{"report_id":"c889c843-f5d0-4bdf-a864-ca0c234e82a5","version":6,"status":"done","tags":[],"date":"2025-09-24T10:04:00Z","url":{"schema":"http","addr":"mailg-id.com/t/c9a8167c53c54e0911ffeda7ad446c14588586031cc19c24bab9f4690f38476a8fee1252c4e42bc30320ba93beaab757","fqdn":"mailg-id.com","domain":"mailg-id.com","tld":"com"},"ip":{"addr":"172.67.160.161","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"mailg-id.com/t/c9a8167c53c54e0911ffeda7ad446c14588586031cc19c24bab9f4690f38476a8fee1252c4e42bc30320ba93beaab757","fqdn":"mailg-id.com","domain":"mailg-id.com","tld":"com"},"title":"mailg-id.com/t/c9a8167c53c54e0911ffeda7ad446c14588586031cc19c24bab9f4690f38476a8fee1252c4e42bc30320ba93beaab757"},"submit":{"url":{"schema":"http","addr":"mailg-id.com/t/c9a8167c53c54e0911ffeda7ad446c14588586031cc19c24bab9f4690f38476a8fee1252c4e42bc30320ba93beaab757","fqdn":"mailg-id.com","domain":"mailg-id.com","tld":"com"},"ip":{"addr":"172.67.160.161","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-29T10:04:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-24","alert":"Sinkholed","trigger":"mailg-id.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-24","alert":"Sinkholed","trigger":"mailg-id.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-24","alert":"Sinkholed","trigger":"mailg-id.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"mailg-id.com","ip":{"addr":"104.21.66.139","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-11-15","domain_rank":0,"first_seen":"2025-08-17T05:58:10.608734Z","last_seen":"2025-09-22T06:17:25.113171Z","alert_count":6,"request_count":2,"received_data":1625,"sent_data":1074,"comment":"","tags":null,"fingerprints":[{"name":"IIS","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Application Request Routing:3.0","description":"Application Request Routing (ARR) is an extension to Internet Information Server (IIS), which enables an IIS server to function as a load balancer.","website":"https://www.iis.net/downloads/microsoft/application-request-routing","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Load balancers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mailg-id.com/t/c9a8167c53c54e0911ffeda7ad446c14588586031cc19c24bab9f4690f38476a8fee1252c4e42bc30320ba93beaab757","fqdn":"mailg-id.com","domain":"mailg-id.com","tld":"com"},"ip":{"addr":"104.21.66.139","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-24T10:03:38.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mailg-id.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Sep 2025 09:57:06 GMT","end":"Wed, 03 Dec 2025 10:54:35 GMT"},"fingerprint":{"sha1":"73:17:6E:32:5C:AF:A8:63:6E:F7:36:97:AC:6F:D6:54:E8:56:B8:64","sha256":"6A:BA:4F:AE:E3:FC:62:64:A5:65:C1:18:65:3C:F7:66:3F:09:3E:91:BE:59:F9:4D:FC:BC:66:6B:71:B8:21:EC"}}},"request":{"raw":"GET /t/c9a8167c53c54e0911ffeda7ad446c14588586031cc19c24bab9f4690f38476a8fee1252c4e42bc30320ba93beaab757 HTTP/1.1\r\nHost: mailg-id.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Wed, 24 Sep 2025 10:03:39 GMT\r\ncontent-type: application/problem+json; charset=utf-8\r\ncontent-length: 162\r\ncache-control: no-store,no-cache\r\npragma: no-cache\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0GlxRRwuTl9r4pTeVRpX7m4ylz6%2BukeHr9TBMHttJMOiQ1CGsMiP9QJPb02TZeSiVXwSUzK97B88aZstaMY3oSdIyRvDQmkJfbQ0Jddeb4%2BruuBkdw%3D%3D\"}]}\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-powered-by: ARR/3.0\r\ncf-ray: 984173fdcfa25684-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"IIS","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Application Request Routing:3.0","description":"Application Request Routing (ARR) is an extension to Internet Information Server (IIS), which enables an IIS server to function as a load balancer.","website":"https://www.iis.net/downloads/microsoft/application-request-routing","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Load balancers"]}],"data":{"size":162,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view; charset=utf-8","magic":"JSON text data","md5":"b4c834a9ebd80520726a7d00362abfeb","sha1":"3d280d466f4edd848c0f44505b82d4d940ed865b","sha256":"93e338e79552f394656356e197bb458105e32e8d8cab53f00ae650d40218dc6b","sha512":"4d2cd1c6fc2923f6711bf362d02cfcdd9b7cd1af81554e627d5f2a358960b73df7543279c8b50cc0c73d9a81dd1fbc0cb11dadfe20b08edecd6f71ec6ded52f6","ssdeep":"","tlshash":"18c08026c27455900b414571e0c42515c8935f5551c1b66740589431c65d3dd614d00e","first_seen":"2025-09-24T10:04:01.363552Z","last_seen":"2025-09-24T10:04:01.363552Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1002,"timings":{"blocked":210,"dns":38,"connect":1,"send":0,"wait":582,"receive":0,"ssl":168},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-24","alert":"Sinkholed","trigger":"mailg-id.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-24","alert":"Sinkholed","trigger":"mailg-id.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-24","alert":"Sinkholed","trigger":"mailg-id.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"mailg-id.com/t/c9a8167c53c54e0911ffeda7ad446c14588586031cc19c24bab9f4690f38476a8fee1252c4e42bc30320ba93beaab757","fqdn":"mailg-id.com","domain":"mailg-id.com","tld":"com"},"ip":{"addr":"104.21.66.139","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-24T10:03:39.197Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /t/c9a8167c53c54e0911ffeda7ad446c14588586031cc19c24bab9f4690f38476a8fee1252c4e42bc30320ba93beaab757 HTTP/1.1\r\nHost: mailg-id.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Wed, 24 Sep 2025 10:03:39 GMT\r\nContent-Type: application/problem+json; charset=utf-8\r\nContent-Length: 162\r\nConnection: keep-alive\r\nCache-Control: no-store,no-cache\r\nPragma: no-cache\r\nServer: cloudflare\r\ncf-cache-status: DYNAMIC\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FPPpxtelbCOZFbqRKmeJxxWzDm2r75BzqE7QkVf%2FuCNj3Bs0aVCBhc%2BaRV6yVt6n%2BB0TAUZNnwda4CLMhW%2BWoPghO9UkA77yF%2Fa5LIjwkCA3DOrOWw%3D%3D\"}]}\r\nalt-svc: h2=\":443\"; ma=60\r\nX-Powered-By: ARR/3.0\r\nCF-RAY: 98417401ff6856b7-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Application Request Routing:3.0","description":"Application Request Routing (ARR) is an extension to Internet Information Server (IIS), which enables an IIS server to function as a load balancer.","website":"https://www.iis.net/downloads/microsoft/application-request-routing","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Load balancers"]},{"name":"IIS","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":162,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view; charset=utf-8","magic":"JSON text data","md5":"4c930d8109419acd08c5da742914a5f2","sha1":"eb01c3cb91ac4c1e8a010c4e8b26e2daa054f83b","sha256":"ce76025a27b1c36765652fe868e99b021f307ee5845998e679af09f80921fce1","sha512":"24e074e51f0d263fefc268df9b7221a7021a9496d0e1df015a2b0651b2050e5eac0786029173832f914ad8c0dc42b5430a3c6c60cc76654b9c30c4cc3e65e1d9","ssdeep":"","tlshash":"79c08c2fd360aea00bc664b1e0ce342985974d01a9da694a409cc870ca683eca04102b","first_seen":"2025-09-24T10:04:01.365643Z","last_seen":"2025-09-24T10:04:01.365643Z","times_seen":1,"resource_available":false,"data":null}},"time_used":325,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":324,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-24","alert":"Sinkholed","trigger":"mailg-id.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-24","alert":"Sinkholed","trigger":"mailg-id.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-24","alert":"Sinkholed","trigger":"mailg-id.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}