{"report_id":"6de70e71-d6d9-484a-8306-9f38e61f6ce4","version":6,"status":"done","tags":[],"date":"2026-01-05T05:57:45Z","url":{"schema":"https","addr":"kl.dzigava.cv/a2w6r87f5","fqdn":"kl.dzigava.cv","domain":"dzigava.cv","tld":"cv"},"ip":{"addr":"104.21.46.41","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"klelnanzeigen-deutch.billing342.today/receive/order/qT5KOjjv1Jc?r=0x15","fqdn":"klelnanzeigen-deutch.billing342.today","domain":"billing342.today","tld":"today"},"title":"klelnanzeigen-deutch.billing342.today/receive/order/qT5KOjjv1Jc?r=0x15","dom":{"size":133,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"9fc9d2fbd2f31320b187cf0726b185cf","sha1":"b552a38eeadab793d1872306837bb3f2abc6fafc","sha256":"38b08b9f5b54a4048a00b69acedce3e2da7a584d0411661afc7ef54fb2dc8c6a","sha512":"b147cef7e8cb9857d8a0b24360b314ba0f0b95c5e3a6c04235bb4aad0d99bef5bd3e4bfe8b3d93a4a8194d1e477c9db6e0a566ec9bc3c1d0548ee1e4f13444aa","ssdeep":"","tlshash":"e3c022bb20028a0fb2203ac2e8c22208a8c80008f03b8c20bb800828c2c020cc0caa8a","dom_hash":"domhashc1fec9cafeadbac0b33c1409ff211c3f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"kl.dzigava.cv/a2w6r87f5","fqdn":"kl.dzigava.cv","domain":"dzigava.cv","tld":"cv"},"ip":{"addr":"104.21.46.41","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-09T05:57:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.3405.13 Safari/537.36 Edg/139.0.3405.13","referer":"www.bing.com","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"kl.dzigava.cv","ip":{"addr":"172.67.223.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-04T19:42:01.801724Z","last_seen":"2026-01-04T19:42:01.801724Z","alert_count":0,"request_count":2,"received_data":5881,"sent_data":997,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"klelnanzeigen-deutch.billing342.today","ip":{"addr":"172.67.174.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-04T22:15:57.727259Z","last_seen":"2026-01-04T22:15:57.727259Z","alert_count":12,"request_count":2,"received_data":1978,"sent_data":1157,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-04T22:17:15.216142Z","alert_count":0,"request_count":1,"received_data":8176,"sent_data":488,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-01-04T22:14:09.841371Z","alert_count":0,"request_count":3,"received_data":147273,"sent_data":1794,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kl.dzigava.cv/a2w6r87f5","fqdn":"kl.dzigava.cv","domain":"dzigava.cv","tld":"cv"},"ip":{"addr":"172.67.223.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"95c770d7b6c21b77f4f7b55cdddcc91a","sha1":"3f0a1b30d388cfb01b43c3198df21bda5e460fe0","sha256":"c349fe6b3267fa7651ac095fde439371e09eb5a7054f0e5e51b34bfa85842167","sha512":"ab72ca509e236f8d8316e548c3f63a628359d5435f69e0026c7c6172caf1e4b6b2ff401db0f7be17139b8131d9cd97cb245d952a3cd5a27ada20aa65624cdd47","ssdeep":"","tlshash":"77f09e981737184d147380a39bc3930d5822181736c7ec4dbb4c99504f8ab2ad3d73f8","size":565,"data":"","first_seen":"2026-01-04T19:42:17.80479Z","last_seen":"2026-01-05T20:20:23.293029Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kl.dzigava.cv/a2w6r87f5","date":"2026-01-05T05:57:24.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.3405.13 Safari/537.36 Edg/139.0.3405.13\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 05 Jan 2026 05:57:25 GMT\r\ndate: Mon, 05 Jan 2026 05:57:25 GMT\r\ncache-control: private, max-age=86400, stale-while-revalidate=604800\r\nlast-modified: Mon, 05 Jan 2026 04:46:26 GMT\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7413,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"9867d4a101391915c5b48cc405b7ad59","sha1":"ef072fb18628287261354cbda2896fcc13c39352","sha256":"b2035de9c08a75a70cd528de22bf793c98254c7c52c0c451d0079b4912ec219d","sha512":"5ab901c2f32d29cddfb0ea504b1d0e8c8773df97048c37092d250b97b9d9b008c205c3f7a20885c34caf7553f551a47499e6602ba9a62dde84496a918d418b1f","ssdeep":"192:9NNsR234qhDxNOzi23/Zh8YNr2/23ighlu:rLtonFW","tlshash":"0ae19a92006b9500ab471dc223cf7f366ece10996086d1bd6ffd1cca9cead66436875e","first_seen":"2025-09-21T21:47:01.585899Z","last_seen":"2026-04-01T09:19:49.571396Z","times_seen":88,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":112,"dns":1,"connect":20,"send":0,"wait":33,"receive":0,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kl.dzigava.cv/a2w6r87f5","date":"2026-01-05T05:57:25.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.3405.13 Safari/537.36 Edg/139.0.3405.13\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kl.dzigava.cv\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48256\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 03 Jan 2026 10:59:18 GMT\r\nexpires: Sun, 03 Jan 2027 10:59:18 GMT\r\ncache-control: public, max-age=31536000\r\nage: 154687\r\nlast-modified: Tue, 09 Sep 2025 18:33:53 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48256, version 1.0","md5":"260c81a4759baf163c025001c4f27872","sha1":"f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298","sha256":"3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62","sha512":"9acec3e7a411a1eb6d072c3773bb14e5aa74d85d334674ec0fb018b7937174d5b612b756b2ce7aa3993d31dfe172516e7aaec79c7dd209eac5fd15d9aea077e9","ssdeep":"768:Gp4Wb3wv+eCLRZRtq9uGHpHveBOX5qw/14X+5edVWK4afHSTle4MRhVUNMT/TQDt:Gp483wdmXRtqhJPeByj/f4WK4mHIj8xw","tlshash":"be2302df9e4d72d29271267045338383798e2d8a50aae7a1061c0fe6de05b69d31fb9c","first_seen":"2025-05-30T10:47:22.433446Z","last_seen":"2026-04-04T03:15:19.806072Z","times_seen":13568,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":72,"dns":1,"connect":7,"send":0,"wait":8,"receive":10,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kl.dzigava.cv/favicon.ico","fqdn":"kl.dzigava.cv","domain":"dzigava.cv","tld":"cv"},"ip":{"addr":"172.67.223.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kl.dzigava.cv/a2w6r87f5","date":"2026-01-05T05:57:25.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dzigava.cv","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 04 Jan 2026 13:42:49 GMT","end":"Sat, 04 Apr 2026 14:42:46 GMT"},"fingerprint":{"sha1":"03:11:99:68:1A:A1:E4:B9:7B:DB:AE:14:C6:1F:E7:91:00:D7:AC:B2","sha256":"84:12:7B:2A:43:9D:64:93:D3:C8:31:22:3A:57:F9:91:C2:F4:9E:FF:9E:A3:42:3B:7E:18:04:E8:60:5B:B0:E6"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: kl.dzigava.cv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.3405.13 Safari/537.36 Edg/139.0.3405.13\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 05 Jan 2026 05:57:25 GMT\r\npriority: u=6,i=?0\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\ncache-control: no-store\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eoh7x%2F2T8S42LVJEwCiONmEwUZIomej3DT5l9PbyFy1ZObLSmYfs8MzHMFjTtmbArA%2F7SCNBEwpI3lnZfjn6HwhGhsX%2F1osn3aKs\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b90bcf01a5356c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1203,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"29d550f26ec237f4ec2dc59dcef18d89","sha1":"35c57c752ff78f8d75138c97ab1a05671bdc60ce","sha256":"8b96f587f728fda2848ba3d10fb2ca491826b95ee17a3a57600ddfcf34e74bfa","sha512":"4b25767e7d99c292469e2925e5d3a37cf14f19607ad8a5849e0b06251a3226488016061e57bbc87f843dd0c2a4174e9b595da2ba4ec37d79ba4b0506768415bc","ssdeep":"","tlshash":"4b2120a246ab2006e177a02027b2fa157494954bd1878e587e9c7265cfce086a2b735c","first_seen":"2026-01-04T07:57:42.187996Z","last_seen":"2026-02-09T17:30:52.594208Z","times_seen":16,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kl.dzigava.cv/a2w6r87f5","date":"2026-01-05T05:57:25.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.3405.13 Safari/537.36 Edg/139.0.3405.13\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kl.dzigava.cv\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48256\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 03 Jan 2026 10:59:18 GMT\r\nexpires: Sun, 03 Jan 2027 10:59:18 GMT\r\ncache-control: public, max-age=31536000\r\nage: 154687\r\nlast-modified: Tue, 09 Sep 2025 18:33:53 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48256, version 1.0","md5":"260c81a4759baf163c025001c4f27872","sha1":"f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298","sha256":"3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62","sha512":"9acec3e7a411a1eb6d072c3773bb14e5aa74d85d334674ec0fb018b7937174d5b612b756b2ce7aa3993d31dfe172516e7aaec79c7dd209eac5fd15d9aea077e9","ssdeep":"768:Gp4Wb3wv+eCLRZRtq9uGHpHveBOX5qw/14X+5edVWK4afHSTle4MRhVUNMT/TQDt:Gp483wdmXRtqhJPeByj/f4WK4mHIj8xw","tlshash":"be2302df9e4d72d29271267045338383798e2d8a50aae7a1061c0fe6de05b69d31fb9c","first_seen":"2025-05-30T10:47:22.433446Z","last_seen":"2026-04-04T03:15:19.806072Z","times_seen":13568,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":116,"dns":0,"connect":7,"send":0,"wait":8,"receive":4,"ssl":109},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kl.dzigava.cv/a2w6r87f5","fqdn":"kl.dzigava.cv","domain":"dzigava.cv","tld":"cv"},"ip":{"addr":"172.67.223.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-05T05:57:24.562Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dzigava.cv","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 04 Jan 2026 13:42:49 GMT","end":"Sat, 04 Apr 2026 14:42:46 GMT"},"fingerprint":{"sha1":"03:11:99:68:1A:A1:E4:B9:7B:DB:AE:14:C6:1F:E7:91:00:D7:AC:B2","sha256":"84:12:7B:2A:43:9D:64:93:D3:C8:31:22:3A:57:F9:91:C2:F4:9E:FF:9E:A3:42:3B:7E:18:04:E8:60:5B:B0:E6"}}},"request":{"raw":"GET /a2w6r87f5 HTTP/1.1\r\nHost: kl.dzigava.cv\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.3405.13 Safari/537.36 Edg/139.0.3405.13\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 05:57:24 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-store, no-cache, must-revalidate\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nreferrer-policy: no-referrer\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v5BZUiYNSWt9Q8OvPitovSqTkdyBt3ee%2B4PNvQK%2BMGcniD3jnfL75%2FSzNv%2B4dWgrzqFBG0y08V1AAJlV3LNSaA1NxR07q7p31t37\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b90bceccfa55689-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3361,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"2f4b69cb8889fde14a3bfc53e69f3734","sha1":"daf7fc08edac2e7f3873470a23886b08a653b080","sha256":"99f1d5f88266712aae5d47be7929603501280ec166351698eb273de8fd2f5993","sha512":"b8207b71fa280a91980acabe0eb58f968c4c7a64dd90bf95d078fad9ff08b8a97e9a0fa4bc795a18c55c1c4cd2161d8352937c5ccb86316dbd5bccf9794b0a0b","ssdeep":"","tlshash":"616175aa09b3105a681392562be7630e3b95ac07610bdd143fdc7184cfc2ad9c9e379c","first_seen":"2026-01-04T19:42:17.784586Z","last_seen":"2026-01-05T20:20:23.289075Z","times_seen":3,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":46,"dns":27,"connect":1,"send":0,"wait":143,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kl.dzigava.cv/a2w6r87f5","date":"2026-01-05T05:57:25.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.3405.13 Safari/537.36 Edg/139.0.3405.13\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kl.dzigava.cv\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48256\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 03 Jan 2026 10:59:18 GMT\r\nexpires: Sun, 03 Jan 2027 10:59:18 GMT\r\ncache-control: public, max-age=31536000\r\nage: 154687\r\nlast-modified: Tue, 09 Sep 2025 18:33:53 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48256, version 1.0","md5":"260c81a4759baf163c025001c4f27872","sha1":"f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298","sha256":"3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62","sha512":"9acec3e7a411a1eb6d072c3773bb14e5aa74d85d334674ec0fb018b7937174d5b612b756b2ce7aa3993d31dfe172516e7aaec79c7dd209eac5fd15d9aea077e9","ssdeep":"768:Gp4Wb3wv+eCLRZRtq9uGHpHveBOX5qw/14X+5edVWK4afHSTle4MRhVUNMT/TQDt:Gp483wdmXRtqhJPeByj/f4WK4mHIj8xw","tlshash":"be2302df9e4d72d29271267045338383798e2d8a50aae7a1061c0fe6de05b69d31fb9c","first_seen":"2025-05-30T10:47:22.433446Z","last_seen":"2026-04-04T03:15:19.806072Z","times_seen":13568,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":122,"dns":3,"connect":26,"send":0,"wait":10,"receive":4,"ssl":89},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"klelnanzeigen-deutch.billing342.today/receive/order/qT5KOjjv1Jc?r=0x15","fqdn":"klelnanzeigen-deutch.billing342.today","domain":"billing342.today","tld":"today"},"ip":{"addr":"172.67.174.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-05T05:57:30.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"billing342.today","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 02 Jan 2026 21:19:58 GMT","end":"Thu, 02 Apr 2026 22:18:32 GMT"},"fingerprint":{"sha1":"E3:84:EB:46:D6:AA:CF:66:65:E4:A7:4F:98:56:8C:83:78:72:7A:FB","sha256":"55:15:70:0B:4B:B5:51:CD:10:FB:3F:54:62:27:FA:49:2E:7B:05:C1:23:E1:3A:50:F3:4A:32:3E:AD:59:A2:E3"}}},"request":{"raw":"GET /receive/order/qT5KOjjv1Jc?r=0x15 HTTP/1.1\r\nHost: klelnanzeigen-deutch.billing342.today\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.3405.13 Safari/537.36 Edg/139.0.3405.13\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Mon, 05 Jan 2026 05:57:30 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"9-0gXL1ngzMqISxa6S1zx3F4wtLyg\"\r\ncf-cache-status: DYNAMIC\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=13,cfOrigin;dur=88\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FuizlTFbUIAoMyDbyI1Ui94C%2BBoo2tU2SkBTVnyviup4bs2QbIJtaNAzyVhsXiX6BwVYTBOq3O9fmvKiv56qI8fg54IYf9fUP5M5eVAHccDdBGTZRz7RHDti%2Fqof3mTyWpgn\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b90bd12d8db56c0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"9d1ead73e678fa2f51a70a933b0bf017","sha1":"d205cbd6783332a212c5ae92d73c77178c2d2f28","sha256":"0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5","sha512":"935b3d516e996f6d25948ba8a54c1b7f70f7f0e3f517e36481fdf0196c2c5cfc2841f86e891f3df9517746b7fb605db47cdded1b8ff78d9482ddaa621db43a34","ssdeep":"","tlshash":"a250000c0003c3cc0000003030c0000000000300300000300000c000000000000c000c","first_seen":"2023-03-08T03:03:03Z","last_seen":"2026-04-04T03:41:31.121954Z","times_seen":69199,"resource_available":true,"data":null}},"time_used":214,"timings":{"blocked":55,"dns":40,"connect":1,"send":0,"wait":104,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"klelnanzeigen-deutch.billing342.today/favicon.ico","fqdn":"klelnanzeigen-deutch.billing342.today","domain":"billing342.today","tld":"today"},"ip":{"addr":"172.67.174.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://klelnanzeigen-deutch.billing342.today/receive/order/qT5KOjjv1Jc?r=0x15","date":"2026-01-05T05:57:30.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"billing342.today","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 02 Jan 2026 21:19:58 GMT","end":"Thu, 02 Apr 2026 22:18:32 GMT"},"fingerprint":{"sha1":"E3:84:EB:46:D6:AA:CF:66:65:E4:A7:4F:98:56:8C:83:78:72:7A:FB","sha256":"55:15:70:0B:4B:B5:51:CD:10:FB:3F:54:62:27:FA:49:2E:7B:05:C1:23:E1:3A:50:F3:4A:32:3E:AD:59:A2:E3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: klelnanzeigen-deutch.billing342.today\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.3405.13 Safari/537.36 Edg/139.0.3405.13\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://klelnanzeigen-deutch.billing342.today/receive/order/qT5KOjjv1Jc?r=0x15\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Mon, 05 Jan 2026 05:57:30 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rhzvMyt3owCUEK%2B%2B4WRib%2FMFZzk%2BGIRbS8Nx%2FLBsMl%2BWVOzwUmXdDlr8THZeS928QVWTJR3fq5rkcGuZgseJrepkQRQa83oQ8sy1LhNX84sgIb4W%2FY%2FobzX1%2F%2FVoPs372Los\"}]}\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 9b90bd142f680b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":548,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"370e16c3b7dba286cff055f93b9a94d8","sha1":"65f3537c3c798f7da146c55aef536f7b5d0cb943","sha256":"d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090","sha512":"75cd6a0ac7d6081d35140abbea018d1a2608dd936e2e21f61bf69e063f6fa16dd31c62392f5703d7a7c828ee3d4ecc838e73bff029a98ced8986acb5c8364966","ssdeep":"","tlshash":"02f0909f5f12287f2e238571f4c35169cf680a57fb9925e28748011f7aca04549f1fad","first_seen":"2023-03-08T16:42:13Z","last_seen":"2026-04-04T03:26:22.685258Z","times_seen":16115,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"klelnanzeigen-deutch.billing342.today","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}