{"report_id":"6f9e7035-d5eb-43f9-9be3-f04c4df2b458","version":0,"status":"done","tags":[],"date":"2026-06-20T12:33:03Z","url":{"schema":"http","addr":"mails-safe.com","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"172.67.195.243","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"mails-safe.com/","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"title":"iCloud","dom":{"size":92604,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8320)","md5":"d1749ed29e997364eda0bbb3eec86885","sha1":"e75bbe451d924956f9d83a428c323eaa7c64f0bd","sha256":"e989df6e0185680be8256b8e701d35a01b9adaa382e831226f858a8f7f853e77","sha512":"792f6eec90f0c05aca5baaa598c929d59b8da718d24c87c378d2313677f487654163aba87698f5a046c866665abb0cf3f149151203da76306db8c41ec6b32d98","ssdeep":"1536:kMs92hPcEzIZ0ySTNoTU2W2oTUt/qMY0js50O0gBq0OMTc5PSztU2BP0X0JBnzSs:OEy/qMY0js50O0gBq0OMTc5PSztU2BPp","tlshash":"51934ca372a0203e9567daa9ff676a043335c017d963ca14be6d43900f93d519bb7acc","dom_hash":"domhash0bd480cb68463ec80ba63cca0637ec5a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mails-safe.com","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"172.67.195.243","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-25T12:33:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"mails-safe.com","ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-06-19","domain_rank":0,"first_seen":"2026-06-20T12:25:18.288232Z","last_seen":"2026-06-20T12:25:18.288233Z","alert_count":52,"request_count":13,"received_data":3733365,"sent_data":6590,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mails-safe.com/","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"78629826fb9bd2e3d8080b9bcb4d4ef5","sha1":"f8aca04bd61ff60f65f9711fa7276f3de4f8aeda","sha256":"5524dec86c97947bec45eb1c757c33509a0fb22b9cbfb41cb075858eb33beb69","sha512":"180e8f0fd43c1d5384c77e020af5ef2ae467bc4f627f7939edf129be5d7055c7342cb956b2e2113b1624a2cdab4a647d2c5c418a06c7e52cc81005c9ca3e05ea","ssdeep":"384:Hj4S/ur70e6jpdc0ZI11GQniJbwdQo9UHlv9:Dfc3ik29","tlshash":"e892b6bbb4a7203599b7f27e57dfc148323640134486e8103ebc82842f62d58a77aecd","size":20207,"data":"","first_seen":"2026-06-20T12:28:39.843031Z","last_seen":"2026-06-20T12:33:05.909057Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"mails-safe.com/privacy.svg","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.630Z","timestamp":1781958759630,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /privacy.svg HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: image/svg+xml\r\netag: W/\"f649707d38b0d91b0c98948356b68596\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sIV0EgQTOk2Q4Frhtqe8PsWyKQ9HohPnCdPxQfN1jAH%2B92kT0PCdn%2FNaRmyTB4EQhw%2BXVVOYhLxWaKxoaSrEsKiNQs2IFeFFwzL%2FhvOmhAWD6cxm6%2Bnvk39oFblgyGssYA%3D%3D\"}]}\r\nlast-modified: Wed, 17 Jun 2026 19:44:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nage: 1331\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: zstd\r\ncf-ray: a0eacc27bc62120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2292,"size_decoded":1846,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5fa53eeb1bdb55e85d666846245fb60f","sha1":"49f9a080582aab71cde03ba3da0df56167708a1d","sha256":"20bcfd29cf00ae9d23612c3a8ef36debf5dcdfe2ad303b77ef28854b57a9e7a4","sha512":"0c582534b9ff736c51d59bddb5059627245b3355a86fad960057dc6168d94082c381981771ded24d7bd54678571a042daefc394f48ea88f777546dd18b4f89e6","ssdeep":"","tlshash":"244134d55350d298d9cafb98cff5d5f4730bf4fab1a6568099a68720828ee88dd40c08","first_seen":"2025-01-25T14:43:20.16861Z","last_seen":"2026-06-22T14:28:27.273864Z","times_seen":36,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/fonts/SFUIDisplay-Semibold.woff","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.713Z","timestamp":1781958759713,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /fonts/SFUIDisplay-Semibold.woff HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 17 Jun 2026 18:34:38 GMT\r\netag: \"f41d9dee8744fd79b2e9ee2709e0def1\"\r\npriority: u=3,i=?0\r\nage: 466\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nWaWTXriBD8JE2N%2BNYHK4gZSjimKDAFth3CdLCvJ5ZQ0Sp7GKNZ4LN9YtiR8ym2YWL4Ulgez2MqrK5HRtafq3m9Uvo5JEtlSu93F1dWgk8M3PnLgELJEWp85wUrGzB0kOw%3D%3D\"}]}\r\ncontent-length: 220316\r\ncf-ray: a0eacc283c78120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":220316,"size_decoded":221035,"mime_type":"font/woff","magic":"Web Open Font Format, CFF, length 220316, version 1.0","md5":"b48929162d01c5200c1982202b6f002e","sha1":"8c1e0794e37b686e1b82728d4f65d3b777ec1a24","sha256":"8ffa1971754fa1e8886b15ab7662b764b3ace5f4cf9506acba9c395fbf9067a5","sha512":"846646676aecb3312eeec0c70c920a11a2e1bdc0cdaa02ca268425fcf007781b80b707ac93ae72c244f7c478a626f4b338aa9816676d01b6665fb756f6d50740","ssdeep":"6144:HWvVjedu0Nf0NYBWoBiMcRHpX+kj0kI+hBO:HEe3S6349njB/vO","tlshash":"3a241212629beb66f15b15bc21ac1cf2ff315c309af92f820e1be853c55585d7a026ec","first_seen":"2023-05-08T21:55:31Z","last_seen":"2026-06-20T12:33:05.892065Z","times_seen":20,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/fonts/SFUIText-Semibold.woff","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.715Z","timestamp":1781958759715,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /fonts/SFUIText-Semibold.woff HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 17 Jun 2026 18:34:38 GMT\r\netag: \"c8c57b39a7d3ceecb2033254ccfa33f0\"\r\npriority: u=3,i=?0\r\nage: 466\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P0EDvob7HmgSS4mum%2BzmyZi2kDXG03kYKtU7F%2BafJcmULZFj9Gy8buDzk5Hx%2FkUlzDTBAqAlJiUtvOxqjtcnXI6AkMLspNdnR4OyefI2%2ByKP5Gy4QBP8qGNU1g17VHNkJQ%3D%3D\"}]}\r\ncontent-length: 213240\r\ncf-ray: a0eacc283c79120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":213240,"size_decoded":213965,"mime_type":"font/woff","magic":"Web Open Font Format, CFF, length 213240, version 1.0","md5":"a95c9169d172d41ff92349fe4cd20225","sha1":"2d7d46a57aba8e3ea109514a8e24029078f1a0b8","sha256":"18b999c6cc723e12bc294b7806ab45c935c72ccee6dc0db79ba5d27cc8bb268b","sha512":"686af9fb3eeec1a02a124423182205bd7ff253e27fcd2ddfea8d0ea91f3b5e12fdf0d03d0bf4d21089d273f69f5ff722b2881bf7d3131e3d43e40f9043779f3f","ssdeep":"3072:RL20UEB2Zc6gDxRvpJ5hOFk5gAE1RCi18shiYCjIBwW8WoR85Gw/yWVSO8q+z+xF:QvEBSc6gTxPhOLAWRn10YI5z85FoI+6z","tlshash":"b42412321d1b728ea0679af2ab0419ffa70e4439090dec4f81b48d49735b95ddfc99e2","first_seen":"2024-08-03T10:13:32Z","last_seen":"2026-06-20T12:33:05.893224Z","times_seen":6,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/fonts/SFUIText-Regular.woff","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.724Z","timestamp":1781958759724,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /fonts/SFUIText-Regular.woff HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 17 Jun 2026 18:34:38 GMT\r\netag: \"b193e3870746dd442ef077532446e3ab\"\r\npriority: u=3,i=?0\r\nage: 466\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FQ4t%2Fv%2Bt6HxizvYbBpGNSlsh3kIuPdgp5lx0x5apHL7bZOED092wCWYU0XzkG6JTgB2X7KgttozyxsrENllWyhH5EmEZLc2T1w5s5zhi3pUWTdcwPyOMpHp2IOt%2FuMHJhA%3D%3D\"}]}\r\ncontent-length: 180124\r\ncf-ray: a0eacc284c7b120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":180124,"size_decoded":180847,"mime_type":"font/woff","magic":"Web Open Font Format, CFF, length 180124, version 1.0","md5":"671b0be82a6025072a4bf4653b6bdd67","sha1":"21e78b926cca539d803fb24d7448b96875fe6f99","sha256":"1dd142cb948458f8258fa4f7ba5e61bb3060e1b41dbc55eaefce115c3518759f","sha512":"ac26112c97ad4f13a0450a74746f376c2247fdf3efeeee1526d0b6587d99d65c02c1fedd735689de8dc3c2434ecfd428c82c07ba3a150d9e5349e16fa837ccec","ssdeep":"3072:gn7hoPTF44TCXEJb3qTAA/EW0e8mQS/h225D/Wdk+BWGbHPVA705fJSO8q+zEc:g7hoT1Jb3qTAeEFeQCh2Ge++sGLPW76O","tlshash":"a30413768a6a2dcaf830d7d435f324191e238350dfc9540f8d597f4f6a6a72ac804a5f","first_seen":"2023-05-08T21:55:31Z","last_seen":"2026-06-20T12:33:05.894113Z","times_seen":48,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/fpo@1x.mp4","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.775Z","timestamp":1781958759775,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /fpo@1x.mp4 HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nRange: bytes=1867776-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: video/mp4\r\nage: 1331\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 17 Jun 2026 18:34:39 GMT\r\netag: \"e941256aab9772a8be73db79bebdb85c\"\r\npriority: u=4,i=?0\r\ncontent-range: bytes 1867776-1888018/1888019\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3au1d7lh1UYNoQ3pdR0%2Fsoa8Fo1hiIVwX8mhC%2FVl02qk2mlATo9dZXt%2FjuAFibaHmTtTGcclova3OrGibRo7uDhTVSP16y71qae0NZW3Qh1weQUEoGQw9KfhQ%2BY7a4y3MA%3D%3D\"}]}\r\ncontent-length: 20243\r\ncf-ray: a0eacc289c86120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20243,"size_decoded":20992,"mime_type":"video/mp4","magic":"data","md5":"7c5c1549e087c3776baab424f278bf45","sha1":"6e6ac1bb50fb61f25ba39411ff2b8a814995516c","sha256":"27d827f5ac5c193a10ffc344884d3bbb1712365d76ed0c9fdbdce17f78fea909","sha512":"48a4b93abba77e9545984e3e531ec5a02d88aa043c71806b61c26af8b9969d3bd0989e0f7df6b56ccea5212c01cd94776a098ab80c0cc9c21aa72ae37d9b3d5a","ssdeep":"384:WAOGwlewlJrl5jX//Ggwumo0puuiCrUR83xid4UZ4aFHc3:rO1lJBNPuOHuiyNStc3","tlshash":"6892b34c03d3be1ec8a146f5ccd483fe76bad9d64b8a43e2530d621a9d092991cf90f9","first_seen":"2025-04-27T15:19:40.378953Z","last_seen":"2026-06-23T12:35:34.156598Z","times_seen":639,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/favicon.ico","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.790Z","timestamp":1781958759790,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: image/vnd.microsoft.icon\r\netag: W/\"c85a44f4063ec6357283a1bb8e473d11\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CwWDV%2B%2FSfJbLzkRwOvRRLjSFimLBx8h4RJGt8ySSIsJIhw7cICPNftdMdcuYd3pu5%2B%2FQpWrpV2YhAzQL82%2B7p342SLsV2wpq0cLr7tN0B%2BJ9jZGtBqZQm2M2oo8B3xMEyA%3D%3D\"}]}\r\nlast-modified: Wed, 17 Jun 2026 18:34:38 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nage: 4046\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: zstd\r\ncf-ray: a0eacc28bc8a120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15406,"size_decoded":6212,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"7fb0221d0669f1d731d34e4bdd37d5b6","sha1":"9070015beab0da26a785234f9ba0118847681328","sha256":"5abc82b050a4a03e9e7a2e7eed1806e79c04b46fe7c5791a02b7a3da788b50d0","sha512":"94116a76c3131fecdd6e77d9f3bfc2c8200172a547f6a1af7a09beff4bfebc51c3eddaf6f59a141597e29939db517d25b6ef5f5c6c6990fd0943b10ed78d414d","ssdeep":"96:gveEF9XOy/c8mPIrCXuPJuaNpL8tkf6R67jZ6Wm4DyNmB4NdWBkCPFNJ4BxaxL6M:gnDvL0aP8tP6J1m4yNmBZkw2xg5b6e","tlshash":"d4623ec2d45cbeece8111b70e0365c5519a7fea23a78b60d5909b52173b73c3702b91b","first_seen":"2025-10-05T10:57:06.022899Z","last_seen":"2026-06-23T18:34:36.928352Z","times_seen":226,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-20T12:32:39.338Z","timestamp":1781958759338,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\nlast-modified: Fri, 19 Jun 2026 11:32:22 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Bzru6YqDYHUJIh8qPdLw6v6HZUMZ%2F4ocMSuEHFk1afRiBhOmYOBcFsd8OYvCJwh%2BSvQxFv%2BH%2FOFPEJPESq5q1vn18wuY%2Fb%2Bw70h08OYTjg8TbfeojTcxOnzqHGhI9lghfw%3D%3D\"}]}\r\npriority: u=0,i\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a0eacc260c1a120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":93473,"size_decoded":26719,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8320), with CRLF line terminators","md5":"50ad4dccb34e38a8bd643a47900b7e12","sha1":"6cddb9be6092140b09b8e2dd80525114cb93db96","sha256":"8a078f79a7f899aa4d84493030402cbc63a93ae1368c9fab38241ae93e3535bf","sha512":"bd96f8223bd67fc5ffac54ee543dc9e7d16af15c3b7c3117383c682a5c8223fc2a871fc5780bb0382a29d8aa3e1eae542507294d9487d305c6ccd3f9ecff5a6c","ssdeep":"1536:y9r2jSuVB89iLBwc+oTUzsAoTUK/qMY0js50O0gBq0OMTc5PSztU2BP0X0JBnzSm:BFh/qMY0js50O0gBq0OMTc5PSztU2BPZ","tlshash":"60933ca36180217e9577d7a9ef626a48f7398003d9638714baad43910fb3c509b77ecc","first_seen":"2026-06-20T12:28:39.834897Z","last_seen":"2026-06-20T12:33:05.897903Z","times_seen":2,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":5,"connect":13,"send":0,"wait":38,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/system/icloud.com/2618Build21/en-us/main.css","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.615Z","timestamp":1781958759615,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /system/icloud.com/2618Build21/en-us/main.css HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: text/css; charset=utf-8\r\netag: W/\"7548a0a3588be792d8605d341fdafbaf\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=caj49ROFc3Qz4fK1NnGB08PJr4rL7uuEz7N8QV9%2BoBbU0uyZjuosN0pn7yUONbhoIHZanlYhUFmUdQ35Hk3pjSqMN7lKEBWr%2F3l%2Bx31WUIWyIih1ktVdE%2B3Ap5JIRjsEZg%3D%3D\"}]}\r\nlast-modified: Wed, 17 Jun 2026 18:34:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nage: 1331\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: zstd\r\ncf-ray: a0eacc279c5e120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":758536,"size_decoded":76205,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"b55fed2b9e487944e7c92c5232e949d2","sha1":"26b82db65791130655e2e00700960c7f21dcf008","sha256":"679190227224c0385ce6171e0d49a8b18e168c47ae9ac7c08567237a357111f9","sha512":"bf6df3072be81ba4355be5938677442cb3eebf8f5e4e5b0c0521eefbb0ee20b8423475a1db277f0d661e61480c688a09f698bc69db56535607c8650f4c6f452c","ssdeep":"1536:xH4ji8pr6My8bvoCR6YD/a1j/1jiGi3raG85Ped6hsLpUyTNg6oYtiXpw6wFWfoK:xlj/bG85PexLpUyTNg67Wwje5","tlshash":"14f4a7bd151033397db7893ad15066289b35f1e2eb235efea89563c44bcf1a630c261b","first_seen":"2026-06-20T12:28:39.837475Z","last_seen":"2026-06-20T12:33:05.899233Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/0e4e931e06552e87f2fdff2832e11bb9.png","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.622Z","timestamp":1781958759622,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /0e4e931e06552e87f2fdff2832e11bb9.png HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: image/png\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 17 Jun 2026 18:34:38 GMT\r\netag: \"10cb2d07c8e98a879a58c093ea931006\"\r\npriority: u=5,i\r\nage: 1331\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9NHdo4NC%2BzTmgRj3kgCc6IsmPE17ncW3HqmFkrzeRNltLx9hq4pNL8ndkf%2B5NLUjep6KbWoEM4D6TCUD5kYZlEvdlicNrYy8pD6JY7nX8ucOerGS8vt4GRQx1ovy1tHmtA%3D%3D\"}]}\r\ncontent-length: 48202\r\ncf-ray: a0eacc27ac5f120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48202,"size_decoded":48920,"mime_type":"image/png","magic":"PNG image data, 430 x 388, 8-bit/color RGBA, non-interlaced","md5":"c214d8bfb5062d87cb9e36e4c26109d0","sha1":"68f3ff415a4adcee1461704f40fe07601b57a044","sha256":"771c00dc5a82559fd436c0ed9ba211b98021327c5e42f5b47bbf5fe5520057ff","sha512":"89dcf39c000814b951e32e764019d33f2a359d58b1f63b5267f5fde77973ad534dbe77402cfb1a7182eea950fb4b7390e52e7083254f2c4a072d83bb893f6478","ssdeep":"768:UKqrpw3bBpZrd5CmemUfHipma6uP8TIrgz5K4ZThxUts6QnSqLwXs97ZesZ:Uly/LEdfCKuePz5KUThxosbnSq8XAZeq","tlshash":"1123be1006c6f680d7b964f6d347a0f8bf767044f922599ea0b9a53b7e070be5c4acc9","first_seen":"2024-10-08T01:24:26Z","last_seen":"2026-06-23T13:21:33.44395Z","times_seen":795,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/7cb9ecdad2b384754de394732519f658.png","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.628Z","timestamp":1781958759628,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /7cb9ecdad2b384754de394732519f658.png HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: image/png\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 17 Jun 2026 18:34:38 GMT\r\netag: \"221ee107b64c0c6ff340b899149a2a4d\"\r\npriority: u=5,i\r\nage: 1331\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hzvqiy5qydZAO%2F7dfYN53CAwUcJwp2KI9XcbZ9ugyhoyxD0IlYN4n0cpy7V%2B2SaT2VUZBNmg6KeM%2BnrAwE2L93aPBhlnISk3EaGBsfdVnATzbWhQhbbl%2FNK56qoWtStf5A%3D%3D\"}]}\r\ncontent-length: 213358\r\ncf-ray: a0eacc27ac61120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":213358,"size_decoded":214081,"mime_type":"image/png","magic":"PNG image data, 1324 x 950, 8-bit/color RGBA, non-interlaced","md5":"616fa4b7b4ced3958818770ee3b68953","sha1":"2b073c5f80e1850830e2275819d18bbe70bb08c8","sha256":"c49b9b2a18f9009bf2781a3884833ea9404e7359fe01b812dc45b317a77a1ff9","sha512":"8634c127c44c7ea76d07d3ffeee3a79fc2a9dd2d9d0c8eef0b3c6e91d1da5741241815c732681a29468083123310dae770faf0933dc50976012ae212dbd0be39","ssdeep":"6144:I4h6XA9Yv2dvjX8jdrq64EYcay5NsT20P:I4/Nxa/w20P","tlshash":"1f2412d64a659bc8a8477993b7b183856a30747db53921306f7ca7fe45b3443cca08f2","first_seen":"2024-05-10T11:41:28Z","last_seen":"2026-06-23T13:21:33.45173Z","times_seen":932,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/fpo@1x.mp4","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.736Z","timestamp":1781958759736,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /fpo@1x.mp4 HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: video/mp4\r\nage: 1331\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 17 Jun 2026 18:34:39 GMT\r\netag: \"e941256aab9772a8be73db79bebdb85c\"\r\npriority: u=4,i=?0\r\ncontent-range: bytes 0-1888018/1888019\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YMxGzjNGlXX2CR4cq0zbe7dGG%2FTiI3H%2BEIiYcNDhBAoKmrPm0QJZY%2BqhPzxbR7hPl9YtuGTOwg6nAwzfulKFmLDaPw1IcySzkmFUqq2ooOG2SBRIcFTmkxfGmk4qWdG6bg%3D%3D\"}]}\r\ncontent-length: 1888019\r\ncf-ray: a0eacc285c80120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1056102,"size_decoded":1056845,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"d69cd0bc9471a6b2e0b8482100309724","sha1":"e2c7830577c12654f73b78acff5110e1a21954f5","sha256":"392bb8c43da0aa8ed8ef2310b8b18fa1fa9ca8cd1ff7043d0603d8f9412d839d","sha512":"bc8f865ed10a699c0b143b2922ef648757ba5fc686c516f4d18dcac3e400afdda465c4a28bc97eebb17cdcc6407f4165fc613e425a0970337a2080e76d865f3c","ssdeep":"24576:6RD42JpyQP6Nc9HG06lQATcIlV8PzuH1XGbvIj:xEpdPZtG0oTcIBXGjIj","tlshash":"f025337302a0353731a7bb9561c321a3a874c4e9dd5d6ba729099c879cc3fe36b3e911","first_seen":"2025-07-29T02:43:23.533498Z","last_seen":"2026-06-23T13:21:33.44563Z","times_seen":240,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/fpo@1x.mp4","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.793Z","timestamp":1781958759793,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /fpo@1x.mp4 HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nRange: bytes=1048576-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: video/mp4\r\nage: 1331\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 17 Jun 2026 18:34:39 GMT\r\netag: \"e941256aab9772a8be73db79bebdb85c\"\r\npriority: u=4,i=?0\r\ncontent-range: bytes 1048576-1888018/1888019\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VqhZo4OkTkc4sO99AP9yFwZ35q0VbLO1MrYgCYmwdfikZiFXo2ymjlKhJuqoVj5cIZFKY2MKjLsE990dNXMyDZLxfpOzhXJfGJCgI%2BNWlQnqtLqzei26jn0QuzxFcW1Z0g%3D%3D\"}]}\r\ncontent-length: 839443\r\ncf-ray: a0eacc28bc8b120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":839443,"size_decoded":840187,"mime_type":"video/mp4","magic":"data","md5":"0dda77bf5fa100e4c4a2b2bafa9070eb","sha1":"89815dec5b19172f13a835a95296f21fbae00fcc","sha256":"1e8c47e774fdcb09728a38da7b8d8fe88afae9b8cdb89531ae9e618ddbf7ffdd","sha512":"0368bd761a1b21ea86c49574f6492aaf49bf55bf368a6f67029b2eecaefe4bd107b041852411304f40b61d07edd71554b388a70a69cceda204dcf1599ef37f8f","ssdeep":"12288:B/4JEgiMQstZgH8CpIZ1jh+c76JcGp6WxdAlIfw0WHeKdbeLxP8M07VWF3B/duVP:BfMQfcC6hhB72cAQlfCQeWT7ElB/dup","tlshash":"fa05231c53f36d14cab41b72c35297b2ba9efb465c4603a6fa18cb3899024dd5cdd22b","first_seen":"2026-06-08T15:14:53.525212Z","last_seen":"2026-06-20T12:33:05.906315Z","times_seen":2,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mails-safe.com/5f2eb96708c817d4da8f26e75916a38f.png","fqdn":"mails-safe.com","domain":"mails-safe.com","tld":"com"},"ip":{"addr":"104.21.52.58","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mails-safe.com/","date":"2026-06-20T12:32:39.626Z","timestamp":1781958759626,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mails-safe.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Jun 2026 10:02:32 GMT","end":"Thu, 17 Sep 2026 11:01:07 GMT"},"fingerprint":{"sha1":"17:8D:86:C1:9A:90:D9:28:A4:29:82:9D:94:CF:A8:D0:2C:74:FD:A4","sha256":"31:78:60:75:59:8B:F1:B4:F6:1F:58:09:3A:91:99:A0:C1:88:51:43:42:D0:27:06:31:23:19:6C:BB:70:5F:E3"}}},"request":{"raw":"GET /5f2eb96708c817d4da8f26e75916a38f.png HTTP/1.1\r\nHost: mails-safe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://mails-safe.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 20 Jun 2026 12:32:39 GMT\r\nserver: cloudflare\r\ncontent-type: image/png\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 17 Jun 2026 18:34:38 GMT\r\netag: \"c1cdc23d929915172bac792d54ecd10c\"\r\npriority: u=5,i\r\nage: 1331\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y7KW60wxJuvzRsSt%2BJHZ6QHNyGKkXMcDjAhxi0mIzzMiV2prZMAWNZjuIoZOJizABLqmmJ9%2BHXsQYaSOmNR0Zb5Hbg2DeS1vEhYMjBw%2FdyqDmZZ3iQFawk5mSLZoRqNe4w%3D%3D\"}]}\r\ncontent-length: 63271\r\ncf-ray: a0eacc27ac60120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":63271,"size_decoded":63991,"mime_type":"image/png","magic":"PNG image data, 486 x 205, 8-bit/color RGBA, interlaced","md5":"fab1fb6903dd2d66a9cb1336ec57fe37","sha1":"71cb6d53e49bcf26f758920baaee7b8c4e4fd547","sha256":"47bc2d921cb6670eae9aa24616a7a830fff8c288dc813caba22d3529371625ea","sha512":"4c2e187f99db07a92d194710398301e2ec3e2dc1fa15b5bd083e92820b0b420ebe0a52cbc372ec6ddf25cee4bfd8b8e76094742d7eba9e6df13962ce1e2c8ae0","ssdeep":"1536:Mo7mdQlyBHYCidNcahiCP75Jfcy1+bSqt:m1HYCCiCP759j1Fqt","tlshash":"fd5301a022cb2315de5858849b50c9b0ecf52dcef4352fa86d5c1f7b3e8175ca1c9a6e","first_seen":"2026-02-01T11:31:53.508836Z","last_seen":"2026-06-22T15:04:50.694681Z","times_seen":541,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-20","alert":"Phishing Block","trigger":"mails-safe.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"mails-safe.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}