{"report_id":"a8f3260a-de3d-49ec-98e4-09ea317e9a43","version":6,"status":"done","tags":[],"date":"2025-09-27T08:42:36Z","url":{"schema":"http","addr":"www.aavra.com.ar/","fqdn":"www.aavra.com.ar","domain":"aavra.com.ar","tld":"com.ar"},"ip":{"addr":"190.7.19.47","port":0,"asn":20207,"as":"Gigared S.A.","country":"Argentina","country_code":"AR"},"final":{"url":{"schema":"https","addr":"www.aavra.com.ar/","fqdn":"www.aavra.com.ar","domain":"aavra.com.ar","tld":"com.ar"},"title":"Cuenta activa en buHost"},"submit":{"url":{"schema":"http","addr":"www.aavra.com.ar/","fqdn":"www.aavra.com.ar","domain":"aavra.com.ar","tld":"com.ar"},"ip":{"addr":"190.7.19.47","port":0,"asn":20207,"as":"Gigared S.A.","country":"Argentina","country_code":"AR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-01T08:42:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"www.aavra.com.ar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.aavra.com.ar","ip":{"addr":"190.7.19.47","port":443,"asn":20207,"as":"Gigared S.A.","country":"Argentina","country_code":"AR"},"domain_registered":"2004-09-14","domain_rank":0,"first_seen":"2025-09-27T08:42:36.747172Z","last_seen":"2025-09-27T08:42:36.747172Z","alert_count":3,"request_count":3,"received_data":11818,"sent_data":1360,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.aavra.com.ar/","fqdn":"www.aavra.com.ar","domain":"aavra.com.ar","tld":"com.ar"},"ip":{"addr":"190.7.19.47","port":443,"asn":20207,"as":"Gigared S.A.","country":"Argentina","country_code":"AR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-27T08:42:14.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aavra.com.ar","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 23:24:17 GMT","end":"Mon, 08 Dec 2025 23:24:16 GMT"},"fingerprint":{"sha1":"B5:FF:E6:60:95:81:E6:88:92:81:E5:0A:17:46:AA:4B:74:DC:24:7C","sha256":"4F:50:66:54:BB:6C:F2:A3:2E:66:88:3D:80:C2:F6:92:5E:B2:14:66:BE:28:AD:33:50:EE:D1:1F:0F:65:A2:97"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.aavra.com.ar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 27 Sep 2025 08:42:15 GMT\r\ncontent-type: text/html\r\nlast-modified: Wed, 26 Sep 2018 21:34:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5babfb61-471\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1137,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"c96e558d7cc4f05d01aa5256809bfac5","sha1":"9bd36221cc0a78ee8a11c1a307e8c98486129433","sha256":"4ae2ab8f41ed64f1a58d0246b8a23571f01bb9ac28e870ccd2270d8a295541ce","sha512":"d6fa34556c4f91d84a277e814d434ad97707d3016a967d8fd96800c83359b79f2e8d36c19e1d2a0f1cf5166bcc39a347e1cf1cc24fcefc2bb4e16a6a5d08e3cc","ssdeep":"","tlshash":"2021bd5941fb02066242985827b1a719291198eb874bdd227b4e7bc0df892a99ee338d","first_seen":"2025-09-27T08:42:38.444064Z","last_seen":"2025-09-27T08:42:38.444064Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1199,"timings":{"blocked":480,"dns":0,"connect":237,"send":0,"wait":239,"receive":0,"ssl":242},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"www.aavra.com.ar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.aavra.com.ar/logo.jpg","fqdn":"www.aavra.com.ar","domain":"aavra.com.ar","tld":"com.ar"},"ip":{"addr":"190.7.19.47","port":443,"asn":20207,"as":"Gigared S.A.","country":"Argentina","country_code":"AR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.aavra.com.ar/","date":"2025-09-27T08:42:15.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aavra.com.ar","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 23:24:17 GMT","end":"Mon, 08 Dec 2025 23:24:16 GMT"},"fingerprint":{"sha1":"B5:FF:E6:60:95:81:E6:88:92:81:E5:0A:17:46:AA:4B:74:DC:24:7C","sha256":"4F:50:66:54:BB:6C:F2:A3:2E:66:88:3D:80:C2:F6:92:5E:B2:14:66:BE:28:AD:33:50:EE:D1:1F:0F:65:A2:97"}}},"request":{"raw":"GET /logo.jpg HTTP/1.1\r\nHost: www.aavra.com.ar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.aavra.com.ar/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 27 Sep 2025 08:42:15 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9719\r\nlast-modified: Wed, 26 Sep 2018 21:18:44 GMT\r\netag: \"5babf7b4-25f7\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9719,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x153, components 3","md5":"891a591cea2de09e66b418c5f22f1c5e","sha1":"0d86445226e5bcce6d077351c6e3dec5919c8a82","sha256":"f3432c1a37210cc4f9b590c264f44e51bec0783d2ed6184febbb4caa695197fc","sha512":"aefa5a7f7af80854fac24bfd58ec4e51db5bf395ba414c1746783bde4394d2d3303ef931bfc4e87704a99681509bd87ccb9ab465ffd01a5515b4f62a8a85864e","ssdeep":"192:uiQWPgiZsQXZ57FdfvV7nJLn/6Qk4it/aY36XUxd3p:uiQWPgiHXZ57FT7JLiQ10iNkxRp","tlshash":"1112ae2c14c096c9c7d7037524da27bc555bee4ae883234eb2bcac61731cbcb8a5279d","first_seen":"2025-09-27T08:42:38.449581Z","last_seen":"2025-09-27T08:42:38.449581Z","times_seen":1,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"www.aavra.com.ar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.aavra.com.ar/favicon.ico","fqdn":"www.aavra.com.ar","domain":"aavra.com.ar","tld":"com.ar"},"ip":{"addr":"190.7.19.47","port":443,"asn":20207,"as":"Gigared S.A.","country":"Argentina","country_code":"AR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.aavra.com.ar/","date":"2025-09-27T08:42:15.476Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aavra.com.ar","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 23:24:17 GMT","end":"Mon, 08 Dec 2025 23:24:16 GMT"},"fingerprint":{"sha1":"B5:FF:E6:60:95:81:E6:88:92:81:E5:0A:17:46:AA:4B:74:DC:24:7C","sha256":"4F:50:66:54:BB:6C:F2:A3:2E:66:88:3D:80:C2:F6:92:5E:B2:14:66:BE:28:AD:33:50:EE:D1:1F:0F:65:A2:97"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.aavra.com.ar\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.aavra.com.ar/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sat, 27 Sep 2025 08:42:15 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":315,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"a34ac19f4afae63adc5d2f7bc970c07f","sha1":"a82190fc530c265aa40a045c21770d967f4767b8","sha256":"d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3","sha512":"42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765","ssdeep":"","tlshash":"b0e0e75f41473347402252907dc110d1d505236b797161fd3d85b4ab501dc3dc99f7dc","first_seen":"2023-03-07T01:02:33Z","last_seen":"2026-04-03T18:08:28.270875Z","times_seen":143693,"resource_available":true,"data":null}},"time_used":239,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":239,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"www.aavra.com.ar","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}