{"report_id":"5fb52779-c2de-400f-a380-051de1ad62de","version":6,"status":"done","tags":[],"date":"2025-10-26T07:38:18Z","url":{"schema":"http","addr":"xnxn.com/","fqdn":"xnxn.com","domain":"xnxn.com","tld":"com"},"ip":{"addr":"104.21.24.92","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"s.sloffer1.com/170907/7964/?aff_sub4=_bucket\u0026aff_sub=c5a80c52-79ed-f3b8-31d9-78c5850cbff4\u0026aff_sub2=115152\u0026aff_sub3=wutljcalftbo5vmd3jid1661\u0026aff_click_id=102a88d47b01724f3781e2a3de2871\u0026bo=2753,2754,2755,2756\u0026aff_sub5=_\u0026aff_sub4=_bucket\u0026source=115152_\u0026aff_unique4=vlma\u0026grd=adv-49","fqdn":"s.sloffer1.com","domain":"sloffer1.com","tld":"com"},"title":"s.sloffer1.com/170907/7964/?aff_sub4=_bucket\u0026aff_sub=c5a80c52-79ed-f3b8-31d9-78c5850cbff4\u0026aff_sub2=115152\u0026aff_sub3=wutljcalftbo5vmd3jid1661\u0026aff_click_id=102a88d47b01724f3781e2a3de2871\u0026bo=2753,2754,2755,2756\u0026aff_sub5=_\u0026aff_sub4=_bucket\u0026source=115152_\u0026aff_unique4=vlma\u0026grd=adv-49"},"submit":{"url":{"schema":"http","addr":"xnxn.com/","fqdn":"xnxn.com","domain":"xnxn.com","tld":"com"},"ip":{"addr":"104.21.24.92","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-30T07:38:18Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"s.sloffer1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"s.sloffer1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"xnxn.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2004-02-21","domain_rank":0,"first_seen":"2025-10-22T18:25:41.783571Z","last_seen":"2025-10-22T18:25:41.783571Z","alert_count":0,"request_count":1,"received_data":500,"sent_data":477,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"t.mbsrv2.com","ip":{"addr":"3.167.2.76","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2022-11-14","domain_rank":4384553,"first_seen":"2023-07-12T18:27:46Z","last_seen":"2025-10-22T18:25:43.178942Z","alert_count":0,"request_count":1,"received_data":1599,"sent_data":492,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"a.vfgth.com","ip":{"addr":"3.167.2.98","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2020-07-10","domain_rank":3084635,"first_seen":"2025-03-29T11:29:17.730833Z","last_seen":"2025-10-25T12:00:38.617619Z","alert_count":0,"request_count":1,"received_data":1215,"sent_data":713,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"a.avlm6.com","ip":{"addr":"54.240.174.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2024-04-30","domain_rank":2992244,"first_seen":"2025-05-09T21:31:17.249976Z","last_seen":"2025-10-22T18:25:42.599149Z","alert_count":0,"request_count":1,"received_data":1260,"sent_data":702,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"s.sloffer1.com","ip":{"addr":"34.236.83.126","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2021-03-18","domain_rank":3018264,"first_seen":"2022-03-23T07:52:34Z","last_seen":"2025-10-22T10:36:27.167116Z","alert_count":4,"request_count":2,"received_data":343,"sent_data":1442,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"t.mbsrv2.com/115152/6575","fqdn":"t.mbsrv2.com","domain":"mbsrv2.com","tld":"com"},"ip":{"addr":"3.167.2.76","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T07:37:57.118Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mbsrv2.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Wed, 11 Dec 2024 00:00:00 GMT","end":"Sat, 10 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C8:C9:17:0B:9A:40:54:F9:57:8E:0B:AD:4F:3F:03:3F:2C:D0:05:3D","sha256":"75:A9:48:2F:11:B4:E3:ED:66:CB:8A:02:FC:27:71:15:16:AA:94:DB:89:55:FE:96:0E:73:04:F5:29:04:25:56"}}},"request":{"raw":"GET /115152/6575 HTTP/1.1\r\nHost: t.mbsrv2.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 303 See Other\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 634\r\nlocation: https://a.vfgth.com/487c489c-8ee4-40f8-b2ec-dc0e342b5275?subID1=;\u0026affiliateID=44542\u0026source=102a88d47b01724f3781e2a3de2871\u0026subID2=115152\u0026s2=102a88d47b01724f3781e2a3de2871\u0026s3=;\u0026s4=115152\u0026url=1\u0026affsub=\u0026affsource=\u0026aff_click_id=102a88d47b01724f3781e2a3de2871\r\ndate: Sun, 26 Oct 2025 07:37:57 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nset-cookie: enc_aff_session_3785=ENC03d7ae225adff7f7e3b1380b972f97fb98a7d4588098ba8ebad6147bef5341f11e69c2dd24312842581dffbce45d9b913755d721b96145f2d1acd1a57ebddba4d0b98580edaf188e5f5c796e9b17e8af5b542841b6f38870f92a4092bdda351790b77f8847cc305b668482d988b1cb509bc66c5c2b68e11d7548786096aae860fe0f5cf57a; Path=/; Expires=Tue, 26 Oct 2027 07:37:57 GMT; Secure\nho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMzQuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMzQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMzQuMCIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Tue, 19 Sep 2028 18:17:57 GMT; Secure\r\ntracking_id: 102a88d47b01724f3781e2a3de2871\r\nvary: Accept\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 42964aaabd797233b1d1e846aea4d0f8.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: MqXoauejFDH6PqLMVdTjSAFlhbIZm2zS0rl7a-WbtfeZn-wFetbBSA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"303","status_text":"See Other","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-14T21:55:28.330607Z","times_seen":13758114,"resource_available":true,"data":null}},"time_used":317,"timings":{"blocked":84,"dns":74,"connect":1,"send":0,"wait":148,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.vfgth.com/487c489c-8ee4-40f8-b2ec-dc0e342b5275?subID1=;\u0026affiliateID=44542\u0026source=102a88d47b01724f3781e2a3de2871\u0026subID2=115152\u0026s2=102a88d47b01724f3781e2a3de2871\u0026s3=;\u0026s4=115152\u0026url=1\u0026affsub=\u0026affsource=\u0026aff_click_id=102a88d47b01724f3781e2a3de2871","fqdn":"a.vfgth.com","domain":"vfgth.com","tld":"com"},"ip":{"addr":"3.167.2.98","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T07:37:57.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a.vfgth.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 27 May 2025 00:00:00 GMT","end":"Thu, 25 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"17:5D:83:C6:BB:A8:3F:37:EE:89:72:D8:85:36:F2:38:DA:8E:2B:17","sha256":"BC:86:77:7C:6D:CD:C0:6A:F9:56:60:CE:DB:FB:97:95:49:F8:6F:02:E2:D8:6D:34:86:63:C1:CA:3F:EC:02:B2"}}},"request":{"raw":"GET /487c489c-8ee4-40f8-b2ec-dc0e342b5275?subID1=;\u0026affiliateID=44542\u0026source=102a88d47b01724f3781e2a3de2871\u0026subID2=115152\u0026s2=102a88d47b01724f3781e2a3de2871\u0026s3=;\u0026s4=115152\u0026url=1\u0026affsub=\u0026affsource=\u0026aff_click_id=102a88d47b01724f3781e2a3de2871 HTTP/1.1\r\nHost: a.vfgth.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-length: 0\r\nlocation: https://a.avlm6.com/211aed33-bbca-46d0-9c7a-7dd2f04bdb00?aff_sub4=_bucket\u0026subID1=%3B\u0026affiliateID=170907\u0026source=102a88d47b01724f3781e2a3de2871\u0026subID2=115152\u0026target=\u0026Site=\u0026Bnr=\u0026cid=wutljcalftbo5vmdj1ca89ok\u0026email=\u0026source=115152_\u0026aff_unique4=vlma\r\ndate: Sun, 26 Oct 2025 07:37:58 GMT\r\nserver: nginx\r\ncache-control: no-store, no-cache, pre-check=0, post-check=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nset-cookie: 487c489c-8ee4-40f8-b2ec-dc0e342b5275-v4=DJf26LrW4M3-kwQgWJzFU3H72olT9SdnmfuLXZbiJ5g; Max-Age=86400; Expires=Mon, 27 Oct 2025 07:37:58 GMT; Domain=a.vfgth.com; Path=/; Secure; HttpOnly; SameSite=None\ncc-v4=gZI8vDMdPbC6EzpK0knMPlRGeoGY4FazbAcbemDzEWuSuuhzBZPvElHgPw9yNuwCdbVR4mjO7IKWIyeM%2FCPcFqo%2BKav%2BFLmK8i%2B4yMi2M8gKxLjVX7L1atyCtZcHVZfDV2KOxs5bW3%2BYU72PqLBSZw%3D%3D; Max-Age=31536000; Expires=Mon, 26 Oct 2026 07:37:58 GMT; Domain=a.vfgth.com; Path=/; Secure; HttpOnly; SameSite=None\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 50a19afbefe1a01ca6a87078a2b119c2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: umijoVvy8uWFwNi0qhBRF_aVtGOHDGq8dMG_4VUocLHTKopbJ9kR1Q==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-14T21:55:28.330607Z","times_seen":13758114,"resource_available":true,"data":null}},"time_used":2198,"timings":{"blocked":1087,"dns":73,"connect":1,"send":0,"wait":24,"receive":0,"ssl":1010},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.avlm6.com/211aed33-bbca-46d0-9c7a-7dd2f04bdb00?aff_sub4=_bucket\u0026subID1=%3B\u0026affiliateID=170907\u0026source=102a88d47b01724f3781e2a3de2871\u0026subID2=115152\u0026target=\u0026Site=\u0026Bnr=\u0026cid=wutljcalftbo5vmdj1ca89ok\u0026email=\u0026source=115152_\u0026aff_unique4=vlma","fqdn":"a.avlm6.com","domain":"avlm6.com","tld":"com"},"ip":{"addr":"54.240.174.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T07:37:58.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a.avlm6.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Wed, 30 Apr 2025 00:00:00 GMT","end":"Sat, 30 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"96:D8:E7:85:D9:18:BC:2D:84:D6:B3:D2:58:73:3B:C1:A9:18:68:C6","sha256":"74:E9:A3:55:42:D4:7D:7E:10:09:0D:9F:9D:A1:DC:5C:63:07:3A:C5:2A:34:9F:83:A0:D2:BF:08:3E:24:75:37"}}},"request":{"raw":"GET /211aed33-bbca-46d0-9c7a-7dd2f04bdb00?aff_sub4=_bucket\u0026subID1=%3B\u0026affiliateID=170907\u0026source=102a88d47b01724f3781e2a3de2871\u0026subID2=115152\u0026target=\u0026Site=\u0026Bnr=\u0026cid=wutljcalftbo5vmdj1ca89ok\u0026email=\u0026source=115152_\u0026aff_unique4=vlma HTTP/1.1\r\nHost: a.avlm6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-length: 0\r\nlocation: https://s.sloffer1.com/170907/7964/?aff_sub4=_bucket\u0026aff_sub=c5a80c52-79ed-f3b8-31d9-78c5850cbff4\u0026aff_sub2=115152\u0026aff_sub3=wutljcalftbo5vmd3jid1661\u0026aff_click_id=102a88d47b01724f3781e2a3de2871\u0026bo=2753,2754,2755,2756\u0026aff_sub5=_\u0026aff_sub4=_bucket\u0026source=115152_\u0026aff_unique4=vlma\u0026grd=adv-49\r\ndate: Sun, 26 Oct 2025 07:37:58 GMT\r\nserver: nginx\r\ncache-control: no-store, no-cache, pre-check=0, post-check=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nset-cookie: 211aed33-bbca-46d0-9c7a-7dd2f04bdb00-v4=iS3W-e9Zwa6sUAtSjGClLRLWOVT6M0IywjwlTd7Ka_U; Max-Age=86400; Expires=Mon, 27 Oct 2025 07:37:58 GMT; Domain=a.avlm6.com; Path=/; Secure; HttpOnly; SameSite=None\ncc-v4=a3lJQJOhKhZH6aDuasmWL3H0EQTWFosVfE3s41CQyJB%2FH9liSYhxInfV%2Fp5ZiG%2FUJl9Vv7eClO%2F9Bf8ZIHCIvNqX1Dg%2Fsxo9fcrDiQauovUZDyEGJpwqjlCKuS4ZrOy7NsVUK%2FsTIRw2hPkXTbiI7g%3D%3D; Max-Age=31536000; Expires=Mon, 26 Oct 2026 07:37:58 GMT; Domain=a.avlm6.com; Path=/; Secure; HttpOnly; SameSite=None\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: 9bgY_y-gEr88CiBrkHKzK21YuXDtOgnRtjAKiJeZponUh1yl9wv3fQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-14T21:55:28.330607Z","times_seen":13758114,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":122,"dns":88,"connect":1,"send":0,"wait":25,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.sloffer1.com/170907/7964/?aff_sub4=_bucket\u0026aff_sub=c5a80c52-79ed-f3b8-31d9-78c5850cbff4\u0026aff_sub2=115152\u0026aff_sub3=wutljcalftbo5vmd3jid1661\u0026aff_click_id=102a88d47b01724f3781e2a3de2871\u0026bo=2753,2754,2755,2756\u0026aff_sub5=_\u0026aff_sub4=_bucket\u0026source=115152_\u0026aff_unique4=vlma\u0026grd=adv-49","fqdn":"s.sloffer1.com","domain":"sloffer1.com","tld":"com"},"ip":{"addr":"34.236.83.126","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T07:37:58.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.sloffer1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 05:50:21 GMT","end":"Wed, 07 Jan 2026 05:50:20 GMT"},"fingerprint":{"sha1":"91:D6:F0:D3:CB:2C:4E:56:B1:41:53:B0:F3:46:F7:CA:44:27:D5:D0","sha256":"CE:14:8F:32:B6:45:5B:6F:56:A3:6A:46:41:DA:18:8C:CA:77:16:43:D6:01:4B:46:69:CB:17:EF:38:DC:4A:B0"}}},"request":{"raw":"GET /170907/7964/?aff_sub4=_bucket\u0026aff_sub=c5a80c52-79ed-f3b8-31d9-78c5850cbff4\u0026aff_sub2=115152\u0026aff_sub3=wutljcalftbo5vmd3jid1661\u0026aff_click_id=102a88d47b01724f3781e2a3de2871\u0026bo=2753,2754,2755,2756\u0026aff_sub5=_\u0026aff_sub4=_bucket\u0026source=115152_\u0026aff_unique4=vlma\u0026grd=adv-49 HTTP/1.1\r\nHost: s.sloffer1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 26 Oct 2025 07:37:58 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-14T21:55:28.330607Z","times_seen":13758114,"resource_available":true,"data":null}},"time_used":534,"timings":{"blocked":213,"dns":20,"connect":94,"send":0,"wait":107,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"s.sloffer1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"s.sloffer1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.sloffer1.com/favicon.ico","fqdn":"s.sloffer1.com","domain":"sloffer1.com","tld":"com"},"ip":{"addr":"34.236.83.126","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://s.sloffer1.com/170907/7964/?aff_sub4=_bucket\u0026aff_sub=c5a80c52-79ed-f3b8-31d9-78c5850cbff4\u0026aff_sub2=115152\u0026aff_sub3=wutljcalftbo5vmd3jid1661\u0026aff_click_id=102a88d47b01724f3781e2a3de2871\u0026bo=2753,2754,2755,2756\u0026aff_sub5=_\u0026aff_sub4=_bucket\u0026source=115152_\u0026aff_unique4=vlma\u0026grd=adv-49","date":"2025-10-26T07:37:59.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.sloffer1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 05:50:21 GMT","end":"Wed, 07 Jan 2026 05:50:20 GMT"},"fingerprint":{"sha1":"91:D6:F0:D3:CB:2C:4E:56:B1:41:53:B0:F3:46:F7:CA:44:27:D5:D0","sha256":"CE:14:8F:32:B6:45:5B:6F:56:A3:6A:46:41:DA:18:8C:CA:77:16:43:D6:01:4B:46:69:CB:17:EF:38:DC:4A:B0"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: s.sloffer1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://s.sloffer1.com/170907/7964/?aff_sub4=_bucket\u0026aff_sub=c5a80c52-79ed-f3b8-31d9-78c5850cbff4\u0026aff_sub2=115152\u0026aff_sub3=wutljcalftbo5vmd3jid1661\u0026aff_click_id=102a88d47b01724f3781e2a3de2871\u0026bo=2753,2754,2755,2756\u0026aff_sub5=_\u0026aff_sub4=_bucket\u0026source=115152_\u0026aff_unique4=vlma\u0026grd=adv-49\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sun, 26 Oct 2025 07:37:59 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-14T21:55:28.330607Z","times_seen":13758114,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"s.sloffer1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"s.sloffer1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xnxn.com/","fqdn":"xnxn.com","domain":"xnxn.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T07:37:56.485Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xnxn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 20:01:42 GMT","end":"Sun, 30 Nov 2025 21:00:26 GMT"},"fingerprint":{"sha1":"A8:5C:D3:1C:63:23:6E:4E:BE:BF:0E:36:EB:57:CF:50:8F:3E:6C:93","sha256":"02:D0:72:B0:54:13:3F:0E:BC:4D:13:FF:33:5C:E3:7C:AC:35:38:11:C5:01:11:BE:FC:01:91:4A:A2:83:13:ED"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xnxn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sun, 26 Oct 2025 07:37:57 GMT\r\ncontent-length: 0\r\nlocation: https://t.mbsrv2.com/115152/6575\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MN6Sf0XI%2BuBtPmWYrLc0Wg%2FdEBYDWA6VGVq0d18nFxsimJS1hAtvgd1wJeGwsya9ixqaybs7zkakIhcc29FW3kGBoKWKDQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 99484a93eed749c5-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-14T21:55:28.330607Z","times_seen":13758114,"resource_available":true,"data":null}},"time_used":1244,"timings":{"blocked":619,"dns":7,"connect":2,"send":0,"wait":5,"receive":0,"ssl":605},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}