{"report_id":"1ba82916-9c65-4c0b-bd4f-cbf9a99bd642","version":6,"status":"done","tags":[],"date":"2025-05-03T08:47:17Z","url":{"schema":"http","addr":"aiphotos.top/photo_editor/resource/s20_camera/Clipboard/frame_cartoon_4.zip","fqdn":"aiphotos.top","domain":"aiphotos.top","tld":"top"},"ip":{"addr":"104.21.59.140","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-12T08:47:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"aiphotos.top","ip":{"addr":"104.21.59.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-04-17","domain_rank":0,"first_seen":"2023-04-17T10:11:16Z","last_seen":"2025-05-03T07:56:54.8165Z","alert_count":0,"request_count":1,"received_data":108409,"sent_data":543,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"9945fc2d8335649e3b7ac9db2dbd708a","sha1":"d211b4446274b62b5c24381450a70d2e648f355c","sha256":"52c7bd763db9d63f18775378b6bca62859dc7737191c07ae1cc46c9821cb283b","sha512":"df38c88f93caee73a5515a547db74d23b21257284a8e5f6e918c2b2d528a32c9fbe269ff3a7cab115995dcec7402b0f0e75d7c9ec54f8ee68291114e0a0d198a","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":108085,"url":{"schema":"https","addr":"aiphotos.top/photo_editor/resource/s20_camera/Clipboard/frame_cartoon_4.zip","fqdn":"aiphotos.top","domain":"aiphotos.top","tld":"top"},"ip":{"addr":"104.21.59.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"top.png","filename":"top.png","modified":"2022-12-30T14:16:37+08:00","Modified":"","magic":"PNG image data, 706 x 120, 8-bit/color RGBA, non-interlaced","size":38328,"md5":"7ae41c91b472817ba9c1a13a8e9529fa","sha1":"c6bbd7eff2e7aef6213fb6bea32f93596a5c4a32","sha256":"b67bd88f08c36ae1ec58879ea743157eb84d5d111964cb06be788eaf86cd6dd1","sha512":"742411dd00e89b77b771750deb6a1d115237f69a3fb2539f9736eb7b14b58251f6766d36eedddaed23eed8ccf168fdb04115ad5d2933933f469586c7b8a073bc","alerts":{"urlquery":null,"analyzer":null}},{"path":"bottom.png","filename":"bottom.png","modified":"2022-12-30T14:16:37+08:00","Modified":"","magic":"PNG image data, 702 x 235, 8-bit/color RGBA, non-interlaced","size":69555,"md5":"7d6c207e71c48da05a5fee350ce560a1","sha1":"0b152b097d391b8dcdc0c6defd23d2c0dacb1688","sha256":"01a26c076726cf5c279a29c9c4dc9bea04b5008504470e49216e1bc105ba85a9","sha512":"2a97b89b85c817d3c0e4f683a839eeb21baec4c82c87ac9f13c0f4a6510fc5ff9dcd5d44399ea47fe66368ed4b786c7946880bcfd5e24aeb3aba4ef34459a4b9","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"9945fc2d8335649e3b7ac9db2dbd708a","sha1":"d211b4446274b62b5c24381450a70d2e648f355c","sha256":"52c7bd763db9d63f18775378b6bca62859dc7737191c07ae1cc46c9821cb283b","sha512":"df38c88f93caee73a5515a547db74d23b21257284a8e5f6e918c2b2d528a32c9fbe269ff3a7cab115995dcec7402b0f0e75d7c9ec54f8ee68291114e0a0d198a","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":108085,"url":{"schema":"https","addr":"aiphotos.top/photo_editor/resource/s20_camera/Clipboard/frame_cartoon_4.zip","fqdn":"aiphotos.top","domain":"aiphotos.top","tld":"top"},"ip":{"addr":"104.21.59.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"top.png","filename":"top.png","modified":"2022-12-30T14:16:37+08:00","Modified":"","magic":"PNG image data, 706 x 120, 8-bit/color RGBA, non-interlaced","size":38328,"md5":"7ae41c91b472817ba9c1a13a8e9529fa","sha1":"c6bbd7eff2e7aef6213fb6bea32f93596a5c4a32","sha256":"b67bd88f08c36ae1ec58879ea743157eb84d5d111964cb06be788eaf86cd6dd1","sha512":"742411dd00e89b77b771750deb6a1d115237f69a3fb2539f9736eb7b14b58251f6766d36eedddaed23eed8ccf168fdb04115ad5d2933933f469586c7b8a073bc","alerts":{"urlquery":null,"analyzer":null}},{"path":"bottom.png","filename":"bottom.png","modified":"2022-12-30T14:16:37+08:00","Modified":"","magic":"PNG image data, 702 x 235, 8-bit/color RGBA, non-interlaced","size":69555,"md5":"7d6c207e71c48da05a5fee350ce560a1","sha1":"0b152b097d391b8dcdc0c6defd23d2c0dacb1688","sha256":"01a26c076726cf5c279a29c9c4dc9bea04b5008504470e49216e1bc105ba85a9","sha512":"2a97b89b85c817d3c0e4f683a839eeb21baec4c82c87ac9f13c0f4a6510fc5ff9dcd5d44399ea47fe66368ed4b786c7946880bcfd5e24aeb3aba4ef34459a4b9","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-03T08:46:48Z","timestamp":1746262008,"ip_dst":{"addr":"172.67.179.71","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":44790,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-05-03T08:46:48.281810+0000\",\"flow_id\":118815303723727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":44790,\"dest_ip\":\"172.67.179.71\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"aiphotos.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://aiphotos.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":549,\"bytes_toclient\":1239,\"start\":\"2025-05-03T08:46:48.256719+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"aiphotos.top/photo_editor/resource/s20_camera/Clipboard/frame_cartoon_4.zip","fqdn":"aiphotos.top","domain":"aiphotos.top","tld":"top"},"ip":{"addr":"104.21.59.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-03T08:46:45.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aiphotos.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 19 Mar 2025 08:50:13 GMT","end":"Tue, 17 Jun 2025 09:50:09 GMT"},"fingerprint":{"sha1":"CE:44:D7:2E:A4:8D:AD:BF:2A:F7:14:F6:1D:4F:E7:30:46:F4:1F:17","sha256":"09:8E:7A:A6:79:90:FB:E7:27:BA:C1:70:9A:E5:D0:99:CD:77:01:A3:67:62:C1:8B:3C:7D:C6:59:E3:92:47:62"}}},"request":{"raw":"GET /photo_editor/resource/s20_camera/Clipboard/frame_cartoon_4.zip HTTP/1.1\r\nHost: aiphotos.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 May 2025 08:46:48 GMT\r\ncontent-type: application/zip\r\ncontent-length: 108085\r\nserver: cloudflare\r\naccept-ranges: bytes\r\nlast-modified: Fri, 30 Dec 2022 07:51:18 GMT\r\netag: \"63ae9876-1a635\"\r\ncf-cache-status: MISS\r\ncf-ray: 939e7d5d3fd3b509-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":108085,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v1.0 to extract, compression method=store","md5":"9945fc2d8335649e3b7ac9db2dbd708a","sha1":"d211b4446274b62b5c24381450a70d2e648f355c","sha256":"52c7bd763db9d63f18775378b6bca62859dc7737191c07ae1cc46c9821cb283b","sha512":"df38c88f93caee73a5515a547db74d23b21257284a8e5f6e918c2b2d528a32c9fbe269ff3a7cab115995dcec7402b0f0e75d7c9ec54f8ee68291114e0a0d198a","ssdeep":"3072:QvK9LWVB977TLPl14PyGHwLpue6ecJsJuLT/hQvKD1x:IVzfLPliPy7LpueUJsJuP5QGx","tlshash":"afb312f7b89028cde26b653333413359a54c3f12974acf68cd8d9bc116e86722d9da36","first_seen":"2023-11-26T17:50:39Z","last_seen":"2025-11-26T09:03:31.157244Z","times_seen":14,"resource_available":false,"data":null}},"time_used":5198,"timings":{"blocked":29,"dns":1,"connect":1,"send":0,"wait":2924,"receive":2215,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}