{"report_id":"8225605f-4eb6-425d-b73d-b75e51b3c78b","version":6,"status":"done","tags":[],"date":"2026-01-04T19:59:55Z","url":{"schema":"http","addr":"a.vfghc.com/","fqdn":"a.vfghc.com","domain":"vfghc.com","tld":"com"},"ip":{"addr":"18.239.105.69","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"a.vfghc.com/","fqdn":"a.vfghc.com","domain":"vfghc.com","tld":"com"},"title":"404 Not Found","dom":{"size":268,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"3c67a6a2d0c8884e991c36e18cfe81f9","sha1":"5fbcad3e6bfe0b2cf574631b28e6749fb4ed8092","sha256":"7e84f41940c281bc0db12384ab2acc5957535cb126e421861cc0924e06ca97b3","sha512":"262e73f3e9e055c93833655b6b9ad8218002f7e8e06c0565bdc5f5b0f5226dc72e201f06cd844dbc8df589a80600ec33def075d22f69b8fa279e68ed2661a831","ssdeep":"","tlshash":"05d0a50e44f14c4d3311077477c57760c846474fdd5bea21754f50625f9cd9556d31d8","dom_hash":"domhashc9874c2f5cf4fef27047d4c135f0c839","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"a.vfghc.com/","fqdn":"a.vfghc.com","domain":"vfghc.com","tld":"com"},"ip":{"addr":"18.239.105.69","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-08T19:59:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"a.vfghc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"a.vfghc.com","ip":{"addr":"54.240.174.123","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2018-07-09","domain_rank":0,"first_seen":"2019-05-09T02:56:33Z","last_seen":"2025-12-09T08:08:32.772588Z","alert_count":3,"request_count":3,"received_data":2847,"sent_data":1223,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"a.vfghc.com/","fqdn":"a.vfghc.com","domain":"vfghc.com","tld":"com"},"ip":{"addr":"54.240.174.123","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T19:59:33.501Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: a.vfghc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 \r\nContent-Type: text/html\r\nContent-Length: 285\r\nConnection: keep-alive\r\nDate: Sun, 04 Jan 2026 19:59:33 GMT\r\nServer: nginx\r\nCache-Control: no-store, no-cache, pre-check=0, post-check=0\r\nPragma: no-cache\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nX-Cache: Error from cloudfront\r\nVia: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P1\r\nAlt-Svc: h3=\":443\"; ma=86400\r\nX-Amz-Cf-Id: Uyxwfi-7nYSwpnoLihQCsyOg_iV3p3LI7pd5PtPPv2U38NmE_ia7Ng==\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":285,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"da413d636546758ca064eb0b4299df76","sha1":"68dbe1a3b96ca3363366ed4aa5d8c8875a5f272a","sha256":"2207b3fc15a1a9d48750f117f81e714839c0f5a4a709023130c070ddd8184f89","sha512":"b16b9f95eb6d512c8c20a8db71bf6d0069d39fad85c037b30c1d4751ba3bf1db56ae8686521bebe64113c26f2dc9a7b6e2077e174d2bb47981e158736b2ca821","ssdeep":"","tlshash":"85d02b0d04e14c492300022477c03760c843478fdd9bea22354f50235fd8e9866a32cc","first_seen":"2025-04-13T11:09:04.29541Z","last_seen":"2026-04-25T07:37:35.404387Z","times_seen":908,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"a.vfghc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"a.vfghc.com/favicon.ico","fqdn":"a.vfghc.com","domain":"vfghc.com","tld":"com"},"ip":{"addr":"54.240.174.123","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://a.vfghc.com/","date":"2026-01-04T19:59:33.629Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: a.vfghc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://a.vfghc.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: CloudFront\r\nDate: Sun, 04 Jan 2026 19:59:33 GMT\r\nContent-Type: text/html\r\nContent-Length: 919\r\nConnection: keep-alive\r\nX-Cache: Error from cloudfront\r\nVia: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P1\r\nAlt-Svc: h3=\":443\"; ma=86400\r\nX-Amz-Cf-Id: 1RGLRJ_Fvae4CZH5u7dH_3bsTcWG-WLlRiuq9-jgHhBXFkSzOK1KtA==\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":919,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a5c295a2b3815493fa7e75afe9539df1","sha1":"f811b1827a4c32c22de7e6f2bfa22810bbb7af0c","sha256":"e3f06f777cf0106ede294bb78cf56e810e928404574f75c6d51e57ac46c2799a","sha512":"f169e068ddebb045d46935350adb3b400d8859cacc6b89526b6a31790b10f38d99f9b9b572db0e319e9054303bc0a8e1d995504743006bb2ade1e669da4c868f","ssdeep":"","tlshash":"1411eb6fe45c671382037448ef84db24663555bec1f1405960f2409f31a73e8c3f51c1","first_seen":"2026-01-04T19:59:55.877205Z","last_seen":"2026-01-04T19:59:55.877205Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"a.vfghc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.vfghc.com/","fqdn":"a.vfghc.com","domain":"vfghc.com","tld":"com"},"ip":{"addr":"54.240.174.123","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T19:59:33.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a.vfghc.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Thu, 24 Apr 2025 00:00:00 GMT","end":"Sun, 24 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F7:16:15:FC:3F:7C:29:AE:F3:1C:87:39:C0:6E:B6:89:78:68:67:63","sha256":"14:C5:79:27:3C:5E:BC:6A:95:9C:4F:2C:23:0F:0B:AE:D8:30:76:37:D4:DD:B5:24:56:AE:74:DF:01:1B:0A:AC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: a.vfghc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ncontent-length: 285\r\ndate: Sun, 04 Jan 2026 19:59:33 GMT\r\nserver: nginx\r\ncache-control: no-store, no-cache, pre-check=0, post-check=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nx-cache: Error from cloudfront\r\nvia: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: tf9pu-Z0480jQeXq0GdRSuZzQVHkDkb_ppi7QKbeJBUPTlhh34N4SA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":285,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"da413d636546758ca064eb0b4299df76","sha1":"68dbe1a3b96ca3363366ed4aa5d8c8875a5f272a","sha256":"2207b3fc15a1a9d48750f117f81e714839c0f5a4a709023130c070ddd8184f89","sha512":"b16b9f95eb6d512c8c20a8db71bf6d0069d39fad85c037b30c1d4751ba3bf1db56ae8686521bebe64113c26f2dc9a7b6e2077e174d2bb47981e158736b2ca821","ssdeep":"","tlshash":"85d02b0d04e14c492300022477c03760c843478fdd9bea22354f50235fd8e9866a32cc","first_seen":"2025-04-13T11:09:04.29541Z","last_seen":"2026-04-25T07:37:35.404387Z","times_seen":908,"resource_available":true,"data":null}},"time_used":412,"timings":{"blocked":194,"dns":89,"connect":1,"send":0,"wait":23,"receive":0,"ssl":102},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"a.vfghc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}