{"report_id":"594a061b-90a8-400e-b03b-1e8018a9e72e","version":6,"status":"done","tags":[],"date":"2025-10-09T17:15:46Z","url":{"schema":"http","addr":"kunden-portal-02.de/steps/login.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/login.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"title":"Login"},"submit":{"url":{"schema":"http","addr":"kunden-portal-02.de/steps/login.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-13T17:15:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de/steps/login.php","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}],"urlquery":null},"summary":[{"fqdn":"kunden-portal-02.de","ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-08T15:26:39.707286Z","last_seen":"2025-10-08T15:26:39.707286Z","alert_count":583,"request_count":117,"received_data":626678,"sent_data":72583,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/res/arr.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c3a44164e26f5e60ae9d39f401a17b3","sha1":"9ecffa8a2ffaf874b0f00e6a136f58b0724d6179","sha256":"bf337111e4fcd824c56dda94f5b919610b567478944f9b3c6b1d0746a883f1c9","sha512":"f5c685c3577ada11ddea9e8e9bf6ae263dee34102704e110b582283961bbd48976d3e5a62ebf751e79ecf626504a9fd47391b27cdc1373ff9545f8e4f6c68329","ssdeep":"","tlshash":"31c09216ebfb204a92050e881098394160381803ac426d06ff94f7c49f7c6bf76a4abc","size":138,"data":"","first_seen":"2025-10-05T19:15:32.113204Z","last_seen":"2025-10-10T03:29:55.214943Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/login.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e03482207b9229132399f3f0a01bb1b8","sha1":"2c7bb5c4cc0301ad02353a7ef8b7cd78a31b7cfa","sha256":"428ce84a8a42b3ea857fdde73d7ec9bb0d13bcf970e397a210efc9f892dafc22","sha512":"4b58b45400794c83f252aa6fa2bb881c3467541401d86fdaa20410e845ba5f6cc0e04c16d53808480f07c95e1463956547d2b0ee68846974382639fbeac650c4","ssdeep":"","tlshash":"05f0e98df2d6708468b7292f5a0f51465c7154873f4e9438be2cc280ef7668f9462e5f","size":566,"data":"","first_seen":"2025-10-05T19:15:32.118404Z","last_seen":"2025-10-10T03:29:55.222486Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/res/jq.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3e4bb227fb55271bfe9c9d4a09147bd8","sha1":"156837f75f6600ccb602b4efcbd393636c33f35e","sha256":"ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127","sha512":"f7810ef9df875a7fdfa7228f7e2f95dd34e18b57f56a46383198ebcc591e32f633b0d73cc6b271fbc669347f7fdc114cce6a6b43681104b25084fe2a1e7bee49","ssdeep":"1536:ejExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1vN:eIh8GgP3hujzwbhd3XvSiDQ47GK/","tlshash":"589309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:21Z","last_seen":"2026-04-04T14:15:48.573043Z","times_seen":8624,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:26.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qBeBWNa90jvJUwrmbyjhKBjUPeGNY86KfvrhGqIHl%2F1Qmlxc%2FFXGmQpHk%2FVfRl57X53DUrmyKFZ%2BV7AHtJVi8wcAGXxp9HNuq4aGswDk3u2tuQE%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:26 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85225fc40daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/cb355538-bae75d94d72a59fe.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/cb355538-bae75d94d72a59fe.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=scYIGbCYf4GvWreF%2F7dhrLNWwh1ASxopMkNOVh7isILpnSNhYXzyhB5YVG8Hz4Rt2jOqbiJxTKFKtHL83EmElNGaVnQPwco4C3maPJU%2FLPkLyIE%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d45cd10daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/2962-fc4fdd714628ca7b.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/2962-fc4fdd714628ca7b.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CgZ%2B259Aq7a96PAIi%2FHh3Mx4Y%2BAcPKJoxwck%2Bg2HY64uCycYpstcRr99ENE%2FSA0b01t7CTh7LiNTdiLkLDx1XaFoUQez%2FHYzSQyNvcMoCfs%2BHMc%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d46cdc0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":264,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:23.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yP6raIT9%2B7YqrM4a%2BV8xXCm3BPmMGn1UpGfVr0aoBFaIzA1crllIYU1113UNs3PmHYI%2BxkS0vkVPaRxoU9bCyQz9FhO8dEU9GL69VdK0z%2FaMrfI%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:23 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf850f8da70daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:27.454Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OH3EnxhN3OWiGHvEKYdqYqBcWykrmHxWMxX7LSUGQ1pvZPRwSha8Pw9GYExi%2FagrKNUySoKtUh4%2FkChYQVKeMHWenmo8x1IcNxv9wIF1SQe0wEU%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:27 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf852898ac0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":115,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:30.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aOGbbhD8cikDeP8I8yX1MWrYmilTnx78R8Ol8PZD1VS%2FRa8xVcf5fcN%2FbTmQBlC7XZ1uykww1n%2FGEqA%2BO9vAt2f3RCOv6Nzh717gnWb0CaUk23c%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:31 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf853e7cf70daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:23.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ATC1B18ESg6wCGX8SY6F9HkeexFFcP3nF1OfYZljRRPq0NOg%2FvlM1IGn9hq6uLjELchZkm4SsmujkxCUpGrRaZDZ8F7MG1KIOErcYTl%2FXE48X3Y%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:23 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf850f9da90daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/pages/_app-d8436f8311294fe0.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/pages/_app-d8436f8311294fe0.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PJtow8V7Ms7ZZ%2BQKQRCtd0aUBCJ1Q2W8D%2BB3H4nCqee1%2BrmiP63Mch3Kn6zTdFjwZaRrIB0uYrK0qkqpP35Wd6%2BhL0VOVXFS%2FO4yRwZysaxdG5o%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d45cca0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/29107295-2fe5d4aa5d47354b.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/29107295-2fe5d4aa5d47354b.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kLiA1YVnHAJET%2B8EqeL3%2FtndVRlJPor3BRIv%2BwvAcZ%2FkuoZMi4%2FwjsbMzIfas1YAt5%2F2f2C8l7PlXOsFWVZm4dffF5i7ZfJyXlK936X%2FvfL%2BuB8%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d46cdb0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:22.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W78uR1ERUVn5vxazOv5GFL4YXQ2NBJOkJwzzWZqPWvHVjPfncHEWiq2J%2FV5aBwAWmv4xT7AboY2jy2lCm5%2B%2BlfuUvbl%2F5TBjgVF7xkbWGVnqz4Y%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:23 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf850c7d1a0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:31.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DxhW4pch4Qv2y7A5qym9T68MKxL8YLCGfrDKTVqNUQp6jkhdlOZ5nkaFO%2Fj%2BnXZsOBDdN0D%2F9wexRQJgCbeAxBNoimVHHOWliv0C16ZRUxvQoiQ%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:31 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85419d390daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:21.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vRV4LPtQNPDaiGoP7FcczaBUmj3DkjS5loyCPJlkjZmjNh1N4USyJmB2VLIxRi88DFTYsRHd4jYgIiwIiA5YwKWjnL3p5sNojhPB9PHDQWKZvBA%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:22 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85063c2c0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:22.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6HpBEb5gktod4qmWQQ5d%2FCgGvdSwuMC8E9xndPps1%2B2CUrmBSAg0FTOi3t14XNLewQdwxP2VWFp3d6%2FDgcTSOXBJdakfrnCYy92QDc6zLJxEkH4%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:22 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85095caf0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:26.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ynhqin5r%2B2zcW32L5LY31jcGWBmAaNyZKLUm0kXhxT7RRN55T%2Bj1yUAC9Tz%2BUl2xePoC5JE529%2F8aezTRYsZ7YLJbQyx9RRnlcVIWHfBGe93IVo%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:26 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85225fc80daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:27.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5vqVHlQpiqVEvkbLF4q4MvvzcpKR8esFgYDhBpFGk%2FHHohck27wZ7tAFkCjw4NvtKhsKPjZZ5uwGt6ZCGG1E31C8zLwpCklm2JqsFRfPWm0z8Lk%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:28 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf852bb9220daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:28.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AIVOL1m97Q6KlGdbjKjPJUfwIS7dKG7fwi%2BvKEYR3UPHt%2FEQ0NIZMNA%2BNuOLkHPPayIyE198lVkaxK1ailrdvO0mnv7IWUpgj17vzJZgD6oqYNc%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:29 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8531fa9b0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:35.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p3dVaba4AyjqoPxe%2FYwTJmNa%2BaEWki7w%2F7Wub6FuVRQnu9r4L87613wa794Fh%2FznmMtOK4Zun0CWziEtgnnvrfayAL1v8BEi%2BeaSzhSF1gGiobM%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:36 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf855db9420daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/4fee24eb-aaa706b51aba305f.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/4fee24eb-aaa706b51aba305f.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eGMnFllJD%2BhzubdRIVX6Q0or3lXEoZQcNmObYjH0vZ2BKGNFurO5L5GPTovmPQAo14CESjoQKQAkomvOWPaXHfROpC57Rfypbf46JhtAteWHcUo%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d45cd50daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/5675-2a486325fa12a9aa.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/5675-2a486325fa12a9aa.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Qu10ALgCFaqW45SZGFue4bt2ARBAjH9Egiv1C9%2Fmd0QJD%2FJsJD2YwhSKb4NvCLZ8%2F3O6UNfm2d9X9Qwdd8US4viBcrbJlOfaIPD3Rf15gUS5WTw%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d46cdd0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:24.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3jLWkUg56quobaGcb2ewtWZvclDD48ZLggwAIao9zOOq3Ksih1O8i9adEvLUAWJG8qrdUAXLRH5GMFkmeVKoc4hm7V9qMH%2F4cHLcRkKjj%2FlUdiQ%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:25 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8518fea10daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/login.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-09T17:15:12.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /steps/login.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 09 Oct 2025 17:15:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=78TPgd%2F9PfcS8nsP6roFBtUimq6P2hoEpoujZ%2BwUKkZ%2Fo6i73w4DWYQ5ARxT8I22IkQo1BDYFbSyQzSfWsOwd05dJxLsDrfdvRu9tss0c2ea\"}]}\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: PHPSESSID=19nqov11850556ndori92avpt5; Path=/\r\ncf-ray: 98bf84cd6ece56ca-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":9492,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (367)","md5":"a932ac75b5de51447e31e7d4071ec5ba","sha1":"31fa57d474f26dd0b5bbbfd18411d4a08975cbbe","sha256":"0defd781c7938fcace3be699d52e652efbbe74393a6ecdb6dd91b229a0bccc18","sha512":"e73c0eaa0804b4bc7658673596d6a0a1cbd7c94daba39c3bf49f20d1fabe51e4b54fb8487bd474c5998b980aead56612bba7f5c1c35b807b56ad5d6ba0f5f151","ssdeep":"96:EU9KkqrUNONQqS3RhEARPL1z4CR7UCRrCRmPsSKzCRLSAcdfYKgVpHVmN4T4peqj:YkqrUR3Vz94x6p/J4pl5Z","tlshash":"7112a412acb28c5610a3888e7521f35e6ed5f627c41e8454b2fc82a90fd3ec6cf97e05","first_seen":"2025-10-05T19:15:32.102428Z","last_seen":"2025-10-10T03:29:55.22026Z","times_seen":12,"resource_available":false,"data":null}},"time_used":900,"timings":{"blocked":36,"dns":13,"connect":1,"send":0,"wait":828,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de/steps/login.php","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/main-b8d70449c3aac2ad.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/main-b8d70449c3aac2ad.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A6g0EOxTCojLQFkgCBYhqt8d5RYhkLPimW20CFIkDaWY6k5iK4PIaOJ4QXco5ZOomwHWtamEDFVY13U0aE52WW1aP2ixtGbTCCGyvtgJBJP4%2Bis%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d45cc80daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":275,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:34.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1XPvbFxWLfo2H1QTMYQ9JRR%2FpDyVMUwZ7pQrue82gOEyfzjDEWy1JauO18ZbtW%2BzzP9aUph0aHRwqLhy99sorBHFmK7gW7AuORqtq8AFAbPcfWE%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:35 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf855778aa0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:32.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=axrMSyYxloamOa2Q9bQyEm6pVluhzvSutcBZJI6DDU7DyZUaH3i0XWXm0rWalsRmG6vj6MgrpLEFUYlJU3RMjMZFBL8EH70fVBpJgbnwDtV1UXU%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:32 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8547de8e0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:16.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=k89eulEtH7CiMJS%2FYxqRGCUY%2BA0T%2FCuQtKl7j99qkmbaorfFdc5tLrdJ8j75kQ2bfl%2FheEDZLY1DzcC3sL%2FT%2Bz5LWMl5QKaubKupPAOYzGV6E3s%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:16 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84e3cf090daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:16.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AiG29FDNIuDisKpT1YRHCCICDUXYNk8mb82IYVm2IDmzm%2FwkpaUhmgfc92cJ6f%2B25QSoGZJOQtrToQ56QYTUniUqVFuMVD%2FtWsjozpKYiKCyy18%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:17 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84e6ef790daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:25.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JHWXCz3U1PfrwiUo0nJmQfLMIBUP60%2B5lc2x24xAbrXV%2BWoPs07j2O7CO40Po37xnNfnwx9RVxR7MQLserfKnY%2BdzzLz%2Bbz9kcIgBnxFnM3XgCE%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:26 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf851f3f580daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:26.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RR4jEiz8LO%2FfLq9Rtrcg%2FvpZuHGiBSIwgoJQsslpTfN8J0qyhA72l3XLDpOvSTX8VgQxlZPj03U7nuGe2cnRtD%2BNPny%2FqtBmiusu5egvJ5PbvL4%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:27 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf852578610daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uAm7%2Bzk1TLkSeIm%2FkoWOYZfFivQ%2B212qGA4N%2BN7nmbMZXodp8iX5e03M68M%2FQ9C8Dg6a0TX4WeAWILW%2FRVPEyIR9j%2B2iBR%2F8uaHcj4A6PvO3MAQ%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:15 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84da7dc10daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:20.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F7HX7v%2Bo9ENSdLYBlViMdPzqVk2eD7r7sf8IfT0dZLfX1flAQZwGNVdxZj%2Foa%2Foch12m8aKrk5Pa0wuom0WyFJaWcAdibY79iVVzD5xBetdsTL8%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:21 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84fffb6b0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 18\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wTs8kcgj5ozlf4NocgQOzXAo1vsImQzPvwKKB4RFilYUToxZDw62ebzQ1IQ%2BjscwearA4pvRnO17LewDLvX99WxIadhjkZrzM738cFasYOPGaB8%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84d75d490daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:24.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ASOZzYQlCCv3EKhAe6Qjo4e8fprKhPIFCEzMu%2BE95vNrqc18BuP5SZZWO%2FVYTBdPFo0gmVM3lY%2FybagnvghEXM3SmLOYwkpbWJzOwnEAosLH88U%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:24 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8515ce3e0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:18.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0TM2cLl2kHSesbsY3%2Fml8nkLCYlQKbhLX%2Bh2kUVuHpFm3dvGi4axi79Fk7axLhUoR%2F%2BIsvUo8ho%2FFOo%2F1bZJZIpAu639YSKbJEvh%2BvTxuv6Xhdo%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:18 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84f0493c0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:18.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sp%2BeKcX5meli0KMi%2FAyl6%2BfmpulwF99KQD4ObcnpN7kgC%2BytcWmsrOreWDwaW5%2FbmhSrVqEPHfqnbIIOj8T%2Bp5ut%2Bpd1eix6ieqAsADHV85HLC4%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:18 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84f0593d0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:34.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dzXB854kBlcCxsv3PQFX%2FebpT8Gg9MVDySxMjFlizLzqFVqJA%2Bm6yaxdUJy%2BShysXWHO1vbS16wDuKWcmk7NF%2BCJt6f65p8jvK2mrx9bvKtYL7s%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:35 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf855778af0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/font/OnAir-Regular.woff2","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /steps/font/OnAir-Regular.woff2 HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/font/164283e15efaca42.css\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Tue, 03 Sep 2024 21:10:56 GMT\r\netag: \"bae8-6213d7e4d9800\"\r\naccept-ranges: bytes\r\ncontent-length: 47848\r\ncontent-type: font/woff2\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oNLCccV9b8fx1zD5X7jFegGBxvl%2FvCxyedtdEG2B7E9L0R8cODVstzC5LDuiGQshuMbhLASVxZS6%2Ff%2Br2h%2BL4a9XrcOMZKUOXsUqeZz4B3wGMck%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d6fd3b0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47848,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 47848, version 0.0","md5":"c08a2aef693d93fbc00b0b569be070cc","sha1":"1ee63a32fb633174d56f3e4fdff75f24aec48578","sha256":"c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac","sha512":"129acba5c777dde3d4cf94f6307e3c87bef83dda93ca630259bd3c7e8e9f0fe9f2a2a10d67c211a6eaa9bc141fe566131593f6809ad65f12268df1558e0faea1","ssdeep":"768:nkj8DRbKBr4c+4SgAlVmv4PzDJrrHBxQAMK4Omwnj+7QWmfREiAX5rMR+VNdWMKX:k0RbKxovHPVEAGIzREpd7NdKe1hh0x","tlshash":"8a23022663d0472d880fd5a0ecab509fa2c8243797afe9e47c0bca01556766f5637ce2","first_seen":"2023-07-04T17:39:09Z","last_seen":"2026-04-04T02:45:17.555887Z","times_seen":27,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:21.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z4Pa5ioqauDMohdiNRxLpPRP8s8oWQtVUep7H3NjDEyrea9%2BRS9eLArHDBdsh22diQ0ARw7p%2FjAHRqjMBefb1orCJF2g%2B8mdsfgrfo5%2FxzQ0qJU%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:21 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85030bc40daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":122,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:29.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HU%2FIDzz%2F5hkE0A4rb0xKpn0XPJ9sSb5X%2Bz1QSVogCTwVnkYJyTtQ%2FzalodGHWeu3UjI5DAVzClLYmkk4kPeEPMEqXEtly%2BjmXa0B%2BmI6h5dYwSg%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:30 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85383be40daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:34.454Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uYHlVrNrBFSx%2BD9TcDTSxFWZ0OgehocyuaP5%2BixTzfDo7DnrcPOHD5oppc0MU%2BA2HgPByipFcHJI5X0JtoYp956CIQfT7dnr6cAx3jxPovTFRNQ%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:34 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf855458400daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/framework-ae562e2278ed0cd0.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/framework-ae562e2278ed0cd0.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9SIw%2BlikY%2FCWxOTdRwFuBCw73ixIzyMnxakLtSPru4L%2BG4BAIH5i3xBspQzlUTDP6AZykvF1r7ATgI5V2eghiDDDr7uyHD0yD3Tr3h51k%2FPxMC8%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d45cc70daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:15.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gE8YLkrHRNetHkeOVt7IwlAbz%2BHhK3qwY3aYPPSywNNfdhwtQaIDki0kOEdocolDaILf%2BKs9Fxo4xf7cYxZd19S02P6LQmET3vUoZzV3dj%2FglRk%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:15 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84dd9e460daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:19.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kv1s5wuLS89o0TueTBa7FMQPy5ag7hjzh2dGbSNTpLr%2FZOtfBYgHigKdZ9RzTy3NFa4l14qsMv0nSHJ%2FlDYgskUNSN0GSANkgoj9IzF6I%2Fn%2Fapk%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:19 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84f68a170daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/68c0a17d-9ff68f85b2959884.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/68c0a17d-9ff68f85b2959884.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=38TxUprXN%2BTmglGc98zwJro7ubokz3q1IVwmUy75RIGQfdwXCqKazJIV8Vn4BKIW%2BA3s%2FMiivCnEmIuxkmcX23MoSKCD%2BIa6cbIQHU2hZpCXhWc%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d46cd70daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:19.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HI%2F2tXqeWeGrfjXKwsaY6RlEAKDib2v%2BC02mioZ398tptoJ%2F8pMknUkb8FOP4Z0uRMgBDfqDxHzU3IaaOuyvC2vuqqhCOAwHK1mued5qJELLFQU%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:19 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84f69a190daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:28.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jg0RFdYk1YxBAcGixCTO155LhyB8xmhZHp3gSX5et0Gh47eJ9g6eX1iAX0zwxLpi0RgsFqzaekyITJzt75vjFT2UAEeLNnSFP7V51z%2BXKZEG%2BLg%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:29 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8531fa9e0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:35.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZJNP7qVNn8DABOaFb3yO3u%2FDe2XZEiL1%2B4tS7bgGAU3A1a7bcSceQMEtFnvNy70VB9Dt811slRCe34r89fHXVMX5x4ovc8AE25WJdsSwnorBFpo%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:36 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf855db9450daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:17.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SfPXicpQZaYoAZN1TqJnpHQXRtK8H1KSJHr0T72fhzOvzjosRJ%2Be2JIChhoqB30zuoJipL6b6ZTazSufnRmb4CWDpd8seyVPMO3Gqg1wAw9CVck%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:18 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84ed38d30daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:17.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bsqYs3Jd7sOol3mtgXJ1E17tY2LT6xZIRoNYm2nsrf30HwGKkHhoEAQ0dt5V%2FYj4LdJmnkRqhJhvj7K3fjkLE%2Bu%2Fm0w0mXhXcPwQc9J%2B1y0J4us%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:17 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84ea1ff40daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:19.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CI%2BgwIUCWwX2cI2wL6IAhXshtYS5%2BTz%2FOmru%2FuCLCJr8NdkgL9jXy6tSVSegI%2Bu9ooFZRmKXFkj4%2Fpe%2FPuZNApWEr8KiyLbzUKoaPlogPsMrsis%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:20 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84f9aa800daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:24.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dRTVyw1kDmSiVRx93VrUvqUdpkorfDvV5vPg58Os3qHn9tYhYgid4ILRGRKAgp3FuxnoqTeQghhGjg47FwaBayD2pTNxHXIkAEv0uP1RhiI4mp0%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:25 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8518eea00daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":89,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:28.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jN2jCV9BUjtQnP5Lm3cyjUJSW0d0El19ioBX8OvWN6cgHb8MKWXc7DKhcP4kQopxT%2B45K8JzplB4P3vXgeUWK0wjYxbK%2FawBKtOL0x4OP3wlzHw%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:28 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf852ed9ce0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:32.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eNwYbJlopdqydx6A2hesRVRoJHfFM1YylL5%2B%2F%2Bjgw8CzDyG1DXkMpp7OqHkwdRryED81PtsigEGRfg5TXRxvF3hvxviq%2Byb6mCnxP5YAlVihlEQ%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:33 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf854afef70daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:25.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u6NZGWNUYEqIl0uQ7iL9bj5zZnUp4krKv5cQyqIm2bBeq%2B09MAuNhGzVitx5AtAQEDgW1ZfmXRG6V8N%2BEV0ULz11wTeMkhcu7%2BudfFbUGkI018g%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:25 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf851c0eef0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/font/164283e15efaca42.css","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /steps/font/164283e15efaca42.css HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Tue, 03 Sep 2024 21:53:36 GMT\r\netag: \"29ac1-6213e16e41800-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 30459\r\ncontent-type: text/css\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o0jAn2N6PPgvg7JcFXmNS235RrowfTGS5%2FdqZBopOxb975kROfiC0o7kHNFuAwdLuyubfMO7emDL%2FXd1v2JBBObliDWvXIzpj%2FFK9kX9AaOtjE0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84d44cc00daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":170689,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (3641)","md5":"3d44bc8ebb265f11566e2bc0710007c7","sha1":"9da88824d4f3a7ec2fc9432a83be95c84ea4949c","sha256":"1052f316fdfac185cef1c897ba224bb4afcb7d4c51956baf017cf64de7128869","sha512":"7ea1848ba2c99bb45ee6a727c684e7c5b5acfdb426f9c1519cf7cf54d7b014ab3e825c15120125c8302c2b78e6a6ad4b47b8f7c14a8dc092f2a6ae2e9d16bc6d","ssdeep":"3072:uSC2iVH2IxRgoH9HmGtCs8TyKWITjuGZ6tBN8W9FnGS1jpISh2z2BC4bjLXGo6s2:uSCfH2IxRgoH9Hm1s8TyKWIToPTFnGSo","tlshash":"9df3a7585a67182d3c2b40fea7ed6a88611620c7ae1b8de6fd9734008fc13a5d9d3f5c","first_seen":"2025-10-05T19:15:32.107641Z","last_seen":"2025-10-10T03:29:55.218878Z","times_seen":9,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":329,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:17.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XTBS0mXFB2kVwCrDYNYNCcSMcO8pJxXHAfWKtfqudxqHDTy%2Fa%2Bzl24%2Bq0rdlBQOzRkNKgymUu6tc%2FlKKW%2FFk9qaVB1grTlBdj630yCOB147nRO4%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:18 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84ed28d20daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:18.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FXhZhDWOehqvgX5%2F1VkuDLGGhsmgbB8FcrHYYHpWbvVm7OmH0QDyjTiVrVsLdN8gmb%2B2VTpQhUuumQUTXkxLxovKDVzfZDZuixlIJl7IbaZnMnk%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:19 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84f379a20daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:30.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rr7LiuJ997xqLJnF%2BVsFqOX%2B1oayFnPEkkqhD3eMPoi03HD%2FOBIQrMnIX8MupEDO2Let2eXOj5RYOzQRoo2QsjQyz3OehLUjpLueO21JrWSinb0%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:31 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf853e6cf30daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:35.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jLX2zhScqezIogynEjdry8sqxBlmr%2FOyaf7W75PuBZ8E6pvhL9vw1JIe56PsJUj5ifWMBUcHhTlYKIk5GcUM0gIUigkmwglI5MIsucRN0YTWNBs%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:35 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf855a98fc0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/fea29d9f-61589828de13e5bc.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/fea29d9f-61589828de13e5bc.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FINjL%2Fef83dgnGJgor8dzQZmYa%2Fig9YsvAuKAZiHbPKXpXl8oLdMxEqe8BwRLaAHNtzaFFjNGxO8rJJewGtn7bsJz8L4sWs3f5TQbLD5Y40z1S8%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d45ccd0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/6eb5140f-e4f67a6ff6855895.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/6eb5140f-e4f67a6ff6855895.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wQac3j7d6BYz19ne0Yg8cX%2FBWzV50w%2BDJFPyIItC5MAbPxoy1avzNlOD4cHv2v1sXN6omNyr3uoennyQmJy0RtLV8r9GKaW4FnWqErwMxGA7uwU%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d46cd90daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":260,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:22.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y7kZb45AEWWBFKKkWH%2BuxhTyTf7E4sW0UXGGpnixnjo1vAlI8L%2BDIx7j0re3TGLXGs36iigEdrJKWPnE9P1nwlOYnUtJtvJ1yz5sVAJGbN5V1f8%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:23 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf850c6d190daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:34.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oP%2FHFuWcMe0yPr7eUTJKjEarcIl0KGanQEyhhFrUajp0leBT1xsYAgxNqZUC4dcRdHqkKrlfTY5d%2FGM290d7xLy2227yb%2BO51H8CgCyvXPoY2%2BU%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:34 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf855458410daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:16.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6Gvbazoln6gujgEpnSLS29JRmDOB712%2BaDWfTwDhnSRiSZHIOilyoCJOG21Hc%2FOFshB%2F82u525NYxwq4kDa9NwntetGm%2FgvfLZ4h7I644pqpGkc%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:17 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84e6ff7a0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:20.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m4n1GYAQwQylRf2w8EfuaYHD4osp2L0%2BgLubXuRt93xra71xamVnb37p52yp8%2F3DJ0Cd6VP5UDMRD5J%2FXI5vg1sjWJ2F2mJr3oRPL5drSFMME74%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:21 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84ffeb680daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:21.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vytlZU1MoztdB6yG%2FtxctXsCXLu9vNyqKlYRPIAJb6%2BjQr6AGNMf%2BTb%2FQVCurQvV2PDl%2BUkSoBD8m018BSPE2LiXLVnlqPtBJL9cxoxWo0IKzXQ%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:21 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85031bc50daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:23.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OGJyb82h3RGF%2FPTVOdYnlOo9Uu0mb0D8iaYxkF5ULHQIr%2BHOtWqLDB9GDY2khgSBgmXFhIbsImLk9DuAz1KC0owL%2BvWn4lyD919JBdLtf4mtDG0%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:24 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8512ce0a0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:31.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WFIeUv1QoshV0F00rNAC2nYsR2tNuU3ZFZwekGVoYY9oRXAjf1ibqjRPwk1k4lcJ%2BGLdL7%2B5Ah5x3s7mduqp%2FJySPHwQTe3FhZiZUMrV%2BopqGtY%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:32 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8544bdaa0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:32.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KsEgEaRDBySmxsJiHLPJDEQo4xXvio6E06sdpQHWtuFooHOxqOb5CIBc0FpMgZ6iX7cRitK3Ktckr3hCvx%2FmDW8Mcku%2BY7hKb9Gz77WspIqF1sA%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:33 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf854afefb0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/res/jq.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /steps/res/jq.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Mon, 04 Dec 2023 17:35:50 GMT\r\netag: \"15d9d-60bb28c86e980-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 30905\r\ncontent-type: application/javascript\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vNt1H7ecncNt93NKmF7Z6zvHOTDa9RgLIAxMWmHbyrivgW8j0aq%2BtnZYU84yVEDcgyogEkb34%2BpmsTHNqO6eBLqo667q3vAC3Ftp%2BbrFNv5my0w%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84d48ce70daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65446), with CRLF line terminators","md5":"3e4bb227fb55271bfe9c9d4a09147bd8","sha1":"156837f75f6600ccb602b4efcbd393636c33f35e","sha256":"ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127","sha512":"f7810ef9df875a7fdfa7228f7e2f95dd34e18b57f56a46383198ebcc591e32f633b0d73cc6b271fbc669347f7fdc114cce6a6b43681104b25084fe2a1e7bee49","ssdeep":"1536:ejExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1vN:eIh8GgP3hujzwbhd3XvSiDQ47GK/","tlshash":"589309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:21Z","last_seen":"2026-04-04T14:15:48.573043Z","times_seen":8624,"resource_available":true,"data":null}},"time_used":326,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":319,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/font/o2icons.woff2","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /steps/font/o2icons.woff2 HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/font/164283e15efaca42.css\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Tue, 03 Sep 2024 21:10:56 GMT\r\netag: \"10dbc-6213d7e4d9800\"\r\naccept-ranges: bytes\r\ncontent-length: 69052\r\ncontent-type: font/woff2\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xHd%2B6YbJ2F7YJlooqLG3oHqoDuOcA3U2h0i3iCMC9ENUG5r0h8gEMYixfcmWhGyzkI1%2BYukhC1ycggWkz2CHcJz5DxmKY%2FXn5r%2FTCUX0pcIkWD4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d6ed390daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":69052,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 69052, version 1.0","md5":"1803fbf3fb0218743a0c76d6e30ceaf9","sha1":"6d9d51ec0c84e48939070220ddb8890668075a3b","sha256":"9514be1de81594cc232402c83c6f2a73276ae8c3a6224a7ac8a3561c5ed9f7c6","sha512":"e7dab10f7927dc07206ad252ebf914855fb18fb72685145b61ab93839f2111ef64b25ad9953d68129641e8bff6bbe2870b364a5f082bd9dc51f3a214ec8f815d","ssdeep":"1536:1LSBg3EodRtNh3EYQDA1PTQS/xYtfV7bbwocXTPds:1LSK0GNh3EYx1PGfV7bqFs","tlshash":"7f6302b898ec41ddd4350cf3b5b21b2c879d2c4a17eb25b46bcd0e1e56a2f855e13a07","first_seen":"2024-08-19T17:04:29.405985Z","last_seen":"2025-10-10T03:29:55.221788Z","times_seen":10,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:20.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HVb%2BoEdWUDILF4hbLFCDDqcLFCRaMJrVwj%2BuZkmnunoPrg5bCVNfDgqzcdaUklQxlFvxszT3WMbaSpuYJpg4del8Cd4OU%2Fw0U3U%2BCoJn0kz7xXM%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:20 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84fcdae20daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:24.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q8bodiT2xxFPaQdZpi%2FAkVSasNQo4HesGacVqgpWwO5afxdRoSuym9X4JkbS0MAPto0pvqmTTpSUYgQ%2F4o%2BmoxaRoLNdIgSxt4uwNQErVP4dV2s%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:24 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8515de3f0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:28.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=58LUUnSO%2Bdchowkpp%2BxXDoc30eTqLoO6au1j9tVzENYfj6soM6CwG1BytMpOPfZCKDJy9yvE2tBXHuM4cnLEIxCEecisd66a08qTWX8ZzRKr1AI%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:28 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf852ec9cb0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:29.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y66Qca27illBXez28WoI9EpYjawV0Vp1tkcdIR6J0C7XRJlG890Mi%2BFXvJCQt9ZiwgeUYNGVD0g%2F%2F7kH8VKwUraq8SZI%2BYgARrCzRiCFMN7pj%2Bs%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:29 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85351b5c0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:30.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hw3HwJtCozMCek427RY5hVrsa6UJtSf7LUqLy5smTA1wpke%2FwwSY4BDt8938cxQZdht%2BzzsqYQntFt%2BfGbQ4JnqDzY4MV0GEfCCQdW4SPxBJjA8%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:30 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf853b5c900daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/media/e11418ac562b8ac1-s.p.woff2","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:13.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/media/e11418ac562b8ac1-s.p.woff2 HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uGshmW6lesuEbPnzd%2FPxxDzuAAujZ%2Fsd3BthKZVEKqz7%2BemQQrlhhqhYH6wTuhvncJeCeFx6Y%2FwKFRpGZQruv5nSdJK77WD%2Fx5MUVI0hLw7hf78%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d43cb90daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/4577d2ec-23667bf9f5dd46ec.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.023Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/4577d2ec-23667bf9f5dd46ec.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gEGvHtRMw146OgaVs9fuFY22Pz60TC8U4Cg55ADbPJawc4FodSJZoCw6B9gVVSnO95Ql2hoKoeWbY2SguK53x44zJ2rDKAq4fCvxogKMixk8cqU%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d45cce0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/pages/index-9d5c65565c616785.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/pages/index-9d5c65565c616785.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QDeGSW5BwE7tL5dGjaZcIuRq8Vip%2FGjqgcxQJUidi5kmJoJA3MX4Vlm%2BbVlKHDrF%2FdIvJlkArkQbWqPpmWn5HSw8LmB1yTwCUSny2x7XcjtGJXA%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d47ce00daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/font/OnAir-Light.woff2","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /steps/font/OnAir-Light.woff2 HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/font/164283e15efaca42.css\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Tue, 03 Sep 2024 21:10:54 GMT\r\netag: \"b758-6213d7e2f1380\"\r\naccept-ranges: bytes\r\ncontent-length: 46936\r\ncontent-type: font/woff2\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VQ1t6cn4h%2FYkX76LiaXBUHQozu0gMFl38qFxizcdDBnHQqKC%2BJEtLHm0K2u03gJyCGl1ejhMl1tVpbPN00O3m%2Bk3JV6RTblz4GZWlauS%2BmTV2AY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d6dd380daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46936,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 46936, version 0.0","md5":"e3b307c66c4db246c6b594749cec6268","sha1":"2d3201fe9e18752f8149e9120a1b8f1546427366","sha256":"4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b","sha512":"8dd44d4d7ada9a6008b6fe93350e63120ca04b5abcae4be50574cc6be404a08dfbbbb54d8f57388c42620e1db67bccc2a53c9be94d6a5e1ec2729d6dedc4a81d","ssdeep":"768:Be0I+HVjUBnKXupxv5LDLmq6TBpBkrZplaLLv9ADVieWHI4K6XH6QSgSMTT49qfd:BP7GBKAv5L3J6TBpaxyLvkrWHnX6QSBK","tlshash":"e123f28096c46562be36801644df42d4ce88e6e5a15ffef814862f850ef6f3212b77d6","first_seen":"2023-07-04T17:39:08Z","last_seen":"2026-03-16T13:44:14.820479Z","times_seen":19,"resource_available":false,"data":null}},"time_used":239,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:15.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sCj%2F4Dq0E4FVbtGRWxQW%2BgiAA%2B218goamvQIiZNAwC4GDP8tRlSk5httHBNLSEJpOe67zClj9Ca%2BT02o2g95EzYHcP5eTZa8hzSZvsQN9%2BuBnP8%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:16 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84e0be9b0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:16.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8E%2BTGt6W4PNq4tBuhi0PYvMiYq%2BPfeLx2kepzH9QA6ZDERO84MSeSxUgQR1Z4szdy2oKo2%2FL5YGvhCKnr%2BLhoK04r6ekQPPzb36E2x8DUr6S08s%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:16 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84e3cf070daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:19.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=20%2FlRXTeiFY4LgdaZuJCs2Yq7QzjhSAmtqinVC%2BiQDYUd9X5Wa43MEP3T4X8LG2QRKSMFFhhLBA5OqBYWu6P63ne8NZH8V%2BBC%2BriuSAb5%2BE6cuc%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:20 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84f9ba820daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:33.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=35ybgfytN9LUKw23blwA9yp5ZithnbYDadu9TQo8flbDDgl%2BCBdeF3xzEJYZftyPdPNHpHZLbzE7fZrWXoTI2Dw8cTD1BuundNzH1gzM%2FjZQDIw%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:33 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf854e1f760daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:33.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YNBeaCjyKmRZ7GpSBj1eyqzc3cL5DI3UbIatd%2FOO5KKW9dBATLGcCI4w4LG9cy2tBNpiZlZzHJO9P9AgcTJwUS%2BtLwKS3xJS1fGPfJruYQmGy0w%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:34 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85513fea0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BB4v9O%2FDLG7jjOTkUWfJg4iQ6oyGoKFcEWRVQJkHdacl5R3fpHasvGiukIi7krwOyQWlbHAgL0M3P9m5W3o6VoQk5z3H7Nyd4lu7tQ7OFddfXkE%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:15 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84da7dbf0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:15.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JZWxvDVxSsSD%2Frn7EXtTfmC74JBmzWZMzZ%2BNtmjgu057dlLOnInHJVpQawRPh8GqM3GmPoX4qQGt3OuOPMHSmmTm%2FFCPs6npNCQYxYcssIymZC4%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:16 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84e0be9c0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:23.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TK8pKOuX2aalkV4orOwa89aPkf7hnBqMPrwQDYIXW7kJ3jsxhMmFE%2FPJ4y10fcu8VtZXWcUUpq9P2rjnr4RyBnrBpzrZ8OOyj0n63fSKwHeA%2BKg%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:24 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8512ae060daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:26.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w8LmP%2FuEDqrFOIF6mDZl1GXrxQwfRL7db1Du71lEO3UYrixQYDONjqAgHD6RMG7VTiWUc24X%2FvHBAbmqPFauga4Eaut0sT1ldDEZEP3obIx2qu0%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:27 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8525685f0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:31.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m%2FfLWXPgQftzVRFDiNzVdEnAxsORXsw%2BldBEgylPeG1OoqgBliIpWmCPj95D0h5XCi7j%2B2C1Cdfsn2QQr3h1%2FbuUTzyV6Ywu2mTPjAGv7SQmNGA%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:31 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8541ad3a0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/2932-ede83c85338b70bb.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/2932-ede83c85338b70bb.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E8WfQDxZsfyGmyl5c3raCzfsxGUmvncYk3j01t2xeL0VOa925%2BBNKRxw4tUR7jlBz2JBoLHP40QjaUeQhmrAqYU5eIbV15MdkpBvfeHX7Rt%2Bp98%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d47cdf0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:18.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c1%2BbhZbi1C2LsQDEhnS50wvg33zE19uv8YUqmyaLmz%2FWhJsWB8iBiBX3ZZysBcmf6DE%2BKnqjYfOACKu%2FQUQClQRYb51jyDGXymty2zdsSMB1QLo%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:19 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84f369a10daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":89,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:25.454Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pEmh04hIoWliLFh68oIihw0vjzU4rFE1UWJhOzXQR0weS6H6DiTnAwrOvc80GJ34QDJqHNObdiJwtEbAYGuKgbQpnoMHqp%2B3BwmWPSMrJ8zjKsY%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:25 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf851c1ef40daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:29.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q%2F6FcK0dy6MccW%2FWP%2BXBd3I2PThSvKQIwA3O69azwlkB2KVRFvuz6FY1RjeCc78cMWoqfSVARsf1IF%2Fucfa2QZvxeGduJ6U5%2B7oIF%2FMYwnxcINY%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:30 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85382be30daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:32.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TdE1uu49KLiHainXntQcOSjt9y2uMZzhmBzISqAU3zIJSyO3aI%2F5Xdw8c05aHkCIIsxiP%2FtTRa1Dp6mnULkHRO5Zujux7j5CdYDBh5xjAyqx4VE%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:32 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8547de8b0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:33.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mSQf8lyBspk6eW6RZQvGcf60Z9JySxYok8HHPd1ibKrLy3KgPFf3BifVkQ0CQQ%2FLuopW4zrWov0usAQgCfQOiewJP01jcGJ5bRRQgAM01Y8ns8A%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:34 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85513fe80daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/font/OnAir-Bold.woff2","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /steps/font/OnAir-Bold.woff2 HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/font/164283e15efaca42.css\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Tue, 03 Sep 2024 21:10:52 GMT\r\netag: \"ba3c-6213d7e108f00\"\r\naccept-ranges: bytes\r\ncontent-length: 47676\r\ncontent-type: font/woff2\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6H6EI7QW3YVGby4sj8O8yMnJzVq1JMa7bbLqNg0LSIb5vGpaPJEgJyB0o4SX8q0Kkil0IpCtGeRX%2B7mBAqpkVjR8vAOqwYqHarz6f%2Bw1mJMLxbI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d6cd340daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47676,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 47676, version 0.0","md5":"8cbe59f90e66fa7bb7e73f75ffb0e40c","sha1":"945beebc9fd6e430f77f669c2311f32a9023f38d","sha256":"c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95","sha512":"fa4f40b81467376726b7c58becf1aa64dc5b4d2b3b5e0bb7312a510db4f2e564610bff1fea0b0627a60befa96379a9a2a5ba0be9ad3e17be66d0f005b28c8488","ssdeep":"768:nImiQM6ibuSh/BmIa1botBbToba4DvI3uTVP5cPOx2QOUp0SnMrnHFyWA0sYTmpU:7iZ6ilh/8IaWJ48cVPr2QOCMrFyXYTmK","tlshash":"5c23026a9df119afe0f0cc6489e37230384f812fe0f036ed65c59495bcd67892621b71","first_seen":"2023-07-04T17:39:08Z","last_seen":"2026-04-04T02:45:17.562545Z","times_seen":23,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":330,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:20.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RrHUt6JJRxNCCaKgUfiiNjOo6I%2B9D%2B%2Bn04%2BJPHyZAX%2FQ%2Bi0c6KnrQlko4VeWH4xZN8%2FlcgqtsygNhmgZrIPwmcr7TOCnQ%2BgRf%2BxX2s1o9%2F9asA8%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:20 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84fccae10daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:25.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2n5hXgl9WMOzJrDn6Ys1wE275tcuQYZUu1CQCHdWW%2FnXa%2BMy2XSMhS6DIl611f3BqmTXgz9xjtH%2FRuwCw8ytCnJyJayk5fG5idCIhFS1Yjc54d8%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:26 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf851f2f570daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:30.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zyOymX8AvHUG0Zp0TaBsCyNGponRbhb4pYbuXOOMcO6TquNOHO5Z2AG1yie%2BrjTK1ZuQbXUHbMJxRWsnJiA8lvqIv4Lm7BgmIPD4BP9xGa%2FRe94%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:30 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf853b5c930daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/webpack-8a82dc04f6ebe773.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/webpack-8a82dc04f6ebe773.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kwmRuLkoKo6cd2%2BnKmK745US4%2Bi8CCsaHlLLUvENejVU4YigTR97X8VqG%2BNU5gYZLZyUDVCFH%2BvAtimBhnX2Vf%2F13HY1i6dGr6Bpad63WdFxhUw%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d45cc40daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/FI1bPTuvB9BOWMRDpkGn0/_ssgManifest.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/FI1bPTuvB9BOWMRDpkGn0/_ssgManifest.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7sOFx46fBX3zG6JL44a0%2FC8tte3QR3NFRf%2Fr8lWY7TwBxJb3tx5b67lC%2Br5z3eJz%2FVi3VlGUcFzQe6UzEJBNWRYUCUz4nFWCyw4%2FW%2BKh%2Bmt47Mw%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d48ce30daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/res/arr.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /steps/res/arr.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Wed, 04 Sep 2024 15:12:52 GMT\r\netag: \"8a-6214c9b992500-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 113\r\ncontent-type: application/javascript\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r5Os2AfBAjsfzO8lhDGfdSHGKKdkQkjTaqsb9Yl%2FUHheMtPJIkLy9EQJcdD%2FJozh18eSVc8YDDSlRpQXFFLI0TfuKKnQ%2FxgqmgyuP7X7jjxqvL8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84d48ce60daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":138,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"4c3a44164e26f5e60ae9d39f401a17b3","sha1":"9ecffa8a2ffaf874b0f00e6a136f58b0724d6179","sha256":"bf337111e4fcd824c56dda94f5b919610b567478944f9b3c6b1d0746a883f1c9","sha512":"f5c685c3577ada11ddea9e8e9bf6ae263dee34102704e110b582283961bbd48976d3e5a62ebf751e79ecf626504a9fd47391b27cdc1373ff9545f8e4f6c68329","ssdeep":"","tlshash":"31c09216ebfb204a92050e881098394160381803ac426d06ff94f7c49f7c6bf76a4abc","first_seen":"2025-10-05T19:15:32.113204Z","last_seen":"2025-10-10T03:29:55.214943Z","times_seen":9,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:15.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j%2F%2BI5E%2BI6Ei0UgFOKf6hIXRhSeS4eYJnAUQydxlp26AGjZOthUNLsK3fO%2B3aj2sNgKU3OXA15%2FZTgvrrjQ%2FCHfDjTL%2FQgq7MfLpVPNNJ0TSEbyo%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:15 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84dd9e440daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:22.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ff61Iq6%2BrCQkMKw7BWsiKnGoYRC8jQ15Kq3V3KUs5PuBYOJC4oAbHu7gbYawFQDWZp%2BF1cKpSGL9w7bfHme5Wv%2BvaAsxx8xBT96quDnTzuFQdc0%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:22 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85094caa0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:35.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0VcGR43pAHggrz1Su6H%2BsS3DuP4T9lynMtU81WbwVPSnF2o%2BYB4VzTTohbRy7u8Gi5ZV%2BVWBex%2BYWWExD4P%2Bx%2FIVexI%2BJzunIT5RrFQ80z%2FzqHY%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:35 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf855a98fe0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/logo.a717d0a7.png","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /steps/logo.a717d0a7.png HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Tue, 03 Sep 2024 21:57:30 GMT\r\netag: \"9dfa-6213e24d6a680\"\r\naccept-ranges: bytes\r\ncontent-length: 40442\r\ncontent-type: image/png\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F1Q5VB%2B6Rd0rgqsdsWiPew2BXzjQcYr6sZIFEcOPxiBHgBLyHf8AwirP76HtQh5js0Woou6C0IRw1Jj17H1eBviTYD%2FrFY1%2Bm91Q6J4nrBxlGkc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d48ce50daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40442,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1040 x 1023, 8-bit/color RGBA, non-interlaced","md5":"decff06f7c7e2b51d7bb7acf2ed4044d","sha1":"85d0b352171804a491446603c636f6c788a2e040","sha256":"fe8129dedb0e7110db42abb651998328762621bcaadc83708d414a15fc47477e","sha512":"f45c8b557197c12b418f99c25903ffe7cf26da42fb65510fb79f2f772d95379bf782feec6713a1e5a6210795eb4625f0600aaed7a91e1e220be3cd8e4a0625eb","ssdeep":"768:TRMA62HFy8UGMSMQltLNjVHnfal3FAq4E5yENVFkgtQZhkuDBJYtsROSwM6:Tq0BUGNMQbLvSTAq4KyENjkgihkuDssE","tlshash":"3203d07fb6add09bcc4857b898c25b8c3ab3936f58445f8a2b275d21ed14cdb10063a7","first_seen":"2025-10-05T19:15:32.098587Z","last_seen":"2025-10-10T03:29:55.217409Z","times_seen":9,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":239,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:21.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l6EiXQulMlWHo%2FqphzhvIjY3enFZ10aB3k9CdEjO2CSDqdpM95UdW1RwXIzSzf97jrqe6Q7WPXEc972sJbBqj1sW0RcRjXLFHhxcmYvmSySRf5I%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:22 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85063c2b0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:31.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JajPIi8FfDPS0iKYhfi7Tt%2FOVAAFVJOU%2FnRzkD%2F%2Bp8oQxw2dPmQSeZ26q8OBV8oTVErj22nHTuoL2D%2FUs7iV3IpGyl4uY9wPKDYins3XiaxkR8Y%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:32 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf8544bda80daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:29.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jySszZ6MUMSyAKP1y1n%2FBlDrZqZzV%2B3%2B72R%2FmRoNNg%2FA5Aj5rkdqQaPmYZlLiX6Cxho34RigPDWfvSFEIoZSXP1xSCL00w2epC7HDO192LRP7lg%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:29 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf85350b5a0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":86,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:33.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 21\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OEoWoTbY7fFpQ1SZuzE0VdolH%2FyMAnjlGNZZNx6GzF7gNH2tKYE7z7V2VHs4AT2ycRFg%2BbIUuDdVcZdn0R2U5xwSzcf5ifUyr02x3vWGGHULY3A%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:33 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf854e1f770daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-04T15:47:20.030595Z","times_seen":103553,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/steps/font/9ac030d83f3ea07e.css","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /steps/font/9ac030d83f3ea07e.css HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nlast-modified: Tue, 03 Sep 2024 21:12:06 GMT\r\netag: \"5129-6213d8279b580-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 4461\r\ncontent-type: text/css\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5nRFqWzfOeFh5qtEPHHeH4s6UwCbOCvXbd9w6jHZQe2lo4L8zUlYEKVEY4IL%2FZfF8uyE3PN0OPHGaqAwG9qYix0E4Jvx4rTVnILqqB4agFngeag%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84d44cc20daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20777,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"e77f14e6f872e8729a67aa7654420372","sha1":"8ae5778da4de995730cfa03c950a06cc57d5c0f1","sha256":"c6506d9dbfff63523007edd2743e005fe910bb0325b7d2ba8c843703c2403d3f","sha512":"0e346b56f5388dbf7c1af2cfd588448271ca14251fc945ccb5846cc4d77ccf6dc3b4cfc60faf1abb1eb69e160db40f0aca5f8b8ee7b67dcf126fe65e88fa829f","ssdeep":"192:dGsuogQNoNneWzFTE+udYogdD2V1VR8RyAnIxm1NNKMaDHxjcxnjo+rV:/bKeipVMV1P8UtSJaDJGjoY","tlshash":"aa9262719a01188ab70ec1edff916f696b2d8861ae0f4d26f45175adc3c11e44373f8a","first_seen":"2025-10-05T19:15:32.110433Z","last_seen":"2025-10-10T03:29:55.22106Z","times_seen":9,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/chunks/3a17f596-772f8097f8cf1f73.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/chunks/3a17f596-772f8097f8cf1f73.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yOQXQHAFhEuAAPpEFLrLnUcshJH8xIZnt5Ak655c33x5HLr%2BQaOTCZWtev98%2FiuAZYYRdgRr79r5pdjkaAsO1Wn55rLHgbfGqqb4SEYSxd0%2Bl6U%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d46cda0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:17.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Bn1sW3mLS9eTA9pBVwTegLcVv1kdAhGpgc2SohCidc93Dv0KdYmPduhOLY5L9L4EI8RHKgUVfpGJQvuo7je8ZK0%2FXyUwxC4sPfpLoC8CY81erT8%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:17 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf84ea0ff20daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:27.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pD3jQcJOR43MD%2BJeygBwoRzyuZg8GR1vVHMcB0fCJZeZvBoKiItcwiid17pwG2r9HjbJdFnkYPU1zQanY2EzeOQpEWHU7CdhX1BSWiGgSEKZ%2BV8%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:28 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf852ba9210daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/_next/static/FI1bPTuvB9BOWMRDpkGn0/_buildManifest.js","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /_next/static/FI1bPTuvB9BOWMRDpkGn0/_buildManifest.js HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xeHI2dKAa82tX1bYenQiZ0BUQ4MgvgBI5w%2Bsx%2B%2Fu86FJrE7JYsa4Rqj6aBPpoTAmfFhR%2B2%2Fr2dmUowTnKEM5BQXaHCB8HvTus8LW%2FItAc%2Brzook%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:14 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d48ce20daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":242,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/o2.ico","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:14.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"GET /o2.ico HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g%2BHqWEXjVXz2NAFTHaLnUoQDNwfqoh13Jz31VVXP9WSCgXSz7A4Ij1V5x0axDFX2heuz1BDQsWpVjl7hSP9fQ0nFfH%2FvzoXEDRJbXzGyvUbp0HY%3D\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Thu, 09 Oct 2025 17:15:15 GMT\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98bf84d96d9c0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T15:26:21.917086Z","times_seen":90075,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kunden-portal-02.de/panel/process/processor.php","fqdn":"kunden-portal-02.de","domain":"kunden-portal-02.de","tld":"de"},"ip":{"addr":"104.21.89.95","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kunden-portal-02.de/steps/login.php","date":"2025-10-09T17:15:27.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kunden-portal-02.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 12:24:27 GMT","end":"Tue, 06 Jan 2026 13:22:01 GMT"},"fingerprint":{"sha1":"92:F5:07:F7:F1:B1:55:A8:A4:16:AA:BD:B1:2F:20:43:04:7E:C6:E7","sha256":"C1:83:65:72:9F:55:4C:46:BF:89:CF:BC:8B:6F:6D:7C:AD:F1:60:5E:99:B0:B2:E2:0A:99:8F:55:61:34:A3:FA"}}},"request":{"raw":"POST /panel/process/processor.php HTTP/1.1\r\nHost: kunden-portal-02.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kunden-portal-02.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kunden-portal-02.de/steps/login.php\r\nCookie: PHPSESSID=19nqov11850556ndori92avpt5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OWAAppLUSMkeHD%2FTDl%2Fqgv0zcIXI1dj1qnLnqJac5QLbiQYDVrdzuXo3kHv4BH36f%2FizkFYA50Sa%2BHMgIyzzroKCXroz2ahPMT%2F5JOgt%2Btf%2FxYA%3D\"}]}\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 09 Oct 2025 17:15:27 GMT\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98bf852888aa0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-09","alert":"Phishing - Generic/Spear Phishing","trigger":"kunden-portal-02.de","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"kunden-portal-02.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}