{"report_id":"b0bc096d-b769-48fa-aa83-07a9d3231cc5","version":6,"status":"done","tags":[],"date":"2026-01-03T18:16:47Z","url":{"schema":"http","addr":"vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.47.169","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"title":"Anmeldung zum Digital Banking - Commerzbank","dom":{"size":1659255,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (63184)","md5":"bf089ad319b365f8e8935f5a841d1b79","sha1":"11343c5f4104a2623a8a0419f8ee4ecbc388d1f8","sha256":"3bd07e6d8c4e199e57bae29b04b3a6458f5765dfa15102fe477bc2df95260598","sha512":"f1204050014f0cf22f128196476ab47d105c6c9f7d7ad2567a0e19062775c316972f96d6f64558909802c6540744865f5c9d0a71e23cc852f939cd5d65a10a2f","ssdeep":"6144:pGR4W4r/rywKVVViywtVVVGJkkBoJ1SJywyVVVXywzVVViJkZBPJ1SJywyVVVXyf:nr/zJ13J1I","tlshash":"2775bf4024cd27e394f766793949d838030c7b11ff19da7aedaa84d24fd32f9a687a50","dom_hash":"domhashe165f5afd1b2165d44b6f19a4610aee9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.47.169","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-07T18:16:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"tq2tmylv9quqkoe"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"vrmirror.pages.dev","ip":{"addr":"172.66.44.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-09-02","domain_rank":0,"first_seen":"2025-12-05T03:27:54.339775Z","last_seen":"2025-12-30T07:36:57.51489Z","alert_count":27,"request_count":9,"received_data":5134761,"sent_data":4864,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"vrmirror.pages.dev/portal/media/system/mobil/images/apple-touch-icon-152x152_A.png","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","date":"2026-01-03T18:16:21.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrmirror.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 02:56:33 GMT","end":"Tue, 03 Mar 2026 03:52:59 GMT"},"fingerprint":{"sha1":"C6:97:EF:EB:E5:0E:BB:B5:98:D1:D5:DA:9F:E8:B7:48:55:3C:C2:07","sha256":"BF:3C:FC:FB:02:89:2C:18:0E:E1:4A:41:C3:0C:DC:99:C4:29:C2:8B:C0:08:7B:64:CB:8B:C0:F2:3F:D0:74:DB"}}},"request":{"raw":"GET /portal/media/system/mobil/images/apple-touch-icon-152x152_A.png HTTP/1.1\r\nHost: vrmirror.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 18:16:21 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3Bs3BsAFBJH5qMgj2ZXRQp%2BlCGmoC7Q1bCWHY5BRZOhGfcZu%2B6de3rvxe5DlG7EDmj0fgqoj%2B2v617ygaOv038Z%2BLLkWYIphVsVJ9M8EdVpK5Q%3D%3D\"}]}\r\netag: W/\"02cfff41709e65963b27ade342df9e73\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b847c9e2f588be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1658266,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (63169)","md5":"b1849f0a6b152acf81d7e617ae0fb9d6","sha1":"1409fc1725e23ffe71f83cc6bb2a7c2486f00155","sha256":"0f8fbb5c739c178d50d061d4844f4a5d2410cda18d92d220ce74b53131670826","sha512":"1597ee5e4b75f2047e8613057646525daaefe037cbde619b34092656129f00722709d14026a7df96affffcc988f342cc1e726b8fd6503f88128d9271aa658368","ssdeep":"6144:B+R4W4r/rywKVVViywtVVVGJkkBoJ1SJywyVVVXywzVVVZ:Dr/zJ1J","tlshash":"db25a0502888279794f76679394dd438030c7a11ff19da7afdaa84d24fd32fea6c7a40","first_seen":"2025-12-05T03:27:57.432043Z","last_seen":"2026-04-04T08:43:47.542778Z","times_seen":45,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T18:16:21.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrmirror.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 02:56:33 GMT","end":"Tue, 03 Mar 2026 03:52:59 GMT"},"fingerprint":{"sha1":"C6:97:EF:EB:E5:0E:BB:B5:98:D1:D5:DA:9F:E8:B7:48:55:3C:C2:07","sha256":"BF:3C:FC:FB:02:89:2C:18:0E:E1:4A:41:C3:0C:DC:99:C4:29:C2:8B:C0:08:7B:64:CB:8B:C0:F2:3F:D0:74:DB"}}},"request":{"raw":"GET /service/wie-kann-ich-phototan-aktivieren HTTP/1.1\r\nHost: vrmirror.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 18:16:21 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y155j%2FbTltgONoSHivHk66HbBiLCr%2FQYawZgs0sEJMJc5bme%2FAx8%2FglScynIgmJc4qxOPAaqWdcfo07vTD7vxNBMM73DbPtNx57KVLf%2B7e9bnQ%3D%3D\"}]}\r\netag: W/\"02cfff41709e65963b27ade342df9e73\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b847c9c3a318be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1658266,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (63169)","md5":"b1849f0a6b152acf81d7e617ae0fb9d6","sha1":"1409fc1725e23ffe71f83cc6bb2a7c2486f00155","sha256":"0f8fbb5c739c178d50d061d4844f4a5d2410cda18d92d220ce74b53131670826","sha512":"1597ee5e4b75f2047e8613057646525daaefe037cbde619b34092656129f00722709d14026a7df96affffcc988f342cc1e726b8fd6503f88128d9271aa658368","ssdeep":"6144:B+R4W4r/rywKVVViywtVVVGJkkBoJ1SJywyVVVXywzVVVZ:Dr/zJ1J","tlshash":"db25a0502888279794f76679394dd438030c7a11ff19da7afdaa84d24fd32fea6c7a40","first_seen":"2025-12-05T03:27:57.432043Z","last_seen":"2026-04-04T08:43:47.542778Z","times_seen":45,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":11,"dns":0,"connect":1,"send":0,"wait":114,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vrmirror.pages.dev/portal/media/system/47.246.9/css/header.css","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","date":"2026-01-03T18:16:21.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrmirror.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 02:56:33 GMT","end":"Tue, 03 Mar 2026 03:52:59 GMT"},"fingerprint":{"sha1":"C6:97:EF:EB:E5:0E:BB:B5:98:D1:D5:DA:9F:E8:B7:48:55:3C:C2:07","sha256":"BF:3C:FC:FB:02:89:2C:18:0E:E1:4A:41:C3:0C:DC:99:C4:29:C2:8B:C0:08:7B:64:CB:8B:C0:F2:3F:D0:74:DB"}}},"request":{"raw":"GET /portal/media/system/47.246.9/css/header.css HTTP/1.1\r\nHost: vrmirror.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 18:16:21 GMT\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f2XiNYEkUxghP8Y3pB9KOgb9EYm9i4VHnju%2BnHMlHvi26QtScH9BMPzqRPfAWSYttsQ%2F%2Bkj7NhS1I%2BQ9ro3T4HNmoTaqSu%2FDhCuyf%2BtPZhmmgQ%3D%3D\"}]}\r\netag: W/\"2f16545265ec6291dfaeff3a30a0d3f4\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b847c9d8d788be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20010,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (527), with CRLF line terminators","md5":"aa2f21792a8de8532bbb9642716c8661","sha1":"aa9cc273b6606e8365feb0023e141779cb3690b5","sha256":"10e87e34712f80c9527d1f45b8889dedf529c6d7dc2131cf7378d65b215aff3b","sha512":"0379c94fb296ec30c3a031a429a97abfcecdf53a631ac21b60f66be285ad487779dfbb06de461db98f0889f4865beeab74452d9ed806e914826975233adb3b07","ssdeep":"192:8mc7rlR5mu42OE2pEKIM+VyRDoMi2kvc6LFItVqFIWIWdW7WqWwAR1Jf:8mYlREDWMg0LtbWIWdW7WqWN1Jf","tlshash":"6f92896bc22161caa13e4bb3d36d4d61ae9c069ce549c276fdd2801f93c5ceec821b5d","first_seen":"2025-05-26T12:13:04.753671Z","last_seen":"2026-04-04T08:43:47.550163Z","times_seen":54,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vrmirror.pages.dev/includes/media/4fcee289f5/300,169,0,0,true,svg/5VFv9YH576Kx5VKAUYiOiC/dd968bece16636b298a09c406e980333/CB-2022-Logo_centered_RGB_negative.svg","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","date":"2026-01-03T18:16:21.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrmirror.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 02:56:33 GMT","end":"Tue, 03 Mar 2026 03:52:59 GMT"},"fingerprint":{"sha1":"C6:97:EF:EB:E5:0E:BB:B5:98:D1:D5:DA:9F:E8:B7:48:55:3C:C2:07","sha256":"BF:3C:FC:FB:02:89:2C:18:0E:E1:4A:41:C3:0C:DC:99:C4:29:C2:8B:C0:08:7B:64:CB:8B:C0:F2:3F:D0:74:DB"}}},"request":{"raw":"GET /includes/media/4fcee289f5/300,169,0,0,true,svg/5VFv9YH576Kx5VKAUYiOiC/dd968bece16636b298a09c406e980333/CB-2022-Logo_centered_RGB_negative.svg HTTP/1.1\r\nHost: vrmirror.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 18:16:21 GMT\r\ncontent-type: image/svg+xml\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4WNIbavqRZV8sEaAj2aJdrCdhebtmH9scXMxD9j9eQNUhRIXlT9qp21UcLGwPSkbSV0VdnMkMgBZnRCgy%2FlSAMAIP6xI%2BYyheqtALop8hCAkdw%3D%3D\"}]}\r\netag: W/\"62ca7a0474310084708da060f9ac00e3\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b847c9d8d7d8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7808,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6b9ae4c4e0afee862008bb69cadd47e8","sha1":"e5583f2bcf5cdafd49aabe3e9837aea405d258c4","sha256":"0db3f03c1a28aa0a709945e869f2ce80546982ff0c91cc1e9c01303b315093c7","sha512":"f572e315ba5ed12e7dccbda3ec06a7ac89770f8b7c4178c3480832f7981a24c26d5892b7a8ba6f7bf050af04dc216f85dcebd4cfcd56f9d64fc5abfff968eee2","ssdeep":"96:cbj4QWNzW2BeTwycIo0jRl8Vi3At8RAUHuYxtITvfmb6iS0TJtTVb8LXc4AsCRoT:cjPVo0jkV+FRA6uYxtEiS0TnT0c4MoT","tlshash":"ddf130cd4379e7b2a084fa3ed40220457a5948f33eb0c260ea6edf5a5f5d589141aee2","first_seen":"2023-05-10T11:35:45Z","last_seen":"2026-04-04T08:43:47.545511Z","times_seen":66,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vrmirror.pages.dev/portal/media/system/fonts/Gotham-500-Medium.woff2","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","date":"2026-01-03T18:16:21.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrmirror.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 02:56:33 GMT","end":"Tue, 03 Mar 2026 03:52:59 GMT"},"fingerprint":{"sha1":"C6:97:EF:EB:E5:0E:BB:B5:98:D1:D5:DA:9F:E8:B7:48:55:3C:C2:07","sha256":"BF:3C:FC:FB:02:89:2C:18:0E:E1:4A:41:C3:0C:DC:99:C4:29:C2:8B:C0:08:7B:64:CB:8B:C0:F2:3F:D0:74:DB"}}},"request":{"raw":"GET /portal/media/system/fonts/Gotham-500-Medium.woff2 HTTP/1.1\r\nHost: vrmirror.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://vrmirror.pages.dev/portal/media/system/47.246.9/css/prerendered.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 18:16:21 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 41488\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\netag: \"fb1927b409c2d7630bae71265f0ce036\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9E9lF1ZzWv6mVigKEIJ3gVR%2Ff2pop2bQRsTCD1omQFIvltZdu7CtYM0SoQrr%2FgmSfos7rJmVjOpG6UTLpqpkms6GRulvgUB4T0IzoPkKxWzAnw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9b847c9e0ef98be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41488,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 41488, version 3.19726","md5":"68ce85d44fef05344ea74f94f3e6b472","sha1":"3a380914e04ef35820bbe619e1f902d4b250a997","sha256":"ba17f8257b1f710aa0e7136f4bd4b91a9a7db4f9cac2c409caf8708a64787303","sha512":"ff213babdf48ac24b85053181efd7fe5013b8af7dd9c7d8ad8475082db563f41782bc917961d46b782094fe01eaa3b5799bd340ae1a601fd609df19b6ae1f60f","ssdeep":"768:GDuHbmD3ZxCJt8vX6+vWwXVBUFSKQ05L1c34rIZTvxZRDM9d2Vn7Egwb0oP:GoarZxCJto6qXVCFS+RrIxvxZRY9d2W9","tlshash":"2f13f1ae59638030ad6f9c1f47b574ad0345e862df5cfc65bf4208a369f450617b0d9c","first_seen":"2023-04-06T18:48:56Z","last_seen":"2026-04-04T08:43:47.546807Z","times_seen":899,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vrmirror.pages.dev/portal/media/system/fonts/Gotham-400-Book.woff2","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","date":"2026-01-03T18:16:21.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrmirror.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 02:56:33 GMT","end":"Tue, 03 Mar 2026 03:52:59 GMT"},"fingerprint":{"sha1":"C6:97:EF:EB:E5:0E:BB:B5:98:D1:D5:DA:9F:E8:B7:48:55:3C:C2:07","sha256":"BF:3C:FC:FB:02:89:2C:18:0E:E1:4A:41:C3:0C:DC:99:C4:29:C2:8B:C0:08:7B:64:CB:8B:C0:F2:3F:D0:74:DB"}}},"request":{"raw":"GET /portal/media/system/fonts/Gotham-400-Book.woff2 HTTP/1.1\r\nHost: vrmirror.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://vrmirror.pages.dev/portal/media/system/47.246.9/css/prerendered.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 18:16:21 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 41728\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\netag: \"3206c281a991dd357e97d8e82c239d74\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wZOI9xTEI0FEd3OxQk%2F3gJEFm5YJM%2FShpPKBaROI5e%2F6aP6nZQeyhsSb%2BEq2Ef%2BS7Dt6PxeOk6Dfi5JqOXfVNhOpcOv4FsVRO94hOxp5KDfinA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9b847c9e1f048be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41728,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 41728, version 3.19726","md5":"d838b98f75e3cb9574f9b8b796eb1e8f","sha1":"fcdf131af872ce9ecda9a437cdf67d23c5940d97","sha256":"3f51250e2d3ef478f59bc89cb67681b5ed423f8f8dc22062fb49e101e5032a2e","sha512":"b9a5cb0b79a3cc3d36cb024499b50fbc9832052108bf68952939cb752c7419a5db73d9dc57642d4a01c5c3b576e8c9f2e4010674208ec577ab809f9ee371a5dc","ssdeep":"768:Xa5GO9xigWhvCgoEhnnTNsLRd/ToK+gIDJJaRYq4vWmTet+C:XxOKVaQhnRW3oK+gIlJaRYqSWmPC","tlshash":"a813f1220c6cef5d9a4d22a9b7597ac6d55f7e3d08aac1c122e2a09f913307bd00b57d","first_seen":"2023-04-06T18:48:56Z","last_seen":"2026-04-04T08:43:47.547875Z","times_seen":949,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vrmirror.pages.dev/ms/media/favicons/favicon.ico","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","date":"2026-01-03T18:16:21.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrmirror.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 02:56:33 GMT","end":"Tue, 03 Mar 2026 03:52:59 GMT"},"fingerprint":{"sha1":"C6:97:EF:EB:E5:0E:BB:B5:98:D1:D5:DA:9F:E8:B7:48:55:3C:C2:07","sha256":"BF:3C:FC:FB:02:89:2C:18:0E:E1:4A:41:C3:0C:DC:99:C4:29:C2:8B:C0:08:7B:64:CB:8B:C0:F2:3F:D0:74:DB"}}},"request":{"raw":"GET /ms/media/favicons/favicon.ico HTTP/1.1\r\nHost: vrmirror.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 18:16:21 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sCFU%2Fo0n5vgkZIdhgiE10335oLdEov%2Fa2%2B%2F%2FUFMys%2BDjGvgID9sKJ%2FcSM9ev2ggnd1EH5Ozjuvh1G7aeqbcGLv5qsRTTAgeeaRBCXSxdXR6qeg%3D%3D\"}]}\r\netag: W/\"02cfff41709e65963b27ade342df9e73\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b847c9e2f5a8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1658266,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (63169)","md5":"b1849f0a6b152acf81d7e617ae0fb9d6","sha1":"1409fc1725e23ffe71f83cc6bb2a7c2486f00155","sha256":"0f8fbb5c739c178d50d061d4844f4a5d2410cda18d92d220ce74b53131670826","sha512":"1597ee5e4b75f2047e8613057646525daaefe037cbde619b34092656129f00722709d14026a7df96affffcc988f342cc1e726b8fd6503f88128d9271aa658368","ssdeep":"6144:B+R4W4r/rywKVVViywtVVVGJkkBoJ1SJywyVVVXywzVVVZ:Dr/zJ1J","tlshash":"db25a0502888279794f76679394dd438030c7a11ff19da7afdaa84d24fd32fea6c7a40","first_seen":"2025-12-05T03:27:57.432043Z","last_seen":"2026-04-04T08:43:47.542778Z","times_seen":45,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vrmirror.pages.dev/portal/media/system/47.246.9/css/prerendered.css","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","date":"2026-01-03T18:16:21.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrmirror.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 02:56:33 GMT","end":"Tue, 03 Mar 2026 03:52:59 GMT"},"fingerprint":{"sha1":"C6:97:EF:EB:E5:0E:BB:B5:98:D1:D5:DA:9F:E8:B7:48:55:3C:C2:07","sha256":"BF:3C:FC:FB:02:89:2C:18:0E:E1:4A:41:C3:0C:DC:99:C4:29:C2:8B:C0:08:7B:64:CB:8B:C0:F2:3F:D0:74:DB"}}},"request":{"raw":"GET /portal/media/system/47.246.9/css/prerendered.css HTTP/1.1\r\nHost: vrmirror.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 18:16:21 GMT\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nr0992T4kMM%2BfYbNCpi6hfen4nBtOmaThy21emmI6GM8pbTl7S3iD7jP3CmznHGtvA0YNmoEepI4S9sTvu5Kgn%2FrenUs6S%2BuZ1qUv47OXwOAAA%3D%3D\"}]}\r\netag: W/\"42dd92317b516d3faa6437321d522be0\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b847c9d8d7a8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2917,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (2917), with no line terminators","md5":"30da30809a822e036839f60f70933d6a","sha1":"67fdbc95c9b47017110f061fac5331e75137e6b4","sha256":"3cc069f11651564ca47fde98714f435ce56c848fa2d836407d674639d9cc3f1a","sha512":"21973cb73b7e6035b09fa0eecb06957e0472fe0b711bcf16f274fa876408afa4203d20e0ecafb8e706c14b5846d11f4c629eb04eb033b08bd9ef3df67a349d73","ssdeep":"","tlshash":"f75133324361f02ca8738823919a7c3936279437660f1b577729dd7eecae0a23255f5d","first_seen":"2025-06-26T15:26:15.012449Z","last_seen":"2026-04-04T08:43:47.551455Z","times_seen":53,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vrmirror.pages.dev/portal/media/system/fonts/Gotham-700-Bold.woff2","fqdn":"vrmirror.pages.dev","domain":"vrmirror.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://vrmirror.pages.dev/service/wie-kann-ich-phototan-aktivieren","date":"2026-01-03T18:16:21.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vrmirror.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 02:56:33 GMT","end":"Tue, 03 Mar 2026 03:52:59 GMT"},"fingerprint":{"sha1":"C6:97:EF:EB:E5:0E:BB:B5:98:D1:D5:DA:9F:E8:B7:48:55:3C:C2:07","sha256":"BF:3C:FC:FB:02:89:2C:18:0E:E1:4A:41:C3:0C:DC:99:C4:29:C2:8B:C0:08:7B:64:CB:8B:C0:F2:3F:D0:74:DB"}}},"request":{"raw":"GET /portal/media/system/fonts/Gotham-700-Bold.woff2 HTTP/1.1\r\nHost: vrmirror.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://vrmirror.pages.dev/portal/media/system/47.246.9/css/prerendered.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 18:16:21 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 39264\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\netag: \"d4db803e3eb413f960f7f100682a9cd9\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dJFh7Favsu%2FTlAQoVv4bM4rnvPdztQkeqiR5vJq8Ex4XcHaplixNudWktKnOKgH83yGLPR9V9GI%2BAr5UQvUzDcirnMGoowTR%2Fvu25ByROlwvMw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9b847c9e0eee8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39264,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 39264, version 3.19726","md5":"003e90cf8cb3f8b4bef30d6764da18ed","sha1":"512e44f40b54d0e5e081dda9fd5ea8a4429a508c","sha256":"319881caca6f5f0d1e8e24040579d93386008e39dee1045965124b86303143e1","sha512":"cfc48f671555841551e36445bb1e5fa3cd0232c853b24da0a7dafe5c251981a6ec4cb29ff4adf3ed612988249d8ba74246859683eb9302f7056bd92c88b85fa0","ssdeep":"768:PV7oXjYFCWB07dZORB0aJ8UqAZp+ZNhoagVgvCqYNvfSVLRo3nd:PBocFxq7f0x8UfZp+ZNCDmxYNvqVFo3d","tlshash":"1b03f12fd482a371c9cfcea5e9759506cb9079d1b02eb8374bd419cd7e25c8e91822b4","first_seen":"2023-04-06T18:48:56Z","last_seen":"2026-04-04T08:43:47.552676Z","times_seen":1003,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"vrmirror.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}