{"report_id":"cd445131-90a8-49d9-8973-873157d7caf5","version":0,"status":"done","tags":["phishing"],"date":"2026-06-10T12:46:00Z","url":{"schema":"http","addr":"karnevalkleider.de/mlsgents","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"title":"Authentication","dom":{"size":33142,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (13018)","md5":"48b94f5fd406b37ea0f207418fc08b16","sha1":"25b081b385b8ef9c23bb75c0760b34de092b3dcb","sha256":"557894995854885efda967c80d9b617a5be030e5bd7c9775d83a591b23fc4037","sha512":"c4c49278ad5110926208eb6aa397c82badfc6f60915fd64bc09b5c06ec78fd4acc166c2862574a2a6a66297224b31f564d4a36ef4e2b9ba300f1bc7fb1721b39","ssdeep":"384:KntFzBYJfJY3Q63ywJhJIkVVnki9jh8tnKK/1/3xiJzi22iYXiX63yA:KntHMAQ6wLjtnt/4JW2HYSX6r","tlshash":"8ee29118b9f637354e2350ba65b7c9053b7a75471504c814beac8bd4cf84b49faa2ec8","dom_hash":"domhash8576f1adf7f9fa024c992241c13aba68","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-15T12:46:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]},"summary":[{"fqdn":"karnevalkleider.de","ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-04T09:29:46.725558Z","last_seen":"2026-06-04T09:29:46.725558Z","alert_count":24,"request_count":12,"received_data":800259,"sent_data":5164,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.1.155","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-06-07T23:49:17.429937Z","alert_count":0,"request_count":1,"received_data":88176,"sent_data":467,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2026-06-08T07:31:13.685477Z","alert_count":0,"request_count":1,"received_data":86562,"sent_data":488,"comment":"","tags":null,"fingerprints":null},{"fqdn":"stackpath.bootstrapcdn.com","ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":21970,"first_seen":"2018-04-05T04:41:29Z","last_seen":"2026-06-08T08:44:09.646547Z","alert_count":0,"request_count":1,"received_data":51948,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.7.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.1.155","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87533,"data":"","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-06-13T17:29:05.24448Z","times_seen":168607,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"004bd6f005004eac7cc8dfc2349f9ac0","sha1":"da4c7d9c8a078842851644363c2409ffc7d2898c","sha256":"eaba827beff6316cc56287b6cbff886c568a00f69550ca263c0cd42aef438a75","sha512":"d88e58bb5e431c9465555552b0c992add57e1d40458bbc516e924e83461e14f855a79e70d7492a53317bd258fcd1767008547361e0fedb459e04867696f10f72","ssdeep":"192:xkVVi0ha7YWRwagjh8HOanKK/1/Py2KwDliP0Sdtzi22iWgVES0iN:xkVVnki9jh8tnKK/1/3xiJzi22iYXiN","tlshash":"f262951cbda936354f0750ba24b3c5953a6e798715018815bedc8ea4cbc0f49eba2fd8","size":15746,"data":"","first_seen":"2026-06-07T22:53:33.702477Z","last_seen":"2026-06-13T01:05:40.351219Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"c07e58ff9544d5e874400420f707d1ad","sha1":"850c1d660a92460fb5c7ade14ece9e19222ce563","sha256":"72e02a772bc34adddf4fe050d217d0063274553b933aeaf7fe318bf5ce3bdf25","sha512":"ec6dd14c0f7e8db1ec195b44c4ffa629cd22cc0e520abb81bdfe5027eb818bb0f9818d4fb54dd19ce2e77be69b1b01505c7142758cb77e1c66faf8a1d46d1e1d","ssdeep":"","tlshash":"1351bc08b2f72ba14d3b60f6577bd4097bba058b1009d915bead4bc48f14722f791ec9","size":2865,"data":"","first_seen":"2025-05-12T12:23:32.474231Z","last_seen":"2026-06-13T01:05:40.351893Z","times_seen":261,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/assets/bootstrap/js/bootstrap.min.js","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2f2ef0051cf284637b29bb4678c1b81","sha1":"1a18643241dea9ac7c190029ea6d8efbd73e5f84","sha256":"66af34efad8ad6be518c955fb42163a9f1178a2f51b6b16e7864a46973b04349","sha512":"bb64a1f3989866a47001e1b4601dbfb448c4454bbc817ba98c59cd94cc97f0c139baf6af0a16bb9f23e9872a3b6149ee555dce23ee3254264151c8a551122306","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU17X:VwXza3YCl45wZODZTbYRX","tlshash":"0d73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","size":80615,"data":"","first_seen":"2023-10-25T02:34:36Z","last_seen":"2026-06-13T01:05:40.349909Z","times_seen":492,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js","fqdn":"stackpath.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"67176c242e1bdc20603c878dee836df3","sha1":"27a71b00383d61ef3c489326b3564d698fc1227c","sha256":"56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4","sha512":"9fa75814e1b9f7db38fe61a503a13e60b82d83db8f4ce30351bd08a6b48c0d854baf472d891af23c443c8293380c2325c7b3361b708af9971aa0ea09a25cdd0a","ssdeep":"768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+","tlshash":"3533b649725078b201df9176913f460bb736788ea907816cb95d98ed2e7cd89322bf3c","size":51039,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-06-13T16:25:18.678886Z","times_seen":124484,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-13T17:29:09.134673Z","times_seen":284510,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/assets/css/styles.css","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:39.824Z","timestamp":1781095539824,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents/assets/css/styles.css HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/mlsgents/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:39 GMT\r\nContent-Type: text/css\r\nLast-Modified: Sat, 25 Jan 2025 12:55:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6794df52-5a4\"\r\nExpires: Thu, 11 Jun 2026 00:45:39 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1444,"size_decoded":997,"mime_type":"text/css","magic":"ASCII text","md5":"138e060710459d4aed2314de379ff4fb","sha1":"8dd990c9d5da66602fd5e6560a845abe6ccb346d","sha256":"c447e75f1029ed7a5882add16bcd13ad44be3bd47c93c830ff39185e23d25ebb","sha512":"ad3de301ba2000fa7a1860d54c4b3422546554e9ef400dd6f2ff35bb8aaad438a28e2b22d35d6c844bb021e9d58a1540903642b8fb3c2b643ca67f23e2861637","ssdeep":"","tlshash":"02317c9416f42b105e1bc00014f5eb0272afc1c2c45dfdac29fa525c5e8e147aae2ffa","first_seen":"2024-06-14T10:34:31Z","last_seen":"2026-06-13T01:05:40.343155Z","times_seen":276,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":16,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/assets/img/lg.svg","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:39.831Z","timestamp":1781095539831,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents/assets/img/lg.svg HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/mlsgents/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:39 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Tue, 08 Jul 2025 11:12:18 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"686cfd12-1163\"\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4451,"size_decoded":2226,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d75d75d4855ad50f723024b27fff4968","sha1":"ac95e5b1bbeef39ad869894e65d9b6bc1a147cd6","sha256":"cd231b895bbcd7154b81df1e065bf02f1ec667b920c8b6d23308cd509833b5ea","sha512":"b8d8a600c536a41fa284daf8ac79b80c0a1b05dc300b4e93ef877ee84a0309104e21cc862926f9c4baafe8dda2fbadbd261c50cfdf5786c1dc41cf787631e42f","ssdeep":"96:JRXLeH4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm3:SYoSBjlevudl9nE","tlshash":"4891537b5318c7d6d59c934c2e993b4d2330a5c6b2f20680bb9b1891af085f7b279f54","first_seen":"2025-05-12T12:23:32.444407Z","last_seen":"2026-06-11T13:10:18.425592Z","times_seen":194,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":15,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T12:45:37.777Z","timestamp":1781095537777,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents/ HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:37 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nCache-Control: no-cache, must-revalidate\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18458,"size_decoded":5010,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (13018), with CRLF line terminators","md5":"48e894b00bd8a52f0dc901f9b5634eef","sha1":"5fcc10a338c7e9cac91b91c6bf233d6fa8894b76","sha256":"27002736e21f87cf58511cd54b16ad319f29fe5607c9983d5419a3054233d287","sha512":"fd621528fa5f75c759d43828c03e59d854958666f8c28de3fd04e5a6c512e40f3ac8845693639fa2d98e6b682e6115aabe81ffa1225f6bd67bdcde5a73aeffd1","ssdeep":"384:WgFcBa7kVVnki9jh8tnKK/1/eEiwzi6dilim:Wx+LjtntG5wW6MUm","tlshash":"5c82a619b8a836354f3350ba68b3c555be6e794716018405bedc8e94cfe0e48ea93fd8","first_seen":"2026-06-10T12:46:01.681993Z","last_seen":"2026-06-10T12:46:01.681993Z","times_seen":1,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/assets/bootstrap/css/bootstrap.min.css","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:39.819Z","timestamp":1781095539819,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents/assets/bootstrap/css/bootstrap.min.css HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/mlsgents/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:39 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 15 May 2024 01:59:22 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"664416fa-38dc7\"\r\nExpires: Thu, 11 Jun 2026 00:45:39 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232903,"size_decoded":32326,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"308c077484b2e83ee2beea329dde81e1","sha1":"0c731e2cfcc3f28985482a1683c3f2c35bf3c403","sha256":"3b4b080b4438819e21e302be4b5a4c02b6316da27495604c610f25d3c165225e","sha512":"78b69e4914e73d4daf9e1c07bfdb85c98e52d295242c6bafdfb021aa9813bcd25d410a9e00fa98f8feee3be54684bc2487b6a5a51c46ce9e4d0ffb3820138dec","ssdeep":"1536:m9YnIWbn98fhRfvO5wlP7Qy9P3CV98IsYRElV6V6pz600I41K:pnIw98fsV986I6V6pz600I41K","tlshash":"833482d6f590317d9ca7c1499681fefd8a6fa985cb1209a6f003776807cabd30962dcc","first_seen":"2023-11-23T14:40:25Z","last_seen":"2026-06-13T01:05:40.342483Z","times_seen":472,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.7.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.1.155","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:37.927Z","timestamp":1781095537927,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 20 May 2026 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DE:F8:0F:C4:8F:BC:F5:01:B1:66:91:CC:15:DC:D8:6E:5D:2F:45:4E","sha256":"05:8E:2E:14:85:E2:41:28:F5:18:A4:37:49:31:2B:0E:24:53:64:3F:02:15:BE:63:EF:F4:B8:53:5A:8B:6D:29"}}},"request":{"raw":"GET /jquery-3.7.1.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: http://karnevalkleider.de\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-155ed\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Wed, 10 Jun 2026 12:45:37 GMT\r\nage: 1814174\r\nx-served-by: cache-lga21978-LGA, cache-bma-essb1270023-BMA\r\nx-cache: HIT, HIT\r\nx-cache-hits: 582829, 286166\r\nx-timer: S1781095538.964200,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30336\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":87533,"size_decoded":30979,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-06-13T17:29:05.24448Z","times_seen":168607,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":3,"connect":9,"send":0,"wait":10,"receive":3,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/assets/images/ani.gif","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:37.936Z","timestamp":1781095537936,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents/assets/images/ani.gif HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/mlsgents/\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:37 GMT\r\nContent-Type: image/gif\r\nLast-Modified: Tue, 08 Jul 2025 11:05:24 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"686cfb74-402e4\"\r\nExpires: Fri, 10 Jul 2026 12:45:37 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":262884,"size_decoded":231798,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 360","md5":"ff6456932b86ce8ae5a9cb5157f8b7a0","sha1":"231c6687feb05cb30ce733c0c12960d197355b3a","sha256":"9d1a1a5e3b5e5de8a6c76ded7a01fa01709d426232b0048c9ee6ba0c5c1b8b42","sha512":"4f942cecb7e19993ab63e2997d1212a489c3b1a421ab6d62f450d0b0cf5c81ec13fd0d70e4a3fcc872b3c7fa73138a5af21e09c29dbef9a0297b08ea6e8c58a4","ssdeep":"6144:gLAa/D/PN4yKuOCcmGWT8Gr4Hlh8/PkM2nFJesQvwbdFczjntQ5NJt:m/D/PNlKu/cmGxX8/PkxCsFUIn","tlshash":"034402b1e1b93451db25123035f2aa224d429098d9f3e4be63e07ec2bb4bf31e7d45a5","first_seen":"2025-05-12T12:23:32.464185Z","last_seen":"2026-06-11T13:10:18.426612Z","times_seen":198,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"karnevalkleider.de/favicon.ico","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:38.162Z","timestamp":1781095538162,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/mlsgents/\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:38 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6a1ca03d-e3b8\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58296,"size_decoded":44159,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (56756)","md5":"cbb42513032d6c09e496731ac16c20a9","sha1":"c92f38a701aad58408451d24dd4c47b05f158cf0","sha256":"d189695b2f3bb92369881f2428fa861dca9d9a94c638d9bdc4e2fa747d6f315b","sha512":"3d76f1018afceaba7cbb4083f4a5b5758966ec2aa5d5c6b07d72361782809f7ed4bd34ed9e0c4154d01a2db7192155de8251e5a834dd90b8d9823d916e1b7285","ssdeep":"768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM","tlshash":"8443021803de40a2cd8978d9426f2f3d842a1863da1c94bd1f5b6df4ca0d8a4767f1e9","first_seen":"2024-11-25T13:26:01.204756Z","last_seen":"2026-06-13T16:51:35.82483Z","times_seen":12283,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:39.806Z","timestamp":1781095539806,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 18:37:22 GMT","end":"Mon, 10 Aug 2026 18:37:21 GMT"},"fingerprint":{"sha1":"09:D4:FC:2F:81:37:26:42:91:15:6F:27:1B:72:A7:D2:1A:FC:31:72","sha256":"E9:45:95:A3:A1:F2:6E:F0:08:73:C1:35:32:67:E6:72:BB:89:C7:27:C0:8F:D7:48:6F:0A:88:7E:8B:00:2F:B9"}}},"request":{"raw":"GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30028\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 04 Jun 2026 02:18:53 GMT\r\nexpires: Fri, 04 Jun 2027 02:18:53 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 556006\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":85578,"size_decoded":31012,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-13T17:29:09.134673Z","times_seen":284510,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":4,"connect":15,"send":0,"wait":16,"receive":17,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js","fqdn":"stackpath.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:39.809Z","timestamp":1781095539809,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 03 May 2026 06:14:57 GMT","end":"Sat, 01 Aug 2026 07:14:54 GMT"},"fingerprint":{"sha1":"87:39:8B:D4:F5:C1:CE:D2:17:B0:DA:A6:93:21:38:E7:CA:4B:7E:2A","sha256":"22:95:0A:F1:20:E2:D1:60:17:3F:96:BF:26:3A:90:BA:38:84:38:04:30:52:7D:AE:EA:74:8D:58:1E:F7:C7:0B"}}},"request":{"raw":"GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1\r\nHost: stackpath.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 10 Jun 2026 12:45:39 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\ncdn-pullzone: 252412\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"67176c242e1bdc20603c878dee836df3\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:06 GMT\r\ncdn-cachedat: 08/01/2025 15:36:25\r\ncdn-proxyver: 1.33\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1078\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: a78b5a25cfaf2df533c60a6d4fa388d4\r\ncdn-cache: HIT\r\nage: 2196273\r\ncf-cache-status: HIT\r\ncf-ray: a0987973e88d56c3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":51039,"size_decoded":15401,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (50758)","md5":"67176c242e1bdc20603c878dee836df3","sha1":"27a71b00383d61ef3c489326b3564d698fc1227c","sha256":"56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4","sha512":"9fa75814e1b9f7db38fe61a503a13e60b82d83db8f4ce30351bd08a6b48c0d854baf472d891af23c443c8293380c2325c7b3361b708af9971aa0ea09a25cdd0a","ssdeep":"768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+","tlshash":"3533b649725078b201df9176913f460bb736788ea907816cb95d98ed2e7cd89322bf3c","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-06-13T16:25:18.678886Z","times_seen":124484,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":2,"connect":1,"send":0,"wait":7,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/assets/css/res.css","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:39.822Z","timestamp":1781095539822,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents/assets/css/res.css HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/mlsgents/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:39 GMT\r\nContent-Type: text/css\r\nContent-Length: 321\r\nLast-Modified: Thu, 16 May 2024 11:59:56 GMT\r\nConnection: keep-alive\r\nETag: \"6645f53c-141\"\r\nExpires: Thu, 11 Jun 2026 00:45:39 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":321,"size_decoded":834,"mime_type":"text/css","magic":"ASCII text","md5":"e547507fda670080c7a67b6228697146","sha1":"a94623ce6306b9c7d521356e4c87bcaa9526d7e5","sha256":"b6298e801f433042494b3fa258697a193def98fdb6b47f625a7febcb50d33918","sha512":"369e14803ce6c1cc786fbfa2b5154946190e26b39ce2caa206dbaa02ffe2ff2bf57c9cb8e41e88e9f5e39c509ecc83ce99ee2b8cf402836813c3acfdc7c24d36","ssdeep":"","tlshash":"2be0ec53e9e1488e7057511842ff72bc3bed9486170eafe5241877b4eb4b7e205214c0","first_seen":"2024-06-14T10:34:31Z","last_seen":"2026-06-13T01:05:40.345917Z","times_seen":307,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"karnevalkleider.de/mlsgents","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T12:45:35.214Z","timestamp":1781095535214,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T12:45:37.699Z","timestamp":1781095537699,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:37 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nLocation: http://karnevalkleider.de/mlsgents/\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":37,"connect":11,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/assets/img/bg.png","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:37.939Z","timestamp":1781095537939,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents/assets/img/bg.png HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/mlsgents/\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:37 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 08 Jul 2025 11:12:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"686cfd06-20c87\"\r\nExpires: Fri, 10 Jul 2026 12:45:37 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":134279,"size_decoded":130818,"mime_type":"image/png","magic":"PNG image data, 1351 x 670, 8-bit/color RGBA, non-interlaced","md5":"7eca29c737b45ee2374096a94a8b0bd7","sha1":"c7bf512fa3f7b3ea8fd34870701f6ade749af89f","sha256":"ab8d4a6ca1142948559da99731a5560550b68aa101a92dd28c0ee51888bf73a0","sha512":"ed03adcf07e82153f0dd4aa10d6464652217ab04795017c454ddcc110f208cf970afa794a08205294c10f579d4628d97dc573c47c59cbfc2049b3f17124341cb","ssdeep":"3072:zAVNFTqrCzewEQmo2b9NoZG80XINCH8D+:sthz492ExIN0g+","tlshash":"efd3021e82b5d5577dcfd22a6c8496cc8f3a602bf5227c3c6174ba145d22c3a11863bf","first_seen":"2025-05-12T12:23:32.447864Z","last_seen":"2026-06-11T13:10:18.430641Z","times_seen":181,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":10,"send":0,"wait":12,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/assets/bootstrap/js/bootstrap.min.js","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:39.803Z","timestamp":1781095539803,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents/assets/bootstrap/js/bootstrap.min.js HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/mlsgents/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:39 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 15 May 2024 01:59:22 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"664416fa-13ae7\"\r\nExpires: Thu, 11 Jun 2026 00:45:39 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80615,"size_decoded":24504,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"d2f2ef0051cf284637b29bb4678c1b81","sha1":"1a18643241dea9ac7c190029ea6d8efbd73e5f84","sha256":"66af34efad8ad6be518c955fb42163a9f1178a2f51b6b16e7864a46973b04349","sha512":"bb64a1f3989866a47001e1b4601dbfb448c4454bbc817ba98c59cd94cc97f0c139baf6af0a16bb9f23e9872a3b6149ee555dce23ee3254264151c8a551122306","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU17X:VwXza3YCl45wZODZTbYRX","tlshash":"0d73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","first_seen":"2023-10-25T02:34:36Z","last_seen":"2026-06-13T01:05:40.349909Z","times_seen":492,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"karnevalkleider.de/mlsgents/assets/img/barr.svg","fqdn":"karnevalkleider.de","domain":"karnevalkleider.de","tld":"de"},"ip":{"addr":"9.205.104.168","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://karnevalkleider.de/mlsgents/","date":"2026-06-10T12:45:39.832Z","timestamp":1781095539832,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /mlsgents/assets/img/barr.svg HTTP/1.1\r\nHost: karnevalkleider.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://karnevalkleider.de/mlsgents/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Jun 2026 12:45:39 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Tue, 08 Jul 2025 11:12:00 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"686cfd00-4a1\"\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1185,"size_decoded":1017,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"afc84a0981462fa479bcfb50f3b2cd4b","sha1":"c13bf8f5b7f607c053a16d3830b1d7652c85ca04","sha256":"949895df17148c5ea29f190d2619a14b3ec648425b9cc3c5a1423553c16f3898","sha512":"a979da195befd6088cb2ef3bb999554b76fdc42d04efb679da375264caae8f6936a9f07205099601f54fd9fb5c0416dd3af4c334283e096765e0490759e73f51","ssdeep":"","tlshash":"5c21e18ad189ee9899acc1547ef8dd15420070e3d78e041578fd0514ef97282f349bec","first_seen":"2025-05-12T12:23:32.460258Z","last_seen":"2026-06-11T13:10:18.428832Z","times_seen":194,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":15,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"karnevalkleider.de","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}}]}