Forensics Threat

description retrieve aggregate forensics data for a specified threat in proofpoint using the threatid parameter endpoint url /v2/forensics method get inputs parameters (object) – required threatid (string) – required includecampaignforensics (boolean) output example \[ { "status code" 200, "response headers" { "date" "wed, 18 oct 2023 13 44 40 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x content type options" "nosniff", "vary" "accept encoding, user agent", "content encoding" "gzip", "strict transport security" "max age=15724800; includesubdomains" }, "reason" "ok", "json body" { "generated" "2023 10 18t13 44 39 664z", "reports" \[ { "scope" "threat", "id" "4bae2afd5bde68ade4218e95bbca7d640eb39d9702d383d92d2a5488ed27e2c1", "name" "https //t co/rboyv9dl3c", "threatstatus" "active", "forensics" \[ { "type" "dns", "display" "dns lookup of host pixelfy me", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "pixelfy me" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host www googletagmanager com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "www googletagmanager com", "ips" \[ "142 250 217 136" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host fonts googleapis com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "fonts googleapis com" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //www facebook com/tr/?id=194243278145610\&ev=pageview\&dl=https%3a%2f%2fpixelfy me%2fqxuk5c\&rl=https%3a%2f%2ft co%2f\&if=false\&ts=1697294133296\&sw=1536\&sh=864\&v=2 9 134\&r=stable\&ec=0\&o=30\&fbp=fb 1 1697294133293 13977260\&ler=other\&it=1697294132925\&co ", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //www facebook com/tr/?id=194243278145610\&ev=pageview\&dl=https%3a%2f%2fpixelfy me%2fqxuk5c\&rl=https%3a%2f%2ft co%2f\&if=false\&ts=1697294133296\&sw=1536\&sh=864\&v=2 9 134\&r=stable\&ec=0\&o=30\&fbp=fb 1 1697294133293 13977260\&ler=other\&it=1697294132925\&coo=false\&rqm=get" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 172 217 12 138 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "172 217 12 138", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //grigomac com/brita/amx page/index php", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //grigomac com/brita/amx page/index php" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 142 250 186 74 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "142 250 186 74", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host www googletagmanager com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "www googletagmanager com", "ips" \[ "172 217 18 104" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host fonts googleapis com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "fonts googleapis com", "ips" \[ "142 250 186 74" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "behavior", "display" "pfpt hunting lots project domain dns request for twitter domain t co", "engine" "iee", "malicious" false, "note" "pfpt hunting lots project domain dns request for twitter domain t co", "time" 0, "what" { "rule" "etpro 44683" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file fbevents js created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "564a53ce84ae022b30816d44aa48589ebfe170c226b098d0245c47fe13341c67", "size" 203000, "path" "fbevents js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 104 244 42 69 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "104 244 42 69", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 142 250 217 136 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "142 250 217 136", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file gr html created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "3ef653c2aec0c36f7fa5a6c2df2a35d47675b86a0e79272a96cab7c4f8c26d6b", "size" 7556, "path" "gr html" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //connect facebook net/signals/config/194243278145610?v=2 9 134\&r=stable\&domain=pixelfy me", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //connect facebook net/signals/config/194243278145610?v=2 9 134\&r=stable\&domain=pixelfy me" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //connect facebook net/en us/fbevents js", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //connect facebook net/en us/fbevents js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host region1 google analytics com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "region1 google analytics com", "ips" \[ "216 239 34 36", "216 239 32 36" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host grigomac com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "grigomac com" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 172 67 74 184 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "172 67 74 184", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 31 13 70 7 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "31 13 70 7", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host t co", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "t co" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //pixelfy me/qxuk5c", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "66001f7eed6229831c412aa9296e09bacec4b1e40e675e039d61b63f7b397001", "size" 5554, "path" "https //pixelfy me/qxuk5c" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host www facebook com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "www facebook com", "ips" \[ "31 13 70 36" ], "cnames" \[ "star mini c10r facebook com" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //connect facebook net/signals/config/194243278145610?v=2 9 134\&r=stable\&domain=pixelfy me", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "64ea5f62b58b4ecfb123be34bcb3a49546d4ff0bd96266b441ffdb0005ca368b", "size" 134873, "path" "https //connect facebook net/signals/config/194243278145610?v=2 9 134\&r=stable\&domain=pixelfy me" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //www google analytics com/g/collect?v=2\&tid=g 1qbj2gpv5y\&gtm=45je3ab0& p=1587741629\&cid=569024392 1697311258\&ul=en us\&sr=1536x864\&uaa=\&uab=\&uafvl=headlesschrome%3b%7cnot%253ba%253dbrand%3b8 0 0 0%7cchromium%3b\&uamb=0\&uam=\&uap=linux\&uapv=\&uaw=0& e ", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //www google analytics com/g/collect?v=2\&tid=g 1qbj2gpv5y\&gtm=45je3ab0& p=1587741629\&cid=569024392 1697311258\&ul=en us\&sr=1536x864\&uaa=\&uab=\&uafvl=headlesschrome%3b%7cnot%253ba%253dbrand%3b8 0 0 0%7cchromium%3b\&uamb=0\&uam=\&uap=linux\&uapv=\&uaw=0& eu=aea& s=2\&sid=1697311258\&sct=1\&seg=0\&dl=https%3a%2f%2fpixelfy me%2fqxuk5c\&dr=https%3a%2f%2ft co%2f\&dt=pixelfy me\&en=scroll\&epn percent scrolled=90& et=7" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "behavior", "display" "malicious content dropped during execution", "engine" "iee", "malicious" true, "note" "malicious content dropped during execution", "time" 0, "what" { "rule" "behavior b6b72d3557d48f8d4cf7d87ec993ed24" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //t co/rboyv9dl3c", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "54a545785b61eccb1d30d27a38f0ff65473015994500d151d47a54861758f189", "size" 230, "path" "https //t co/rboyv9dl3c" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host grigomac com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "grigomac com", "ips" \[ "188 114 97 3", "188 114 96 3" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file main js created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "bbdfdbb816159c4fff8e14c65680756e6ac3fe79e8bbcb1b91dac9142264b167", "size" 7451, "path" "main js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 188 114 96 3 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "188 114 96 3", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 172 217 12 142 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "172 217 12 142", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host www facebook com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "www facebook com", "ips" \[ "157 240 251 35" ], "cnames" \[ "star mini c10r facebook com" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 216 239 32 36 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "216 239 32 36", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //www googletagmanager com/gtag/js?id=g 1qbj2gpv5y", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "b40f9985c098494b8371b4d0e2698bf89fa6230f5e635d66e761e55a0ab4b21b", "size" 242893, "path" "https //www googletagmanager com/gtag/js?id=g 1qbj2gpv5y" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //grigomac com/cdn cgi/challenge platform/h/g/jsd/r/81608cb30b251c20", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //grigomac com/cdn cgi/challenge platform/h/g/jsd/r/81608cb30b251c20" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 104 244 42 197 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "104 244 42 197", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "udp connection to 1 1 1 1 53", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "1 1 1 1", "port" 53, "type" "udp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file qxuk5c created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "3b0e329f2afb381750edef6e285ee7ed6f092aa89d108a3f498299b01e6692bd", "size" 5566, "path" "qxuk5c" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //grigomac com/cdn cgi/challenge platform/h/g/scripts/jsd/dffb14d6/main js", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "bc4deac632988d79af92225d5cf552c97c544196342b55a9d47f88f84c523282", "size" 7324, "path" "https //grigomac com/cdn cgi/challenge platform/h/g/scripts/jsd/dffb14d6/main js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //grigomac com/cdn cgi/challenge platform/h/g/jsd/r/81622ed18ed4dbb6", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //grigomac com/cdn cgi/challenge platform/h/g/jsd/r/81622ed18ed4dbb6" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host t co", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "t co", "ips" \[ "104 244 42 197", "104 244 42 133", "104 244 42 69", "104 244 42 5" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file main js created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "bc4deac632988d79af92225d5cf552c97c544196342b55a9d47f88f84c523282", "size" 7324, "path" "main js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //www google analytics com/g/collect?v=2\&tid=g 1qbj2gpv5y\&gtm=45je3ab0& p=1587741629\&cid=569024392 1697311258\&ul=en us\&sr=1536x864\&uaa=\&uab=\&uafvl=headlesschrome%3b%7cnot%253ba%253dbrand%3b8 0 0 0%7cchromium%3b\&uamb=0\&uam=\&uap=linux\&uapv=\&uaw=0& s ", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //www google analytics com/g/collect?v=2\&tid=g 1qbj2gpv5y\&gtm=45je3ab0& p=1587741629\&cid=569024392 1697311258\&ul=en us\&sr=1536x864\&uaa=\&uab=\&uafvl=headlesschrome%3b%7cnot%253ba%253dbrand%3b8 0 0 0%7cchromium%3b\&uamb=0\&uam=\&uap=linux\&uapv=\&uaw=0& s=3\&sid=1697311258\&sct=1\&seg=0\&dl=https%3a%2f%2fpixelfy me%2fqxuk5c\&dr=https%3a%2f%2ft co%2f\&dt=pixelfy me\&en=user engagement& et=1307" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host t co", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "t co", "ips" \[ "104 244 42 197" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //grigomac com/brt/gr html", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "3ef653c2aec0c36f7fa5a6c2df2a35d47675b86a0e79272a96cab7c4f8c26d6b", "size" 7556, "path" "https //grigomac com/brt/gr html" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //grigomac com/cdn cgi/challenge platform/h/g/scripts/jsd/dffb14d6/main js", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "bbdfdbb816159c4fff8e14c65680756e6ac3fe79e8bbcb1b91dac9142264b167", "size" 7451, "path" "https //grigomac com/cdn cgi/challenge platform/h/g/scripts/jsd/dffb14d6/main js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //fonts googleapis com/css?family=ubuntu 400,500", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "6d58c1e726f9c0c33808d6bd8a03711b904f093fd0e0121391b5a73d60c5d284", "size" 3492, "path" "https //fonts googleapis com/css?family=ubuntu 400,500" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //fonts googleapis com/css?family=ubuntu 400,500", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //fonts googleapis com/css?family=ubuntu 400,500" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "behavior", "display" "etpro suricata ids alerts", "engine" "iee", "malicious" false, "note" "etpro suricata ids alerts", "time" 0, "what" { "rule" "behavior 288b6c09e0dc5b5fc7664b918c773caa" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 157 240 0 6 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "157 240 0 6", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //grigomac com/brt/gr html", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "263a4774bc45f481a70312827a54d1834edf1c00eff8426e50bbfdb219cdaa0b", "size" 1348, "path" "https //grigomac com/brt/gr html" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //t co/rboyv9dl3c", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //t co/rboyv9dl3c" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file js created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "b40f9985c098494b8371b4d0e2698bf89fa6230f5e635d66e761e55a0ab4b21b", "size" 242893, "path" "js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 104 21 76 224 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "104 21 76 224", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //region1 google analytics com/g/collect?v=2\&tid=g 1qbj2gpv5y\&gtm=45je3ab0& p=687611364\&cid=109704680 1697294133\&ul=en us\&sr=1536x864\&uaa=\&uab=\&uafvl=headlesschrome%3b%7cnot%253ba%253dbrand%3b8 0 0 0%7cchromium%3b\&uamb=0\&uam=\&uap=linux\&uapv=\&uaw=0 ", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //region1 google analytics com/g/collect?v=2\&tid=g 1qbj2gpv5y\&gtm=45je3ab0& p=687611364\&cid=109704680 1697294133\&ul=en us\&sr=1536x864\&uaa=\&uab=\&uafvl=headlesschrome%3b%7cnot%253ba%253dbrand%3b8 0 0 0%7cchromium%3b\&uamb=0\&uam=\&uap=linux\&uapv=\&uaw=0& s=1\&sid=1697294132\&sct=1\&seg=0\&dl=https%3a%2f%2fpixelfy me%2fqxuk5c\&dr=https%3a%2f%2ft co%2f\&dt=pixelfy me\&en=page view& fv=1& nsi=1& ss=1& ee=1" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 31 13 70 36 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "31 13 70 36", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //grigomac com/cdn cgi/challenge platform/h/g/jsd/r/81622ec97ea3dbb6", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //grigomac com/cdn cgi/challenge platform/h/g/jsd/r/81622ec97ea3dbb6" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //www googletagmanager com/gtag/js?id=g 1qbj2gpv5y", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //www googletagmanager com/gtag/js?id=g 1qbj2gpv5y" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //www googletagmanager com/gtag/js?id=g 1qbj2gpv5y", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "e8fdde1d979b12690fb9efd88337f4c6057c73f669e2fe257ccacf3136578ac3", "size" 242931, "path" "https //www googletagmanager com/gtag/js?id=g 1qbj2gpv5y" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //region1 google analytics com/g/collect?v=2\&tid=g 1qbj2gpv5y\&gtm=45je3ab0& p=687611364\&cid=109704680 1697294133\&ul=en us\&sr=1536x864\&uaa=\&uab=\&uafvl=headlesschrome%3b%7cnot%253ba%253dbrand%3b8 0 0 0%7cchromium%3b\&uamb=0\&uam=\&uap=linux\&uapv=\&uaw=0 ", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //region1 google analytics com/g/collect?v=2\&tid=g 1qbj2gpv5y\&gtm=45je3ab0& p=687611364\&cid=109704680 1697294133\&ul=en us\&sr=1536x864\&uaa=\&uab=\&uafvl=headlesschrome%3b%7cnot%253ba%253dbrand%3b8 0 0 0%7cchromium%3b\&uamb=0\&uam=\&uap=linux\&uapv=\&uaw=0& eu=aea& s=2\&sid=1697294132\&sct=1\&seg=0\&dl=https%3a%2f%2fpixelfy me%2fqxuk5c\&dr=https%3a%2f%2ft co%2f\&dt=pixelfy me\&en=scroll\&epn percent scrolled=90& et=69" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 157 240 251 35 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "157 240 251 35", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //connect facebook net/en us/fbevents js", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "564a53ce84ae022b30816d44aa48589ebfe170c226b098d0245c47fe13341c67", "size" 203000, "path" "https //connect facebook net/en us/fbevents js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 104 26 11 17 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "104 26 11 17", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //pixelfy me/qxuk5c", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //pixelfy me/qxuk5c" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //grigomac com/brt/gr html", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //grigomac com/brt/gr html" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host www google analytics com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "www google analytics com", "ips" \[ "172 217 12 142" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file js created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "e8fdde1d979b12690fb9efd88337f4c6057c73f669e2fe257ccacf3136578ac3", "size" 242931, "path" "js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host connect facebook net", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "connect facebook net", "ips" \[ "31 13 70 7" ], "cnames" \[ "scontent xx fbcdn net" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host fonts googleapis com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "fonts googleapis com", "ips" \[ "172 217 12 138" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "tcp connection to 172 217 18 104 443", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "172 217 18 104", "port" 443, "type" "tcp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "malicious attachment with url https //t co/rboyv9dl3c", "engine" "iee", "malicious" true, "time" 0, "what" { "url" "https //t co/rboyv9dl3c" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file qxuk5c created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "66001f7eed6229831c412aa9296e09bacec4b1e40e675e039d61b63f7b397001", "size" 5554, "path" "qxuk5c" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file rboyv9dl3c created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "54a545785b61eccb1d30d27a38f0ff65473015994500d151d47a54861758f189", "size" 230, "path" "rboyv9dl3c" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host pixelfy me", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "pixelfy me", "ips" \[ "172 67 74 184", "104 26 11 17", "104 26 10 17" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //grigomac com/brita/amx page/index php", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "2221adbdf86738989c59a873e86e3499ab1f9a7bd9f8cea82a261e999b2551b0", "size" 8079, "path" "https //grigomac com/brita/amx page/index php" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //grigomac com/cdn cgi/challenge platform/h/g/scripts/jsd/dffb14d6/main js", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //grigomac com/cdn cgi/challenge platform/h/g/scripts/jsd/dffb14d6/main js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host region1 google analytics com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "region1 google analytics com" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file 194243278145610 created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "64ea5f62b58b4ecfb123be34bcb3a49546d4ff0bd96266b441ffdb0005ca368b", "size" 134873, "path" "194243278145610" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //grigomac com/brita/amx page/index php", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "5222579ba7e03b694b6b5bd7adc8e2083add7d00ab984591b45d943f5b97586d", "size" 1348, "path" "https //grigomac com/brita/amx page/index php" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "network", "display" "udp connection to 1 0 0 1 53", "engine" "iee", "malicious" false, "time" 0, "what" { "action" "connect", "ip" "1 0 0 1", "port" 53, "type" "udp" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //www facebook com/tr/?id=194243278145610\&ev=pageview\&dl=https%3a%2f%2fpixelfy me%2fqxuk5c\&rl=https%3a%2f%2ft co%2f\&if=false\&ts=1697311258687\&sw=1536\&sh=864\&v=2 9 134\&r=stable\&ec=0\&o=30\&fbp=fb 1 1697311258685 1456490579\&ler=other\&it=1697311258277& ", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //www facebook com/tr/?id=194243278145610\&ev=pageview\&dl=https%3a%2f%2fpixelfy me%2fqxuk5c\&rl=https%3a%2f%2ft co%2f\&if=false\&ts=1697311258687\&sw=1536\&sh=864\&v=2 9 134\&r=stable\&ec=0\&o=30\&fbp=fb 1 1697311258685 1456490579\&ler=other\&it=1697311258277\&coo=false\&rqm=get" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file index php created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "5222579ba7e03b694b6b5bd7adc8e2083add7d00ab984591b45d943f5b97586d", "size" 1348, "path" "index php" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "file css created", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "6d58c1e726f9c0c33808d6bd8a03711b904f093fd0e0121391b5a73d60c5d284", "size" 3492, "path" "css" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host connect facebook net", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "connect facebook net", "ips" \[ "157 240 0 6" ], "cnames" \[ "scontent xx fbcdn net" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host www facebook com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "www facebook com", "cnames" \[ "star mini c10r facebook com" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host www google analytics com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "www google analytics com" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "file", "display" "http response would be written to disk https //pixelfy me/qxuk5c", "engine" "iee", "malicious" false, "time" 0, "what" { "sha256" "3b0e329f2afb381750edef6e285ee7ed6f092aa89d108a3f498299b01e6692bd", "size" 5566, "path" "https //pixelfy me/qxuk5c" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //www google analytics com/g/collect?v=2\&tid=g 1qbj2gpv5y\&gtm=45je3ab0& p=1587741629\&cid=569024392 1697311258\&ul=en us\&sr=1536x864\&uaa=\&uab=\&uafvl=headlesschrome%3b%7cnot%253ba%253dbrand%3b8 0 0 0%7cchromium%3b\&uamb=0\&uam=\&uap=linux\&uapv=\&uaw=0& s ", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //www google analytics com/g/collect?v=2\&tid=g 1qbj2gpv5y\&gtm=45je3ab0& p=1587741629\&cid=569024392 1697311258\&ul=en us\&sr=1536x864\&uaa=\&uab=\&uafvl=headlesschrome%3b%7cnot%253ba%253dbrand%3b8 0 0 0%7cchromium%3b\&uamb=0\&uam=\&uap=linux\&uapv=\&uaw=0& s=1\&sid=1697311258\&sct=1\&seg=0\&dl=https%3a%2f%2fpixelfy me%2fqxuk5c\&dr=https%3a%2f%2ft co%2f\&dt=pixelfy me\&en=page view& fv=1& nsi=1& ss=1& ee=1" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host www googletagmanager com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "www googletagmanager com" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host connect facebook net", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "connect facebook net", "cnames" \[ "scontent xx fbcdn net" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "dns", "display" "dns lookup of host grigomac com", "engine" "iee", "malicious" false, "time" 0, "what" { "host" "grigomac com", "ips" \[ "172 67 201 233", "104 21 76 224" ] }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] }, { "type" "url", "display" "url https //grigomac com/cdn cgi/challenge platform/scripts/jsd/main js", "engine" "iee", "malicious" false, "time" 0, "what" { "url" "https //grigomac com/cdn cgi/challenge platform/scripts/jsd/main js" }, "platforms" \[ { "name" "win10", "os" "win", "version" "win10" } ] } ] } ] } } ] output parameters status code (number) reason (string) json body (object) generated (string) reports (array) scope (string) id (string) name (string) threatstatus (string) forensics (array) type (string) display (string) engine (string) malicious (boolean) time (number) what (object) url (string) platforms (array) name (string) os (string) version (string) note (string) response headers header type date string content type string transfer encoding string connection string x content type options string vary string content encoding string strict transport security string