\":3,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - request in.cgi\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://supersites.es/cookie37.php\",\"length\":217},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1570,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"ip_src":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ","source":"{\"timestamp\":\"2025-10-12T07:28:57.340701+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":60816,\"dest_ip\":\"62.192.174.14\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014612,\"rev\":5,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_18\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_11_05\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://supersites.es/cookie37.php\",\"length\":217},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1570,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/pearl.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.077Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/pearl.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 32676\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:29 GMT\r\nETag: \"7fa4-608b00d335c40\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":32676,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"f059e4baf522e9d15a5f20a01f6206a8","sha1":"f2886217f9bb2293a242435d4338d58d6f0b2a68","sha256":"cdd42e2846c938763fd84752ce046403aaaadcde427da8bf8243cb40085e788b","sha512":"356d101a1962837218b2f40c69c69000915dba00478fcfb2c6862d0881536144714ae439c5a1fd5b4775a88c122ced6a95dc8b751f0665a064abf3f04ad6f4cb","ssdeep":"768:lRWhVrJxPiqIY6Mo9TylGqMZmSvi16+r7AFiUQchylA3e7n:OvPiTTMo92lGqMfvi16+r7KQcIlA3C","tlshash":"13e2f127cc0bd6abd89152be10b7aa76b746d238d4f06d6d7a70e6b64784a312d02cc4","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.791548Z","times_seen":13,"resource_available":false,"data":null}},"time_used":369,"timings":{"blocked":83,"dns":1,"connect":14,"send":0,"wait":101,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/home.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.080Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/home.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 37019\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:26 GMT\r\nETag: \"909b-608b00d059580\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":37019,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"4306684fc52bec87148a6bf71d962176","sha1":"b36a726750f4327104c4bb085a33c18a9ed3bfe2","sha256":"de0980a1bc09e6268d41c72acc4f8f4ce4ac964bb7d98582b65b13b29832ad9e","sha512":"b60b968e05f21418bc89238fe12e66f14db9cbdbf569da31dc44c4b855095c28aa69bfdaa61caf685374d207b59210fef3cf7fb0aa455808dbc5ad4945b72eb8","ssdeep":"768:XZOYqnSFMgsMeSKq4HqBaz29Z0XUu5Piul+CJO1uQ66J/3enbpnj:XfgwMXx5cBD/IiK+C0jRunbVj","tlshash":"82f2f143b5b20f01e359144096b7fbbb2eec81e5a6177d9dbb5dce11aab8151835c0c3","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.799646Z","times_seen":13,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":270,"dns":0,"connect":0,"send":0,"wait":102,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/shameless.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.086Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/shameless.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 28664\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:30 GMT\r\nETag: \"6ff8-608b00d429e80\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":28664,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"e451f386716d2a5274830fe08b4dcaf4","sha1":"ed8575a7d6c33a5eaed40b001a3bd0c7a5f05239","sha256":"2f0b033c144f9bfba87d19a3958ee3fadc4c1497569b3810c5ddec1b81e7bfc1","sha512":"c285b983ea5eb614dc24e6e9a04ed87b6755ad3563497ebeb9cf7cc78fdfceb418ae35299dc6bd73cf844eec5d5ab8dfa82dc445dcfaedf4d1ec97afa7a48b85","ssdeep":"384:oj1yfQxNzSmJU/CxSRBt48VeVBD6Z1t2fk205LdBBscFWa05mPbOQLIkXb5EIyiN:ojgGO4UaxILjg/ySf905nIQP3vXb5E56","tlshash":"c2d2e0e26e786349129494a73ebb5dcd34f109dd700ccb8310e16f1566bb968ab0d3f8","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.80408Z","times_seen":13,"resource_available":false,"data":null}},"time_used":635,"timings":{"blocked":450,"dns":0,"connect":0,"send":0,"wait":100,"receive":85,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/favicon.ico","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.768Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 209\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":209,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"18ffb59b61525f781cf9251045be575d","sha1":"bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d","sha256":"b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642","sha512":"a032f853abd9492232e1183d1cb1d14110b623f2e9dec56b7b64dd576a0317dda8d51125763e11d6642433c5364b2bd10a994ee4f1514629a4950bbab3aba499","ssdeep":"","tlshash":"ebd0229ea083228f452321903ac211d2a54d23a6bc7a42e83c83a88a921893dc4ca29d","first_seen":"2023-04-05T03:16:16Z","last_seen":"2026-04-05T06:35:57.32198Z","times_seen":34200,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ta.wsgisnew.in.net/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php","fqdn":"ta.wsgisnew.in.net","domain":"wsgisnew.in.net","tld":"in.net"},"ip":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T07:28:51.862Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php HTTP/1.1\r\nHost: ta.wsgisnew.in.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nContent-Type: text/html\r\nDate: Sun, 12 Oct 2025 07:28:57 GMT\r\nLocation: http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\r\nServer: nginx\r\nSet-Cookie: CS=1234567890sutraRULEZcookiessupport; expires=Mon, 12-Oct-2026 07:28:57 GMT; path=/; domain=ta.wsgisnew.in.net\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":10454,"timings":{"blocked":5170,"dns":1,"connect":5169,"send":0,"wait":112,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.143762+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014546,\"rev\":6,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":872,\"bytes_toclient\":899,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - cookie set RULEZ","source":"{\"timestamp\":\"2025-10-12T07:28:57.143762+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014611,\"rev\":5,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - cookie set RULEZ\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_18\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_11_05\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":872,\"bytes_toclient\":899,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.340670+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":290},\"files\":[{\"filename\":\"/bqubtg.cgi\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":280,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1504,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-12T07:28:57.340670+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.192.174.14\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":60816,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014546,\"rev\":6,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - HTTP header redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/bqubtg.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"length\":290},\"files\":[{\"filename\":\"/bqubtg.cgi\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":280,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1504,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ta.wsgisnew.in.net/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1","fqdn":"ta.wsgisnew.in.net","domain":"wsgisnew.in.net","tld":"in.net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T07:28:57.154Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1 HTTP/1.1\r\nHost: ta.wsgisnew.in.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nCookie: CS=1234567890sutraRULEZcookiessupport\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":15,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"ip_src":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - request in.cgi","source":"{\"timestamp\":\"2025-10-12T07:28:57.340701+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":60816,\"dest_ip\":\"62.192.174.14\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014543,\"rev\":3,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - request in.cgi\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://supersites.es/cookie37.php\",\"length\":217},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1570,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-12T07:28:57Z","timestamp":1760254137,"ip_dst":{"addr":"62.192.174.14","port":80,"asn":199058,"as":"Serva One Ltd","country":"Latvia","country_code":"LV"},"ip_src":{"addr":"172.18.0.21","port":60816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ","source":"{\"timestamp\":\"2025-10-12T07:28:57.340701+0000\",\"flow_id\":834013270162727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":60816,\"dest_ip\":\"62.192.174.14\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014612,\"rev\":5,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - cookie is set RULEZ\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_18\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_11_05\"]}},\"http\":{\"hostname\":\"ta.wsgisnew.in.net\",\"url\":\"/in.cgi?20\u0026myurl=http://bestgnew.co.in/out.php\u0026CS=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://supersites.es/cookie37.php\",\"length\":217},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1570,\"bytes_toclient\":1576,\"start\":\"2025-10-12T07:28:52.113959+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"supersites.es/cookie37.php","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T07:28:57.350Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cookie37.php HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":333,"timings":{"blocked":333,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/cookie37.php","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T07:28:57.706Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cookie37.php HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.16\r\nSet-Cookie: accessid=12345; expires=Sun, 12-Oct-2025 13:28:57 GMT; path=/\r\nLocation: i.html\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"PHP:5.4.16","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":14,"dns":0,"connect":14,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/magic.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.076Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/magic.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 31866\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:26 GMT\r\nETag: \"7c7a-608b00d059580\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":31866,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"8f4864fdbc1d097f9f69ac6ba176fbae","sha1":"316b4605e9aefcd631fa92a1e3ab5bad24696b23","sha256":"74247e83a808bb02ccf9fa73ae25bd068ef920b35e7a158ea26ecab778e54afb","sha512":"ff81fd985174e0898a101514708d3410568cc954df13aaccc16ad0dc376b8e89ff33b471d332d245429a2a34e8d7ab8a72efec0e5ed5447ed4b442f0fc23dcdf","ssdeep":"768:ZP/6JBRJ08F+fmfGQSkB9l40fqLf55nOTAlc84qB3F:ZYl+fmZpT26knTlQw1","tlshash":"bee2f1b7e587bb2e91a2a23028f608517675f542acdd36275cb3c74f91bc9c00613ba7","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.817437Z","times_seen":13,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":272,"dns":0,"connect":0,"send":0,"wait":101,"receive":86,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/pic.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.081Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/pic.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 30788\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:29 GMT\r\nETag: \"7844-608b00d335c40\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":30788,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"ccc7b6f3e02aa4990b5381de573b763e","sha1":"44734642150fc74286d1e017fd65a735a580b72f","sha256":"5ecf072d672a4142d1a4287778a4efaee9970109d0e303c67146de7b1cedd680","sha512":"972b02a25c6d70cf06e4b2e2bfac3adc29d650bb1be6b7cc72f8265d468f58858f513004da41e76645fc91e10b890acbe5915bd0bb058cdab76db62ddce80a89","ssdeep":"768:aaxTIwOHTqtxu4MhjXrrqqHleBghjRshu6vs:aaE6tx7MhPemQBgFRsnk","tlshash":"d6d2f13f5f501f7191a95a08bbf445b78eba8ac282b5c45894fb88bfd11d2913dc817c","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.818554Z","times_seen":13,"resource_available":false,"data":null}},"time_used":363,"timings":{"blocked":80,"dns":0,"connect":14,"send":0,"wait":100,"receive":85,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/forever.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.082Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/forever.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 41353\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:26 GMT\r\nETag: \"a189-608b00d059580\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":41353,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"f0f0143a33ca14107075479a18191aa1","sha1":"9518fdb123b6fa3f4938fac51121db40a98df1a3","sha256":"5d8cc20f22fd082a05e4ee814dca761660eb71795924d936da0cf512e5d8fa44","sha512":"527cb891c761cfcac83e3ea87f572a4697151e6edcf2b3c7d10b947604a71f86c2a664ecff2974180f7b81052b125f77cf5c177c5dd5407b8e15692d2b24e595","ssdeep":"768:Y5MrFqjhfKEZRv56Ar0WlYqwHFwCvnv93Q2O6YwDz4eT8WKlIPSaOWY/:Y5M4tOAoWlANvnv9gH+xT8zCPmWY/","tlshash":"ca03f15eaba25743d995de3100731747fa0094b292023f7943fdd9f27ae984aacc6cd4","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.800559Z","times_seen":13,"resource_available":false,"data":null}},"time_used":533,"timings":{"blocked":307,"dns":0,"connect":0,"send":0,"wait":99,"receive":127,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"supersites.es/img0/passion3.jpg","fqdn":"supersites.es","domain":"supersites.es","tld":"es"},"ip":{"addr":"193.23.200.76","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://supersites.es/i.html","date":"2025-10-12T07:28:58.084Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img0/passion3.jpg HTTP/1.1\r\nHost: supersites.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://supersites.es/i.html\r\nCookie: accessid=12345\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie/1.10.2\r\nDate: Sun, 12 Oct 2025 07:28:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 32412\r\nConnection: keep-alive\r\nLast-Modified: Fri, 27 Oct 2023 10:21:28 GMT\r\nETag: \"7e9c-608b00d241a00\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie:1.10.2","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":32412,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x300, components 3","md5":"188ca68018a0aedcbf43436185244b61","sha1":"1c94a4ac82a630617add8677d5737b5a2ab5c549","sha256":"c65697422138e266fe46c9a42f8b5876a5ab36c9434143ccf6b0e21e6b59fd21","sha512":"47d008ca5eca7e0d4c07169fb40d15f43135c22da8d8f2777ee3a54463ed56c87dae445aa11272a4c9ca9e7747e507105b23a59c5fcf85da85a1e2a84d7ba7b0","ssdeep":"768:yBTbjZsd6lSmsw+bm59lODH0sLa6P+lKvfFoZjw8:ytlC2Smsw+i5etCz","tlshash":"c1e2e184b2e26b3d72ceecb02ff9c22ce9e92e461450b4595352e40e5074305de64f37","first_seen":"2024-05-18T06:08:26Z","last_seen":"2025-10-25T05:18:01.794524Z","times_seen":13,"resource_available":false,"data":null}},"time_used":635,"timings":{"blocked":447,"dns":0,"connect":0,"send":0,"wait":101,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-12","alert":"Content Category / Application Block","trigger":"supersites.es","verdict":"suspicious","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"supersites.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}