{"report_id":"183d1d6c-e4f3-497e-86ff-cfbf942db34d","version":6,"status":"done","tags":["botpanel","malware"],"date":"2023-11-01T17:48:57Z","url":{"schema":"http","addr":"cdn.ttgtmedia.com/bitpipe/covers/1663182731_929.jpg","fqdn":"cdn.ttgtmedia.com","domain":"ttgtmedia.com","tld":"com"},"ip":{"addr":"172.64.153.57","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"cdn.ttgtmedia.com/bitpipe/covers/1663182731_929.jpg","fqdn":"cdn.ttgtmedia.com","domain":"ttgtmedia.com","tld":"com"},"title":"1663182731_929.jpg (JPEG Image, 135 × 104 pixels)"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T16:27:01Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"cdn.ttgtmedia.com","ip":{"addr":"104.18.34.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2011-06-20","domain_rank":95388,"first_seen":"2012-06-25 18:35:56","last_seen":"2023-10-31 18:56:30","alert_count":0,"request_count":2,"received_data":14062,"sent_data":971,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Asset commenly seen with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cdn.ttgtmedia.com/bitpipe/covers/1663182731_929.jpg","fqdn":"cdn.ttgtmedia.com","domain":"ttgtmedia.com","tld":"com"},"ip":{"addr":"104.18.34.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-01T17:48:40.491Z","timestamp":1698860920491,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sni.cloudflaressl.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Sun, 18 Jun 2023 00:00:00 GMT","end":"Mon, 17 Jun 2024 23:59:59 GMT"},"fingerprint":{"sha1":"02:48:D4:4E:8C:9F:D2:68:B0:44:01:EB:1F:68:26:0F:CB:87:4E:47","sha256":"EF:67:2D:6E:09:9C:51:85:D9:58:F5:56:E5:14:95:08:88:7E:D9:8A:D5:28:4C:37:E5:8E:77:BE:A9:DB:5C:09"}}},"request":{"raw":"GET /bitpipe/covers/1663182731_929.jpg HTTP/1.1\r\nHost: cdn.ttgtmedia.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 01 Nov 2023 17:48:40 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5531\r\nlast-modified: Sat, 08 Oct 2022 06:27:43 GMT\r\ncache-control: max-age=604800\r\nexpires: Wed, 08 Nov 2023 17:48:40 GMT\r\nvia: 1.1 google\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 81f5f84b698b0b59-OSL\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5531,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPCM), density 38x38, segment length 16, baseline, precision 8, 135x104, components 3\\012- data","md5":"64831fcaec6f15765ae02dc0cf4be50e","sha1":"cd7d773c41307f3e83d3b93cd66a428f106f3220","sha256":"3f72fc46e7f75d703891352932947c25f65248b7c9310188f4ce5c82263aecb8","sha512":"cfb8cd6d93131a3abf69617d34a739f6580736fd30f6e5e8c28f0dd7a28d717a37f0860e50a0d2e07b37eb27c2d85689d3a0492acf819be47ea737852c9de6e6","ssdeep":"","tlshash":"","first_seen":"2023-11-01T18:48:57Z","last_seen":"2023-11-01T18:48:57Z","times_seen":1,"resource_available":false,"data":null}},"time_used":621,"timings":{"blocked":13,"dns":0,"connect":1,"send":0,"wait":592,"receive":1,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ttgtmedia.com/favicon.ico","fqdn":"cdn.ttgtmedia.com","domain":"ttgtmedia.com","tld":"com"},"ip":{"addr":"104.18.34.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cdn.ttgtmedia.com/bitpipe/covers/1663182731_929.jpg","date":"2023-11-01T17:48:41.998Z","timestamp":1698860921998,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sni.cloudflaressl.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Sun, 18 Jun 2023 00:00:00 GMT","end":"Mon, 17 Jun 2024 23:59:59 GMT"},"fingerprint":{"sha1":"02:48:D4:4E:8C:9F:D2:68:B0:44:01:EB:1F:68:26:0F:CB:87:4E:47","sha256":"EF:67:2D:6E:09:9C:51:85:D9:58:F5:56:E5:14:95:08:88:7E:D9:8A:D5:28:4C:37:E5:8E:77:BE:A9:DB:5C:09"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cdn.ttgtmedia.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.ttgtmedia.com/bitpipe/covers/1663182731_929.jpg\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 01 Nov 2023 17:48:41 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\nlast-modified: Tue, 05 Mar 2019 20:29:39 GMT\r\ncache-control: max-age=604800\r\nexpires: Sat, 28 Oct 2023 18:50:11 GMT\r\ncf-cache-status: HIT\r\nage: 548358\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 81f5f854bec00b59-OSL\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7796,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel\\012- data","md5":"bfb2d568aa0016e570ca38843b067a73","sha1":"1b3e36fdb8e0d48a0bd3197b4ee2bde52a295ef1","sha256":"15d016fc47d0d1806f4f4538154924f957e85abbcc2176b1f7f29c979399dea2","sha512":"f50ee9daa6156ebacb681597f3d081a520f4a055748fda0309b4494468920516599680f0c8ad053d7462c91087bcc51cba3df01768abb1635e05df19d165b043","ssdeep":"","tlshash":"","first_seen":"2023-05-23T15:05:19Z","last_seen":"2026-04-29T19:46:58.039513Z","times_seen":30,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}