{"report_id":"6ace0a7e-34ba-4f48-907b-1eaa688a8796","version":6,"status":"done","tags":[],"date":"2025-12-28T12:09:17Z","url":{"schema":"http","addr":"ordinary371y.de/invite/i=23966","fqdn":"ordinary371y.de","domain":"ordinary371y.de","tld":"de"},"ip":{"addr":"139.162.174.209","port":0,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"ordinary371y.de/invite/i=23966","fqdn":"ordinary371y.de","domain":"ordinary371y.de","tld":"de"},"title":"ordinary371y.de","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ordinary371y.de/invite/i=23966","fqdn":"ordinary371y.de","domain":"ordinary371y.de","tld":"de"},"ip":{"addr":"139.162.174.209","port":0,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-01T12:09:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ordinary371y.de","ip":{"addr":"139.162.174.209","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2023-12-19T13:04:26Z","last_seen":"2025-12-28T12:08:50.049866Z","alert_count":10,"request_count":5,"received_data":43947,"sent_data":2470,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ep2.adtrafficquality.google","ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-11-17","domain_rank":3229,"first_seen":"2024-08-13T12:56:28Z","last_seen":"2025-12-22T00:14:39.212569Z","alert_count":0,"request_count":2,"received_data":34547,"sent_data":988,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.com","ip":{"addr":"216.58.207.196","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2025-12-21T22:22:06.545601Z","alert_count":0,"request_count":1,"received_data":134744,"sent_data":442,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ep1.adtrafficquality.google","ip":{"addr":"142.250.74.130","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-11-17","domain_rank":3093,"first_seen":"2024-07-24T04:17:49Z","last_seen":"2025-12-21T22:44:40.280242Z","alert_count":0,"request_count":1,"received_data":11383,"sent_data":531,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ordinary371y.de/_static/doais8fj34.js?nonce=3575","fqdn":"ordinary371y.de","domain":"ordinary371y.de","tld":"de"},"ip":{"addr":"139.162.174.209","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"1cceae149f74ec97cc95da4d6035db1e","sha1":"b309ab93f61d126efa47d2bba6a2db45d2beef8e","sha256":"9f7aa6c8bb78dbe852d42707df6c841ede8bd135ed3958215004505493f59756","sha512":"a34258b7eda1fa1419682fd98a40d8e2fc291d25d8f13411ce7fe731c66d49c1240168a413b09d6fbb81f87a94873d8e17cfbce528e8e8311af29d8301775cd0","ssdeep":"384:4qK6nuPD+BLPlouf8gVxV0cG80Bg5eyXOJAFN/h6lmAmAPVe4mOvmLYEq1Mw:3nuDWPyLMiNS5w","tlshash":"47f294191ab3113558b350ae6b5b72063222d0032909fe59bd5cc348afc9ebced73bd9","size":37208,"data":"","first_seen":"2025-09-30T22:13:10.604809Z","last_seen":"2026-02-06T20:09:56.257186Z","times_seen":6061,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026abpgo=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.196","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"226d8b922a47d1d01896328ac5f29080","sha1":"228b48495e20d50326164178f4e05c1df4c8e630","sha256":"f95fea007424808c54a06a6bd7a7e0297f46d00d9bdf134afa78245f7e3903fc","sha512":"da97c330d247dab15073920cde860a1491c147eb2ce02a1e917a6ffc6e7b5bbab681395d3a3e394685091a2956ca62a15b2704d32cc5a1d0caae25036c86149c","ssdeep":"1536:MzL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:XuydkXiR5zzTq+bxpD3ZV4T","tlshash":"9bd33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","size":134027,"data":"","first_seen":"2025-12-11T16:42:36.25698Z","last_seen":"2026-01-07T19:22:29.46074Z","times_seen":14588,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2.js","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a8fe3ea2f81e289e6b14222e898086c5","sha1":"0e9a1227955675736e02c596906bee72bc33d7d6","sha256":"a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623","sha512":"3bd99998aa1b5d7543775769952adc52809f861ca023b6daadf6b7d23411411a6a9470d98c7b8543573e9a6047a24e14b5feaf45e14a22d98e64d0f019718670","ssdeep":"384:dxSMqC/d0d0lxDKyqdeWFy3Wxy9cT4nGllKnnk0TEYRWjfJtncu:i0qKlYyqdeWk3Z9w4G+tFWjfJtnZ","tlshash":"8892c6cab6d2f4624363b9b1a13f100ff13eaca9d84c5464a084e4e0bd759a94367f7c","size":19990,"data":"","first_seen":"2025-05-19T23:59:48.474751Z","last_seen":"2026-02-26T18:27:55.354921Z","times_seen":175417,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ordinary371y.de/apple-touch-icon.png","fqdn":"ordinary371y.de","domain":"ordinary371y.de","tld":"de"},"ip":{"addr":"139.162.174.209","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ordinary371y.de/invite/i=23966","date":"2025-12-28T12:08:55.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ordinary371y.de","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 16:28:03 GMT","end":"Wed, 18 Feb 2026 16:28:02 GMT"},"fingerprint":{"sha1":"AF:F5:62:ED:3C:48:AD:28:7F:56:EE:6C:09:5C:32:F3:B7:B3:5E:8D","sha256":"38:09:DD:4D:CC:09:7F:E2:A2:8D:81:C3:01:41:2E:42:3C:EF:39:68:03:A1:E0:67:93:5D:AB:08:40:69:36:B2"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: ordinary371y.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ordinary371y.de/invite/i=23966\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty/1.27.1.2\r\ndate: Sun, 28 Dec 2025 12:08:55 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"1620e905665c273e91a8cb2a00df1509","sha1":"e0ea169369ad349affad0f6d41987a73fea0280f","sha256":"5a41c6b1c3d5061adbd15744312c919ee4a639abc0572a2927b06838bec1a6ed","sha512":"e68b327c2831cbadcf332943242c8c800b82a888960465fbf394e2b790b71694dc99ad26dc35326e9bde0b322e1a835fff997b7656772edf4e1e261acd13cfda","ssdeep":"","tlshash":"32c02b6d2c137e0c86a330b636c37490c1878337f57e41114480805770cf1998ac33ab","first_seen":"2025-04-14T16:48:50.204909Z","last_seen":"2026-04-12T13:05:25.010794Z","times_seen":8718,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ordinary371y.de/_d","fqdn":"ordinary371y.de","domain":"ordinary371y.de","tld":"de"},"ip":{"addr":"139.162.174.209","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ordinary371y.de/invite/i=23966","date":"2025-12-28T12:08:55.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ordinary371y.de","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 16:28:03 GMT","end":"Wed, 18 Feb 2026 16:28:02 GMT"},"fingerprint":{"sha1":"AF:F5:62:ED:3C:48:AD:28:7F:56:EE:6C:09:5C:32:F3:B7:B3:5E:8D","sha256":"38:09:DD:4D:CC:09:7F:E2:A2:8D:81:C3:01:41:2E:42:3C:EF:39:68:03:A1:E0:67:93:5D:AB:08:40:69:36:B2"}}},"request":{"raw":"POST /_d HTTP/1.1\r\nHost: ordinary371y.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ordinary371y.de/invite/i=23966\r\nContent-Type: application/json\r\nContent-Length: 312\r\nOrigin: https://ordinary371y.de\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":312,"data":"{\"referrer\":\"\",\"current_location\":\"https://ordinary371y.de/invite/i=23966\",\"redirect_count\":0,\"user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"window_info\":{\"href\":\"https://ordinary371y.de/invite/i=23966\",\"hostname\":\"ordinary371y.de\",\"pathname\":\"/invite/i=23966\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.27.1.2\r\ndate: Sun, 28 Dec 2025 12:08:56 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nset-cookie: session_id=48a6082b95e1d5493ef6b61f516705c1; Max-Age=86400; Path=/; HttpOnly; SameSite=Lax\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":914,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"4247c92b608af6dc1e0b0e17a379395c","sha1":"622840da5f3871a57767b7c811a7f19815d80237","sha256":"c5eac2ccfafe8763bb531f892d1d948c7a4f822132785bce1d71c97698caaafa","sha512":"afafe6bbd2cb90c02befaabeb0cdbf6073402fd767286490633d754322bb259cf4076661b611022bb0e7e09c785de27d9889718b8212957014f62bdb38bd77f0","ssdeep":"","tlshash":"e5116314f230a5b90ee1c39e520bfe1606d78112a1c4674ceee8ce2d6ade4cc171014c","first_seen":"2025-12-28T12:09:18.695718Z","last_seen":"2025-12-28T12:09:18.695718Z","times_seen":1,"resource_available":false,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":609,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2.js","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ordinary371y.de/invite/i=23966","date":"2025-12-28T12:08:56.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:52 GMT","end":"Wed, 25 Feb 2026 15:59:51 GMT"},"fingerprint":{"sha1":"E4:25:76:F6:C4:FB:46:FE:7A:37:E5:D8:E5:14:75:A2:B3:75:D2:9B","sha256":"34:44:B0:C8:96:F4:D4:42:DB:58:BD:4B:C9:72:0A:E2:31:20:B1:87:B3:2A:DD:E7:6B:62:AA:AB:58:B6:92:89"}}},"request":{"raw":"GET /sodar/sodar2.js HTTP/1.1\r\nHost: ep2.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ordinary371y.de/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"adspam-signals-scs\"\r\nreport-to: {\"group\":\"adspam-signals-scs\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs\"}]}\r\ncontent-length: 7188\r\ndate: Sun, 28 Dec 2025 12:08:56 GMT\r\nexpires: Sun, 28 Dec 2025 12:08:56 GMT\r\ncache-control: private, max-age=3000\r\netag: \"1747411493688989\"\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19990,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (1398)","md5":"a8fe3ea2f81e289e6b14222e898086c5","sha1":"0e9a1227955675736e02c596906bee72bc33d7d6","sha256":"a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623","sha512":"3bd99998aa1b5d7543775769952adc52809f861ca023b6daadf6b7d23411411a6a9470d98c7b8543573e9a6047a24e14b5feaf45e14a22d98e64d0f019718670","ssdeep":"384:dxSMqC/d0d0lxDKyqdeWFy3Wxy9cT4nGllKnnk0TEYRWjfJtncu:i0qKlYyqdeWk3Z9w4G+tFWjfJtnZ","tlshash":"8892c6cab6d2f4624363b9b1a13f100ff13eaca9d84c5464a084e4e0bd759a94367f7c","first_seen":"2025-05-19T23:59:48.474751Z","last_seen":"2026-02-26T18:27:55.354921Z","times_seen":175417,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":32,"dns":1,"connect":8,"send":0,"wait":17,"receive":1,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2/237/runner.html","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ordinary371y.de/invite/i=23966","date":"2025-12-28T12:08:56.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:52 GMT","end":"Wed, 25 Feb 2026 15:59:51 GMT"},"fingerprint":{"sha1":"E4:25:76:F6:C4:FB:46:FE:7A:37:E5:D8:E5:14:75:A2:B3:75:D2:9B","sha256":"34:44:B0:C8:96:F4:D4:42:DB:58:BD:4B:C9:72:0A:E2:31:20:B1:87:B3:2A:DD:E7:6B:62:AA:AB:58:B6:92:89"}}},"request":{"raw":"GET /sodar/sodar2/237/runner.html HTTP/1.1\r\nHost: ep2.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ordinary371y.de/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"adspam-signals-scs\"\r\nreport-to: {\"group\":\"adspam-signals-scs\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs\"}]}\r\ncontent-length: 5044\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 28 Dec 2025 11:20:07 GMT\r\nexpires: Sun, 28 Dec 2025 12:10:07 GMT\r\ncache-control: public, max-age=3000\r\nage: 2929\r\nlast-modified: Tue, 13 May 2025 23:17:50 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2024)","md5":"0120a1d624ff8fc3ec792d93a7133947","sha1":"1e3bd23df78ff2c60b187b40a0c6505be9ab889f","sha256":"14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966","sha512":"84286e299ebc6690ee904b5581cd6aaf6b59d06200b61156923301484d1b75fa517894167c4f4777553ba09c840a2d74a723e3ff112448f00514d910dfd172c5","ssdeep":"192:pl/6xS2OASROqI3wgh5MXDc9EAOaK3qzfaGDCiMgIcTa1mx:rz2NQJIVsTiMH3qzfcOIr1mx","tlshash":"4842a7ccbad2b0210353b4f1a13f400ff13ea8aae44c9954b181e8e17cb56a94667f7d","first_seen":"2025-05-19T23:59:48.478548Z","last_seen":"2026-02-26T18:27:55.136579Z","times_seen":169945,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ordinary371y.de/invite/i=23966","fqdn":"ordinary371y.de","domain":"ordinary371y.de","tld":"de"},"ip":{"addr":"139.162.174.209","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-28T12:08:55.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ordinary371y.de","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 16:28:03 GMT","end":"Wed, 18 Feb 2026 16:28:02 GMT"},"fingerprint":{"sha1":"AF:F5:62:ED:3C:48:AD:28:7F:56:EE:6C:09:5C:32:F3:B7:B3:5E:8D","sha256":"38:09:DD:4D:CC:09:7F:E2:A2:8D:81:C3:01:41:2E:42:3C:EF:39:68:03:A1:E0:67:93:5D:AB:08:40:69:36:B2"}}},"request":{"raw":"GET /invite/i=23966 HTTP/1.1\r\nHost: ordinary371y.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.27.1.2\r\ndate: Sun, 28 Dec 2025 12:08:55 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4192,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"7774fdbb70ff3998f58e94117de97355","sha1":"4a229a85f621a7a112c5c03c8f4657003ad7d686","sha256":"ea8b61855367688cb648885f0ada7e34d58c9ae02ac3df9ef6523426bdeadaa5","sha512":"225f20b6c9e08cf54a64d294be92fa6eb9b97128c03d052e2e2720de3a998841cf8a70397c250e656635f68e77a4e76c4b2b2edd8ce91ad8ba3539a7f564defa","ssdeep":"96:/rZnb6EGo0QT7EAOc7uV1g/zDE14lZyxIW:/rZnb6EGo0QT7EAOcK0G43yxIW","tlshash":"df813f1559f3101a6553e0383beaa25e1a68ea1b930fdde83ecc4240cfc57a99dd3388","first_seen":"2025-10-28T21:15:33.353707Z","last_seen":"2025-12-28T12:09:18.700249Z","times_seen":3,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":59,"dns":1,"connect":25,"send":0,"wait":28,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ordinary371y.de/_static/doais8fj34.js?nonce=3575","fqdn":"ordinary371y.de","domain":"ordinary371y.de","tld":"de"},"ip":{"addr":"139.162.174.209","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ordinary371y.de/invite/i=23966","date":"2025-12-28T12:08:55.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ordinary371y.de","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 16:28:03 GMT","end":"Wed, 18 Feb 2026 16:28:02 GMT"},"fingerprint":{"sha1":"AF:F5:62:ED:3C:48:AD:28:7F:56:EE:6C:09:5C:32:F3:B7:B3:5E:8D","sha256":"38:09:DD:4D:CC:09:7F:E2:A2:8D:81:C3:01:41:2E:42:3C:EF:39:68:03:A1:E0:67:93:5D:AB:08:40:69:36:B2"}}},"request":{"raw":"GET /_static/doais8fj34.js?nonce=3575 HTTP/1.1\r\nHost: ordinary371y.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ordinary371y.de/invite/i=23966\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.27.1.2\r\ndate: Sun, 28 Dec 2025 12:08:55 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 30 Sep 2025 20:01:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68dc36fc-9158\"\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37208,"size_decoded":0,"mime_type":"application/javascript","magic":"C++ source, ASCII text","md5":"1cceae149f74ec97cc95da4d6035db1e","sha1":"b309ab93f61d126efa47d2bba6a2db45d2beef8e","sha256":"9f7aa6c8bb78dbe852d42707df6c841ede8bd135ed3958215004505493f59756","sha512":"a34258b7eda1fa1419682fd98a40d8e2fc291d25d8f13411ce7fe731c66d49c1240168a413b09d6fbb81f87a94873d8e17cfbce528e8e8311af29d8301775cd0","ssdeep":"384:4qK6nuPD+BLPlouf8gVxV0cG80Bg5eyXOJAFN/h6lmAmAPVe4mOvmLYEq1Mw:3nuDWPyLMiNS5w","tlshash":"47f294191ab3113558b350ae6b5b72063222d0032909fe59bd5cc348afc9ebced73bd9","first_seen":"2025-09-30T22:13:10.604809Z","last_seen":"2026-02-06T20:09:56.257186Z","times_seen":6061,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026abpgo=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.196","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ordinary371y.de/invite/i=23966","date":"2025-12-28T12:08:56.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:20 GMT","end":"Wed, 25 Feb 2026 15:57:19 GMT"},"fingerprint":{"sha1":"13:5B:80:5A:23:15:61:AE:98:37:1B:0A:3C:F6:E2:BD:63:8E:3B:D6","sha256":"22:03:24:94:F7:E3:5F:66:1B:39:CE:18:75:20:3D:01:AC:FE:93:AA:1A:73:8C:D5:34:98:AB:2B:E5:19:37:12"}}},"request":{"raw":"GET /adsense/domains/caf.js?abp=1\u0026abpgo=true HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ordinary371y.de/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Sun, 28 Dec 2025 12:08:56 GMT\r\nexpires: Sun, 28 Dec 2025 12:08:56 GMT\r\ncache-control: private, max-age=3600\r\netag: \"12987528940678181325\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://syndicatedsearch.goog\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":134027,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2840)","md5":"226d8b922a47d1d01896328ac5f29080","sha1":"228b48495e20d50326164178f4e05c1df4c8e630","sha256":"f95fea007424808c54a06a6bd7a7e0297f46d00d9bdf134afa78245f7e3903fc","sha512":"da97c330d247dab15073920cde860a1491c147eb2ce02a1e917a6ffc6e7b5bbab681395d3a3e394685091a2956ca62a15b2704d32cc5a1d0caae25036c86149c","ssdeep":"1536:MzL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:XuydkXiR5zzTq+bxpD3ZV4T","tlshash":"9bd33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","first_seen":"2025-12-11T16:42:36.25698Z","last_seen":"2026-01-07T19:22:29.46074Z","times_seen":14588,"resource_available":true,"data":null}},"time_used":140,"timings":{"blocked":59,"dns":1,"connect":8,"send":0,"wait":21,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep1.adtrafficquality.google/getconfig/sodar?sv=200\u0026tid=afs\u0026tv=1234567890\u0026st=env\u0026sjk=NsEMRswUQjuYBPXjp/Vyvw==\u0026sde=1","fqdn":"ep1.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.250.74.130","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ordinary371y.de/invite/i=23966","date":"2025-12-28T12:08:56.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:52 GMT","end":"Wed, 25 Feb 2026 15:59:51 GMT"},"fingerprint":{"sha1":"E4:25:76:F6:C4:FB:46:FE:7A:37:E5:D8:E5:14:75:A2:B3:75:D2:9B","sha256":"34:44:B0:C8:96:F4:D4:42:DB:58:BD:4B:C9:72:0A:E2:31:20:B1:87:B3:2A:DD:E7:6B:62:AA:AB:58:B6:92:89"}}},"request":{"raw":"GET /getconfig/sodar?sv=200\u0026tid=afs\u0026tv=1234567890\u0026st=env\u0026sjk=NsEMRswUQjuYBPXjp/Vyvw==\u0026sde=1 HTTP/1.1\r\nHost: ep1.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ordinary371y.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ordinary371y.de/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\ncontent-type: application/json; charset=UTF-8\r\nx-content-type-options: nosniff\r\ncontent-disposition: attachment; filename=\"f.txt\"\r\ncontent-encoding: br\r\ndate: Sun, 28 Dec 2025 12:08:56 GMT\r\nserver: cafe\r\ncontent-length: 8179\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10826,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"17191c614a39db559a7eb7e4328a8a7a","sha1":"0740b1f5c2dee866eb09a78582b6c0131cccea53","sha256":"d062f091a31fe63049c5248fc89b38ec653a24707c3fabeca1ea1db7b68167bf","sha512":"02a51a43d0bbc83b22cadd78d2c419d2d49ef46f90edb3b3852005cda747543b2808ef26027470a9a9afb917846d123192193e1752c3f8986e26e2106dd5496f","ssdeep":"192:Qlf2G1kSfi/JEhQWXRNMYNFqpBK2lkquWGvU+7sW/9eDjpMNOkLXsyDom/:QlfXkSfgJWNTM+1PXf5yjWsyDom","tlshash":"b122df10a3384975cb0f5ffb9721214327295e3b1713a2de04a9d2a81d9ab43c3af650","first_seen":"2025-12-28T12:09:18.70391Z","last_seen":"2025-12-28T12:09:18.70391Z","times_seen":1,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":84,"dns":1,"connect":21,"send":0,"wait":39,"receive":1,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ordinary371y.de/_e","fqdn":"ordinary371y.de","domain":"ordinary371y.de","tld":"de"},"ip":{"addr":"139.162.174.209","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ordinary371y.de/invite/i=23966","date":"2025-12-28T12:08:57.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ordinary371y.de","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 16:28:03 GMT","end":"Wed, 18 Feb 2026 16:28:02 GMT"},"fingerprint":{"sha1":"AF:F5:62:ED:3C:48:AD:28:7F:56:EE:6C:09:5C:32:F3:B7:B3:5E:8D","sha256":"38:09:DD:4D:CC:09:7F:E2:A2:8D:81:C3:01:41:2E:42:3C:EF:39:68:03:A1:E0:67:93:5D:AB:08:40:69:36:B2"}}},"request":{"raw":"POST /_e HTTP/1.1\r\nHost: ordinary371y.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ordinary371y.de/invite/i=23966\r\nContent-Type: application/json\r\nContent-Length: 610\r\nOrigin: https://ordinary371y.de\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: session_id=48a6082b95e1d5493ef6b61f516705c1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.27.1.2\r\ndate: Sun, 28 Dec 2025 12:08:57 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"5820854f62a6eb3d38ba7ba0d1b3ea75","sha1":"639df0b84fe699b4a290a713fd6b9a94bd4deb95","sha256":"912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d","sha512":"4452c0a26fa81357f95bf6160c3f5d35ff39f62e03d5faa1e69eb9dfdcb2c83eda4235463ee4065dceb534cc497891a05535467337ad84693e5fa48c317dbbbb","ssdeep":"","tlshash":"f67000020000208008803c0000000a203ae00aa0822a00c0802c00288e08088f08a000","first_seen":"2023-03-13T15:21:35Z","last_seen":"2026-04-12T12:55:43.511761Z","times_seen":88885,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-28","alert":"Sinkholed","trigger":"ordinary371y.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}