{"report_id":"2d1913b6-82b0-4b4f-803a-3ce64876a552","version":6,"status":"done","tags":[],"date":"2026-03-25T15:20:02Z","url":{"schema":"http","addr":"icloudphotos.litong5969.work","fqdn":"icloudphotos.litong5969.work","domain":"litong5969.work","tld":"work"},"ip":{"addr":"50.71.105.230","port":0,"asn":6327,"as":"SHAW","country":"Canada","country_code":"CA"},"final":{"url":{"schema":"https","addr":"icloudphotos.litong5969.work/","fqdn":"icloudphotos.litong5969.work","domain":"litong5969.work","tld":"work"},"title":"iCloud Photos Downloader Login","dom":{"size":4792,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"7d2af5a39e420c4f65dc18bc659a3bfa","sha1":"138fff4790b20760007d33a2ce2f045f10a29dc5","sha256":"492f9df8da2c4c66e0c792527bf56ea82d5218f29f2d5be56b7f45d047b43289","sha512":"b800c5a427d0bc53a66d37f0258a6ac5ca89ecc878815b54e891010d9ba92498d76bf2e7e7d3fdbc89edebd332d81346b028a912536d2ff6f349ceb29be88998","ssdeep":"96:IVUF3lFeBJAOxNLoqSfiLcSq8F5G8iwXFhOj:IuF3lFeBJAOxNLoqkiLRqqzXFoj","tlshash":"bca12f9955ef0c52a903b174abe6420438a4c013000ade653ffd679d6fd6e8acdb27db","dom_hash":"domhashc9483bcbaa468cb8eeb0d03adf282bc0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"icloudphotos.litong5969.work","fqdn":"icloudphotos.litong5969.work","domain":"litong5969.work","tld":"work"},"ip":{"addr":"50.71.105.230","port":0,"asn":6327,"as":"SHAW","country":"Canada","country_code":"CA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-29T15:20:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"icloudphotos.litong5969.work","ip":{"addr":"50.71.105.230","port":443,"asn":6327,"as":"SHAW","country":"Canada","country_code":"CA"},"domain_registered":"2021-03-10","domain_rank":0,"first_seen":"2026-03-25T15:20:02.31207Z","last_seen":"2026-03-25T15:20:02.31207Z","alert_count":0,"request_count":3,"received_data":15337,"sent_data":1424,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"icloudphotos.litong5969.work/","fqdn":"icloudphotos.litong5969.work","domain":"litong5969.work","tld":"work"},"ip":{"addr":"50.71.105.230","port":443,"asn":6327,"as":"SHAW","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":true,"md5":"14269eb73e77e40ee1a79910f568e749","sha1":"d57691cbbe3de08c001fdd3bc990b34e1a0cb4cd","sha256":"0e50343e172a7dae5811b1c4e167b9337633ea9a5d3ed9ab61a7e7ceace6a126","sha512":"28a049d951fdfb72f42e95d849aa0abcfb2d75b9e7c2e198ace1f7f6a9d1be89220995f223d3b248c04bacda4f00a3c389ef164c35ad16b9255f9ab561269d85","ssdeep":"","tlshash":"4c5103ad559f0c61ad267276e394524834a480030006de643fbd574e2fe2d1f89f6ae7","size":2678,"data":"","first_seen":"2026-03-25T15:20:07.345462Z","last_seen":"2026-03-25T20:55:49.28269Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"icloudphotos.litong5969.work/favicon.ico","fqdn":"icloudphotos.litong5969.work","domain":"litong5969.work","tld":"work"},"ip":{"addr":"50.71.105.230","port":443,"asn":6327,"as":"SHAW","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://icloudphotos.litong5969.work/","date":"2026-03-25T15:19:42.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"icloudphotos.litong5969.work","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 21 Mar 2026 06:08:53 GMT","end":"Fri, 19 Jun 2026 06:08:52 GMT"},"fingerprint":{"sha1":"94:60:51:BC:D9:33:63:BE:E7:22:DB:36:BA:2B:C9:B9:A0:05:F5:44","sha256":"64:7C:C4:66:90:41:DA:F8:3B:9C:7A:BF:62:82:2C:17:06:B0:54:0C:9C:8A:92:BA:FA:E1:FB:36:9F:56:E6:B7"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: icloudphotos.litong5969.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icloudphotos.litong5969.work/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 25 Mar 2026 15:19:42 GMT\r\ncontent-type: text/html; charset=utf-8\r\nexpires: Wed, 25 Mar 2026 16:30:00 GMT\r\ncache-control: max-age=4218\r\nx-served-by: icloudphotos.litong5969.work\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4962,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"0578d5757e16d1458b43d3eb2470c81d","sha1":"53aad4e653876947ebd498badc28f9866df1ba42","sha256":"637f7a26655fcff03a9b0c86100d8dadc6d21df4c9c5be531e3d35dd0bfe0de0","sha512":"3d8918fd1348c274e5782942772d15f59c3363b75094054a28910fa7bf9441f14be49df39557f8ea224994a3705c8f704a056b3bbe0270376f46be906fa2723f","ssdeep":"48:teW79e42JsEgwm53FlDGdYaRzxAHxj/Hhh9rzevYNM6ZUb/mFCQcI/JCmJgR9bBm:b3FhFlXAzxozKgmbuUQcoVJfas8jthy","tlshash":"31a13359958e0c42a533b3759ba14608fa95802302029a653ffd675e1ff2d09ceb3fd7","first_seen":"2026-03-25T15:20:07.343767Z","last_seen":"2026-03-25T20:55:49.281292Z","times_seen":2,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icloudphotos.litong5969.work/","fqdn":"icloudphotos.litong5969.work","domain":"litong5969.work","tld":"work"},"ip":{"addr":"50.71.105.230","port":443,"asn":6327,"as":"SHAW","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T15:19:41.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"icloudphotos.litong5969.work","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 21 Mar 2026 06:08:53 GMT","end":"Fri, 19 Jun 2026 06:08:52 GMT"},"fingerprint":{"sha1":"94:60:51:BC:D9:33:63:BE:E7:22:DB:36:BA:2B:C9:B9:A0:05:F5:44","sha256":"64:7C:C4:66:90:41:DA:F8:3B:9C:7A:BF:62:82:2C:17:06:B0:54:0C:9C:8A:92:BA:FA:E1:FB:36:9F:56:E6:B7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: icloudphotos.litong5969.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 25 Mar 2026 15:19:41 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-served-by: icloudphotos.litong5969.work\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4962,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"0578d5757e16d1458b43d3eb2470c81d","sha1":"53aad4e653876947ebd498badc28f9866df1ba42","sha256":"637f7a26655fcff03a9b0c86100d8dadc6d21df4c9c5be531e3d35dd0bfe0de0","sha512":"3d8918fd1348c274e5782942772d15f59c3363b75094054a28910fa7bf9441f14be49df39557f8ea224994a3705c8f704a056b3bbe0270376f46be906fa2723f","ssdeep":"48:teW79e42JsEgwm53FlDGdYaRzxAHxj/Hhh9rzevYNM6ZUb/mFCQcI/JCmJgR9bBm:b3FhFlXAzxozKgmbuUQcoVJfas8jthy","tlshash":"31a13359958e0c42a533b3759ba14608fa95802302029a653ffd675e1ff2d09ceb3fd7","first_seen":"2026-03-25T15:20:07.343767Z","last_seen":"2026-03-25T20:55:49.281292Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1385,"timings":{"blocked":627,"dns":350,"connect":130,"send":0,"wait":131,"receive":0,"ssl":145},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icloudphotos.litong5969.work/img/logo.svg","fqdn":"icloudphotos.litong5969.work","domain":"litong5969.work","tld":"work"},"ip":{"addr":"50.71.105.230","port":443,"asn":6327,"as":"SHAW","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://icloudphotos.litong5969.work/","date":"2026-03-25T15:19:41.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"icloudphotos.litong5969.work","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 21 Mar 2026 06:08:53 GMT","end":"Fri, 19 Jun 2026 06:08:52 GMT"},"fingerprint":{"sha1":"94:60:51:BC:D9:33:63:BE:E7:22:DB:36:BA:2B:C9:B9:A0:05:F5:44","sha256":"64:7C:C4:66:90:41:DA:F8:3B:9C:7A:BF:62:82:2C:17:06:B0:54:0C:9C:8A:92:BA:FA:E1:FB:36:9F:56:E6:B7"}}},"request":{"raw":"GET /img/logo.svg HTTP/1.1\r\nHost: icloudphotos.litong5969.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icloudphotos.litong5969.work/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 25 Mar 2026 15:19:41 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 4666\r\nexpires: Wed, 25 Mar 2026 16:30:00 GMT\r\ncache-control: max-age=4219\r\nx-served-by: icloudphotos.litong5969.work\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4666,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"59e085d9e8d1a85f2c3849e55b36ee2c","sha1":"bb8dea245542275d7d33a303fd118a70376c1c13","sha256":"ea9a2f8dbabfefe1ef22b5ce802c6e678f69880bcf5c5cee147584e0b22fb879","sha512":"c6bee171ee6c36dd7855170890226fb620f99141111fcabfc64a598ab463fad494a8d0ce3ffa2adbd29995885fae0e19818e339d6d33be5f0726e27512a20a6c","ssdeep":"96:VkoIanLDRXfnYfLKwgDkjG0VywogkwKCgMaqhXex:Vk+EFf6/qVvaqhX8","tlshash":"90a1648bf86a88e8d11cc274bff1641d860e90e396d0085ef9dc6a74ef065c1b357796","first_seen":"2024-08-19T17:57:01.599285Z","last_seen":"2026-06-04T17:24:53.740223Z","times_seen":8,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}