{"report_id":"2ea8acb8-110b-4a2d-a16d-53ecc310a8c2","version":6,"status":"done","tags":[],"date":"2026-03-05T01:02:30Z","url":{"schema":"http","addr":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","fqdn":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","domain":"gatewaypie.com","tld":"com"},"ip":{"addr":"69.124.94.88","port":0,"asn":6128,"as":"CABLE-NET-1","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com/","fqdn":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","domain":"gatewaypie.com","tld":"com"},"title":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com/","dom":{"size":24854,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (24854), with no line terminators","md5":"af03d33033c9c54d1840ebad4b27cef0","sha1":"ab8f96687371f98e38f247f00de29983a147d5d8","sha256":"fa9346b66af292b99bcf19f6034d0b62684fbdbe82a681bd6af22aeadba6678d","sha512":"f98ab5052aa15a4d72e7dff9d7d4039f00f5241d5029f9cf81d33ab62d8c9531bdfdaf3f143be8875228f3617fd2fb7a2f104e56d52aac5f459090f105707638","ssdeep":"96:H5rZrLDbV+CZXUgpk5POtQw07/4P4lHFjyS9iSTfBHhSTqnrIsk8STcsk5rcfnki:3Db9X04P4lHFjtdQvO3H9PO","tlshash":"f2b20fe07dd28c35e85616c8f0f0db29a0c3f59fdc929885eed402fc27da9a4750d2a9","dom_hash":"domhashc5b3a8a0293dd2017ec0a5343381c0a8","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","fqdn":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","domain":"gatewaypie.com","tld":"com"},"ip":{"addr":"69.124.94.88","port":0,"asn":6128,"as":"CABLE-NET-1","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-09T01:02:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-05","alert":"Phishing Block","trigger":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","ip":{"addr":"69.124.94.88","port":443,"asn":6128,"as":"CABLE-NET-1","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-17T02:16:40.446055Z","last_seen":"2026-02-15T15:23:05.430102Z","alert_count":5,"request_count":1,"received_data":1570,"sent_data":536,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com/","fqdn":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","domain":"gatewaypie.com","tld":"com"},"ip":{"addr":"69.124.94.88","port":443,"asn":6128,"as":"CABLE-NET-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-05T01:02:08.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gatewaypie.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 08 Jan 2026 16:03:52 GMT","end":"Wed, 08 Apr 2026 16:03:51 GMT"},"fingerprint":{"sha1":"38:77:79:DE:C3:3D:1C:31:F4:73:38:3D:B1:93:3E:7C:BA:41:31:25","sha256":"F7:3D:6D:04:AA:09:27:6B:94:26:C0:F2:23:E1:31:8B:32:27:DF:6A:27:EE:8D:5D:1E:6D:59:3D:11:F6:50:E6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 05 Mar 2026 01:02:08 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 315\r\nConnection: keep-alive\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: content-length,content-encoding,X-Payment,X-Payment-Response,X-AR-IO-Hops,X-AR-IO-Origin,X-AR-IO-Origin-Node-Release,X-AR-IO-Digest,Content-Digest,X-AR-IO-Expected-Digest,X-AR-IO-Stable,X-AR-IO-Verified,X-AR-IO-Trusted,X-Cache,X-AR-IO-Chunk-Source-Type,X-AR-IO-Chunk-Host,X-Arweave-Chunk-Data-Path,X-Arweave-Chunk-Data-Root,X-Arweave-Chunk-Start-Offset,X-Arweave-Chunk-Relative-Start-Offset,X-Arweave-Chunk-Read-Offset,X-Arweave-Chunk-Tx-Data-Size,X-Arweave-Chunk-Tx-Path,X-Arweave-Chunk-Tx-Id,X-Arweave-Chunk-Tx-Start-Offset,X-AR-IO-Root-Transaction-Id,X-AR-IO-Data-Item-Data-Offset,X-AR-IO-Data-Item-Root-Parent-Offset,X-AR-IO-Data-Item-Offset,X-AR-IO-Data-Item-Size,X-AR-IO-Root-Data-Item-Offset,X-AR-IO-Root-Data-Offset,X-ArNS-TTL-Seconds,X-ArNS-Name,X-ArNS-Basename,X-ArNS-Record,X-ArNS-Resolved-Id,X-AR-IO-Data-Id,X-ArNS-Process-Id,X-ArNS-Resolved-At,X-ArNS-Undername-Limit,X-ArNS-Record-Index,X-AR-IO-Via\r\netag: W/\"13b-iNlsSIjolNESlEEO42fG2bHQwHo\"\r\nx-envoy-upstream-service-time: 2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":315,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view; charset=utf-8","magic":"JSON text data","md5":"b44956c92e696a52b39611dceabc665f","sha1":"88d96c4888e894d11294410ee367c6d9b1d0c07a","sha256":"0b0da8ed7d4a677c7ba87861282a4e780eb1a20c72eb30e2a63a14e86457e07b","sha512":"45277b7e9a6a666fbae11ed99464b18bfabefd1f891e9bd7f44bb9ba9e844c5cf6c92c331c2b01761e2cba5fde4714c215f42abf165cf3c76d0ec6f12264224c","ssdeep":"","tlshash":"6fe02d233fcc02b19df002c0b20a290faca101271bc88f4ee18cb300c1bb0ad80228e2","first_seen":"2026-03-05T01:02:30.872084Z","last_seen":"2026-03-05T01:18:10.658272Z","times_seen":2,"resource_available":false,"data":null}},"time_used":654,"timings":{"blocked":278,"dns":61,"connect":95,"send":0,"wait":98,"receive":0,"ssl":119},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-05","alert":"Phishing Block","trigger":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"vdhni4a34mgmixv3sozqnkquylzzgz73qczkceui7ichkghgkg3q.gatewaypie.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}