{"report_id":"01ce5ddc-1177-403a-b1b0-22cc43348907","version":0,"status":"done","tags":[],"date":"2026-07-12T17:20:48Z","url":{"schema":"http","addr":"auth-telekom.de","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":0,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"auth-telekom.de/","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"title":"Telekom Login","dom":{"size":44360,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (18985)","md5":"587f8b787aee7f07e834f2cf6867f991","sha1":"6a576d0634f7fa21cabdc0b849bde86c9321d680","sha256":"6367f6613a8b20599da5b93c814999ddfe1403f4d78659048e16523af355d89d","sha512":"703813fda18a5b97d72302e37521ad670cc37cb0275e7db6e4cc10d99fa3d6fe9f3997a4d8322b150f96aaaccf252ba57670421b82071ff803d9544cc168f50b","ssdeep":"768:ESWSpNRa/8TqKtHM/sT/SAxqtW9c5umjjljXWMLA27knlrVIK6ZEU+7g0lpb4GW2:Q/8TqKtHM/sLSAxqtW9c5umvxXWMLA2K","tlshash":"361342ade29a243e6723813b1ac8b484552ed063def38d45b55d8d158fe3eb608c3e74","dom_hash":"domhash9285761b77a14e415d84b5b8378b30fc","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"auth-telekom.de","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":0,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-16T17:20:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"auth-telekom.de","ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-07-12T17:20:49.103634Z","last_seen":"2026-07-12T17:20:49.103634Z","alert_count":45,"request_count":15,"received_data":854034,"sent_data":7744,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"auth-telekom.de/images/36.jpg","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.497Z","timestamp":1783876821497,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /images/36.jpg HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auth-telekom.de/stylesheet_5.css\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\ncontent-length: 410796\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 988\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:28 GMT\r\netag: \"644ac-6561a7d160f00\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":410796,"size_decoded":411114,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x1180, components 3","md5":"5bb5dd164f166fd41a8229c677431581","sha1":"ed2631c471cffe4b65200f489ccefb9e9ee2cee5","sha256":"ad1d8695e1595c989e0d0a0dfc1c89faf1da98a3ef8fe2f2d424eca4af7a11e6","sha512":"158843a78a3d4bca15c31bd3a34e510137f4f5cb0d327cb2aedabf5dfb1f35ae782be89f1e83da8e699e3dfd61abcaebba2b584f968565f2acb6c19de89251e3","ssdeep":"12288:8glFBrj373LyjwAEvvNgYFNVjBelTk8htj:hSySTk8hd","tlshash":"d7940289ff06039b5e1d2272d687b94a59604bdd7ca84dc889029d7ff6603c2cee359c","first_seen":"2025-05-29T03:29:53.545276Z","last_seen":"2026-07-12T17:20:53.105472Z","times_seen":177,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":65,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/stylesheet_0.css","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.331Z","timestamp":1783876821331,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /stylesheet_0.css HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auth-telekom.de/\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css\r\ncontent-length: 319\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 998\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"13f-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":319,"size_decoded":630,"mime_type":"text/css","magic":"ASCII text, with very long lines (319), with no line terminators","md5":"ef9067d692325ad174c018d015629515","sha1":"e371b92c99d912b3c6092acf9ece51e0cfee72e8","sha256":"9f366b48626907ec7635a9b0971e3bcd09c995bf2cdfcb7dfdfb7ae2fb5cb92c","sha512":"2a988f6e2065b97dcb70fc9d727f2ade761e909be0bfaa78aee64346e4eb8d564c4fd06b3faa8a22218073865fecbcd659fa31ee645aa2508289e6d14196005e","ssdeep":"","tlshash":"d1e026804242e37b4a639b4b07cca6415d39f9d3fd225f4cbd848b2201c72e829a3bb4","first_seen":"2026-07-12T07:03:51.585236Z","last_seen":"2026-07-12T17:20:53.106636Z","times_seen":2,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/frames/0/index.html","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.347Z","timestamp":1783876821347,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /frames/0/index.html HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: text/html; charset=iso-8859-1\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 991\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":236,"size_decoded":440,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"54ddfcfcbac52ccc7451161d40934ad7","sha1":"3f9915360e96bd0c5c756209a62d99b0246a634d","sha256":"9448f8a1159c9b14e3e1b9d8eab1a6ddf88d26e1f888a34cef430c756e4e6e1e","sha512":"b5b31c06e9e8cfc08e09e90bc5ba77c970c5be644c109f14b4b430384d4cecefae4368e051ed96323cfd3fe7a0e9f4832025c2efd213aa64bf65c55625bd72e6","ssdeep":"","tlshash":"61d0a79e90939386415176907ec123d2654953ab78b143e96ec1944690086bdc0d919d","first_seen":"2025-12-07T09:00:18.523222Z","last_seen":"2026-07-13T05:19:26.33559Z","times_seen":6307,"resource_available":true,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-12T17:20:17.130Z","timestamp":1783876817130,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/html; charset=UTF-8\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 999\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60; expires=Mon, 13 Jul 2026 17:20:21 GMT; Max-Age=86400; path=/; domain=auth-telekom.de; secure; HttpOnly; SameSite=Lax\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":78584,"size_decoded":18929,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (18985)","md5":"b3585040e554640977019d3c5188c00b","sha1":"9d7c77a16635d37cc5a6200c506ac3de597a30f6","sha256":"4a79e6d3ad44a389c94bf2062899aa61515b20726ca53c578562a24290eedeeb","sha512":"e97b628169fa7eef4075450aa539ee9f7fd9eca23b234f803335993312ae74027e2ac6764449dd378ba1efb51a7a601165a5d469b9693e2e369e7eda24dcdeb7","ssdeep":"1536:l/8TqKtHM/sLSAxqtW9c5umvxXWMLA27kneGX22oXS7Wo0DuIVlxeeB1g6:oGH06","tlshash":"6e7364dde292a53a6a23903b1a8cb548442ad453de738d4af54d8d644be7ff708c3e70","first_seen":"2026-07-12T07:03:51.593403Z","last_seen":"2026-07-12T17:20:53.111159Z","times_seen":2,"resource_available":true,"data":null}},"time_used":3959,"timings":{"blocked":-1,"dns":136,"connect":32,"send":0,"wait":83,"receive":0,"ssl":3708},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/fonts/19.woff","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.514Z","timestamp":1783876821514,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /fonts/19.woff HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auth-telekom.de/stylesheet_6.css\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: application/font-woff\r\ncontent-length: 67124\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 985\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"10634-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":67124,"size_decoded":67452,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 67124, version 0.0","md5":"ade89526b134edc70ab0838608665e3b","sha1":"408b8be1433b939328d93f45e7e39ae34f8f1907","sha256":"f1224867c8aa165e9dbce514bdeb5eebdb5d7a9d0f7f6e416ea0b4bd9579116d","sha512":"ef4c91ff3940474ed62404db886d4300e742fa264972a1cc4eddb9c7c8609c6d9d66d54d6389602d2f81063a69318929cfa6f36562612bcda271b1e101e89fa7","ssdeep":"1536:6bnPVFvXFrrWrQ9x3zf5RhzzBDBrFQttbYZA4n7wd56gL9h/+:0P3FrKs9Z5/mHbYi4n7wdRy","tlshash":"cc6302730c2be644d26d98b88b6af3c1931b1610afdbfd544f8dc7540a42be5a738b52","first_seen":"2024-08-19T17:05:58.661515Z","last_seen":"2026-07-12T17:20:53.113308Z","times_seen":100,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/images/37.ico","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.485Z","timestamp":1783876821485,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /images/37.ico HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/vnd.microsoft.icon\r\ncontent-length: 5430\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 990\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:28 GMT\r\netag: \"1536-6561a7d160f00\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":5430,"size_decoded":5759,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel","md5":"8d3c1354a64ba28bdf05d7615d5521f6","sha1":"ef1324ebe1d8eefa4b5499ebfaa196f98cf2dd75","sha256":"f6f1859ba1d189f83e883ae9ce59fc4ea2ecc5bdbd97e1929d16896ce837f404","sha512":"68694fef47913ef0b1031c37eb0ba705df87d16e96ccde302307dfa60fcc7a441241ed9435ba2179baad9da288b3d45db1639e6f04ae476160cd75cedd88e2d2","ssdeep":"24:NL5irT39tmmmmprLrrp33tr76sKeSuCH7oIoof:XirT3drLrrp33tr7blSuCH74of","tlshash":"b5b1d80ca296c444c1c50ee4c9056df87aeb7c89d98ff1639acb7fbe7773128401661a","first_seen":"2023-04-10T19:16:18Z","last_seen":"2026-07-12T17:20:53.117176Z","times_seen":133,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/fonts/7.woff","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.510Z","timestamp":1783876821510,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /fonts/7.woff HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auth-telekom.de/stylesheet_6.css\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: application/font-woff\r\ncontent-length: 66432\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 987\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"10380-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":66432,"size_decoded":66760,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 66432, version 0.0","md5":"5734da39304090cb495eeb606df63f93","sha1":"f2194298a4a22f2d05aba0891f1ef04d26ea8578","sha256":"57e63f0bdefcf32d37bafd97b735cf4e86baffdba971dfb180e99395d1ff6e3b","sha512":"643f90d93942b1a284af71bda550e67aed9b04359b30ed61c0e2534e5600bbdecdb2d1521de4bdcf4bbb58335ee5da878e06338a67c37bdd7fa5364e366c8558","ssdeep":"1536:1MGegOn0krC6GahKRonfr60CL9hCQwucbWhlCZbvdUlPmDh/+:1MGhJ1aMynZCeccfFUlJ","tlshash":"265302ec4cbe441cafd43e9d58eb134f32823709c652ac5845d2759d22adae3b14e7e8","first_seen":"2023-11-30T14:14:26Z","last_seen":"2026-07-12T17:20:53.119256Z","times_seen":107,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/stylesheet_6.css","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.336Z","timestamp":1783876821336,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /stylesheet_6.css HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auth-telekom.de/\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css\r\ncontent-length: 56700\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 997\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"dd7c-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":56700,"size_decoded":57014,"mime_type":"text/css","magic":"ASCII text, with very long lines (56700), with no line terminators","md5":"20357596f3e17ecb65a44df1546c979a","sha1":"bdb6e73a95c4e8d62784f42b7233945ae49698aa","sha256":"a45068daecfd196011794076704b0fe6d39fe5aa4ba9db7233457e121ac74c31","sha512":"92923fce625c861f8f3642fe8a93c4edc9b62493e93c492c64c07df0e754b1281eea12f5eb52aebe3e214842ea37282ee7daf81fd907afa9459cd582d3dd2b70","ssdeep":"768:7mq3TdkKCU/Pv5HiD8WdtzY8gIY8gZD8t5:7mq3TdknU/Pv5HiLdtzaIaZY5","tlshash":"0c43dd47f7c5d4a2b027447f694ef9e4a412e0239f884fabf0d6824a3986b6745c2f35","first_seen":"2026-07-12T07:03:51.597628Z","last_seen":"2026-07-12T17:20:53.119929Z","times_seen":2,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/stylesheet_5.css","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.338Z","timestamp":1783876821338,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /stylesheet_5.css HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auth-telekom.de/\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css\r\ncontent-length: 16843\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 996\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"41cb-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":16843,"size_decoded":17157,"mime_type":"text/css","magic":"ASCII text, with very long lines (16843), with no line terminators","md5":"f07ee27754984462ce2c32ae0d21d1f8","sha1":"ceacad7ebc5678cc6a93123c507697256bad86ac","sha256":"71334982b605355a8ea872d1b6c492e2172668d128ee3a6b187dd5bb191e0c3f","sha512":"61acdaaac57e934899cd89d510ce19bdc3f174d250a30220434999e6f9a02585c1bbdd4058c56d4dce85dcbb2231f5503aba93413f6d53e43b81ed0c58500676","ssdeep":"384:hzaWe/4vqe7BLA7A4kqMDSeh5FdeWos59YSXQJP2:d1e/4vqedaQqMDSeh5FdeA9YC","tlshash":"aa728691b1420d3ea617853f4a4ba1c8703b95e3eb53deaeeda2c311c5cd3e71296538","first_seen":"2026-07-12T07:03:51.586835Z","last_seen":"2026-07-12T17:20:53.12149Z","times_seen":2,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/stylesheet_1.css","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.340Z","timestamp":1783876821340,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /stylesheet_1.css HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css\r\ncontent-length: 8455\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 995\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"2107-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":8455,"size_decoded":8768,"mime_type":"text/css","magic":"ASCII text, with very long lines (8455), with no line terminators","md5":"dfdfeb82bf9eb95cdc2990560b11f157","sha1":"5c9060434780e95c57e5bd1394dd0a1f2ae0ab6e","sha256":"43c09ae9904eb531cb022d6e08d57f83fcb6b5c0ad80e86f36112f1e462a4f99","sha512":"de6bc58d6192b269da8f7092ba61523f8e59bfa047babc40a693da9a0110932fc76c3b36e3d529c9aca6f3979079a1c740b2baec88e075e91ada2114818aed1a","ssdeep":"96:G61wIgszhN2kX2m+vUIH84Y5tWPPQ49hsE9:G6G9sVpX5+vUatdbsI","tlshash":"bb02acd8e290ea3a3a37a83f471df8ec6214ac53ac650e5bf45161e906cfff60059572","first_seen":"2026-07-12T07:03:51.598901Z","last_seen":"2026-07-12T17:20:53.122841Z","times_seen":2,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/stylesheet_2.css","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.342Z","timestamp":1783876821342,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /stylesheet_2.css HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css\r\ncontent-length: 3696\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 994\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"e70-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3696,"size_decoded":4008,"mime_type":"text/css","magic":"ASCII text, with very long lines (3696), with no line terminators","md5":"a8e3460be9999c0cdc16467f92977dfc","sha1":"7ef5d034ffd3414cb0339a9c90c6a26c3e0ff4ad","sha256":"0d1945bcb96b2b3497ec0aee1b0f2f1c3c464354db37581e3f6ce7e5715d02b4","sha512":"eeddd46e4cbb69e830fac04c75454f1aca25bf91d6372be4bd3a0d1e9b1ac3bc51ec7c98b4b4fbfec91d007135804dd719029cb18a79fe7255ac3e0d2bcd1e2e","ssdeep":"","tlshash":"7a71f1cda681d27a3d23343f4b6ee29c44317cd29d424c1ee84895b51ac7bf30693a79","first_seen":"2026-07-12T07:03:51.590679Z","last_seen":"2026-07-12T17:20:53.124677Z","times_seen":2,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/stylesheet_3.css","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.344Z","timestamp":1783876821344,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /stylesheet_3.css HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css\r\ncontent-length: 730\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 993\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"2da-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":730,"size_decoded":1041,"mime_type":"text/css","magic":"ASCII text, with very long lines (730), with no line terminators","md5":"eaa4d63fe83d05d4613284916a05aad1","sha1":"48426899cf9b942248ab7f18207752d314b5859b","sha256":"b79d5bbf6b6ed61347c070f56badfba912709a86409e3d7746dcd09c94dfc2e7","sha512":"80246812704c4807dc879c9d6c47b3a0949ed1fad20ce28ede74ca6b165504145cb27472bc0df6fe0ceafd8dca3b593e98ca9f6da0fce2e34d5ed81b353b5cd3","ssdeep":"","tlshash":"e801288d9961b03bb967283eb7fec588401aa9739c086f34ec4f64f417c36ea4412476","first_seen":"2026-07-12T07:03:51.600268Z","last_seen":"2026-07-12T17:20:53.126584Z","times_seen":2,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/stylesheet_4.css","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.346Z","timestamp":1783876821346,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /stylesheet_4.css HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css\r\ncontent-length: 23\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 992\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"17-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":23,"size_decoded":332,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"84c1ca821d7d1c1410bf1fcd02866139","sha1":"da5c1da1404554648d677a7431f799220d3ff62e","sha256":"c1d89cc2bff31a86f1c899b2c24bf3eff12e7749a81ed4a27917fb3f83a6c14f","sha512":"d34fbe431a20c8ea830636d4bf546f706c790c502fafbf786ad624c5b19929b011b2fef8ee5660d250d8e5829a46e3a7cb39f0e99b57de3b1b93b66b672c990f","ssdeep":"","tlshash":"0770002a200882a0a00020000c02a08030002ae02000203000c0808203828b28888200","first_seen":"2026-07-12T07:03:51.596152Z","last_seen":"2026-07-12T17:20:53.128Z","times_seen":2,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/fonts/25.woff","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.493Z","timestamp":1783876821493,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /fonts/25.woff HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auth-telekom.de/stylesheet_6.css\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: application/font-woff\r\ncontent-length: 66600\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 989\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"10428-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":66600,"size_decoded":66928,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 66600, version 0.0","md5":"ce17d96d9bb01e038c50978592cfc69c","sha1":"250f7e7536803eeb6d20350efa8f54ad379f09ca","sha256":"19da9c1badf7913448c569ea95117f6975b6e55588508aa570f9bedc2d2efd28","sha512":"21f608ba488e589ada172d932ea58460c0a42ddd12fbdabc581cf08972fd250c7d5872029a4db3f58e8caa93e5155482dafb8915e8608a21aaa166f4fbbd79ce","ssdeep":"1536:6p0bGbjTbjG+cB2/R+jP1hRz9Iu/CWRFii0D/jeeKZl+pCh/+:6i6bv/+2J+N9I513DrJKZl+7","tlshash":"db53021b27366823dadd7578783a0b41d70b0b7860e5a991e33916b235acbcb90f5f70","first_seen":"2023-11-30T14:14:26Z","last_seen":"2026-07-12T17:20:53.129566Z","times_seen":123,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auth-telekom.de/fonts/13.woff","fqdn":"auth-telekom.de","domain":"auth-telekom.de","tld":"de"},"ip":{"addr":"217.160.0.254","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://auth-telekom.de/","date":"2026-07-12T17:20:21.512Z","timestamp":1783876821512,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth-telekom.de","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 10 Jul 2026 00:00:00 GMT","end":"Wed, 06 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"67:48:19:3B:38:17:5F:E4:3C:63:92:D7:D3:F8:0F:82:4C:DC:93:97","sha256":"FA:87:B4:5C:54:32:CF:BC:18:9A:9A:B8:74:E6:CA:D1:F1:47:83:D6:66:0B:DE:35:1C:BE:6C:D5:2D:E4:84:21"}}},"request":{"raw":"GET /fonts/13.woff HTTP/1.1\r\nHost: auth-telekom.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://auth-telekom.de/stylesheet_6.css\r\nCookie: PHPSESSID=70e2eef28d9fcf630b5841004b074e60\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: application/font-woff\r\ncontent-length: 67164\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 986\r\ndate: Sun, 12 Jul 2026 17:20:21 GMT\r\nserver: Apache\r\nlast-modified: Wed, 08 Jul 2026 14:40:10 GMT\r\netag: \"1065c-6561a7c036680\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":67164,"size_decoded":67492,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 67164, version 0.0","md5":"25affce608e05060c9c43e6863ad70c3","sha1":"d0ce3d4476cbf1c777ba9242037233729ae6d305","sha256":"845e3dc8eec80ab6f18939f24638fb0acf80abd65d5a8c093912b7413b3e0d8a","sha512":"602b2b5762aebb9e59e313838a832a0c5025c2369cc9906e6221021406d757be926222fd49955eda3b2d09522bb0971248b7478580b45a69634353f3ae423900","ssdeep":"1536:qYLk/BomA+AjGiM9bjM81h5f0S5YlBRO2/63h/+:RgcjG1bw+0DTV/6U","tlshash":"2e6302bd89f880475851a1721f8fa7f0a5911800955bf413c39dfa82bf9bde84a14beb","first_seen":"2025-04-19T12:06:05.955151Z","last_seen":"2026-07-12T17:20:53.131057Z","times_seen":108,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-12","alert":"Phishing Block","trigger":"auth-telekom.de","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"auth-telekom.de","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}
