{
	"id": "5d5dbea7-d40c-44ca-a496-1798724368e8",
	"created_at": "2026-04-06T00:06:55.811709Z",
	"updated_at": "2026-04-10T13:12:32.368736Z",
	"deleted_at": null,
	"sha1_hash": "304c090b0b6faa05642ef34a1b98f49492f5ad8e",
	"title": "Intrusion Prevention | FortiGuard Labs",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49198,
	"plain_text": "Intrusion Prevention | FortiGuard Labs\r\nArchived: 2026-04-05 21:09:46 UTC\r\nDescription\r\nThis indicates an attempt to access ReGeorg HTTP Tunnel.\r\nReGeorg acts as a HTTP proxy to tunnel data in and out of a network. It is used to bypass firewall policy that only\r\nallows HTTP traffics. ReGeorg can transport other TCP sessions such as RDP, SSH, and SMB through the HTTP\r\ntunnel.\r\nReGeorg is an upgraded version of ReDuh. The ReGeorg server script is often installed by attackers after a web\r\nserver is compromised.\r\nAffected Products\r\nAll web servers\r\nImpact\r\nSystem Compromise: Remote attackers can gain control of vulnerable systems.\r\nRecommended Actions\r\nMonitor the traffic from the network for any suspicious activity.\r\nLook for a suspicious PHP, ASP, JSP, or JS file on the web server, based on the IPS log entry.\r\nLast 24 Hours\r\n0\r\nDaily Trend\r\n0%\r\nLast 7 Days\r\n0\r\nWeekly Trend\r\n0%\r\nhttps://www.fortiguard.com/encyclopedia/ips/47584/regeorg-http-tunnel\r\nPage 1 of 2\n\nCoverage\r\nIPS (Regular DB)\r\nIPS (Extended DB)\r\nVersion Updates\r\nDate Version Status Detail\r\n2019-04-05 14.587 Default_action:pass:drop\r\n2019-03-13 14.572 Sig Added\r\n2019-03-12 14.571\r\nSource: https://www.fortiguard.com/encyclopedia/ips/47584/regeorg-http-tunnel\r\nhttps://www.fortiguard.com/encyclopedia/ips/47584/regeorg-http-tunnel\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.fortiguard.com/encyclopedia/ips/47584/regeorg-http-tunnel"
	],
	"report_names": [
		"regeorg-http-tunnel"
	],
	"threat_actors": [],
	"ts_created_at": 1775434015,
	"ts_updated_at": 1775826752,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/304c090b0b6faa05642ef34a1b98f49492f5ad8e.pdf",
		"text": "https://archive.orkl.eu/304c090b0b6faa05642ef34a1b98f49492f5ad8e.txt",
		"img": "https://archive.orkl.eu/304c090b0b6faa05642ef34a1b98f49492f5ad8e.jpg"
	}
}