{"report_id":"1fee78ef-1b01-45bb-9b0d-537b70deb5b5","version":6,"status":"done","tags":[],"date":"2025-10-16T13:57:11Z","url":{"schema":"http","addr":"teen.ahtops.com/?u=kiretuyhgfd","fqdn":"teen.ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":0,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"teen.ahtops.com/","fqdn":"teen.ahtops.com","domain":"ahtops.com","tld":"com"},"title":"Teen XXX"},"submit":{"url":{"schema":"http","addr":"teen.ahtops.com/?u=kiretuyhgfd","fqdn":"teen.ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":0,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-20T13:57:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-16T13:56:53Z","timestamp":1760623013,"ip_dst":{"addr":"172.18.0.17","port":60454,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-16T13:56:53.693757+0000\",\"flow_id\":2099023425154211,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.244.35.53\",\"src_port\":80,\"dest_ip\":\"172.18.0.17\",\"dest_port\":60454,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"teen.ahtops.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7763},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":23978,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1065,\"bytes_toclient\":8554,\"start\":\"2025-10-16T13:56:49.830627+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"ahtops.com","ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"domain_registered":"2020-09-14","domain_rank":61496,"first_seen":"2020-11-25T20:33:54Z","last_seen":"2025-10-12T22:27:27.917255Z","alert_count":0,"request_count":9,"received_data":32010,"sent_data":3197,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"teen.ahtops.com","ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"domain_registered":"2020-09-14","domain_rank":0,"first_seen":"2025-10-16T13:57:11.757285Z","last_seen":"2025-10-16T13:57:11.757285Z","alert_count":2,"request_count":4,"received_data":24595,"sent_data":1922,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Liveinternet","description":"","website":"https://liveinternet.ru/rating/","common_platform_enumeration":"","icon":"Liveinternet.png","categories":["Analytics"]}]},{"fqdn":"free-xxx-porn.org","ip":{"addr":"162.244.32.79","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"domain_registered":"2006-10-31","domain_rank":502210,"first_seen":"2012-11-15T08:31:24Z","last_seen":"2025-10-13T08:16:22.864096Z","alert_count":0,"request_count":1,"received_data":25631,"sent_data":390,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-16T13:56:53Z","timestamp":1760623013,"ip_dst":{"addr":"172.18.0.17","port":60454,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-16T13:56:53.693757+0000\",\"flow_id\":2099023425154211,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.244.35.53\",\"src_port\":80,\"dest_ip\":\"172.18.0.17\",\"dest_port\":60454,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"teen.ahtops.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7763},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":23978,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1065,\"bytes_toclient\":8554,\"start\":\"2025-10-16T13:56:49.830627+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"ahtops.com/util/disable.js","fqdn":"ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a533258fa1d411ad40d74e6206670d6a","sha1":"d4766489b9b67326e24200059479a954f9c35d53","sha256":"39706bd798acf6ffd54ee59450f6f82eafc5ec413c39c37b1bd6f96f0753fc8b","sha512":"c24ca584aaef0215b10affa95bc99d20a2351523d5aaad05f392ce88823af0a77d5cebbb19cee3bb86ad547c1aa5cbe84fae2cd7cc2aad1b5703a43f0724d1d7","ssdeep":"","tlshash":"2e018566301ec02d5f73123139388b89fc600a0128577a84f8bca4b0b7b0e5614aeead","size":775,"data":"","first_seen":"2023-03-08T02:20:05Z","last_seen":"2026-03-26T09:41:51.345431Z","times_seen":36,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"teen.ahtops.com/","fqdn":"teen.ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1f5bf82a1c9833cba87ed501f1f89c86","sha1":"5ff6a3a59fff571b652735aa6927c3c6bf942fcd","sha256":"89ad09c448fa7c0dba542932de7760b33b97fa5887378553a2f8b1df1dcdec01","sha512":"8f62ff832b59785e1d57fd464516aa94c07c59f62f407b059d28d38d3475734b0877c368d09fd0e9e6c4f8bb2202fcbe5184807c3208d3cf3c8b90e9383785c4","ssdeep":"","tlshash":"dfc080663f58847511d36f135474bdc13c3b046b741d705485786444555393fc539d59","size":173,"data":"","first_seen":"2025-10-16T13:57:15.803532Z","last_seen":"2025-10-16T13:57:15.803532Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-16T13:56:53Z","timestamp":1760623013,"ip_dst":{"addr":"172.18.0.17","port":60454,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-16T13:56:53.693757+0000\",\"flow_id\":2099023425154211,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.244.35.53\",\"src_port\":80,\"dest_ip\":\"172.18.0.17\",\"dest_port\":60454,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"teen.ahtops.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7763},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":23978,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1065,\"bytes_toclient\":8554,\"start\":\"2025-10-16T13:56:49.830627+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"teen.ahtops.com/","fqdn":"teen.ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d4cfe68fb6e528006025517c115e093f","sha1":"5b82f7aa005faf520e45fa321cae0eeebf11b6e4","sha256":"ee2261be6766a87fc2667c9806d1bc715e942ef282754fa29f99281ff2edbeaa","sha512":"b763b31f059c798fb17d6cb64f3f815d8e22a10b51a4a8b6cfc3c204034a92618212edbe6ecdf8b268f3564540fc76c9674f8a7ac41d17ef487b8de0a1b64311","ssdeep":"","tlshash":"77f05c9941db36ae592d5c2d3948c6c3207c8821776b9d6d567f473e1860d233a806aa","size":450,"data":"","first_seen":"2025-10-14T01:21:57.4273Z","last_seen":"2025-12-27T04:37:03.960558Z","times_seen":4,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-16T13:56:53Z","timestamp":1760623013,"ip_dst":{"addr":"172.18.0.17","port":60454,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-16T13:56:53.693757+0000\",\"flow_id\":2099023425154211,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.244.35.53\",\"src_port\":80,\"dest_ip\":\"172.18.0.17\",\"dest_port\":60454,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"teen.ahtops.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7763},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":23978,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1065,\"bytes_toclient\":8554,\"start\":\"2025-10-16T13:56:49.830627+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"teen.ahtops.com/","fqdn":"teen.ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"29b71e05cbdb12aa15d71b22296734b6","sha1":"6fbf19e0b081b60a7a38da0915b563b286acc69e","sha256":"cc1857503dd277169c15df73fd8a3c0cf91c75174b37daf802bf9d027b5d026a","sha512":"2ec84e01f34852b53be4d192fc5e0284e98eaa75e57910c68858635fa2b828f444d0129f24da1831b5a09242d9f6551b6110d8d7e76bc2ae3c4a455b2e89426e","ssdeep":"","tlshash":"74f0c0f0940350aa545748376464d5201c39f1f15d907786b05b1a3e66c5ba2f46ea6d","size":510,"data":"","first_seen":"2024-07-08T01:22:12Z","last_seen":"2026-03-12T05:34:35.301443Z","times_seen":12,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-16T13:56:53Z","timestamp":1760623013,"ip_dst":{"addr":"172.18.0.17","port":60454,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-16T13:56:53.693757+0000\",\"flow_id\":2099023425154211,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.244.35.53\",\"src_port\":80,\"dest_ip\":\"172.18.0.17\",\"dest_port\":60454,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"teen.ahtops.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7763},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":23978,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1065,\"bytes_toclient\":8554,\"start\":\"2025-10-16T13:56:49.830627+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"e6db45fe48f689323a782f3343816244","sha1":"3771b534e557df2d3a81178d7bc01f3385572263","sha256":"97b4a1a95733ee10017bef64abf381ea0d3412d590cce3da720ec7d8085340b0","sha512":"9df174e45b6e796e28604a4d4fa4de89c6515b466469c11531668084e02ea88e716996716f1709aeed316590e7e79376cc63be961ee47de3cc2143d0ef3de410","ssdeep":"","tlshash":"42b0927a00ce43452a921948f49809e68a285456328bed46be7b0b2225844639962b3e","size":117,"data":"","first_seen":"2025-10-14T01:21:57.483004Z","last_seen":"2025-12-27T04:37:03.963617Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2f45ad8528b797e9f877ea53dce1a32e","sha1":"526925cdabbe4c2e0e7182ba31c1bb0f7e2a6d1d","sha256":"0296653c27b14348ddd1d744842a4f259257e06fc8c1ef83246f338c6dee4446","sha512":"2f419347e9653acbc92e53665324657d958b793d9a0e42524cd2cdfee610da5781a80dd336144038bcd2414ac9be529d37f791bb42a82bf0c29925574576d31a","ssdeep":"","tlshash":"bfe07244b14284065a64e1a8c26af0a80102b189c010e7cebc234f2a03cb3a6e022aec","size":295,"data":"","first_seen":"2025-10-16T13:57:15.825095Z","last_seen":"2025-10-16T13:57:15.825095Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"ahtops.com/style2/sign.gif","fqdn":"ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://teen.ahtops.com/","date":"2025-10-16T13:56:50.226Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /style2/sign.gif HTTP/1.1\r\nHost: ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://teen.ahtops.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: image/gif\r\nContent-Length: 188\r\nLast-Modified: Wed, 07 Oct 2020 14:56:34 GMT\r\nConnection: keep-alive\r\nETag: \"5f7dd722-bc\"\r\nExpires: Thu, 23 Oct 2025 13:56:50 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":188,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 12 x 12","md5":"570504660bf9ba6c0358e164f29dcde7","sha1":"710392b16687c229057056ce8603073b9e4d2105","sha256":"727a2957e2be30a32f7d8be4acc4970e09d2589d1c6236cbf3dfb195aa103de1","sha512":"013b378dd2683682837e759d028f663e56a41c493beff29353996d81f7533d643d895c07a1b32ad809827efeb7004f23889fae1969b70c940c2c41fa23f9c0fd","ssdeep":"","tlshash":"97c08c4ad02b852cf86ed9368ac8462d86503113827c050c36543a86bc221b7c4449d1","first_seen":"2025-10-16T13:57:15.731015Z","last_seen":"2025-10-16T13:57:15.731015Z","times_seen":1,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":307,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ahtops.com/style2/mtfrm.gif","fqdn":"ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://teen.ahtops.com/","date":"2025-10-16T13:56:50.565Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /style2/mtfrm.gif HTTP/1.1\r\nHost: ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ahtops.com/style2/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: image/gif\r\nContent-Length: 4210\r\nLast-Modified: Wed, 07 Oct 2020 14:56:34 GMT\r\nConnection: keep-alive\r\nETag: \"5f7dd722-1072\"\r\nExpires: Thu, 23 Oct 2025 13:56:50 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4210,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 490 x 15","md5":"141063d5d6934cee914e125a5db33adf","sha1":"9057f5773c51896cabf9c61137de168641f43457","sha256":"de44efd87c9ace8d8712c47bb6c86bce01b8613be0dfb00bad6c0360e8b35c10","sha512":"980b31913d68a96e82ad2f87722569efcbe643b565866ccd0f6edc0b88bb737c2eacad2cb4a83bf481dcdfe672f23f07014fa10351a0e33d5086ee3a7d34888e","ssdeep":"96:ALjTXTSBIcjTCOeaRVM2GqcAMphV5ZR0af2pCMWoMOapB:ALrJo5rV2K+CaOpCqMOapB","tlshash":"31917f0070f682c376e139050a409ca7f1a5ebb5b445936c97c303e5d7d1f7a9c8946d","first_seen":"2025-10-16T13:57:15.735669Z","last_seen":"2025-10-16T13:57:15.735669Z","times_seen":1,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":113,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"teen.ahtops.com/?u=kiretuyhgfd","fqdn":"teen.ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T13:56:49.199Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?u=kiretuyhgfd HTTP/1.1\r\nHost: teen.ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:49 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: getin[id]=135014; expires=Fri, 17-Oct-2025 13:56:49 GMT; Max-Age=86400; path=/\ngetin[c]=teen; expires=Fri, 17-Oct-2025 13:56:49 GMT; Max-Age=86400; path=/\ngetin[u]=kiretuyhgfd; expires=Fri, 17-Oct-2025 13:56:49 GMT; Max-Age=86400; path=/\r\nlocation: .\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":447,"timings":{"blocked":146,"dns":1,"connect":145,"send":0,"wait":150,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ahtops.com/util/thumbs/teen9.jpg","fqdn":"ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://teen.ahtops.com/","date":"2025-10-16T13:56:50.228Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /util/thumbs/teen9.jpg HTTP/1.1\r\nHost: ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://teen.ahtops.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 7751\r\nLast-Modified: Fri, 15 Aug 2008 15:18:52 GMT\r\nConnection: keep-alive\r\nETag: \"48a59e5c-1e47\"\r\nExpires: Thu, 23 Oct 2025 13:56:50 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7751,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 120x150, components 3","md5":"350d4e0e87f7861d1bbe2e021fa7e402","sha1":"cc1a6fb805dee6d9888ca08044e7288b86916ece","sha256":"a6e461612c35f792667cb4039702a6f7d92bbed60474f109c865e6d3069a3636","sha512":"78a04f92422962a2e777abc9aaf7726d670c61d57ed96dfd393e4f649e003be35e79c0d4f314c3e235df198d3530ff9184e215b70f6ab8ac649302da18a00969","ssdeep":"192:2PTt4PocIu2o1B0daUtZUXxadjcaHXV6f1Jy3edRdUt:2PTaYo1B0daUsXxadgaHuwedRet","tlshash":"24f1ae6694682f7fce6009f560f9c734cbd87884220435664bfab52ef555ff73a48205","first_seen":"2025-10-16T13:57:15.746823Z","last_seen":"2025-10-16T13:57:15.746823Z","times_seen":1,"resource_available":false,"data":null}},"time_used":766,"timings":{"blocked":305,"dns":25,"connect":145,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ahtops.com/util/thumbs/teen08.jpg","fqdn":"ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://teen.ahtops.com/","date":"2025-10-16T13:56:50.228Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /util/thumbs/teen08.jpg HTTP/1.1\r\nHost: ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://teen.ahtops.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 6878\r\nLast-Modified: Fri, 15 Aug 2008 15:18:52 GMT\r\nConnection: keep-alive\r\nETag: \"48a59e5c-1ade\"\r\nExpires: Thu, 23 Oct 2025 13:56:50 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6878,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 130x130, components 3","md5":"bb869d6389f4a4431982fd6e35bac3c9","sha1":"275b318d6b9bfb458f626584584f09438080e9cb","sha256":"6115d14b5e7c80cf0859e9c416378bd2be87787619d9291e01aed5f12ecaa50d","sha512":"d39a55a55141da23ec98f6b0558d6d41e5a70d50ce33a33196ed633eeff6165006d73f3c5fa306330fa6a6c17a739f550db516ae66ddd1ea708c8bdc54ecce54","ssdeep":"96:FiViP77E8YNw6MMLQEAxmzGlED4xvvCe+d0RxX+HOKgY1ckXtsZ1Y8mr:FvMkdMiNC0byHywF","tlshash":"b6e19e91ae7d97a3d88062308dfcbfdea879b6561412de626071c09504214fcec56e2f","first_seen":"2025-10-16T13:57:15.753322Z","last_seen":"2025-10-16T13:57:15.753322Z","times_seen":1,"resource_available":false,"data":null}},"time_used":765,"timings":{"blocked":304,"dns":25,"connect":145,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ahtops.com/style2/ltfrm.gif","fqdn":"ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://teen.ahtops.com/","date":"2025-10-16T13:56:50.563Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /style2/ltfrm.gif HTTP/1.1\r\nHost: ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ahtops.com/style2/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: image/gif\r\nContent-Length: 104\r\nLast-Modified: Wed, 07 Oct 2020 14:56:34 GMT\r\nConnection: keep-alive\r\nETag: \"5f7dd722-68\"\r\nExpires: Thu, 23 Oct 2025 13:56:50 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 220 x 10","md5":"bb8a90552820b6605ed7b08c929015c6","sha1":"d57e3c7f4da03f503acb089913807080ca6af00b","sha256":"e3ea7e93e704070f98119a7607d779e29e324d8cd01218953538dcd545441915","sha512":"bdbd78a9d90e8ab6e2d9228a51e298e1c3dddb10a4bb8bf0d53682cec9a3953bbe505518eada823347b28095b896f8195328910164badfc1b1e88720530a79a4","ssdeep":"","tlshash":"d3b0123a46cd4047f05df0b113696301a70b56694d7825d544b970d83e8d910084a252","first_seen":"2025-10-16T13:57:15.757851Z","last_seen":"2025-10-16T13:57:15.757851Z","times_seen":1,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"teen.ahtops.com/?u=kiretuyhgfd","fqdn":"teen.ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T13:56:48.723Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /?u=kiretuyhgfd HTTP/1.1\r\nHost: teen.ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":456,"timings":{"blocked":0,"dns":160,"connect":145,"send":0,"wait":0,"receive":0,"ssl":149},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"teen.ahtops.com/","fqdn":"teen.ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T13:56:49.503Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: teen.ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nCookie: getin[id]=135014; getin[c]=teen; getin[u]=kiretuyhgfd\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":302,"timings":{"blocked":0,"dns":1,"connect":144,"send":0,"wait":0,"receive":0,"ssl":151},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-16T13:56:53Z","timestamp":1760623013,"ip_dst":{"addr":"172.18.0.17","port":60454,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-16T13:56:53.693757+0000\",\"flow_id\":2099023425154211,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.244.35.53\",\"src_port\":80,\"dest_ip\":\"172.18.0.17\",\"dest_port\":60454,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"teen.ahtops.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7763},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":23978,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1065,\"bytes_toclient\":8554,\"start\":\"2025-10-16T13:56:49.830627+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"teen.ahtops.com/","fqdn":"teen.ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T13:56:49.840Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: teen.ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: getin[id]=135014; getin[c]=teen; getin[u]=kiretuyhgfd\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Liveinternet","description":"","website":"https://liveinternet.ru/rating/","common_platform_enumeration":"","icon":"Liveinternet.png","categories":["Analytics"]}],"data":{"size":23978,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (344), with CRLF, LF line terminators","md5":"459bc4c3079272ddd1cf0b1ec048f8a1","sha1":"c4dd3d107a4423ff1683384f7830a101de776190","sha256":"adb00b3acb5b31f0bec153a229aa1a63d9d6b145e896c797fe753e75d7bd2227","sha512":"61c67c82dff93ecd16a864b05026980d4ff673cee0f4c25f78dbe9d0ec00d070cc96f9e04d947887d491923d8b10f97a506fdf6d2ac623dc7634f0e56bf6014d","ssdeep":"384:25T3e8m2mrma+5bn44C68Nx2fXo2qODCx:2cx+Z18TKjdCx","tlshash":"06b287da514562978317beed32bfb23a401b91c283925f42649f0df79fc5e42f838686","first_seen":"2025-10-16T13:57:15.761767Z","last_seen":"2025-10-16T13:57:15.761767Z","times_seen":1,"resource_available":false,"data":null}},"time_used":428,"timings":{"blocked":135,"dns":1,"connect":144,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-16T13:56:53Z","timestamp":1760623013,"ip_dst":{"addr":"172.18.0.17","port":60454,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"severity":"high","alert":"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS","source":"{\"timestamp\":\"2025-10-16T13:56:53.693757+0000\",\"flow_id\":2099023425154211,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.244.35.53\",\"src_port\":80,\"dest_ip\":\"172.18.0.17\",\"dest_port\":60454,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014545,\"rev\":8,\"signature\":\"ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS\",\"category\":\"Exploit Kit Activity Detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2012_04_12\"],\"signature_severity\":[\"Major\"],\"tag\":[\"TDS\"],\"updated_at\":[\"2020_08_19\"]}},\"http\":{\"hostname\":\"teen.ahtops.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7763},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":23978,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1065,\"bytes_toclient\":8554,\"start\":\"2025-10-16T13:56:49.830627+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ahtops.com/style2/style.css","fqdn":"ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://teen.ahtops.com/","date":"2025-10-16T13:56:50.225Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /style2/style.css HTTP/1.1\r\nHost: ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://teen.ahtops.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: text/css\r\nContent-Length: 1998\r\nLast-Modified: Wed, 07 Oct 2020 14:56:34 GMT\r\nConnection: keep-alive\r\nETag: \"5f7dd722-7ce\"\r\nExpires: Thu, 23 Oct 2025 13:56:50 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1998,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"db0a4b915b8a5cc9b3ff9bb99caab951","sha1":"22dc798620cb73ccc6b933cd40ba027f90fba030","sha256":"afdce52390ded2a3cf8571414518119463eeaceb7d7313c12b8bb545f9a0ea03","sha512":"498cc713466f3da6fb253a03ccd11dcbbc7205b07153f94bb8eee15656111b98686b6e9f965ae4403591807fc8bee8b3c5f36d2ad86bfb35e778afd6ac9f36fe","ssdeep":"","tlshash":"0a41082bb6d12c46f60ae4e4fe16dfc9724f4b26dd0e4ea278b5257cd5015f211b060e","first_seen":"2025-10-16T13:57:15.765126Z","last_seen":"2025-10-16T13:57:15.765126Z","times_seen":1,"resource_available":false,"data":null}},"time_used":479,"timings":{"blocked":163,"dns":27,"connect":144,"send":0,"wait":145,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"free-xxx-porn.org/xtopengine/thumbs/allpaysites/teenbanner.gif","fqdn":"free-xxx-porn.org","domain":"free-xxx-porn.org","tld":"org"},"ip":{"addr":"162.244.32.79","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://teen.ahtops.com/","date":"2025-10-16T13:56:50.230Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /xtopengine/thumbs/allpaysites/teenbanner.gif HTTP/1.1\r\nHost: free-xxx-porn.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://teen.ahtops.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: image/gif\r\nContent-Length: 25326\r\nLast-Modified: Mon, 28 Sep 2009 13:18:24 GMT\r\nConnection: keep-alive\r\nETag: \"4ac0b7a0-62ee\"\r\nExpires: Thu, 23 Oct 2025 13:56:50 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25326,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 87a, 468 x 60","md5":"eec9eb2894005b30dbac0e4ba5de2a1d","sha1":"f77a8939ddd57506020f03f273644bad2a0d511f","sha256":"0b15d86606348428ae3565166c186369fe5e5d14ae8f2b4a3eac6415d671bc06","sha512":"cc56e3d2b404500757c74912ede99e9ebe09b51af172558c5b1a1cf22cb887d0e6a5c3ab7f0f2ba403c697481cbf835e732dc95bbcefa710344a46b962e99e4e","ssdeep":"768:1y24aRbuj9hCLMzWlC/gVIf6h/kxESFRXl:clevXAoMx37l","tlshash":"cfb2e03c3e6656bbe4604ad34bc16f16d33ea315ccb607a21f9b98848445404aaf5fe2","first_seen":"2025-10-16T13:57:15.779856Z","last_seen":"2025-11-21T10:33:01.864101Z","times_seen":2,"resource_available":false,"data":null}},"time_used":909,"timings":{"blocked":303,"dns":13,"connect":146,"send":0,"wait":147,"receive":146,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ahtops.com/util/disable.js","fqdn":"ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://teen.ahtops.com/","date":"2025-10-16T13:56:50.233Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /util/disable.js HTTP/1.1\r\nHost: ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://teen.ahtops.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 1552\r\nLast-Modified: Tue, 07 Sep 2010 15:25:11 GMT\r\nConnection: keep-alive\r\nETag: \"4c865957-610\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1552,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"787958a0702f3681c425ab84989a52aa","sha1":"d4a87de76d6171e90ee27ab2703d17e7972e5431","sha256":"8e94e65da00051ce7402dfb5176bc5b5ca286fafcbfa49507198bc52bc453c00","sha512":"d3f5eb5e2d43245f9d5e3e1f48819b8e3afdf092436db380240fb8bfb3c378b2baa5c2f52c7be8d90eb38ff47be51de3e5a8c3ba124420d49259a314f2e4b4e1","ssdeep":"","tlshash":"9a314f5367fa0204b1b77744967601b10b737d46a83cca0c09d8b80e1ae3e44a9a6ff3","first_seen":"2025-05-05T08:05:13.834408Z","last_seen":"2026-03-26T09:41:51.341789Z","times_seen":28,"resource_available":false,"data":null}},"time_used":474,"timings":{"blocked":155,"dns":26,"connect":145,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ahtops.com/favicon.ico","fqdn":"ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://teen.ahtops.com/","date":"2025-10-16T13:56:50.829Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://teen.ahtops.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 318\r\nLast-Modified: Wed, 30 Jan 2008 09:55:35 GMT\r\nConnection: keep-alive\r\nETag: \"47a04997-13e\"\r\nExpires: Thu, 23 Oct 2025 13:56:50 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":318,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel","md5":"47ac403f1ad2edbc5defd5728e253977","sha1":"728a46d34a5c6d2a81afcea49043411fc34c1844","sha256":"d1e1c0cca84a45415bad77dffb4a59e99efeff7ebf45388062bb7ea6745a8a93","sha512":"22772c84d1612994e61084b21a0c3b4a3dafbd932145fab452cc9add2ef80925eeedf236bf3f5c840accfdaf6f47c653ed1ac35b06765dbf980b1ec3f1d3843c","ssdeep":"","tlshash":"bde08084f144d134d1145130d1139f13ce74d545445d8ece53474fc43b3535e8dd9164","first_seen":"2025-09-22T15:16:53.279054Z","last_seen":"2025-10-16T13:57:15.785808Z","times_seen":2,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ahtops.com/util/thumbs/teen1.jpg","fqdn":"ahtops.com","domain":"ahtops.com","tld":"com"},"ip":{"addr":"162.244.35.53","port":80,"asn":14576,"as":"HOSTING-SOLUTIONS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://teen.ahtops.com/","date":"2025-10-16T13:56:50.229Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /util/thumbs/teen1.jpg HTTP/1.1\r\nHost: ahtops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://teen.ahtops.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 13:56:50 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 6338\r\nLast-Modified: Fri, 15 Aug 2008 15:18:52 GMT\r\nConnection: keep-alive\r\nETag: \"48a59e5c-18c2\"\r\nExpires: Thu, 23 Oct 2025 13:56:50 GMT\r\nCache-Control: max-age=604800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6338,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, progressive, precision 8, 110x160, components 3","md5":"a67b3e7e80fa7b0aaf472e7f5759e055","sha1":"e70bdb1f66f20874ce505ffaeb14941f7426a007","sha256":"547091bf23fafccfe64008251d970aa27e0c6b2eb58704489b8d0cb00cd5dae7","sha512":"f3fb322bdb572c6821476122951546d0fc9c14433fbf7a975dbd54e5820d5534aceb3bb07a0052f47780d74d19198e39b4bc76fdd828fb22ef8530449359a025","ssdeep":"96:BYfAk2yanD6ing8u8uELDev4oweSn9x4qHDRQ6REJfJUiu2b8eR4eMv3S+Ye4f:chanQ8zFSAh5HDP2SjM4ee3SHf","tlshash":"13d18d9bba790e00f94ef93165be4683db70caf5b8102ecf65659a500d650ccae1a36c","first_seen":"2025-10-16T13:57:15.790123Z","last_seen":"2025-10-16T13:57:15.790123Z","times_seen":1,"resource_available":false,"data":null}},"time_used":765,"timings":{"blocked":303,"dns":26,"connect":145,"send":0,"wait":146,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}