{"report_id":"30d32b3e-c2a2-4156-9536-e594d9b83f8d","version":6,"status":"done","tags":[],"date":"2026-03-29T12:21:54Z","url":{"schema":"http","addr":"io-svvap.com","fqdn":"io-svvap.com","domain":"io-svvap.com","tld":"com"},"ip":{"addr":"34.196.13.28","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"poetmodificative.xyz/?k=30f45ab693e17a3e2d1e36552a7e003c.1774786896.150.2.1.aW8tc3Z2YXAuY29t\u0026r=\u0026z=0","fqdn":"poetmodificative.xyz","domain":"poetmodificative.xyz","tld":"xyz"},"title":"No Offers Available...","dom":{"size":414,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (414), with no line terminators","md5":"7b4a987623a2936eba0e163b340109b0","sha1":"d25c07dd9ad977046a54c3536eaf4c7c75d14b2b","sha256":"3a9baa684c322a3abc2e009286fae60a0a21ae717d5ae571e4df1583f0e91a9f","sha512":"1b767700a9446e41e7219a3f213645fc70c0e6f53367c6a7ebd0c8fee7baca6d76edf72cefc88888626481e5be0c67da06df819e59485fff95f9fa6e0c5d19af","ssdeep":"","tlshash":"7ae0a3c3c006101d62064600f471b3491e7e8d6963d64e713a4d996efccf936d6141dc","dom_hash":"domhash3f5a1d026a7baf31d9e1b692861f873d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"io-svvap.com","fqdn":"io-svvap.com","domain":"io-svvap.com","tld":"com"},"ip":{"addr":"34.196.13.28","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-03T12:21:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":4,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-29T12:21:33Z","timestamp":1774786893,"ip_dst":{"addr":"Client IP","port":60812,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.196.13.28","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2026-03-29T12:21:33.520212+0000\",\"flow_id\":841899913878363,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.196.13.28\",\"src_port\":443,\"dest_ip\":\"172.18.0.10\",\"dest_port\":60812,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=poetmodificative.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"06:B6:DD:27:D7:25:27:34:92:96:4A:6F:ED:3A:70:46:6E:00\",\"fingerprint\":\"a4:41:64:aa:75:f2:12:21:65:d5:1f:8e:9d:0b:7b:90:ca:cb:ca:68\",\"sni\":\"io-svvap.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-02-10T21:34:36\",\"notafter\":\"2026-05-11T21:34:35\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"303951d4c50efb2e991652225a6f02b1\",\"string\":\"771,49199,65281-11\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1401,\"bytes_toclient\":3524,\"start\":\"2026-03-29T12:21:33.236379+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-29T12:21:33Z","timestamp":1774786893,"ip_dst":{"addr":"Client IP","port":60828,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.196.13.28","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2026-03-29T12:21:33.716092+0000\",\"flow_id\":1376427921215549,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.196.13.28\",\"src_port\":443,\"dest_ip\":\"172.18.0.10\",\"dest_port\":60828,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=poetmodificative.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"06:B6:DD:27:D7:25:27:34:92:96:4A:6F:ED:3A:70:46:6E:00\",\"fingerprint\":\"a4:41:64:aa:75:f2:12:21:65:d5:1f:8e:9d:0b:7b:90:ca:cb:ca:68\",\"sni\":\"io-svvap.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-02-10T21:34:36\",\"notafter\":\"2026-05-11T21:34:35\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"303951d4c50efb2e991652225a6f02b1\",\"string\":\"771,49199,65281-11\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1276,\"bytes_toclient\":3524,\"start\":\"2026-03-29T12:21:33.430141+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-29T12:21:34Z","timestamp":1774786894,"ip_dst":{"addr":"Client IP","port":60834,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.196.13.28","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2026-03-29T12:21:34.179529+0000\",\"flow_id\":61332557508337,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.196.13.28\",\"src_port\":443,\"dest_ip\":\"172.18.0.10\",\"dest_port\":60834,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=poetmodificative.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"06:B6:DD:27:D7:25:27:34:92:96:4A:6F:ED:3A:70:46:6E:00\",\"fingerprint\":\"a4:41:64:aa:75:f2:12:21:65:d5:1f:8e:9d:0b:7b:90:ca:cb:ca:68\",\"sni\":\"poetmodificative.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-02-10T21:34:36\",\"notafter\":\"2026-05-11T21:34:35\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"699a80bdb17efe157c861f92c5bf5d1d\",\"string\":\"771,49199,0-65281-11\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1113,\"bytes_toclient\":3528,\"start\":\"2026-03-29T12:21:33.896753+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-29T12:21:34Z","timestamp":1774786894,"ip_dst":{"addr":"Client IP","port":60844,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.196.13.28","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2026-03-29T12:21:34.682958+0000\",\"flow_id\":20240457926005,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.196.13.28\",\"src_port\":443,\"dest_ip\":\"172.18.0.10\",\"dest_port\":60844,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=poetmodificative.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"06:B6:DD:27:D7:25:27:34:92:96:4A:6F:ED:3A:70:46:6E:00\",\"fingerprint\":\"a4:41:64:aa:75:f2:12:21:65:d5:1f:8e:9d:0b:7b:90:ca:cb:ca:68\",\"sni\":\"poetmodificative.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-02-10T21:34:36\",\"notafter\":\"2026-05-11T21:34:35\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"699a80bdb17efe157c861f92c5bf5d1d\",\"string\":\"771,49199,0-65281-11\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1246,\"bytes_toclient\":3528,\"start\":\"2026-03-29T12:21:34.394613+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"poetmodificative.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"poetmodificative.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"io-svvap.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"poetmodificative.xyz","ip":{"addr":"34.196.13.28","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2025-11-18","domain_rank":0,"first_seen":"2026-02-13T02:34:23.779441Z","last_seen":"2026-03-29T01:34:57.98867Z","alert_count":4,"request_count":2,"received_data":2641,"sent_data":1218,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"io-svvap.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":1195,"sent_data":878,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"io-svvap.com/","fqdn":"io-svvap.com","domain":"io-svvap.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"62abd8fe4794acca6fef36a31dbcf2e7","sha1":"ef7e71a1dd0012f721cadf78f29ea0ac38dea878","sha256":"8aa41e15c6585ae653935dd3bc5ba560bc67869046c64bc920618afb72f3da3b","sha512":"885abef11db335924476815a9ae8d47554ea9739361d94e4caf217107e074887e481ccaa2c6ad2360ed8615f998563ad8d9c396f06cbb49165699a0e630d3e4a","ssdeep":"","tlshash":"ede0c076177014a63422d8f930b6f27674a39928bca3a1e4c01e675d00eca02c60fed8","size":369,"data":"","first_seen":"2026-03-29T12:21:58.434768Z","last_seen":"2026-03-29T12:21:58.434768Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"79fb4c5cc44da93e1e5b79e92389e835","sha1":"7dfc9d2f73362085294bedcb7e0ea25d92c87b36","sha256":"dd221cb40b2c2d3670b5565ba5ebc01db21cbf1b3ec6971a5732d5fa6d609294","sha512":"8b9cd348724b6368b69c0faf0be5a19fd6b405efdb6ea4d2f6b4befb172a7351f12fb909a75c80f0fec099c520a4f158a2a27951653e78623368402bf1d3d96d","ssdeep":"","tlshash":"9bc02bb317809f93321790f514d1f5fbd0522404aec45858c021a1cc4ce8701d68f25b","size":151,"data":"","first_seen":"2026-03-29T12:21:58.438761Z","last_seen":"2026-03-29T12:21:58.438761Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"poetmodificative.xyz/?k=30f45ab693e17a3e2d1e36552a7e003c.1774786896.150.2.1.aW8tc3Z2YXAuY29t\u0026r=\u0026z=0","fqdn":"poetmodificative.xyz","domain":"poetmodificative.xyz","tld":"xyz"},"ip":{"addr":"34.196.13.28","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-29T12:21:33.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"poetmodificative.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Feb 2026 21:34:36 GMT","end":"Mon, 11 May 2026 21:34:35 GMT"},"fingerprint":{"sha1":"A4:41:64:AA:75:F2:12:21:65:D5:1F:8E:9D:0B:7B:90:CA:CB:CA:68","sha256":"EB:5A:36:95:BE:CC:5E:61:AC:02:58:6F:C0:6D:07:EE:18:C5:7C:90:1A:06:61:9B:2F:61:C5:32:EB:68:E8:38"}}},"request":{"raw":"GET /?k=30f45ab693e17a3e2d1e36552a7e003c.1774786896.150.2.1.aW8tc3Z2YXAuY29t\u0026r=\u0026z=0 HTTP/1.1\r\nHost: poetmodificative.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 29 Mar 2026 12:21:36 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: close\r\nSet-Cookie: tpp_u=0%3B1774873294; expires=Tue, 31-Mar-2026 12:21:34 GMT; path=/\ntpp_1866860_l=16%3B1774873294; expires=Tue, 31-Mar-2026 12:21:34 GMT; path=/\ntpp_ov=102927%3B1774873294; expires=Tue, 31-Mar-2026 12:21:34 GMT; path=/\ntpp_ov=102927%2C102970%3B1774873294; expires=Tue, 31-Mar-2026 12:21:34 GMT; path=/\ntpp_oc=102970%3B1774873294; expires=Tue, 31-Mar-2026 12:21:34 GMT; path=/\r\nExpires: Mon, 31 Dec 2001 23:59:59 GMT\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":415,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (415), with no line terminators","md5":"d3929ed46ba422f60b67dcb93e17a21f","sha1":"fd71de76140bda5bdacc3391cba9a09760308b3a","sha256":"26c0b7bd93a6d20d75f9027c582602b42c8197536208422faf9e13a092f2709f","sha512":"86a5fa69916b1532496bc924f2117b5d2a2b01f169b757d30c5c7800bc5fc77f72e2c4f3569cfb9e143ab87db5771485c4cff5c6b513bf027c02bf96d273364d","ssdeep":"","tlshash":"82e023c1c50a002d23464519f03153092e2f8e6a13a70e61192aeb2efccfc2693405cc","first_seen":"2023-07-01T06:57:03Z","last_seen":"2026-06-06T02:49:35.771809Z","times_seen":261,"resource_available":true,"data":null}},"time_used":673,"timings":{"blocked":283,"dns":1,"connect":92,"send":0,"wait":105,"receive":1,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"poetmodificative.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"poetmodificative.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"poetmodificative.xyz/favicon.ico","fqdn":"poetmodificative.xyz","domain":"poetmodificative.xyz","tld":"xyz"},"ip":{"addr":"34.196.13.28","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://poetmodificative.xyz/?k=30f45ab693e17a3e2d1e36552a7e003c.1774786896.150.2.1.aW8tc3Z2YXAuY29t\u0026r=\u0026z=0","date":"2026-03-29T12:21:34.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"poetmodificative.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Feb 2026 21:34:36 GMT","end":"Mon, 11 May 2026 21:34:35 GMT"},"fingerprint":{"sha1":"A4:41:64:AA:75:F2:12:21:65:D5:1F:8E:9D:0B:7B:90:CA:CB:CA:68","sha256":"EB:5A:36:95:BE:CC:5E:61:AC:02:58:6F:C0:6D:07:EE:18:C5:7C:90:1A:06:61:9B:2F:61:C5:32:EB:68:E8:38"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: poetmodificative.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://poetmodificative.xyz/?k=30f45ab693e17a3e2d1e36552a7e003c.1774786896.150.2.1.aW8tc3Z2YXAuY29t\u0026r=\u0026z=0\r\nCookie: tpp_u=0%3B1774873294; tpp_1866860_l=16%3B1774873294; tpp_ov=102927%2C102970%3B1774873294; tpp_oc=102970%3B1774873294\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 29 Mar 2026 12:21:37 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 1406\r\nLast-Modified: Mon, 21 Aug 2017 16:02:11 GMT\r\nConnection: close\r\nETag: \"599b0403-57e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-06-08T11:11:40.79552Z","times_seen":21338,"resource_available":true,"data":null}},"time_used":384,"timings":{"blocked":0,"dns":1,"connect":94,"send":0,"wait":94,"receive":0,"ssl":195},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"poetmodificative.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"poetmodificative.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io-svvap.com/","fqdn":"io-svvap.com","domain":"io-svvap.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-29T12:21:33.114Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: io-svvap.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T11:34:21.534624Z","times_seen":16238222,"resource_available":true,"data":null}},"time_used":316,"timings":{"blocked":316,"dns":0,"connect":93,"send":0,"wait":0,"receive":0,"ssl":102},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"io-svvap.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"io-svvap.com/","fqdn":"io-svvap.com","domain":"io-svvap.com","tld":"com"},"ip":{"addr":"34.196.13.28","port":80,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-29T12:21:33.637Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: io-svvap.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 29 Mar 2026 12:21:36 GMT\r\nContent-Type: text/html\r\nContent-Length: 906\r\nConnection: close\r\nExpires: Mon, 31 Dec 2001 23:59:59 GMT\r\nPragma: no-cache\r\nCache-Control: no-store, no-cache, pre-check=0, post-check=0\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":906,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (906), with no line terminators","md5":"daff74eefb6c6146bcc514249ea3a41a","sha1":"3468bd24d05e6ccc7e954fef440817b7dd619108","sha256":"d94c1c5f3f13d6f096f3a644e37183f067bee7b455954fb37fbc6f3c8982eb47","sha512":"30a53444f296c59802a4e92f6a36bc834a4c3b135e13ccb6ef1daa5ce26f183586cb43e3991a48c3ee56dd86383e83ee1dfc0176bb479e7d44be484b0ad691a0","ssdeep":"","tlshash":"0e1104f216105cb7325191f764a5f1757523591cdea2dcd4c18972ac02e8f02d50b6c8","first_seen":"2026-03-29T12:21:58.431935Z","last_seen":"2026-03-29T12:21:58.431935Z","times_seen":1,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":91,"dns":1,"connect":93,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"io-svvap.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}