{"report_id":"05986484-2180-4842-9a20-02af59e53e17","version":6,"status":"done","tags":[],"date":"2025-09-25T04:00:19Z","url":{"schema":"http","addr":"mgdmwd.com/login.php","fqdn":"mgdmwd.com","domain":"mgdmwd.com","tld":"com"},"ip":{"addr":"104.21.78.119","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"mgdmwd.com/login.php","fqdn":"mgdmwd.com","domain":"mgdmwd.com","tld":"com"},"title":"Sign in - Mail Portal"},"submit":{"url":{"schema":"http","addr":"mgdmwd.com/login.php","fqdn":"mgdmwd.com","domain":"mgdmwd.com","tld":"com"},"ip":{"addr":"104.21.78.119","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-30T04:00:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"mgdmwd.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"mgdmwd.com","ip":{"addr":"104.21.78.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":5,"request_count":5,"received_data":1454971,"sent_data":2420,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:5.3.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-09-21T22:12:58.070161Z","alert_count":0,"request_count":2,"received_data":315181,"sent_data":911,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6baf57f25796c332144ed58a2a0cd9ee","sha1":"f7fd0f3dc84b2cf93bf81e832505a673f354e0a3","sha256":"82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd","sha512":"5ff6240d9ca34dfe30c9cd95cb5e981823c7c0063cad9258f8f3a0a24663401da684844524272410673a6325fd78db0f7e7d0fcd3844b8db3eb9aa2613908ee8","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU178:VwXza3YCl45wZODZTbYR8","tlshash":"cc73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","size":80663,"data":"","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-05-12T15:22:31.241455Z","times_seen":18009,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgdmwd.com/login.php","fqdn":"mgdmwd.com","domain":"mgdmwd.com","tld":"com"},"ip":{"addr":"104.21.78.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9310b99cdef05554a73559a720aebd33","sha1":"0a8a7854a7437bb20ea6e2507b5328df76ef4b2a","sha256":"c2c6b8a55118e4dd612292d4b7b234d367db2dc6b94a12f7d98c629708143403","sha512":"0dbcd9325511ff083fbac27583169e23abefd5828194718768e675b18c3761e603bfa90dc4db0a6892aad276fc736f055c22b27730e611e4cb6e8e27ae54d4ee","ssdeep":"","tlshash":"61d0a988299e392127b248b2064b8140b56c4a0b11898c88a09ca25effe2a285862cb8","size":216,"data":"","first_seen":"2025-09-25T04:00:23.349418Z","last_seen":"2025-09-25T04:00:23.349418Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgdmwd.com/js/jquery.min.js","fqdn":"mgdmwd.com","domain":"mgdmwd.com","tld":"com"},"ip":{"addr":"104.21.78.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fc25e27d42774aeae6edbc0a18b72aa","sha1":"b66ed708717bf0b4a005a4d0113af8843ef3b8ff","sha256":"b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682","sha512":"87d90a665c15d71ac872bd8bc003d9863964c7ec7ada6370b902b93c0bbd7770fe25730d946c7c6a465baa95efa74bc0e78af3f83aea615af35060cc8702a6c1","ssdeep":"1536:EPpEy5BMibZGOj/bEe8v+/UWf4IhvAuCh/jqkODZ2D5N9Rag0MOIdSZAgtgoX5Yn:bIO/e2D5c4LgtImLja98HrK","tlshash":"cc93e8d9b6d2706297b730a851bf510bb17698eab80c4c60f058d8e47eb4e8d507bf2d","size":96381,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-05-12T15:25:57.665828Z","times_seen":25471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"mgdmwd.com/favicon.ico","fqdn":"mgdmwd.com","domain":"mgdmwd.com","tld":"com"},"ip":{"addr":"104.21.78.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgdmwd.com/login.php","date":"2025-09-25T03:59:53.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgdmwd.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:18:04 GMT","end":"Thu, 11 Dec 2025 08:16:04 GMT"},"fingerprint":{"sha1":"4A:EB:44:ED:F9:AC:FA:87:C8:C6:F2:C5:70:9B:97:2E:4C:D5:7D:1C","sha256":"30:DD:55:BC:8C:73:61:42:18:DF:94:A7:15:D5:BD:25:A4:8C:2B:19:D9:9A:EB:2F:54:03:14:B5:F6:EC:97:58"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mgdmwd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mgdmwd.com/login.php\r\nCookie: PHPSESSID=dvf6m9nk9l86i4mtnn2j7c9rj1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Sat, 16 Nov 2013 08:57:05 GMT\r\netag: \"57e-4eb477fbada40-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 67\r\ncontent-type: image/x-icon\r\ndate: Thu, 25 Sep 2025 03:59:54 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9ZTep053PDEOIQVTAqWLsjSg1lVjD5B1gZqgAEiQ80c9DI1XgfLgcUsI%2BhxUd8u%2BeBCPrhzI58qHF8tZDWiY6%2Bpp3mDyXYmZ\"}]}\r\ncf-ray: 98479c89da5d5695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-05-12T15:27:13.283439Z","times_seen":20461,"resource_available":false,"data":null}},"time_used":522,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":522,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"mgdmwd.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgdmwd.com/login.php","fqdn":"mgdmwd.com","domain":"mgdmwd.com","tld":"com"},"ip":{"addr":"104.21.78.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-25T03:59:52.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgdmwd.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:18:04 GMT","end":"Thu, 11 Dec 2025 08:16:04 GMT"},"fingerprint":{"sha1":"4A:EB:44:ED:F9:AC:FA:87:C8:C6:F2:C5:70:9B:97:2E:4C:D5:7D:1C","sha256":"30:DD:55:BC:8C:73:61:42:18:DF:94:A7:15:D5:BD:25:A4:8C:2B:19:D9:9A:EB:2F:54:03:14:B5:F6:EC:97:58"}}},"request":{"raw":"GET /login.php HTTP/1.1\r\nHost: mgdmwd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 25 Sep 2025 03:59:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4vekhDw%2B9fPjdiib0lXpexRdOPz1yNXrprcBUqbBtacsoIg7b8zsPHqbpajE1ilx4l5sDUij4mkaQuSpRqI9VrnReACJKbQWndw%3D\"}]}\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: PHPSESSID=dvf6m9nk9l86i4mtnn2j7c9rj1; Path=/\r\ncf-ray: 98479c804f8f0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap:5.3.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":4090,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"e70cfca4fd71ffb6d3ef4bb507fb8ddc","sha1":"0225b094c78d177352dd6712d5034bf2d0f26af8","sha256":"ea7ce02c9a3133a014da6f12b6af752842d0a6228fa75703ed5bcc96e4ce97d1","sha512":"d349a3f276987efda4dec03260d94a4834a26ea33756b9285dabf9e49bd0e1854cc52b50461a06ec8843f3669f3349590fd404d17788aca02559b8cefb052399","ssdeep":"","tlshash":"0581955662a215571523c0a87fe65a096698d507c20ec9883ffc378cdfd6ec3eca329c","first_seen":"2025-09-25T04:00:23.332811Z","last_seen":"2025-09-25T04:00:23.332811Z","times_seen":1,"resource_available":false,"data":null}},"time_used":540,"timings":{"blocked":23,"dns":7,"connect":1,"send":0,"wait":492,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"mgdmwd.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mgdmwd.com/login.php","date":"2025-09-25T03:59:53.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.3.2/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mgdmwd.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 5.3.2\r\nx-jsd-version-type: version\r\netag: W/\"38df4-HxOZgbm0enZu+gphu3ito1HxbEs\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 25 Sep 2025 03:59:53 GMT\r\nage: 3306882\r\nx-served-by: cache-fra-eddf8230029-FRA, cache-hel1410030-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 27423\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232948,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"cd822b7fd22c8a95a68470c795adea69","sha1":"1f139981b9b47a766efa0a61bb78ada351f16c4b","sha256":"3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df","sha512":"6f641c4b94ac03cb59a1d703b464442e21afe5268a4a4d6f0c70da41175ad21b4f61667ad38ea5af7909e5b00041da55da6980ff8bf4c1017d33253afe90c802","ssdeep":"1536:m9YnIWbn98fhRfvO5wlP7Qy9P3CV98IsYRElV6V6pz600I41r:pnIw98fsV986I6V6pz600I41r","tlshash":"c63482d6f590317d9ca7c1499681fefd8a6fa985cb1209a6f003776807cabd30962dcc","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-05-12T15:31:00.183741Z","times_seen":15418,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":19,"dns":1,"connect":13,"send":0,"wait":14,"receive":5,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgdmwd.com/images/126star.png","fqdn":"mgdmwd.com","domain":"mgdmwd.com","tld":"com"},"ip":{"addr":"104.21.78.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgdmwd.com/login.php","date":"2025-09-25T03:59:53.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgdmwd.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:18:04 GMT","end":"Thu, 11 Dec 2025 08:16:04 GMT"},"fingerprint":{"sha1":"4A:EB:44:ED:F9:AC:FA:87:C8:C6:F2:C5:70:9B:97:2E:4C:D5:7D:1C","sha256":"30:DD:55:BC:8C:73:61:42:18:DF:94:A7:15:D5:BD:25:A4:8C:2B:19:D9:9A:EB:2F:54:03:14:B5:F6:EC:97:58"}}},"request":{"raw":"GET /images/126star.png HTTP/1.1\r\nHost: mgdmwd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mgdmwd.com/login.php\r\nCookie: PHPSESSID=dvf6m9nk9l86i4mtnn2j7c9rj1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Mon, 22 Sep 2025 14:34:34 GMT\r\netag: \"14929e-63f64b7e1c9d4\"\r\naccept-ranges: bytes\r\ncontent-length: 1348254\r\ncontent-type: image/png\r\ndate: Thu, 25 Sep 2025 03:59:53 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sAb9Jje2ZCjS0kezPLQkdJMd0oslUYExm7rLjMtBY3ROECpFzzG9USZ39IQR0Ic%2BrL2RxvhLWK7LjQGWAnL9n7RugDDKj9sd\"}]}\r\nvary: accept-encoding\r\ncf-ray: 98479c849a395695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1348254,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"5d698f64c67c6207c6c781eb2d5731a4","sha1":"f0124777294b0e5d1ca872f18d3158383b548643","sha256":"5fc2b383ff20ef3a02dacefdb59427b5b22087fda2d0ce0d4f5a8115f7d5754b","sha512":"843cf529ce7d393a4e33d76179c8533d27de6fa25189b65d6b90c7b08bd556b9898f19291b119d274f082cd8b8f241e9792611f64c6d5f4f80abd40a4599f5c5","ssdeep":"24576:9cLrm9q/rsVpAOLnJ1G8grDKSlmuRWPK06fptpR:9I0Ar2AOLnTGHbVUP9kL","tlshash":"9a2533ec2c85ba1de75963beac1c0496aa2658e57ded1f1c008ec439bdcd1383659f0e","first_seen":"2025-09-25T04:00:23.33803Z","last_seen":"2025-09-25T04:00:23.33803Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":660,"receive":850,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"mgdmwd.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mgdmwd.com/newcap/visual/visual.php","fqdn":"mgdmwd.com","domain":"mgdmwd.com","tld":"com"},"ip":{"addr":"104.21.78.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mgdmwd.com/login.php","date":"2025-09-25T03:59:53.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgdmwd.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:18:04 GMT","end":"Thu, 11 Dec 2025 08:16:04 GMT"},"fingerprint":{"sha1":"4A:EB:44:ED:F9:AC:FA:87:C8:C6:F2:C5:70:9B:97:2E:4C:D5:7D:1C","sha256":"30:DD:55:BC:8C:73:61:42:18:DF:94:A7:15:D5:BD:25:A4:8C:2B:19:D9:9A:EB:2F:54:03:14:B5:F6:EC:97:58"}}},"request":{"raw":"GET /newcap/visual/visual.php HTTP/1.1\r\nHost: mgdmwd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mgdmwd.com/login.php\r\nCookie: PHPSESSID=dvf6m9nk9l86i4mtnn2j7c9rj1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\ncache-control: no-store, no-cache, must-revalidate\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 1339\r\ncontent-type: image/jpeg\r\ndate: Thu, 25 Sep 2025 03:59:53 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CiQukwZJs5Cop5%2B6v2ByOwZsKscWDNYo8%2FUjx5iuJ3xwUwppAaq7oEk121eic2PA58clvzKTGZcnDFVzFtB3jDtRr3qzi%2BEL\"}]}\r\ncf-ray: 98479c849a3a5695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1466,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80\", baseline, precision 8, 80x25, components 3","md5":"6da829f26f6cbba859c8defa017630b3","sha1":"6bc717160e0d5e2e94c1112a37e530a29a99e379","sha256":"96388405f171a059c4e24608fa3927f370c6f7eeda01a791f9a8f9c838a77486","sha512":"f6a3415c6f721bfc73c08c8bf11ec22bb162220ee785ba20350018eb6db28e8489ac0f2f8d19957ff828843150fc8b915debf3b7b32fe879fdb715adef0da50b","ssdeep":"","tlshash":"8431e96775db93104902c8397112052bf27ebad1fd35236d352191e7cb005d990cde0a","first_seen":"2025-09-25T04:00:23.342456Z","last_seen":"2025-09-25T04:00:23.342456Z","times_seen":1,"resource_available":false,"data":null}},"time_used":534,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":534,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"mgdmwd.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mgdmwd.com/login.php","date":"2025-09-25T03:59:53.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mgdmwd.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 5.3.2\r\nx-jsd-version-type: version\r\netag: W/\"13b17-9/0PPchLLPk7+B6DJQWmc/NU4KM\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 25 Sep 2025 03:59:53 GMT\r\nage: 1350799\r\nx-served-by: cache-fra-eddf8230118-FRA, cache-hel1410030-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 24440\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80663,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"6baf57f25796c332144ed58a2a0cd9ee","sha1":"f7fd0f3dc84b2cf93bf81e832505a673f354e0a3","sha256":"82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd","sha512":"5ff6240d9ca34dfe30c9cd95cb5e981823c7c0063cad9258f8f3a0a24663401da684844524272410673a6325fd78db0f7e7d0fcd3844b8db3eb9aa2613908ee8","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU178:VwXza3YCl45wZODZTbYR8","tlshash":"cc73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-05-12T15:22:31.241455Z","times_seen":18009,"resource_available":true,"data":null}},"time_used":77,"timings":{"blocked":23,"dns":1,"connect":13,"send":0,"wait":13,"receive":5,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mgdmwd.com/js/jquery.min.js","fqdn":"mgdmwd.com","domain":"mgdmwd.com","tld":"com"},"ip":{"addr":"104.21.78.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mgdmwd.com/login.php","date":"2025-09-25T03:59:53.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mgdmwd.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:18:04 GMT","end":"Thu, 11 Dec 2025 08:16:04 GMT"},"fingerprint":{"sha1":"4A:EB:44:ED:F9:AC:FA:87:C8:C6:F2:C5:70:9B:97:2E:4C:D5:7D:1C","sha256":"30:DD:55:BC:8C:73:61:42:18:DF:94:A7:15:D5:BD:25:A4:8C:2B:19:D9:9A:EB:2F:54:03:14:B5:F6:EC:97:58"}}},"request":{"raw":"GET /js/jquery.min.js HTTP/1.1\r\nHost: mgdmwd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mgdmwd.com/login.php\r\nCookie: PHPSESSID=dvf6m9nk9l86i4mtnn2j7c9rj1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Wed, 21 May 2014 06:26:36 GMT\r\netag: \"1787d-4f9e3140aff00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 33369\r\ncontent-type: text/javascript\r\ndate: Thu, 25 Sep 2025 03:59:53 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lJFxpyqksrSnyvmkbpgZLx3%2FirPyogtpw1Sm6KTGT2POcK5bCzGqxpYeyYaf9dwW5wYMoUa65KKghQ4oguDwknl6y99YuL03\"}]}\r\ncf-ray: 98479c84aa3b5695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":96381,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (32341)","md5":"8fc25e27d42774aeae6edbc0a18b72aa","sha1":"b66ed708717bf0b4a005a4d0113af8843ef3b8ff","sha256":"b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682","sha512":"87d90a665c15d71ac872bd8bc003d9863964c7ec7ada6370b902b93c0bbd7770fe25730d946c7c6a465baa95efa74bc0e78af3f83aea615af35060cc8702a6c1","ssdeep":"1536:EPpEy5BMibZGOj/bEe8v+/UWf4IhvAuCh/jqkODZ2D5N9Rag0MOIdSZAgtgoX5Yn:bIO/e2D5c4LgtImLja98HrK","tlshash":"cc93e8d9b6d2706297b730a851bf510bb17698eab80c4c60f058d8e47eb4e8d507bf2d","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-05-12T15:25:57.665828Z","times_seen":25471,"resource_available":true,"data":null}},"time_used":668,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":661,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"mgdmwd.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}