{"report_id":"d963344b-5c6a-4889-96dd-2ab6169b90ac","version":6,"status":"done","tags":["microsoft","phishing","tycoon","aitm"],"date":"2025-10-15T23:40:30Z","url":{"schema":"http","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"title":"​"},"submit":{"url":{"schema":"http","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-19T23:40:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"apartment.wosto.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"apartment.wosto.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]},"summary":[{"fqdn":"ipwhois.app","ip":{"addr":"185.93.2.245","port":443,"asn":60068,"as":"Datacamp Limited","country":"France","country_code":"FR"},"domain_registered":"2020-06-10","domain_rank":48917,"first_seen":"2020-06-10T18:52:00Z","last_seen":"2025-10-13T14:02:45.876825Z","alert_count":0,"request_count":1,"received_data":1282,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"apartment.wosto.info","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-15T23:40:35.48102Z","last_seen":"2025-10-15T23:40:35.48102Z","alert_count":3,"request_count":1,"received_data":576,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"queue.beryx.com.de","ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-15T23:40:35.475432Z","last_seen":"2025-10-15T23:40:35.475432Z","alert_count":65,"request_count":27,"received_data":3029851,"sent_data":33793,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ajax.aspnetcdn.com","ip":{"addr":"23.36.77.49","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2010-10-12","domain_rank":21241,"first_seen":"2012-05-24T13:35:31Z","last_seen":"2025-10-12T23:57:37.068239Z","alert_count":0,"request_count":1,"received_data":89984,"sent_data":441,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cloudmasonry.com","ip":{"addr":"192.124.249.161","port":443,"asn":30148,"as":"SUCURI-SEC","country":"United States","country_code":"US"},"domain_registered":"2016-09-11","domain_rank":7208019,"first_seen":"2020-02-05T07:48:53Z","last_seen":"2025-10-14T12:36:35.675158Z","alert_count":0,"request_count":2,"received_data":752,"sent_data":946,"comment":"","tags":null,"fingerprints":[{"name":"Sucuri","description":"Sucuri is a cybersecurity company that provides website security solutions and services.","website":"https://sucuri.net/","common_platform_enumeration":"","icon":"sucuri.svg","categories":["CDN","Security"]}]},{"fqdn":"addins.verityrms.com","ip":{"addr":"18.211.247.164","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2021-10-13","domain_rank":0,"first_seen":"2023-07-08T12:20:15Z","last_seen":"2025-10-14T12:36:35.697171Z","alert_count":0,"request_count":1,"received_data":5171,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.29.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"res-1.cdn.office.net","ip":{"addr":"23.36.76.120","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"1994-11-14","domain_rank":990,"first_seen":"2020-12-08T13:32:22Z","last_seen":"2025-10-13T14:29:32.937453Z","alert_count":0,"request_count":1,"received_data":26175,"sent_data":485,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-10-12T22:15:22.841346Z","alert_count":0,"request_count":1,"received_data":61837,"sent_data":454,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd61fa39d6c6b72721df575fa819db8","sha1":"2994de1eec019c451fb17f6dadc7768078b55420","sha256":"93718567b36f6c2121dc42826fcb36bda9fc8c3ddf98008d029f401b15d7d97f","sha512":"a41852c70a32ba7524320bde080ca8cd2bd9d57dffca685ae6ee97eabf82f4de07b9f4c49125bab936f81d44153632da0cc96e4dfb89fc16d7b154208e70e248","ssdeep":"","tlshash":"bee07d79b1e4a57041ca742ce2d5cee43f7760c81452d948241c8cb031accc41114d95","size":311,"data":"","first_seen":"2025-09-13T03:20:29.807159Z","last_seen":"2026-04-02T17:06:44.948846Z","times_seen":433,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"98d27cfcb668598330a92aadcb88d5f5","sha1":"6a929b744bad617218eb3aeabb0a693b0447c5bf","sha256":"808549bc8046eef0f2f5b9278b96afaa2e9ed3aa131b3e053d517d110e5ceb7f","sha512":"27ed50da552d7cb6660325599fbbbab19aba586786cb20e83a543305055aa1f90e71c0f48917e77e5780d6dcbc0d339c49ea348f0f3fca5890b070998992d335","ssdeep":"","tlshash":"7941d17f728a2c3a0ed70afb74d667ad3d2104846da1895056aecc1b0759dc2f93f6c4","size":1944,"data":"","first_seen":"2025-10-15T23:40:43.441121Z","last_seen":"2025-10-15T23:40:43.441121Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"a9466c680d10b47e73636c373319fde3","sha1":"96f6f75843b8e1615cd8c372553a3626c3d14844","sha256":"ee1b6dc52d957c9181d3bc1054ae23ba4fdf1a51d2ac3f686f7a6da209fb6ba4","sha512":"fabe00d709ccb320ea6dca83009264c08397df3fb5ed74236f2d890e653c3a4e2cf84e47a6c534a4018e53d86bf75adde753c90aac41df025c0482630f26c412","ssdeep":"768:HKLi8JeuPR+booc14qGjMqYHF1aDv414qGjMqYHF1aDve:HKLReYR+bHqGlNqGle","tlshash":"19d209198d032e2d8750712774edcaf5ae2d53ce348200ee353ea6d5dbb9942ace19dc","size":30581,"data":"","first_seen":"2025-10-15T23:40:43.444306Z","last_seen":"2025-10-15T23:40:43.444306Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"29c97faafd0e1e64018478cb0e6b2edf","sha1":"870a2db604a674dc3c558cb7de51e11aaf9ffc9f","sha256":"059bdff39fe6e0aef67478c1d5cf7eccaf714123f6515b97d4d71f5ffba9ec00","sha512":"ed2da3c0a276d21db8538cc142825af133d947f59a009cf7352d9f21930b1a5acd5998ff13c215ab1c053f66954ff24afb143b17ddc7e4edc766811d7f64baf7","ssdeep":"12288:XyrQyNpkMwU6+NBLyTRtbZRUkNTVAUS7w4CWTTJA0isfEpVF/8:XyrKgD4v2kNT+US7w4CqJnOJ/8","tlshash":"eb65c05683482fa1aff82712f1bd563e0225fa8b6452604ee73e5cca673bed431d419c","size":1433643,"data":"","first_seen":"2025-10-15T23:40:43.447908Z","last_seen":"2025-10-15T23:40:43.447908Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6bd61fa39d6c6b72721df575fa819db8","sha1":"2994de1eec019c451fb17f6dadc7768078b55420","sha256":"93718567b36f6c2121dc42826fcb36bda9fc8c3ddf98008d029f401b15d7d97f","sha512":"a41852c70a32ba7524320bde080ca8cd2bd9d57dffca685ae6ee97eabf82f4de07b9f4c49125bab936f81d44153632da0cc96e4dfb89fc16d7b154208e70e248","ssdeep":"","tlshash":"bee07d79b1e4a57041ca742ce2d5cee43f7760c81452d948241c8cb031accc41114d95","size":311,"data":"","first_seen":"2025-09-13T03:20:29.807159Z","last_seen":"2026-04-02T17:06:44.948846Z","times_seen":433,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-14T21:53:15.118887Z","times_seen":613009,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js","fqdn":"ajax.aspnetcdn.com","domain":"aspnetcdn.com","tld":"com"},"ip":{"addr":"23.36.77.49","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-14T21:55:20.984253Z","times_seen":449835,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/34Zi5xLDaE5HSnMwzOs2nqklNRjI64TDL89734","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-14T21:55:20.984253Z","times_seen":449835,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1105abd5f66bc6c110e485db87774052","sha1":"9693c9d63fde31a10de82a752fb2a7eacfc02424","sha256":"ea92c0d238e6ae1e29c179a67edb686f783145a047a7215c329fe739d1184a5c","sha512":"fd7e427d6b11d3352ed86ec1cfbfecdbbd95ce0f9840f2f2ba47efee9aef36504e686274eaebc885dd72465e81daa13b7d3075689d3bfea5c4a56cd62ab110b3","ssdeep":"384:6ev6nyBBqP6hUShmnKJICD6e46oiekt3le2fVGOnWXXGCk0BuVQ1k/NYV4+tcu5K:TSn3P6hUSIKh1loRD2fV1+XGhgum1w+C","tlshash":"7292c09e63043a7a11982ca808bf6d5d78e5c29b752455d29b9cd068df8f82441ecefc","size":20046,"data":"","first_seen":"2025-10-15T23:40:43.45319Z","last_seen":"2025-10-15T23:40:43.45319Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-14T21:53:15.118887Z","times_seen":613009,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"597a4c9bf9dcd1bce0f3cb919fd53033","sha1":"8f933545ecfc86683b45121b52cc8833aa916592","sha256":"ce93090c0cc4c1782174308ac303ed4cbf9a5a5a6569ef29caa38dcca6f3379b","sha512":"4a06f0ce713810e93fc7c0050965b0fd164bc118349f484cc6b7bf0b3b723dca5f693dfb6e2b4b9ca3e5ad41bffc4cfee5b4b78c4b8b818bde3a4ab3f1a89e21","ssdeep":"1536:EDg5MgtG5DYg5MnuTw1/LVd3QbV5D5v2uoE37nRKJ:zu0xc2a7nRKJ","tlshash":"93f3a51b2e609a9e27450b7e3333a0e0ec9c065d7552061fe22cec2155d67a7fbf6871","size":159843,"data":"","first_seen":"2025-10-15T18:53:49.918279Z","last_seen":"2025-10-16T19:56:46.746729Z","times_seen":120,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"468be93b205e8a9213a207dfb5fd6169","sha1":"8e5b1744dba8ea96fcb30fed1a3c628bceede75b","sha256":"27bc7f4b25921c5c9d594ec511076de90266f6ac6a120de91e82e63c0e8dfbd5","sha512":"591ee989890ed86f4ae39611b8387d15accb9ece0fef429930162e3c0afcbf8cfdaf11d8529c9cce4fff6d09de9ec826db7c0b9f0764b016850a8cc6ceba25d2","ssdeep":"","tlshash":"2de07d7571e4a570418eb42ce2d5cee43f7760c81452d948241c8cb031accc41114d85","size":312,"data":"","first_seen":"2025-09-13T08:12:44.991881Z","last_seen":"2026-03-25T12:21:27.391333Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf4dcd4c5d3b0227fe5d2122cc929bb3","sha1":"aa49831238b46652fc438fa5c2d64974f2bd15cf","sha256":"16c068cda4a167c775c3e1296b7b2bfac5ef5e158cd5226266abebbaf5107a25","sha512":"985d14f73c6b363b9ea4b4b065fb5a6eae3b48465df05dd8bf805f36920d59d602023750442182f4279c34638650f09688541ce3bd33398f0048e1a4287b8ac0","ssdeep":"24576:2T9Hor6MogQ/P7e7meBs1t2J/pFYw9E2qT8E1MiLRmNOmqLofHACbCOnbpbmXADz:0Hq8/P7e7meA9TRV6vAubpb3Dsdw","tlshash":"ae953315ebf63c6d897c937820bf1d0b24e56f81682da5ff82bc6cd282757450e1b852","size":1912938,"data":"","first_seen":"2025-10-15T23:40:43.485861Z","last_seen":"2025-10-15T23:40:43.485861Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"efb275d1da715ad0db52f9ac04e4843d","sha1":"5b46428b4d254a9c37b24cc49f172fc5f3bad1d1","sha256":"39245986b82f096561785cdcdc25b4086597c6973aac14100c01127b26bf1c0c","sha512":"6afa0103c24a1ad3944ceb0348c87745d3872be8abfbcef7617b84b81b42b8d9ac02629bb66956bfb34490cf99c54f4a336ffc489d08d903324f871f41ac7e46","ssdeep":"6144:I2kK2mY40i5SUXJWV4v4fsQU31lNbUowp/x:ILp","tlshash":"5d24b672179c3ec6ce5de808fbb7da2a8304643254198497c75f2dac3e5d19bd880dab","size":213138,"data":"","first_seen":"2025-10-15T18:53:49.998897Z","last_seen":"2025-10-16T19:56:46.763996Z","times_seen":120,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/34Q3eShFXU24fQqyho0ScNsyaijUneULX6sY67110","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"196a7f6297ec20fa88a6992cfdfe4c0d","sha1":"d09396c7f68f54b74dfe84a538d76a55f95f18ed","sha256":"a7ccf4ba1ef90c291dd94633c14f078d0b37e38e8ae799e0aa65be0534525f04","sha512":"667b51b73518db0bfbc3ff9fa656c46fafcfe25d529305a2f34b735d146b0c4c1d24f5d7d5ef4ccecc5b58e311e8d32cb763ebefaa45e6a61c9cfedd4ae22f62","ssdeep":"6144:j1n0kekmix/m/zqj1a2cVH1DEtS0nrVQQT1d4nNqPpzxNVmETicQ:jZwunjhct1sRj4NayETij","tlshash":"4b54231b533668390c6cef6e61af0b581bf44712618df6994c8f16e20eff30585693ba","size":286154,"data":"","first_seen":"2025-10-15T18:53:49.709615Z","last_seen":"2025-10-16T19:56:46.635866Z","times_seen":120,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-14T21:53:15.118887Z","times_seen":613009,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c1b4e84ad0df295714b7d6b87d1a91bd","sha1":"9a534baa7ac038a8c1a635d7e0078351be23d28a","sha256":"b5427576a2e22084d7c1ccf8a2dc866f94e9e48ec26b10b3f0bc625980ceff35","sha512":"5e1d3a2faa48a850ec02471ed85a851dac298af077761e63ae0da3963f1f2ff4d1717fdc759971e9520239bfcf5ed506baf467c034dd86afafc59e8a9de953c0","ssdeep":"","tlshash":"8341223521713a2a916724a231d6b0c96f122258be6178b270cc40144beedc0fd97ffe","size":2069,"data":"","first_seen":"2025-09-13T14:01:46.704627Z","last_seen":"2026-03-18T20:51:19.40472Z","times_seen":214,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9c61cb528a3c531a4bfcf2cbee653106","sha1":"ad7b2bf6c154f731e937af84b031e6e9445319ac","sha256":"971cca5bd99a85200210b203d994b3a967adb4d6911e44a5e1e49d4c758adc2a","sha512":"2676ef412c5286c15b16cd47b2da393fb55d7fa9b388c39c7a6db95fee917c2cfb5daa38c02087a0c41af472d4776927af49efdb12a44cc5040ff183292f0a32","ssdeep":"","tlshash":"5c61109eb2412136e27372b997a7a308fd37827b908087597eec41942fb57150192edc","size":3444,"data":"","first_seen":"2025-10-15T23:40:43.49383Z","last_seen":"2025-10-15T23:40:43.49383Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"449d5d7c3650cca982958ae712e8d28e","sha1":"f8a7d5e0935ff0c18fe192747bdeb2ac8ee4c2f6","sha256":"323045574cba3304317a4ddc1d720408d41332c8764dcd66c106cc0a33994246","sha512":"8cba6719a4c585a0a7c491b19fc272dc5076da64c821a228dd2e7d8207b54ee43e44bde6a3e31bdee31b0111e8555de4b811b16f59d132a8f31b45381a668ee8","ssdeep":"1536:rQiILP48fSmm/xoJyCiaexfKuMFyxpbKS3i39xCYsSk:8itGw+8zeyvG9EYsSk","tlshash":"b073cf51468c392aaf7c7f0ed3bd380e97a1d79621911484f7e7adcdd62bb6701022ac","size":75057,"data":"","first_seen":"2025-10-15T23:40:43.4976Z","last_seen":"2025-10-15T23:40:43.4976Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ff8856348d841463ae6ee8b28182728","sha1":"7a17d4139ff3b16a6afd509cd2840291d14106d0","sha256":"405ac09a10adc3d72d0e480f92a590ce0806dc8d8dc98d8b732af1090b2288d7","sha512":"aa162dd1559b437d0f3e55d67e8d12e78734e88cf7e75db1da98cd95507646298183de0908a41e0c399609be7413e10362c833c59746b453f1487b8aa2859c9f","ssdeep":"48:4J1ZvTgGr9hGELuNuLtiGcLuNMLtEV7XN0slHQR3i9/N+d2pLyLyt/maqS6KLSZf:Q1umh4GioIA5BeRAcEC7IXqC7I4+v","tlshash":"5491cc8d7963099170f234668e87933c35758bf72d48d111391eb84abf2462f06aefd9","size":4457,"data":"","first_seen":"2025-10-15T23:40:43.501771Z","last_seen":"2025-10-15T23:40:43.501771Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1af5a225f278fdb6e66e39e948b90d16","sha1":"bf3e6cca60d051ba196300e6314272333e6a0361","sha256":"74cc49e44918829125f95d2cfbf9ac03d6e580085d629f6be29a28cb7d5ddaab","sha512":"7acb47bb1ed7ced9d22ce9ce81d0226f3dfdac94df1a839c5cfd5c471169c9360fe184999717fed3f1309d03023c901524a56c85654846fef22291cd8850293c","ssdeep":"","tlshash":"69213356a53b92b8178a5deb949bf09ec9286530b304e8d0830df40055cf9a4c8bf4e0","size":1180,"data":"","first_seen":"2025-10-15T23:40:43.505052Z","last_seen":"2025-10-15T23:40:43.505052Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e1dd1783446780aa06f7fc0af4e83991","sha1":"176bb0bc74b7815697baf1968e77307e3cce89bd","sha256":"68e25d43f97e148d4200e8e1057d0d9d18a8bac59135af54f437d2bc3b2d83b0","sha512":"0caa7cb8a0a4d45df7e2f6951cc2e33c7acf806d7a1698a5e174ab04af2b9481b3ecd3a86a088768fc4396ef9ce4499e9389aa844ba64cff18f58835066104b0","ssdeep":"24576:HDWaU9hOjes664E9zo+0Kwnp8Raah0YEyPdl3B+f9+wuNwfOKJR3k9IpdYz4tMHc:jHcMjesb4El/FRLLzqm9lEY+","tlshash":"1bc502108ac42fb9dfac5a1c90fe161e53e05a8b542a758deb33bd4baff7544020b1d9","size":2569385,"data":"","first_seen":"2025-10-15T23:40:43.509552Z","last_seen":"2025-10-15T23:40:43.509552Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c3fbfa86949535ee2117c8543eed254b","sha1":"fc5e1b2924f8c19411aace2c9137ae4fc4511cfb","sha256":"173a2706ca7dd8e54246c32ecac670ee6f18bec051fbd7064a8133b26296b752","sha512":"dc01bdf31db5dba47950b4b111780fbe6e14c195c9c4568aa073c28461addfe60fd51b438c7ff918053a9b163eb565716e74bfdff5bad51403a2feaf618f7e51","ssdeep":"","tlshash":"f4e0bf7f72455f758ccf15afb433ebc83c206069ee569013144ea5294528ed1587fa81","size":349,"data":"","first_seen":"2025-09-20T13:24:36.789817Z","last_seen":"2025-12-09T12:10:24.822532Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d9c6de0df2bf028d93924aff92487904","sha1":"6596050516dd12af52d9b0e7b18ed837f1d81300","sha256":"769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc","sha512":"6be4940eec0dcd70efcf85eb21c5c7b827f4f3dfe2240a0de259ab5c9835f179ddb8a2ba6250c73516a5bf8c9dd4de3438a23cd2d162745faba9314a18fa1615","ssdeep":"1536:R8K6Znxmj9rlvCOhI64j7AtSPtNPU9ArHMLlk:RV6+jKOh4z","tlshash":"65535bc0629c5491a3b76480087f740b7073353b0a1d5aacf658faefacacad6907cd39","size":60819,"data":"","first_seen":"2023-11-02T21:20:28Z","last_seen":"2026-04-14T22:01:30.016454Z","times_seen":29564,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"ebc7cd5d929fb7529efd8e787d034f00","sha1":"b3bb32aecc869bc0a85a1b214d8ef7c1f6467039","sha256":"fff5f00ec0742de747496ab8768c077658718e21617bafdb1eb5f662e7ed2599","sha512":"7d40434146c9376018373309bedd098055adac48cc8ed49c118bcaa07f6ca99e8a99639d7695f92a91219cbd285ce6ac11252fb6fdaa0da885bd978f8f0b019c","ssdeep":"384:AjlZ+G950G637XNcl1aHgc8iIieMi4iZzNikqB/W:AFHxoxlQVZYkd","tlshash":"0752539a342514708af727f7b1b74284f83062376a80d522f4bcc9592f71dd1a2b7ee9","size":14088,"data":"","first_seen":"2025-10-15T23:40:43.51489Z","last_seen":"2025-10-15T23:40:43.51489Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/56wWPPOUiX7zNQVIvgh2kxxRPdEmRVT67745","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c20a2be8ba900bc0a7118893a2b1072","sha1":"ff7766fde1f33882c6e1c481ceed6f6588ea764c","sha256":"b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500","sha512":"8f80ad8adc44845d24e13d56738a2ca2a73ee6fcdc187542ba4aaebbf8817935d053a2acfb0d425b9cc0c582b5091e1c9fe16b90b3aa682187645067c267fc41","ssdeep":"192:LRSvXVHfVj+WdqfkkoKhUBhMAcT6iuvBiFj0gba6qiG2pPj:LQvXVHXiNkMAcT6i+4mgPj","tlshash":"ce22a58932933026af5391b440bf140af2f69589d45cade8ab29d1e27d7290d46f7f38","size":10245,"data":"","first_seen":"2024-05-30T22:56:13Z","last_seen":"2026-04-14T19:37:20.475398Z","times_seen":52241,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-14T21:53:15.118887Z","times_seen":613009,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"235487029d791400761cb1a9817e4205","sha1":"8e0b85cbf147f39c901ee2f4ad5f9295637127f5","sha256":"836933818dafd5a7be15af084e3a628e022228909760e539a3c6f3fd796f6d62","sha512":"2e7053c1ac702d75c347a0e4ea4f2bfee21c53331095b36a03998eb889b5830d42947b01542fdc190c04872a6e3fc0f7df6624900cd6c895e2dc329ab92b0567","ssdeep":"768:fMbyZBnNCmevXZrMdbbeR6Fv+zpP1KIBJmJv1zd9cWHxa6ou:UbyZWLZrMxfFv2psIBJAtZ9cW4pu","tlshash":"ca13f10077a492d800e0b5f630bb309c954d8f1a31f9a28e9944b25b336dd3d68ff6b6","size":42190,"data":"","first_seen":"2025-10-15T23:40:43.518161Z","last_seen":"2025-10-15T23:40:43.518161Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"515f1441756cfec18a184b4d1ca1946e","sha1":"8520678a284192d812d5a43f402945d7cdcfbc71","sha256":"6f550c35442d7633ab14fff8f2cb054187f4eab06d7feb97f9d7954732a6618e","sha512":"a42a06e76eff0d5747c7890cc83bada6a5b5dec00485062004c574fa724739b8ef49ea8d2c84863d32fdc82ec56053b447210996af55a98f0ec58c91699736a7","ssdeep":"768:HwltgdttzMbyZBnNCmevXZrMdbbeR6Fv+zpP1KIBJmJv1zd9cWHxa6o3:ALbyZWLZrMxfFv2psIBJAtZ9cW4p3","tlshash":"6143d068536451ec1097e9d87eb7713c270d9a33327252ca988ce76962c7dfcd8e7910","size":56170,"data":"","first_seen":"2025-10-15T23:40:43.346399Z","last_seen":"2025-10-15T23:40:43.346399Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a420138b127467a2f912d109492133fd","sha1":"76c89ec23542aa78104f5d4a375a6b5a9cabb2b1","sha256":"0aa4d5e89a8ce42c281a8053242089ef09e53ed66a01bd4f7cd2b17b8676ba2e","sha512":"6fdfd5d1caae03545da3479be15267b272fe2454615a99197bb0d179cd8db3f3a3546f619ae3851fa969b152ae79084c7e88514a678f3ff05e50f3afb642bff4","ssdeep":"48:uj8ItTvA0r8R9Q5L3tZ59fL3SlL3tZ59dL3WmXN03wHagiCB/NY0XJQr/vLnt/L2:u3eR9otv9b2tv9RjohsIxQeo","tlshash":"c2a1eb8d7806099131b136a6ce93933cfd3647f76e44d201391ea84abf3561e06aafd8","size":4675,"data":"","first_seen":"2025-10-15T23:40:43.521522Z","last_seen":"2025-10-15T23:40:43.521522Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b0f9171f172bbda2e2afadcc8e20f567","sha1":"15e380e6c88c576de15c3656ebaa18998979f352","sha256":"3d58ab219ef3826f00de263dd75917418a941cc2ac9ceb83c784c44d8401635b","sha512":"bfa4f5ade344e23051e0ac0f98b32f6919f67962672bd0ba79e9ad588fd347f6b24a802435fdd192a956b20a38f08abbf1b339fca60a9097a114fcd14bf034c1","ssdeep":"24576:XT9Hor6MogQ/P7e7meBs1t2J/pFYw9E2qT8E1MiLRmNOmqLofHACbCOnbpbmXADw:xHq8/P7e7meA9TRV6vAubpb3Dsdp","tlshash":"07953315ebf53cad957c936c24bf1d0b24e96f81782da5ff81bc6dd282667840e1b802","size":1926917,"data":"","first_seen":"2025-10-15T23:40:43.524887Z","last_seen":"2025-10-15T23:40:43.524887Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3938eb87388dd49a48b33d72654d6a17","sha1":"caf2e456a4ee5c0bb0b2dae9c2cf2d5990a7d245","sha256":"4a1c6875ed131a90bdc08e1e9a1d73421c421be36e6f20f122668dcbac81b23d","sha512":"f1e168d61fbf15dd1012091ea2bed9cf98b797c23a37bd963ab60e2d9488c5f7ef19928feb8dad87847055eaee8cfab8324d91d26144d9447629d9a63b963d67","ssdeep":"24576:+WgpUZSZD/Kpn6gvR7HPvEakQZD/Kpn6gvR7HPvEak/ZD/Kpn6gvR7HPvEakhZDc:ApUZSZD/Kpn6gvR7HPvEakQZD/Kpn6gb","tlshash":"69359e70f100142ff2175aee31e98a997d17f227c90216c677e883eca2ced966ad7711","size":1073668,"data":"","first_seen":"2025-10-15T23:40:43.527967Z","last_seen":"2025-10-15T23:40:43.527967Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"queue.beryx.com.de/favicon.ico","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*","date":"2025-10-15T23:40:03.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*\r\nCookie: XSRF-TOKEN=eyJpdiI6InA3NEVBbjFXV3lrM2tsVjN2K0RFbkE9PSIsInZhbHVlIjoiYlZJMkhyb3lrUHd6TlJ0Wk00NG9BRDZYRjdlRkxrZi9vUHgyWkxQRlZ6dTgwRjZ0dlI0UzV3blhlVE1HRGd3QXRuYWpNMXJjUXEzQUNqOTM0RnRFKzR4M0k2RGdNakZjUlhqM0owSXBEQW9kSEYwWVhQdkNSM0lOT1dVRk9Sdk8iLCJtYWMiOiJlNzZhMDQzOTlmMDY3YjRjMDFiNGFjNmYwMWJiMWYxZDEwODEwMGFhNjllYmRkMjIyMzI0NTA4MDVkNjIzYzgyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImJqVHJhRUZORHRxWG10MEdOcVIrelE9PSIsInZhbHVlIjoiOE1YV3cwZFVLNjdtdFpqSStkYXhDelVEbEx2Wkx5ZS95TzBDcVVDeVhzdGlyNmNDQ2p2ZzF0a0w5Y3ROVUJ6S1d2ZWo1Mi9aWXBpTkdXRnJDU1pONFlCbjlnNHJRZG5USC9VSDdWT0hMZmU1a2RERzlqenh3ZzJucFEyd2FyZDQiLCJtYWMiOiI2NmNkZGJjZDFiMDA3MWJmZmJjZTNjZTIwOGQwNThkMzdmMTU4ZDJhYzNlZjA4YzQ1Y2I5NmE1Mzg4MmUwZGM1IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:04 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uFvF0Iv33gcDtroo9P1Ls3pvZlmmQuodQNzB3CbfXN5dY%2FOsADeXZm%2FsO4P7MTjjjktZh3VHHRSgCscwxT0gROhrKAV78vcEcSPiZJaUuJ8%3D\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6ImtVVDlPYytJSHVOdW5BV0tZOUhBTUE9PSIsInZhbHVlIjoiKzVIUkw4WlN4VCtzT1hkdW5pM2pnM2g0d0xuSGhHblhyRVhYVlpPZ2xraXJQdEE0UzlBaEZmaEczLzhXbFpRSDV0TU9YS09tNUx3T3FRcnJOWUZYTzRIM000U2pFSUdsWkV6MXFNbWpJMHRXa1hiV2RuSkN4bDBtcXhzTEhsMDQiLCJtYWMiOiI2NjVmNDY4MzgzNTJmZGZkYjM5ZWY3NDc4N2FiMzQyZTljNmYyYjJkN2Q3OTQ4OTNmYjNkMjU5NTY3MGU1ODE2IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:04 GMT\nlaravel_session=eyJpdiI6IlpHYXpZVE51Y3NRRmVGeVhHWUZVUGc9PSIsInZhbHVlIjoiSmgzdlJRYnUyNXFKaGlobjZZOTRHN1ZWMDJBc3NuZHdBM0IwL2ZMdmJkOEF3OUIzTnczOEZsWkp6Ni85M0d2UEhlYzNGbTJDQmZ4b1VLRGwrNU9TWHNteUptc0tIbVpQSnQxNkF2WE1Fa0NlOWRtNGlZZkg2NWs5bS9lOHFQbzIiLCJtYWMiOiI2ZTI3MDgxNmRmYmZlMTk2YTBiYzExNGI1NjU2N2VmMDdlYjQwNjI2MjA1ZTJjNTljM2M4YTU1N2M5YzdkNzM5IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:04 GMT\r\npriority: u=6,i=?0\r\ncf-ray: 98f328c9cd341525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12580,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"4c3abc15d510d6c9317e5c64b6076b72","sha1":"566c81cd823fb2e4a879890f96fbc77d3097e4de","sha256":"c36d861d33241bcdc0863f479cac2d2d43b62e8b21c7740509291beb66b768da","sha512":"42e39940bb00899a28a5ae01a8d53abdd2d06a5e57b1a98702c35d6d77c0381ab4c0bf7108c611929929ba1e1ae18150d0087e0aae1dbf09962c849e6a571b76","ssdeep":"192:fvFVXr8jGWcPCUV1yiHfor5EuCcOwiuxwqjFBpMg/MRDQFLO+kGUJ7sU1iaL6+fr:XFVlPgfTFazmto/W65z","tlshash":"e242a312f6f162373863a1ea2beb574e7fa5e003c009dd6879ec12548fd7ed58893219","first_seen":"2025-10-14T15:44:25.608611Z","last_seen":"2025-10-31T21:01:54.066153Z","times_seen":1263,"resource_available":false,"data":null}},"time_used":758,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":754,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js","fqdn":"ajax.aspnetcdn.com","domain":"aspnetcdn.com","tld":"com"},"ip":{"addr":"23.36.77.49","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*","date":"2025-10-15T23:40:11.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ajax.microsoft.com","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft Azure ECC TLS Issuing CA 04","organization":"Microsoft Corporation"},"validity":{"start":"Wed, 15 Jan 2025 17:50:49 GMT","end":"Sat, 10 Jan 2026 17:50:49 GMT"},"fingerprint":{"sha1":"67:7D:DB:2D:BB:27:07:2D:C9:20:48:81:00:BE:4D:DC:81:08:A9:2D","sha256":"59:BC:DE:80:EE:F9:3D:BA:D9:06:0B:44:03:DF:2E:89:FC:64:EF:D9:5B:25:01:51:86:C6:B1:37:63:A1:7D:30"}}},"request":{"raw":"GET /ajax/jQuery/jquery-3.6.0.min.js HTTP/1.1\r\nHost: ajax.aspnetcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 30982\r\ncontent-type: application/javascript\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\netag: \"803056b57d10d71:0\"\r\nlast-modified: Wed, 03 Mar 2021 22:36:53 GMT\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: public, max-age=31082809\r\ndate: Wed, 15 Oct 2025 23:40:11 GMT\r\nvary: Accept-Encoding\r\nakamai-grn: 0.454d2417.1760571611.4f8fd89\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-14T21:55:20.984253Z","times_seen":449835,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":62,"dns":33,"connect":1,"send":0,"wait":2,"receive":3,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cloudmasonry.com/wp-content/uploads/2020/06/DocuSign-Logo.png","fqdn":"cloudmasonry.com","domain":"cloudmasonry.com","tld":"com"},"ip":{"addr":"192.124.249.161","port":443,"asn":30148,"as":"SUCURI-SEC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:16.686Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudmasonry.com","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 14 Oct 2025 14:44:19 GMT","end":"Tue, 23 Dec 2025 09:59:19 GMT"},"fingerprint":{"sha1":"B7:05:DD:01:4A:62:28:15:1D:95:57:A8:AC:A5:A3:AF:32:D8:32:66","sha256":"D8:89:81:DF:B6:45:14:03:05:A2:B4:5D:08:B5:1A:55:6F:E5:57:62:BD:5A:F1:07:C0:30:FC:E7:E1:D7:D8:6C"}}},"request":{"raw":"GET /wp-content/uploads/2020/06/DocuSign-Logo.png HTTP/1.1\r\nHost: cloudmasonry.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Wed, 15 Oct 2025 23:39:37 GMT\r\ncontent-type: text/html\r\nx-sucuri-id: 19002\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncontent-security-policy: upgrade-insecure-requests;\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-sucuri-block: BLACK02\r\nserver: Sucuri/Cloudproxy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Sucuri","description":"Sucuri is a cybersecurity company that provides website security solutions and services.","website":"https://sucuri.net/","common_platform_enumeration":"","icon":"sucuri.svg","categories":["CDN","Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-14T21:55:28.330607Z","times_seen":13758114,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*","date":"2025-10-15T23:40:10.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"POST /fvqvug@ztdsinv/$*@* HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*\r\nContent-Type: multipart/form-data; boundary=---------------------------400922846420782855921129981080\r\nContent-Length: 63\r\nOrigin: https://queue.beryx.com.de\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6InNjSFRoY1hlb2lCWHE5TEZvVUhxamc9PSIsInZhbHVlIjoiSENMQ3B4VURqUlBDU2x0TDRXSUl3ekFiTzZrZHp1NFZJWmFXWlhJd0R2K0kvcWk4akZ0VlIyN2pMT3R5VCtRemJucjEyS0JibFFYS0Jwam81T1cxRFZtelZ5MW5MSlRZTU9kSS93MFQ3VUJUa0ZiYnNsVHRxczQ2ME5CYlNxK04iLCJtYWMiOiIzOTJjMTQ2YjZiY2I2NjJkNDRhOWYyNTBmZjA5ZjczNmUwNDg3YmM3ZWY5NzIyMWJiZTEzNWFiNjhmNTYzZWQzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlgwR1g5U2JKNkdaUVlFM0s0YkxVZGc9PSIsInZhbHVlIjoiTTcyRXhBR0JVS0x5RktTN3VXdUtPVEtwT0x4UW9JN3orUWhoY1JpMkM1enMyU1VrbjlpMGlRVklGZy9lenVJSExZZFFGOERDaTlJQzMvTldrN2xGZkYvblV3UTA1dmcrdCtSbnVoeG5CVm9EV2ZpWG1LVVZmYzA0WHg5clcxRmgiLCJtYWMiOiJmZmYyZTQyZmFiNTg4YmQ5ZDA2NjhlZWQwMjI2NTBlNDY5ODQzODllMjcyYmVkNDEyODljODI5OTBiY2Q1Njg1IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:10 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JluPnVdh%2FMcL0wZFMV3xSi8KkrlvRp503DfleFamYxIjoWsTZvZOkCpFKNh3%2F%2FFaC60OwHsJUBYnRTuCUpGGcbStBE5KnAXaiHe5nT8hJvY%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ijl3YXhhdzFsWk9uYWFqWDV4cnlUMWc9PSIsInZhbHVlIjoibmFUOUZrOW1RV0hMS0prL1hXZ3ZPVDlpMWk1cWxLYm5VbXlQeEtGKzkzNmJDamhJWGdnaWd0THFleVRsdUgvODVKb0lzc01WR0JPeVVWYTRJWk9QUGhvanlLKzVTZ1RxWVlRcnZKTE9pWnEyUDV2dmZYMFJnMHM0VEo3dEM0dTgiLCJtYWMiOiJkMWNiOTFmZTBhZmU2Mzk3NTE5ZjE3YjE2ZTk4MWRlYWFkM2NkMDBlYzUxOTZlMTEzM2Y4MzQwZmFhYzRiNTljIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:10 GMT\nlaravel_session=eyJpdiI6Iko2MDBMaEM5SUNwbE1RVnFVUnpZeWc9PSIsInZhbHVlIjoiM1pTc3hNN2VaVHdEYW1GcEZtSTJabmJUVW1ZdWo1WElTcmI5NGVZN3htaHpXMjJRNFNESlFhZFphaW5sekhyWlNzcjkzNHlSb29qUDZkV2NtdEFpYW1vOVVvdzRUS0NiZTVMVUVsRDM2TkU4RFd4bmhsS2lrODQxUWF3N2x1WUciLCJtYWMiOiJkODIwYjU5ZjRlN2NmMTI4ZDQ4NDgwZmNlNGJmMzA5Y2U5Y2MzNDBmNzM4NDMwOWIxMjk1MWFkNWVkM2U2YjljIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:10 GMT\r\npriority: u=4,i=?0\r\ncf-ray: 98f328f51fcd1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":56170,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (56170), with no line terminators","md5":"515f1441756cfec18a184b4d1ca1946e","sha1":"8520678a284192d812d5a43f402945d7cdcfbc71","sha256":"6f550c35442d7633ab14fff8f2cb054187f4eab06d7feb97f9d7954732a6618e","sha512":"a42a06e76eff0d5747c7890cc83bada6a5b5dec00485062004c574fa724739b8ef49ea8d2c84863d32fdc82ec56053b447210996af55a98f0ec58c91699736a7","ssdeep":"768:HwltgdttzMbyZBnNCmevXZrMdbbeR6Fv+zpP1KIBJmJv1zd9cWHxa6o3:ALbyZWLZrMxfFv2psIBJAtZ9cW4p3","tlshash":"6143d068536451ec1097e9d87eb7713c270d9a33327252ca988ce76962c7dfcd8e7910","first_seen":"2025-10-15T23:40:43.346399Z","last_seen":"2025-10-15T23:40:43.346399Z","times_seen":1,"resource_available":true,"data":null}},"time_used":621,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":453,"receive":168,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/GDSherpa-bold.woff2","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /GDSherpa-bold.woff2 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:16 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff2\r\ncontent-length: 28000\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-bold.woff2\"\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 15 Oct 2025 23:40:16 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=glO22WXhY3x5WKPUgXXYyUsd7o02epq1MU8LA%2FMP8Wl7qwo5K3Z7v6iDCKugZdFu6cplMWxk8fQ%2BA5sMMMF9e7Kl2piAycS7OJhA3GMWjAM%3D\"}]}\r\ncache-control: max-age=14400\r\npriority: u=3,i=?0\r\ncf-ray: 98f3291709e21525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28000,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28000, version 1.66","md5":"a4bca6c95fed0d0c5cc46cf07710dcec","sha1":"73b56e33b82b42921db8702a33efd0f2b2ec9794","sha256":"5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f","sha512":"60a058b20fcb4f63d02e89225a49226ccd7758c21d9162d1b2f4b53bba951b1c51d3d74c562029f417d97f1fca93f25fdd2bc0501f215e3c1ef076810b54dd06","ssdeep":"768:NDT1rKvlJOE1AgLlnGj8H58AJUcl5I17ML7FfNHubNIphqb:NDtKvyAhjHeACcl21YL7KNW+","tlshash":"cfc2f1878fd02879a72dfeb80252903197d00de93fea42318d99b70fe683987515e272","first_seen":"2023-04-09T13:59:19Z","last_seen":"2026-04-14T18:35:13.388053Z","times_seen":94707,"resource_available":false,"data":null}},"time_used":1126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":934,"receive":192,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/favicon.ico","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*","date":"2025-10-15T23:40:10.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*\r\nCookie: XSRF-TOKEN=eyJpdiI6InNjSFRoY1hlb2lCWHE5TEZvVUhxamc9PSIsInZhbHVlIjoiSENMQ3B4VURqUlBDU2x0TDRXSUl3ekFiTzZrZHp1NFZJWmFXWlhJd0R2K0kvcWk4akZ0VlIyN2pMT3R5VCtRemJucjEyS0JibFFYS0Jwam81T1cxRFZtelZ5MW5MSlRZTU9kSS93MFQ3VUJUa0ZiYnNsVHRxczQ2ME5CYlNxK04iLCJtYWMiOiIzOTJjMTQ2YjZiY2I2NjJkNDRhOWYyNTBmZjA5ZjczNmUwNDg3YmM3ZWY5NzIyMWJiZTEzNWFiNjhmNTYzZWQzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlgwR1g5U2JKNkdaUVlFM0s0YkxVZGc9PSIsInZhbHVlIjoiTTcyRXhBR0JVS0x5RktTN3VXdUtPVEtwT0x4UW9JN3orUWhoY1JpMkM1enMyU1VrbjlpMGlRVklGZy9lenVJSExZZFFGOERDaTlJQzMvTldrN2xGZkYvblV3UTA1dmcrdCtSbnVoeG5CVm9EV2ZpWG1LVVZmYzA0WHg5clcxRmgiLCJtYWMiOiJmZmYyZTQyZmFiNTg4YmQ5ZDA2NjhlZWQwMjI2NTBlNDY5ODQzODllMjcyYmVkNDEyODljODI5OTBiY2Q1Njg1IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:10 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EeIuXuGdspXwG2Os5bnQ%2BmnEFadKbcjG3jVJYoDUGX6jr48gPjmDRrhqvfOhZpDV6YvLwvMZaWJWoRx7asQGfef5wOzfNT%2BEPsD3OBMfKbk%3D\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IkkydXZwWUdTeEFweVZzN0lhZWdDWFE9PSIsInZhbHVlIjoiVFdmaEhsSnFQVnVPMjRpaDVDbXpQNUJoTHlpVjNzZXc1bGM4YXpSWkNUelZydkNoTm5BK2hNVVRLanNhN3RTaUpXcHZxMTRGR3l5Z1BSRms1aDIzdjJNTmtrdm51VWZtRnhmRG9BS0tISVZvb2pqcmVJdUZLaDFiSmFJOXU5Q3UiLCJtYWMiOiIyODIwNWM2NjQzZjliNDZkMWYwYjU5Y2UyZmQ5MDA0ZjExMTJmN2UwMzM5NGNhMjEzYWY5MjlhNDBhZDYyYjU4IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:10 GMT\nlaravel_session=eyJpdiI6ImY5Y3VQVVpnVWhJMFhnb204cmplb1E9PSIsInZhbHVlIjoiK25kZzM2aU4wVVdWdUlkZ1JoZ2FRdTZidEV4dWdOcmF2RENrb1hKVjBBaWZKeHB5aTF4b0xJLzJ3dEpuOWhqUVFDK0tLVkM4Skx3Zm1UY2FPcXJ2aGdEY3VNUzk2UGFDejNSYmQ5RnIvTEFTbVhLN1JvaUlYc21IZndpS2pkR1IiLCJtYWMiOiJkOTYxNTU3ZWNkZDhjYzNhOTc5MjExMTY4ZThlMWY4NDYwY2UyOTM0YmIyOWJjNjJkNDA5NjE3OGM3YmMwMmZhIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:10 GMT\r\npriority: u=6,i=?0\r\ncf-ray: 98f328f5bfda1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12580,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"4c3abc15d510d6c9317e5c64b6076b72","sha1":"566c81cd823fb2e4a879890f96fbc77d3097e4de","sha256":"c36d861d33241bcdc0863f479cac2d2d43b62e8b21c7740509291beb66b768da","sha512":"42e39940bb00899a28a5ae01a8d53abdd2d06a5e57b1a98702c35d6d77c0381ab4c0bf7108c611929929ba1e1ae18150d0087e0aae1dbf09962c849e6a571b76","ssdeep":"192:fvFVXr8jGWcPCUV1yiHfor5EuCcOwiuxwqjFBpMg/MRDQFLO+kGUJ7sU1iaL6+fr:XFVlPgfTFazmto/W65z","tlshash":"e242a312f6f162373863a1ea2beb574e7fa5e003c009dd6879ec12548fd7ed58893219","first_seen":"2025-10-14T15:44:25.608611Z","last_seen":"2025-10-31T21:01:54.066153Z","times_seen":1263,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":422,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T23:40:11.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/ HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*\r\nCookie: XSRF-TOKEN=eyJpdiI6IlFtUW9vWjcyZnY0WWJZMFNyMHZMUlE9PSIsInZhbHVlIjoiMTFrWUNaeXM0SUNYSzEwSG5jTW9HUEZYdHdncjZuTTZZUlduVzlWYmNFNkJqZWNueFlJQkV3KyszVC90RW1hQk5ZMnVTR3pObEw1Y0tLYU9pazdJcnl3RHlMemxXVldJdm9welFFR1lGaG4rbkw4OFUzSXcrVEhZYStJM3ZRYlciLCJtYWMiOiJmMTQ1NDdjZDU3Njc0OWVjZmY0NjlmMTBkYzU4YTY3OGJlZGJlNDI3OWE4ZDJmZGRkZmQ0ZmMwYzYxM2U5NmZhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InBCc1dXdkREVXB0MnVEZ1FEbHhBTnc9PSIsInZhbHVlIjoiTENKc3RQd04xc1J3bnlIK3VKZ1ZJQXowRGhGZE9qTzZFSHVvZ2lVVmY0YjhvWGNzYlM3TXJaOC9WUXo0a09tVEJ0R1phM2dlajFtWGkza0FYb2hJTlNlSnZmeGUreFVjZ3NqMWJrQ3NSVDlhM1dDVmxDSG9zV29NS2hPcHJ0SG4iLCJtYWMiOiI0OTg3ZGU2MzQ2ZmM4YmM4NTIzMGRmOWFmOTQ4YTE2YTc0OGRiNWQ5YzgxZTQ4YmMzN2JkMzdlMTM3NDQ3MjJiIiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:12 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m52sWkjpGeB%2BeBBYIx%2FyE4IkROAAFfnux8FQ3mPwv74NtZQl3THnbtbnMdTp6nzrzIXPVG8ROO8UO14bZIptaf1gJbx8MKInGdpqNaWVHcs%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ik9JbWpnY3d5RjRDR3BGSTBxR3YwSVE9PSIsInZhbHVlIjoiUmUrVjl0ZVlSNXg1WExIUnB4VlExZi9MMGJsa3Z1WEoxVk5lOSt5OUZBellZT2djU3RyR2J3aFpJMURWOXA0MmdZbTlsbWs4bHYrRHRTcUZkVXdOUVV1VEZXcE1WYVFqTnZEa2UzMTBSNU51M3NvS3cvRmNMYTNvcXNKWVgzUW0iLCJtYWMiOiJkYzQyNGZmYWRhNmEyYTk0ZDdjNGZlMDFkOTkzNmY4ZDYxYTgxNGFjMzYxY2RiOGJjMjlmOGVjMmM2OWEyMDY4IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:11 GMT\nlaravel_session=eyJpdiI6Ii9Sb3lETVptZmNlN0VvWmZTVS9rSHc9PSIsInZhbHVlIjoic2h3L3RxZDVZaHM1eng5dGlBRFlHZGViRy8wSkhHS1ZTRTMyd1BXMGQ1clBIZmhlOUtNcEZ1cWNDNUNPM0sxUDdzKytIcHFkajlDOFRoaGE5WkN6ZmY5U0JLdFNIbGxnVjlSeTFNT05keHVoT3lzcXNNN1ZIQjQzN1JHcWFEd2siLCJtYWMiOiI5NDhkNDA2NmYyYWQzMGYyN2NhZTY4YTgyNGYwNGFhMTdiM2IxMzUwOTQ0NTkyYmYyOWFiNjQzZjNmYjIyZDAzIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:11 GMT\r\npriority: u=1,i=?0\r\ncf-ray: 98f328fd08601525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1468,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1468), with no line terminators","md5":"2b66c3a21dfb326f1116a8f8cb4bf2a8","sha1":"1e98c9da2ad69a64a60b5776d976e7cb16edfc4b","sha256":"4249f646c0beacc27371ed28e62aac8afe75f51fae13bb88906d15b9f94e66e8","sha512":"f04884f3a63d9984837a0a18b663f077bdc4ebcdcaf453d26cc248385af0884743f12ec25c905a682f015b5592d496b697d19ea916eb78b29dda0da520171ebe","ssdeep":"","tlshash":"e7319443e13691b817965de699cbf04e8a6c6930b300e8c0434df00415cfaa8c8ef9e4","first_seen":"2025-10-15T23:40:43.352661Z","last_seen":"2025-10-15T23:40:43.352661Z","times_seen":1,"resource_available":false,"data":null}},"time_used":438,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":438,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/GDSherpa-regular.woff2","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /GDSherpa-regular.woff2 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:16 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff2\r\ncontent-length: 28584\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-regular.woff2\"\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 15 Oct 2025 23:40:16 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=16xXkxx5M%2BcfMOB5vm88j9xaInUMj5oMfQxXJIGkg3j1oyPV2FX9WaIa%2BCOCx0xhhjfREaaVqJDFv8lykUB6a1Tq4mnzy059qeRQXwNFjfs%3D\"}]}\r\ncache-control: max-age=14400\r\npriority: u=3,i=?0\r\ncf-ray: 98f3291709e41525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28584,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28584, version 1.66","md5":"17081510f3a6f2f619ec8c6f244523c7","sha1":"87f34b2a1532c50f2a424c345d03fe028db35635","sha256":"2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956","sha512":"e27976f77797ad93160af35714d733fd9e729a9981d8a6f555807981d08d8175e02692aa5ea6e59cebd33895f5f6a3575692565fdd75667630dab158627a1005","ssdeep":"768:8n53CNftp4NM/2qxGvtAG9fvpWYSTvlj6OIqrd1xUseRc:85SNfQS2ntfxvpWYSTcfMERc","tlshash":"b4d2e0ed44d2c62988f7638902690111f27898ffe52d7db3c19da0b27245d7ea3a8b09","first_seen":"2023-04-09T18:51:15Z","last_seen":"2026-04-14T18:35:13.350254Z","times_seen":101718,"resource_available":false,"data":null}},"time_used":1138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":942,"receive":196,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"addins.verityrms.com/assets/icon-80.png","fqdn":"addins.verityrms.com","domain":"verityrms.com","tld":"com"},"ip":{"addr":"18.211.247.164","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.verityrms.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 15 Nov 2024 00:00:00 GMT","end":"Mon, 15 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"0E:97:DA:5B:99:C8:88:4B:47:DA:62:7A:97:E1:65:B8:6B:AB:49:50","sha256":"17:A5:1D:BC:C6:1F:29:CB:8D:39:73:31:5D:04:F4:F6:6D:53:83:12:0D:F3:AE:3F:5A:23:ED:59:ED:BB:9C:24"}}},"request":{"raw":"GET /assets/icon-80.png HTTP/1.1\r\nHost: addins.verityrms.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 4937\r\nserver: nginx/1.29.1\r\nlast-modified: Thu, 18 Sep 2025 09:50:40 GMT\r\netag: \"68cbd5f0-1349\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4937,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"ce52ad7a5c1a9570a42d804f32059c56","sha1":"70f9c86c05f0628b4ac72d8c77fc70d6770736e9","sha256":"fac5922d060ebbe6a668b9fafcbc284ece3100754c742480fb58425acd562603","sha512":"61d9dcda0684cabfd804b15df56324130f62cdd4133cd0fedd165517f2945395b710a23b6ab9804213d2515fe06b6cafe007dcdf1f517ce90d4f0baf8afc7817","ssdeep":"96:sxkdfNSpRUplB2l7FtAeqyCv6VcEjEL95xLb30A6+8JA:rEtXqRvjEjE5nLoA68","tlshash":"f7a17e27bfeb2251c95a4b38a3da5951e163414311c18768f63d4870af854c88ade1df","first_seen":"2025-02-05T10:56:04.186863Z","last_seen":"2026-03-18T20:51:19.393206Z","times_seen":941,"resource_available":false,"data":null}},"time_used":1178,"timings":{"blocked":503,"dns":64,"connect":95,"send":0,"wait":105,"receive":0,"ssl":409},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"res-1.cdn.office.net/officeonline/hashed/83987e0f63d43f20/we_version2.png","fqdn":"res-1.cdn.office.net","domain":"office.net","tld":"net"},"ip":{"addr":"23.36.76.120","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.public.cdn.office.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert SHA2 Secure Server CA","organization":"DigiCert Inc"},"validity":{"start":"Thu, 06 Feb 2025 00:00:00 GMT","end":"Fri, 06 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:76:68:BA:18:F2:E4:E0:DA:01:64:B6:85:9D:C5:C9:B0:82:95:E2","sha256":"03:92:8F:21:BB:88:88:B5:6A:E3:4D:0F:95:2D:7F:BB:2E:B3:B8:BC:E4:99:B6:73:31:61:47:35:EB:30:83:47"}}},"request":{"raw":"GET /officeonline/hashed/83987e0f63d43f20/we_version2.png HTTP/1.1\r\nHost: res-1.cdn.office.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 24960\r\ncontent-type: image/png\r\nlast-modified: Tue, 23 Jan 2024 00:52:15 GMT\r\nx-ms-request-id: 4ccd2bad-c01e-004e-4f49-5dd11f000000\r\ncache-control: max-age=630720000\r\ndate: Wed, 15 Oct 2025 23:40:16 GMT\r\nalt-svc: h3=\":443\"; ma=93600,h3-29=\":443\"; ma=93600\r\nakamai-request-bc: [a=23.36.76.103,b=151833042,c=g,n=NO__OSLO,o=20940]\r\nak-network: FF\r\nreport-to: {\"group\":\"NelM365CDNUpload1\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide\u0026DestinationEndpoint=OSLO\u0026ASN=20940\u0026Country=NO\u0026Region=\u0026RequestIdentifier=0.674c2417.1760571616.90cc9d2\u0026TotalRTCDNTime=0\u0026CompressionType=\u0026FileSize=24960\"}],\"include_subdomains \":true}\r\nnel: {\"report_to\":\"NelM365CDNUpload1\",\"max_age\":604800,\"include_subdomains\":true,\"failure_fraction\":1.0,\"success_fraction\":0.01}\r\nserver-timing: clientrtt; dur=0, clienttt; dur=, origin; dur=0 , cdntime; dur=0\r\nakamai-cache-status: Hit from child\r\ntiming-allow-origin: *\r\naccess-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-cdn-provider: Akamai\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24960,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 296 x 302, 8-bit/color RGBA, non-interlaced","md5":"fd59a454c80d16a1cb998096478f7068","sha1":"eb74904b48f598ec609be7b6e0089ae5f06db825","sha256":"83987e0f63d43f20ff756121f3d91b50787c1e4e57d3bca110c06d0d6423c8cc","sha512":"412e1d98f6b2bb2aaade98c92f5577c00118a40f445ecda16c3b1bf5c10e2b065ceb6cdde0fc1a8f8d64f015bac310e7de17bdb242fe1cbd593d36fb7582ff27","ssdeep":"768:z4u/5yZZ0dqReRcS2tIwHF98nBYHOUlOl8Een:z4u/AZZ0WUTiIwHL8nBYHOYu8v","tlshash":"99b2e1556aeb6393671f3cc4c4296896ce253b60ec2354da9ba8fe430cdc8413b63573","first_seen":"2023-05-20T15:51:57Z","last_seen":"2026-04-10T02:43:42.443434Z","times_seen":1050,"resource_available":false,"data":null}},"time_used":373,"timings":{"blocked":151,"dns":192,"connect":1,"send":0,"wait":3,"receive":1,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/bcKpnZxwnc3bMqAkjr4DHe2AipIraQfFORJpaxVi34SreJOvkGUC6v66ta8ULFbQO1njBnlfzHlyOibdr2g8j4WBjn2XdGowx730","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /bcKpnZxwnc3bMqAkjr4DHe2AipIraQfFORJpaxVi34SreJOvkGUC6v66ta8ULFbQO1njBnlfzHlyOibdr2g8j4WBjn2XdGowx730 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:18 GMT\r\nserver: cloudflare\r\ncontent-type: text/css;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"bcKpnZxwnc3bMqAkjr4DHe2AipIraQfFORJpaxVi34SreJOvkGUC6v66ta8ULFbQO1njBnlfzHlyOibdr2g8j4WBjn2XdGowx730\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I5ckLhhkAuOasmDecFkZuWsmLy6BlgfH7Hwj5HWmwXKPLYG8WEuoBfDQICZb324RdAm0jDNWCldlaGe%2Bu2jpSy9n0KFKgtiQjIINZcbpK6A%3D\"}]}\r\ncontent-encoding: br\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\ncf-ray: 98f3291739e81525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":222931,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (51734)","md5":"0329c939fca7c78756b94fbcd95e322b","sha1":"7b5499b46660a0348cc2b22cae927dcc3fda8b20","sha256":"0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1","sha512":"1e819e0f9674321eee28b3e73954168dd5aef2965d50ee56cad21a83348894ab57870c1c398684d9f8eab4bbbef5239f4aea1dcab522c61f91bd81cf358da396","ssdeep":"3072:Z4blthK0D4NIbkhhMW0AphsQyXV3oUHDDlxh/LoFdW:Z4vhK0D4NQlxh/LoFdW","tlshash":"a6247255a9a8111e726b8ddce0b9b3d8f1149611d1833bafb817ab7cc7ed0a33323645","first_seen":"2025-04-07T06:21:00.635048Z","last_seen":"2026-04-14T18:35:13.389966Z","times_seen":33533,"resource_available":false,"data":null}},"time_used":2906,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2246,"receive":660,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T23:40:02.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /fvqvug@ztdsinv/$*@* HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:03 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ll4pQGMDa2prK0CESX%2B3axEtOc7Oe6qQuOjDR8biQm2AN%2FkJLSDjVg31aEzHRGCyA%2BYSfMDURApRBU17xHDLbp9AEIflP%2B7cthYDKwuQT7Y%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6InA3NEVBbjFXV3lrM2tsVjN2K0RFbkE9PSIsInZhbHVlIjoiYlZJMkhyb3lrUHd6TlJ0Wk00NG9BRDZYRjdlRkxrZi9vUHgyWkxQRlZ6dTgwRjZ0dlI0UzV3blhlVE1HRGd3QXRuYWpNMXJjUXEzQUNqOTM0RnRFKzR4M0k2RGdNakZjUlhqM0owSXBEQW9kSEYwWVhQdkNSM0lOT1dVRk9Sdk8iLCJtYWMiOiJlNzZhMDQzOTlmMDY3YjRjMDFiNGFjNmYwMWJiMWYxZDEwODEwMGFhNjllYmRkMjIyMzI0NTA4MDVkNjIzYzgyIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:03 GMT\nlaravel_session=eyJpdiI6ImJqVHJhRUZORHRxWG10MEdOcVIrelE9PSIsInZhbHVlIjoiOE1YV3cwZFVLNjdtdFpqSStkYXhDelVEbEx2Wkx5ZS95TzBDcVVDeVhzdGlyNmNDQ2p2ZzF0a0w5Y3ROVUJ6S1d2ZWo1Mi9aWXBpTkdXRnJDU1pONFlCbjlnNHJRZG5USC9VSDdWT0hMZmU1a2RERzlqenh3ZzJucFEyd2FyZDQiLCJtYWMiOiI2NmNkZGJjZDFiMDA3MWJmZmJjZTNjZTIwOGQwNThkMzdmMTU4ZDJhYzNlZjA4YzQ1Y2I5NmE1Mzg4MmUwZGM1IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:03 GMT\r\ncf-ray: 98f328c34c2e56ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7161,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7146), with no line terminators","md5":"6d89b7e773cd4260259667cfe5f418c4","sha1":"217753dbb8e866ae0d1ec6645e65118b8e1f51a1","sha256":"b0fa118893df5228e18dd413cb4f2a9728c5bd7ef1ab4f0c665fcdb008631aa7","sha512":"ef41cac30a4923d9dcef42ebb48b480fe9fbd9474ce975bf06d44d6d3136b5c4253c605d8dca2e66a4f569fd063455e6e4750a053d870a934c80a67b5f18040a","ssdeep":"96:rxm+3iXAyfJiPowsoWmzP30a74sHQyoJ17ua+YSdXc4DstbprcIB1Lzjf:rx33iX9JAooFowt6H+VdXXDkdrJLzjf","tlshash":"e2e1f7777605003c9ad397977fc1a7ad3128a242d03318682b99886bc6cedd692bf785","first_seen":"2025-10-15T23:40:43.366657Z","last_seen":"2025-10-15T23:40:43.366657Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1327,"timings":{"blocked":268,"dns":58,"connect":2,"send":0,"wait":789,"receive":0,"ssl":206},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/favicon.ico","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*","date":"2025-10-15T23:40:08.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*\r\nCookie: XSRF-TOKEN=eyJpdiI6Ik5EUExtL1JHdlFsSzEyRkRXUHErNEE9PSIsInZhbHVlIjoiNUdGMi9tQmhZaTJlZXpuSmZ3ZzVvUnNSNk5DRHpjYVdIZnlMRUhSQmg5Wlh1eW9JYXZWcmdKcEVFZlNMRWxiMnFrOHRRTU9ISzF5dVl4dWYrbFVsV2lXZGl5dVlkRGpFSzM0Q090Rngxc0Q0Vi9CVSt5MEZiN2ZHYWxVSUxzUmsiLCJtYWMiOiIzMDhmZDJiNTU1ODc0Y2QwNWFjYjQ1MjQ5MTdiMTdkZWYyNjBhZmQ1OTc3Y2VkOWYxMWRlNmIwOWFlZWFjMjU2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImE2Z1FqU05VMnBmZlJnc085VFlYRFE9PSIsInZhbHVlIjoibm5CMVVBd0thUVlDV0ZnM3ZGZVBqZEJjTmhXeFh5WnUrdTVZMXNnWStTUk1BWlJzeTZVNmNibFZrdHNFcWs3VGRqVlRlZnJ4NGRBditzY2ZkWHg2MEJUbTE5UTBRbmZqU3hFdnRSVFl4SXFxSU5MVC96ZEdGakgzQ1VURDI3MXYiLCJtYWMiOiJmODJkN2E1ZTY2MjhiMTE2MGYzOGUzNTA0YzI1M2UxMDZjMzIxYjI2NTE3YzI2MTAyNGExOTAwMTliMDk2NjU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:09 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=juBufRwSpYRinYuwKTeW5YBK45FeZHeaBtSkozuOLVWE%2BMqv%2FJo3%2BMwGi5pASHeHK5QfTIyHONDSNaF3z%2Fi0cdvorilgprgN85sOKIMl\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IndEMWV1cnl5YWFsam5TNmpGUUdxNGc9PSIsInZhbHVlIjoiSTQ5RGk3bWhpbnZybk40Skd6ZXdoeWZCZ0JiZlZBYmpvdTR2UFlPekhHNDVmcnhFTk1USHpFdmphUHhKZVUzWVp2WjVORnQzMCtVNFN2blZyZkpCU1Z1N1lBSmlEZjF5T0VjSUtuQWtQb0VGM212OVlKTkdzYVhyaEpXY2Jtd3IiLCJtYWMiOiI3M2UyYTZkMGQ3MTY0ZmVlY2Y0OWZkYmU4Y2NhODA5MDM2MzdiNjkwNGUwZGNiZGM5NTdkMWU3MDU0OWRlYWUxIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:08 GMT\nlaravel_session=eyJpdiI6Ik1nL25xMnFoZ1pDRmFkQVZtdThUN2c9PSIsInZhbHVlIjoiM0pYbEowZURmNUZzT05kUC9XVktxVkJNeXJoaVR2dDZxbVcwd01LRnlCS3lQTjdkRmhFTVhoeSt2WXZWbmwwTlgvbzNOTjlMdmRWRG5SaWNabi8yU2RRQlpUMVRDY0E3MGxHNFJHc1VEN0VxNUw0NDlqV1JCaWlrRGlRYTZJNDAiLCJtYWMiOiI0NmQ4YzU0ODliOWZkMWQ4NzRlODcyMzUxNTRlMzk3Zjg4MjFjNjNmMGJkM2NhMzNlMWZiOTYxMTAwMjM4YWRkIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:08 GMT\r\npriority: u=6,i=?0\r\ncf-ray: 98f328ea9f1e1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12580,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"4c3abc15d510d6c9317e5c64b6076b72","sha1":"566c81cd823fb2e4a879890f96fbc77d3097e4de","sha256":"c36d861d33241bcdc0863f479cac2d2d43b62e8b21c7740509291beb66b768da","sha512":"42e39940bb00899a28a5ae01a8d53abdd2d06a5e57b1a98702c35d6d77c0381ab4c0bf7108c611929929ba1e1ae18150d0087e0aae1dbf09962c849e6a571b76","ssdeep":"192:fvFVXr8jGWcPCUV1yiHfor5EuCcOwiuxwqjFBpMg/MRDQFLO+kGUJ7sU1iaL6+fr:XFVlPgfTFazmto/W65z","tlshash":"e242a312f6f162373863a1ea2beb574e7fa5e003c009dd6879ec12548fd7ed58893219","first_seen":"2025-10-14T15:44:25.608611Z","last_seen":"2025-10-31T21:01:54.066153Z","times_seen":1263,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":418,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/56wWPPOUiX7zNQVIvgh2kxxRPdEmRVT67745","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /56wWPPOUiX7zNQVIvgh2kxxRPdEmRVT67745 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:16 GMT\r\nserver: cloudflare\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"56wWPPOUiX7zNQVIvgh2kxxRPdEmRVT67745\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lkhDPx8gEBm4%2FvSkine%2FZYOyetwebM4Gp4hAMwKx2NAMJqry2pshLsv%2F8ogkNX%2F%2FsPE7oXYj3Nj3iB6Yvcg%2FeWp4TXG29KDmTHiD%2FwbGCfc%3D\"}]}\r\ncontent-encoding: br\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\ncf-ray: 98f32916f9df1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10245,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10017)","md5":"6c20a2be8ba900bc0a7118893a2b1072","sha1":"ff7766fde1f33882c6e1c481ceed6f6588ea764c","sha256":"b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500","sha512":"8f80ad8adc44845d24e13d56738a2ca2a73ee6fcdc187542ba4aaebbf8817935d053a2acfb0d425b9cc0c582b5091e1c9fe16b90b3aa682187645067c267fc41","ssdeep":"192:LRSvXVHfVj+WdqfkkoKhUBhMAcT6iuvBiFj0gba6qiG2pPj:LQvXVHXiNkMAcT6i+4mgPj","tlshash":"ce22a58932933026af5391b440bf140af2f69589d45cade8ab29d1e27d7290d46f7f38","first_seen":"2024-05-30T22:56:13Z","last_seen":"2026-04-14T19:37:20.475398Z","times_seen":52241,"resource_available":true,"data":null}},"time_used":731,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":731,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/drfzBwmMzE4u3ye7QFGcTaQstUbVAZqmnkBslmjsjEcWdgLkSygkv37cgNrXsOkbAVKhl1wrs1rnk1Je0X0JQs7lqqA0AgfmnTn08jueuVAyX6E038Z8T9Xnq7ef713","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /drfzBwmMzE4u3ye7QFGcTaQstUbVAZqmnkBslmjsjEcWdgLkSygkv37cgNrXsOkbAVKhl1wrs1rnk1Je0X0JQs7lqqA0AgfmnTn08jueuVAyX6E038Z8T9Xnq7ef713 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:18 GMT\r\nserver: cloudflare\r\ncontent-type: text/css;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"drfzBwmMzE4u3ye7QFGcTaQstUbVAZqmnkBslmjsjEcWdgLkSygkv37cgNrXsOkbAVKhl1wrs1rnk1Je0X0JQs7lqqA0AgfmnTn08jueuVAyX6E038Z8T9Xnq7ef713\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2NEyOMOb0ILbz6yDJ54SRT9umGrEwAjcbbVAxP3WjVk3slZD6rB7mCmej3DA722%2FdRspzpg5RCxcuY7o5V4WHPmaGUpGYHap94yslWnR%2FQY%3D\"}]}\r\ncontent-encoding: br\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\ncf-ray: 98f3291739e91525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10498,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (10450)","md5":"e0d37a504604ef874bad26435d62011f","sha1":"4301f0d2b729ae22adece657d79eccaa25f429b1","sha256":"c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179","sha512":"ef838fd58e0d12596726894ab9418c1fbe31833c187c3323ebfd432970eb1593363513f12114e78e008012cdef15b504d603afe4bb10ae5c47674045acc5221e","ssdeep":"192:x9iW+rIadfLTcaTO5BrwjnwSrQ1kPmqQmMjmtmumobU8:x9KVLbw6jqON","tlshash":"0a22724186196412409b6f13f0dabac27f0a221df52292bffb3d496cddea8561730f39","first_seen":"2024-03-14T18:17:02Z","last_seen":"2026-04-14T18:35:13.351449Z","times_seen":48201,"resource_available":false,"data":null}},"time_used":2549,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2548,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/echIcOikf8I0dmG2Ovvm0oserzNQexb","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*","date":"2025-10-15T23:40:09.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"POST /echIcOikf8I0dmG2Ovvm0oserzNQexb HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*\r\nContent-Type: multipart/form-data; boundary=---------------------------282155433622271191062939445267\r\nContent-Length: 328\r\nOrigin: https://queue.beryx.com.de\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IndEMWV1cnl5YWFsam5TNmpGUUdxNGc9PSIsInZhbHVlIjoiSTQ5RGk3bWhpbnZybk40Skd6ZXdoeWZCZ0JiZlZBYmpvdTR2UFlPekhHNDVmcnhFTk1USHpFdmphUHhKZVUzWVp2WjVORnQzMCtVNFN2blZyZkpCU1Z1N1lBSmlEZjF5T0VjSUtuQWtQb0VGM212OVlKTkdzYVhyaEpXY2Jtd3IiLCJtYWMiOiI3M2UyYTZkMGQ3MTY0ZmVlY2Y0OWZkYmU4Y2NhODA5MDM2MzdiNjkwNGUwZGNiZGM5NTdkMWU3MDU0OWRlYWUxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik1nL25xMnFoZ1pDRmFkQVZtdThUN2c9PSIsInZhbHVlIjoiM0pYbEowZURmNUZzT05kUC9XVktxVkJNeXJoaVR2dDZxbVcwd01LRnlCS3lQTjdkRmhFTVhoeSt2WXZWbmwwTlgvbzNOTjlMdmRWRG5SaWNabi8yU2RRQlpUMVRDY0E3MGxHNFJHc1VEN0VxNUw0NDlqV1JCaWlrRGlRYTZJNDAiLCJtYWMiOiI0NmQ4YzU0ODliOWZkMWQ4NzRlODcyMzUxNTRlMzk3Zjg4MjFjNjNmMGJkM2NhMzNlMWZiOTYxMTAwMjM4YWRkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:09 GMT\r\nserver: cloudflare\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ia535XHfhybeitkLKRV78QPfRWyacaapdYlQ9OzLUEXDOU3saetPIV8DezT3MQIlIBALK2jDIeG7ZHRSk06IxpVvjwLfUUu9ClKADxtC0e0%3D\"}]}\r\ncontent-encoding: br\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Im1qVmlwVlNZK25Zc255elM1dHdMQ2c9PSIsInZhbHVlIjoiTEJWS1V0eUl2eStTWURadTdJcmFBRmNnblFmaUNReVpjWjlEYVdYc3owQktLSUIySk1HSkVlYlR0UjMycEdRSVZEaUQ2VTlWK29razBkMFBJSFI2czk1MDduSmVSL0FmR3VyNFdIK0w4TFBqQ00ybyt1UVpIbWtpdS9sajIwSXAiLCJtYWMiOiJjMWYzMjA5Njk3YTY3YTMwYTM3MTU4NjgyMjBlZDY5MGU3ZTY3NzZlZGE4ZmFmODJjMjYxYzIwMTc4OTE4NTAyIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:09 GMT\nlaravel_session=eyJpdiI6ImFlSnB5MWhpTktFZDV3VnlwYTN3Y1E9PSIsInZhbHVlIjoiTFowY2t6NFAzam9MOGxIbk5aMUpKbDhxWnZsYWNqMXNXYmg0MzE0NUpaNlVQaC9rd0hoeHcxYWx5aDYrZmZYbkgzM3RRU04xWGhnUXZJOGVJTmoySlBpN2JaVmhFL2xhTnVZdXdYV0lrMmFFa1dYUGVpTjFkTnRSZnppSi80bzQiLCJtYWMiOiJjZGRiMjI2YzIxNjg4ZDk3ZmMwN2MxZmYwMzFhOGQyMTA4NjhlMDA1NGQ5NmI2YWRiNGI2NzE2YjY4ZTZlNmU5IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:09 GMT\r\ncf-ray: 98f328efaf781525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5820854f62a6eb3d38ba7ba0d1b3ea75","sha1":"639df0b84fe699b4a290a713fd6b9a94bd4deb95","sha256":"912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d","sha512":"4452c0a26fa81357f95bf6160c3f5d35ff39f62e03d5faa1e69eb9dfdcb2c83eda4235463ee4065dceb534cc497891a05535467337ad84693e5fa48c317dbbbb","ssdeep":"","tlshash":"f67000020000208008803c0000000a203ae00aa0822a00c0802c00288e08088f08a000","first_seen":"2023-03-13T15:21:35Z","last_seen":"2026-04-14T21:52:53.364492Z","times_seen":89008,"resource_available":true,"data":null}},"time_used":393,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":392,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/favicon.ico","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:12.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nCookie: XSRF-TOKEN=eyJpdiI6Ik9JbWpnY3d5RjRDR3BGSTBxR3YwSVE9PSIsInZhbHVlIjoiUmUrVjl0ZVlSNXg1WExIUnB4VlExZi9MMGJsa3Z1WEoxVk5lOSt5OUZBellZT2djU3RyR2J3aFpJMURWOXA0MmdZbTlsbWs4bHYrRHRTcUZkVXdOUVV1VEZXcE1WYVFqTnZEa2UzMTBSNU51M3NvS3cvRmNMYTNvcXNKWVgzUW0iLCJtYWMiOiJkYzQyNGZmYWRhNmEyYTk0ZDdjNGZlMDFkOTkzNmY4ZDYxYTgxNGFjMzYxY2RiOGJjMjlmOGVjMmM2OWEyMDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9Sb3lETVptZmNlN0VvWmZTVS9rSHc9PSIsInZhbHVlIjoic2h3L3RxZDVZaHM1eng5dGlBRFlHZGViRy8wSkhHS1ZTRTMyd1BXMGQ1clBIZmhlOUtNcEZ1cWNDNUNPM0sxUDdzKytIcHFkajlDOFRoaGE5WkN6ZmY5U0JLdFNIbGxnVjlSeTFNT05keHVoT3lzcXNNN1ZIQjQzN1JHcWFEd2siLCJtYWMiOiI5NDhkNDA2NmYyYWQzMGYyN2NhZTY4YTgyNGYwNGFhMTdiM2IxMzUwOTQ0NTkyYmYyOWFiNjQzZjNmYjIyZDAzIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:12 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=04l3VkKAKL6IhlMGpMsK1qseGbIyP3p4eYkpNp4xPkNfnbGLWsXi1SuvHHfpltVbyVodr53O7KjLH%2BFH7IwCoLtlgAFffn%2F2v9DuPYOR1yo%3D\"}]}\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjNISjRic3VEYjREdDREWXM3eGloQlE9PSIsInZhbHVlIjoiTlJJYXM1eFBPMDJGOHhOVHR1UFFIdTF5VHBheElTelh2TnJzdWkwN0hrckxZN3VlZlByN1U4bE5ZKzN1OVNmK3VLVjJRY2Nxek14ZkxTQlNuaWU4TVhmUFF0Z3dZTHU0NTNJZjJMYVpkN1N2TGtaQWJuT3d2dTJOZDFITXVrVXYiLCJtYWMiOiIwOWU1YmFjYzNhYTFkYzNhMWI1ZTk4YTUzZTU0ZTEyNDA2OWVlMWYwN2NhNmJmYWI0MzFjOWM0OTAwNzZmNjM0IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:12 GMT\nlaravel_session=eyJpdiI6ImNwbWpGZk5xVDJpZ015SGtmZkdxcWc9PSIsInZhbHVlIjoibXhaaTJ1cHZ3S0dOM1RqT1F4VmRwdFFCTXJQTWk3TVJZeWJBQlJ5Z2FRR3hoNUhqV2JaRjQ5RGE0azBWMnZhYkxTejBSUVU4dXBWMEhKa29paVpwWC82U0VXTE1GUzlYQ1BJMk40aEk0dWRseXdZYmQ3TDVqVGk5YkpnZU8vNTUiLCJtYWMiOiJhYjc0NDc0MDNjOTgzMWI2MjRmZjlhYzJiZjkzMjBiZDZmMTQzYjg1MjAxYzE3NTMzY2U4MTVmMzMxY2ViYzBiIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:12 GMT\r\npriority: u=6,i=?0\r\ncf-ray: 98f3290098851525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12580,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"4c3abc15d510d6c9317e5c64b6076b72","sha1":"566c81cd823fb2e4a879890f96fbc77d3097e4de","sha256":"c36d861d33241bcdc0863f479cac2d2d43b62e8b21c7740509291beb66b768da","sha512":"42e39940bb00899a28a5ae01a8d53abdd2d06a5e57b1a98702c35d6d77c0381ab4c0bf7108c611929929ba1e1ae18150d0087e0aae1dbf09962c849e6a571b76","ssdeep":"192:fvFVXr8jGWcPCUV1yiHfor5EuCcOwiuxwqjFBpMg/MRDQFLO+kGUJ7sU1iaL6+fr:XFVlPgfTFazmto/W65z","tlshash":"e242a312f6f162373863a1ea2beb574e7fa5e003c009dd6879ec12548fd7ed58893219","first_seen":"2025-10-14T15:44:25.608611Z","last_seen":"2025-10-31T21:01:54.066153Z","times_seen":1263,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":415,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/crypto-js/4.2.0/crypto-js.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:15 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 19621\r\ncf-ray: 98f329171f351525-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"65384d58-4ca5\"\r\nlast-modified: Tue, 24 Oct 2023 23:03:52 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1795930\r\nexpires: Mon, 05 Oct 2026 23:40:15 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=EBeBp1y5T6ggGcP8uo3rQMNohNb7Ha%2FusH9AG4G7wtCjgBQ4u0oSlIMVKELLSlDRVM029I0hffOA9c5r5xCn2UkOh7%2Ba634tSXPFEmP%2Fu55njMAZLSgPaywDfgAgOOQvNlOcfeA3\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60819,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (60819), with no line terminators","md5":"d9c6de0df2bf028d93924aff92487904","sha1":"6596050516dd12af52d9b0e7b18ed837f1d81300","sha256":"769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc","sha512":"6be4940eec0dcd70efcf85eb21c5c7b827f4f3dfe2240a0de259ab5c9835f179ddb8a2ba6250c73516a5bf8c9dd4de3438a23cd2d162745faba9314a18fa1615","ssdeep":"1536:R8K6Znxmj9rlvCOhI64j7AtSPtNPU9ArHMLlk:RV6+jKOh4z","tlshash":"65535bc0629c5491a3b76480087f740b7073353b0a1d5aacf658faefacacad6907cd39","first_seen":"2023-11-02T21:20:28Z","last_seen":"2026-04-14T22:01:30.016454Z","times_seen":29564,"resource_available":true,"data":null}},"time_used":54,"timings":{"blocked":15,"dns":1,"connect":1,"send":0,"wait":13,"receive":2,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/34cKY6XXkTXVmablzqS8920","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /34cKY6XXkTXVmablzqS8920 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:16 GMT\r\nserver: cloudflare\r\ncontent-type: text/css;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"34cKY6XXkTXVmablzqS8920\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sUWiuy%2Fk5tCz8cleIerhaxjBWArWdi%2F5gfPrE4kB4dnST2m5744opa8yI%2FSCtOjM3OSfr4%2BwYMbPOTIJy2g9iomTVfyVrsBJpVuYwGi6\"}]}\r\ncontent-encoding: br\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\ncf-ray: 98f32916f9e01525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28384,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (28382), with CRLF line terminators","md5":"d4d623b7a475594daf8d77d70c647409","sha1":"dc0019741687e1a2f60f14d72d83a8aa4b2cc846","sha256":"3154145f5e5fb002f312ca6564c237c174a269269b57d767812894238ef50e81","sha512":"b85a03f43485557ce032864278f5ee3f1faf44d405e29b5b68818cdc7666b7bf9bd14f21db50285ae91c1d40b9ba9b98df720a249213b3750954903964758d97","ssdeep":"768:MC8nBSz2omXX44PL5K9kdY8xbXoEYW+fUSi:MhnBSz2omXo4PL5K9kdY8xb+WX","tlshash":"4ad2a86072003369f223c237b0e67a8e21399552e5b75b79f936b1a8cfe6042173365f","first_seen":"2025-09-10T01:54:27.119791Z","last_seen":"2026-04-14T18:35:13.387183Z","times_seen":12069,"resource_available":false,"data":null}},"time_used":929,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":733,"receive":196,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/34Q3eShFXU24fQqyho0ScNsyaijUneULX6sY67110","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /34Q3eShFXU24fQqyho0ScNsyaijUneULX6sY67110 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:18 GMT\r\nserver: cloudflare\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"34Q3eShFXU24fQqyho0ScNsyaijUneULX6sY67110\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QM0iTGuuq2DOpY%2F8JS37lO%2Fj682rD5w0BNgcBzwxWmtcm1fMBq9cy2hCtQ1ilsrTKnDwnNsVLjU3Edlt0BI5TPQLyRiU4uLvYhHyRc%2BCkHM%3D\"}]}\r\ncontent-encoding: br\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\ncf-ray: 98f3291739ea1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":286154,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"196a7f6297ec20fa88a6992cfdfe4c0d","sha1":"d09396c7f68f54b74dfe84a538d76a55f95f18ed","sha256":"a7ccf4ba1ef90c291dd94633c14f078d0b37e38e8ae799e0aa65be0534525f04","sha512":"667b51b73518db0bfbc3ff9fa656c46fafcfe25d529305a2f34b735d146b0c4c1d24f5d7d5ef4ccecc5b58e311e8d32cb763ebefaa45e6a61c9cfedd4ae22f62","ssdeep":"6144:j1n0kekmix/m/zqj1a2cVH1DEtS0nrVQQT1d4nNqPpzxNVmETicQ:jZwunjhct1sRj4NayETij","tlshash":"4b54231b533668390c6cef6e61af0b581bf44712618df6994c8f16e20eff30585693ba","first_seen":"2025-10-15T18:53:49.709615Z","last_seen":"2025-10-16T19:56:46.635866Z","times_seen":120,"resource_available":true,"data":null}},"time_used":3011,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2266,"receive":745,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"ipwhois.app/json/","fqdn":"ipwhois.app","domain":"ipwhois.app","tld":"app"},"ip":{"addr":"185.93.2.245","port":443,"asn":60068,"as":"Datacamp Limited","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:16.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipwhois.app","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Mon, 03 Mar 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"84:9A:03:9E:DB:01:BC:B7:CE:36:26:30:01:29:E2:CF:97:2D:AC:6D","sha256":"65:6D:45:47:5D:B6:EE:84:12:70:CF:BC:96:68:4A:1E:D1:4B:19:EF:31:57:F4:64:82:DB:C3:A5:E3:9F:FA:CD"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipwhois.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://queue.beryx.com.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:16 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-FR1-947\r\ncdn-pullzone: 4617583\r\ncdn-uid: d7b2831a-894b-41f6-aa49-42925a17eb6c\r\ncdn-requestcountrycode: NO\r\naccess-control-allow-headers: *\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex\r\ncdn-proxyver: 1.38\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 10/15/2025 23:40:16\r\ncdn-edgestorageid: 1321\r\ncdn-requestid: a90e1deba7f6509ca9f0fe124b872448\r\ncdn-cache: BYPASS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":663,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"06f20b62334b08f7a74cb7231bc76e78","sha1":"b98a8ec18519746a9b8b6ea21138117d4fdd2a54","sha256":"46b277aa5bb7a7d37fa3cc485d329141448ae75347bdf16c02b01573abf67e49","sha512":"d4582531e895863b497b66aaf6820a0d2cffe4abc769b660040c23a87b82581c3d94b1a91b22934a93788185b5deec70604ba8cfcd424117c09797167ac214a2","ssdeep":"","tlshash":"73014769207cddaeec3ec3d4a09d928e177a9107d6c6898687ec5e58c2c468aa040117","first_seen":"2025-10-15T16:01:41.829181Z","last_seen":"2025-10-15T23:40:43.388943Z","times_seen":76,"resource_available":false,"data":null}},"time_used":340,"timings":{"blocked":148,"dns":21,"connect":30,"send":0,"wait":44,"receive":0,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T23:40:07.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"POST /fvqvug@ztdsinv/$*@* HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 20\r\nOrigin: https://queue.beryx.com.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*\r\nCookie: XSRF-TOKEN=eyJpdiI6ImtVVDlPYytJSHVOdW5BV0tZOUhBTUE9PSIsInZhbHVlIjoiKzVIUkw4WlN4VCtzT1hkdW5pM2pnM2g0d0xuSGhHblhyRVhYVlpPZ2xraXJQdEE0UzlBaEZmaEczLzhXbFpRSDV0TU9YS09tNUx3T3FRcnJOWUZYTzRIM000U2pFSUdsWkV6MXFNbWpJMHRXa1hiV2RuSkN4bDBtcXhzTEhsMDQiLCJtYWMiOiI2NjVmNDY4MzgzNTJmZGZkYjM5ZWY3NDc4N2FiMzQyZTljNmYyYjJkN2Q3OTQ4OTNmYjNkMjU5NTY3MGU1ODE2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpHYXpZVE51Y3NRRmVGeVhHWUZVUGc9PSIsInZhbHVlIjoiSmgzdlJRYnUyNXFKaGlobjZZOTRHN1ZWMDJBc3NuZHdBM0IwL2ZMdmJkOEF3OUIzTnczOEZsWkp6Ni85M0d2UEhlYzNGbTJDQmZ4b1VLRGwrNU9TWHNteUptc0tIbVpQSnQxNkF2WE1Fa0NlOWRtNGlZZkg2NWs5bS9lOHFQbzIiLCJtYWMiOiI2ZTI3MDgxNmRmYmZlMTk2YTBiYzExNGI1NjU2N2VmMDdlYjQwNjI2MjA1ZTJjNTljM2M4YTU1N2M5YzdkNzM5IiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:08 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6Ex1i11iLANJM8kRPBcEEvwLLyVPphTAajh7Y7%2BnJUEF73J%2Bncf%2FX%2F3j0PkcuQj7yDJNdF5XQPCIeZnkf7yk8t3MOBNUuxHVt2VbPGfq\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjZVQVd3TkhDdHhkc0ZNZllKejl3ZlE9PSIsInZhbHVlIjoiY0I2VVA0M2xXUWdXUGZxS1gwM2dtUlFZUXM1eitCbElVbVFCcEtJWUFwRFA1aU9tczR2SmxVZXA2Z3Z0a0llREg0WmZBWGtzWkIzNk5wM2xaTFo4cXJGUVJiL1M0cHRHY2lkL3ZQWUFDSkJkVUhEQU15L0pmZkFIK3FtTDlBbWEiLCJtYWMiOiI0YTcwZWI2Mjk0MjMwZWY1MWVkYTI0YjE4ODc5ZDRiYzhkMjVmYmE2ODVlN2Q4NDdiZjFlMDBmOTJmYmYyYzdkIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:08 GMT\nlaravel_session=eyJpdiI6InhESmhZT1RwaE1hNXQvNjJpSWw5dmc9PSIsInZhbHVlIjoiZ2Y4NGhYdkJzMEN5eWpGcVJmby9hQlBBL2psZThWemVuYU9PQkt1WS9RRkY2dEErTEZjeDV6RFJiK1NYazZ3VW9uVHhtR1lkRlR3K2tnazlvQUUzZnRuR0ViQStNZW81L0ZLa1VPVG0vKzRDTU8yaWpGenFuVEdvSk8zNHRUd1IiLCJtYWMiOiI2MDVlNzE5ZTBjMzNjMmE0NDQ1MjVhZGNhNjFhMzU4NmJjZjRjM2YyYzI2MzMwMDM5NTA3YjEyOWYwODY2MDU2IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:08 GMT\r\npriority: u=1,i=?0\r\ncf-ray: 98f328e2cecf1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":90,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"7828f7ae07241c0978ce44e5cc4a0a83","sha1":"a9c93817a15b03507c3c21021fba863d3ac62b7f","sha256":"a65713ab569fbcda76f7d8cd7827b5cc51b58eb5d1b03b50c91924ba9c785fd9","sha512":"3bb6311f102cc50b6e8f2d2739185b17fb0715f94d0100cb7636c76e59e79dd2bbb58046e0e13679efc7c1b92696e68b09354010992d96af34399577f443ab39","ssdeep":"","tlshash":"69b002df0c4182453af211129a537359357350eb1804f05255515510756cb8f972fdde","first_seen":"2025-06-23T00:01:47.918545Z","last_seen":"2026-04-14T21:34:36.310545Z","times_seen":40991,"resource_available":true,"data":null}},"time_used":743,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":742,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T23:40:09.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /fvqvug@ztdsinv/$*@* HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6Im1qVmlwVlNZK25Zc255elM1dHdMQ2c9PSIsInZhbHVlIjoiTEJWS1V0eUl2eStTWURadTdJcmFBRmNnblFmaUNReVpjWjlEYVdYc3owQktLSUIySk1HSkVlYlR0UjMycEdRSVZEaUQ2VTlWK29razBkMFBJSFI2czk1MDduSmVSL0FmR3VyNFdIK0w4TFBqQ00ybyt1UVpIbWtpdS9sajIwSXAiLCJtYWMiOiJjMWYzMjA5Njk3YTY3YTMwYTM3MTU4NjgyMjBlZDY5MGU3ZTY3NzZlZGE4ZmFmODJjMjYxYzIwMTc4OTE4NTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImFlSnB5MWhpTktFZDV3VnlwYTN3Y1E9PSIsInZhbHVlIjoiTFowY2t6NFAzam9MOGxIbk5aMUpKbDhxWnZsYWNqMXNXYmg0MzE0NUpaNlVQaC9rd0hoeHcxYWx5aDYrZmZYbkgzM3RRU04xWGhnUXZJOGVJTmoySlBpN2JaVmhFL2xhTnVZdXdYV0lrMmFFa1dYUGVpTjFkTnRSZnppSi80bzQiLCJtYWMiOiJjZGRiMjI2YzIxNjg4ZDk3ZmMwN2MxZmYwMzFhOGQyMTA4NjhlMDA1NGQ5NmI2YWRiNGI2NzE2YjY4ZTZlNmU5IiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:10 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D0iF4uhy5wbUuizWJferqpd3vQb0yPNs8SVOlTOVvEh2adxNTWjdE8jYwHGc1l1xLJoP7IKXUhfC56dd6kLFhNQAwQxRL%2FwNTmkNliAMxLQ%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6InNjSFRoY1hlb2lCWHE5TEZvVUhxamc9PSIsInZhbHVlIjoiSENMQ3B4VURqUlBDU2x0TDRXSUl3ekFiTzZrZHp1NFZJWmFXWlhJd0R2K0kvcWk4akZ0VlIyN2pMT3R5VCtRemJucjEyS0JibFFYS0Jwam81T1cxRFZtelZ5MW5MSlRZTU9kSS93MFQ3VUJUa0ZiYnNsVHRxczQ2ME5CYlNxK04iLCJtYWMiOiIzOTJjMTQ2YjZiY2I2NjJkNDRhOWYyNTBmZjA5ZjczNmUwNDg3YmM3ZWY5NzIyMWJiZTEzNWFiNjhmNTYzZWQzIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:10 GMT\nlaravel_session=eyJpdiI6IlgwR1g5U2JKNkdaUVlFM0s0YkxVZGc9PSIsInZhbHVlIjoiTTcyRXhBR0JVS0x5RktTN3VXdUtPVEtwT0x4UW9JN3orUWhoY1JpMkM1enMyU1VrbjlpMGlRVklGZy9lenVJSExZZFFGOERDaTlJQzMvTldrN2xGZkYvblV3UTA1dmcrdCtSbnVoeG5CVm9EV2ZpWG1LVVZmYzA0WHg5clcxRmgiLCJtYWMiOiJmZmYyZTQyZmFiNTg4YmQ5ZDA2NjhlZWQwMjI2NTBlNDY5ODQzODllMjcyYmVkNDEyODljODI5OTBiY2Q1Njg1IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:10 GMT\r\npriority: u=1,i=?0\r\ncf-ray: 98f328f23fa21525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1468,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1468), with no line terminators","md5":"5415c4f48f7f1f2cfaef8bbf1f36c40f","sha1":"a1c46215d58051caef14402a42ffbd29acfa22f2","sha256":"57afcd62fedb68b3d2f9a09e8fedc8aba6398f29269b6ab4df2db8e547f3da10","sha512":"7abf13a9994f281be48792f61720d0fee9fc31027ded71176c52f77c77f812f44efcbcaf9afeeac13c1072939f6a90bd2dedadf19d6ae2ab11169a0f98460c7c","ssdeep":"","tlshash":"f6317482953691341e1299d665ebf2af03580970b304fcd1858c704048df2e8caaf1f0","first_seen":"2025-10-15T23:40:43.399297Z","last_seen":"2025-10-15T23:40:43.399297Z","times_seen":1,"resource_available":false,"data":null}},"time_used":430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":430,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:12.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"POST /djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/ HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nContent-Type: multipart/form-data; boundary=---------------------------95944767340807592611645815695\r\nContent-Length: 62\r\nOrigin: https://queue.beryx.com.de\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6Ik9JbWpnY3d5RjRDR3BGSTBxR3YwSVE9PSIsInZhbHVlIjoiUmUrVjl0ZVlSNXg1WExIUnB4VlExZi9MMGJsa3Z1WEoxVk5lOSt5OUZBellZT2djU3RyR2J3aFpJMURWOXA0MmdZbTlsbWs4bHYrRHRTcUZkVXdOUVV1VEZXcE1WYVFqTnZEa2UzMTBSNU51M3NvS3cvRmNMYTNvcXNKWVgzUW0iLCJtYWMiOiJkYzQyNGZmYWRhNmEyYTk0ZDdjNGZlMDFkOTkzNmY4ZDYxYTgxNGFjMzYxY2RiOGJjMjlmOGVjMmM2OWEyMDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9Sb3lETVptZmNlN0VvWmZTVS9rSHc9PSIsInZhbHVlIjoic2h3L3RxZDVZaHM1eng5dGlBRFlHZGViRy8wSkhHS1ZTRTMyd1BXMGQ1clBIZmhlOUtNcEZ1cWNDNUNPM0sxUDdzKytIcHFkajlDOFRoaGE5WkN6ZmY5U0JLdFNIbGxnVjlSeTFNT05keHVoT3lzcXNNN1ZIQjQzN1JHcWFEd2siLCJtYWMiOiI5NDhkNDA2NmYyYWQzMGYyN2NhZTY4YTgyNGYwNGFhMTdiM2IxMzUwOTQ0NTkyYmYyOWFiNjQzZjNmYjIyZDAzIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:13 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tIEXqZr%2FIy1GIM3WF%2BpcYMdIX3JVKql1Z%2BZTKWNL%2FyLCXsqR2MgbLlNNmJMxL6Ze2hgNg2TnM979nJwwgfAOMGiYHqFyev6S2igJqsoFOi0%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:13 GMT\nlaravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:13 GMT\r\npriority: u=4,i=?0\r\ncf-ray: 98f328fff87c1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1926917,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"aad1bf6bb4c18012bdc4c642175ba364","sha1":"c85a8bab569e4668a022d1d682e2afb24092e8ec","sha256":"397054b00eb0cf51f09191285c002dbb3dca2635975bbc1cf9be7c51903a2e9e","sha512":"e73ad2a995b9c937c6ca1bfbd19290e83a66e6761177cd8370368597d09865ad480286dbd550a17aa9b44ecb785de3fdaf96cbe47adb794975986ca8ca3a936b","ssdeep":"24576:XT9Hor6MogQ/P7e7meBs1t2J/pFYw9E2qT8E1MiLRm2:xHq8/P7e7meA9TRl","tlshash":"69252354e7f50c7c96b54b9c057f5d1f35ae7aa2b82a91df862e2cc2c1127c88f1b806","first_seen":"2025-10-15T23:40:43.403942Z","last_seen":"2025-10-15T23:40:43.403942Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2869,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1662,"receive":1207,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/34Zi5xLDaE5HSnMwzOs2nqklNRjI64TDL89734","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /34Zi5xLDaE5HSnMwzOs2nqklNRjI64TDL89734 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:16 GMT\r\nserver: cloudflare\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"34Zi5xLDaE5HSnMwzOs2nqklNRjI64TDL89734\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RKn8y9865DQsmTdPIEoMK7s%2BbB9%2BsA4II7QYqKcSMdvHdUVvGcFeCjiydOQr36y5BT8m0RQBWiCryqYfJFZ35X7PjziXVF%2BYHLbV%2FFUU83k%3D\"}]}\r\ncontent-encoding: br\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\ncf-ray: 98f32916c9de1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-14T21:55:20.984253Z","times_seen":449835,"resource_available":true,"data":null}},"time_used":802,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":409,"receive":393,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/GDSherpa-regular.woff","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /GDSherpa-regular.woff HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:17 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff\r\ncontent-length: 36696\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-regular.woff\"\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 15 Oct 2025 23:40:17 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TT6PH3u0%2BhemGhI%2FiryoJDSrAkVzqYkDhVy9FwI1%2Fev9%2BS7HltHkbjcmIp6xNPznQRYxTHv1Z2hX1J4E3J5rZB3DcqNkK5AvS7YZOwdtw28%3D\"}]}\r\ncache-control: max-age=14400\r\npriority: u=3,i=?0\r\ncf-ray: 98f3291709e51525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36696,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 36696, version 1.0","md5":"a69e9ab8afdd7486ec0749c551051ff2","sha1":"c34e6aa327b536fb48d1fe03577a47c7ee2231b8","sha256":"fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf","sha512":"9a0e4297282542b8813f9cc85b2ccb09663ce281f64503f9a5284631881da9aacf7649553bf1423d941f01b97e6bc3ba50ab13e55e4b7b61c5aa0a4adf4d390f","ssdeep":"768:lvJo4KciQZYjebVq19lKPtHAQ/l4rj2bqkiHShpeSUOR4OqWOgaU:lhH3rVq1PKP432tSSh4SUORHqWcU","tlshash":"31f2f15d76443e8cf06a245836ad2dd6a423171247138f8709de72bbd14f120f65aaff","first_seen":"2023-05-09T17:48:02Z","last_seen":"2026-04-14T18:35:13.359356Z","times_seen":90390,"resource_available":false,"data":null}},"time_used":1641,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1443,"receive":198,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/fvqvug@ztdsinv/$*@*","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T23:40:08.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /fvqvug@ztdsinv/$*@* HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*\r\nCookie: XSRF-TOKEN=eyJpdiI6IjZVQVd3TkhDdHhkc0ZNZllKejl3ZlE9PSIsInZhbHVlIjoiY0I2VVA0M2xXUWdXUGZxS1gwM2dtUlFZUXM1eitCbElVbVFCcEtJWUFwRFA1aU9tczR2SmxVZXA2Z3Z0a0llREg0WmZBWGtzWkIzNk5wM2xaTFo4cXJGUVJiL1M0cHRHY2lkL3ZQWUFDSkJkVUhEQU15L0pmZkFIK3FtTDlBbWEiLCJtYWMiOiI0YTcwZWI2Mjk0MjMwZWY1MWVkYTI0YjE4ODc5ZDRiYzhkMjVmYmE2ODVlN2Q4NDdiZjFlMDBmOTJmYmYyYzdkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InhESmhZT1RwaE1hNXQvNjJpSWw5dmc9PSIsInZhbHVlIjoiZ2Y4NGhYdkJzMEN5eWpGcVJmby9hQlBBL2psZThWemVuYU9PQkt1WS9RRkY2dEErTEZjeDV6RFJiK1NYazZ3VW9uVHhtR1lkRlR3K2tnazlvQUUzZnRuR0ViQStNZW81L0ZLa1VPVG0vKzRDTU8yaWpGenFuVEdvSk8zNHRUd1IiLCJtYWMiOiI2MDVlNzE5ZTBjMzNjMmE0NDQ1MjVhZGNhNjFhMzU4NmJjZjRjM2YyYzI2MzMwMDM5NTA3YjEyOWYwODY2MDU2IiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:08 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kqvq63L6WN5wShGNHurgC0Np2%2BBmob6VghLnJj3mwCY3BIqMhLUj0866pGHUDyUsYDYjr9vJ0%2B9%2Bs3t4fG066g0r7CGFj%2FxP8Zw3z1Sef5Q%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ik5EUExtL1JHdlFsSzEyRkRXUHErNEE9PSIsInZhbHVlIjoiNUdGMi9tQmhZaTJlZXpuSmZ3ZzVvUnNSNk5DRHpjYVdIZnlMRUhSQmg5Wlh1eW9JYXZWcmdKcEVFZlNMRWxiMnFrOHRRTU9ISzF5dVl4dWYrbFVsV2lXZGl5dVlkRGpFSzM0Q090Rngxc0Q0Vi9CVSt5MEZiN2ZHYWxVSUxzUmsiLCJtYWMiOiIzMDhmZDJiNTU1ODc0Y2QwNWFjYjQ1MjQ5MTdiMTdkZWYyNjBhZmQ1OTc3Y2VkOWYxMWRlNmIwOWFlZWFjMjU2IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:08 GMT\nlaravel_session=eyJpdiI6ImE2Z1FqU05VMnBmZlJnc085VFlYRFE9PSIsInZhbHVlIjoibm5CMVVBd0thUVlDV0ZnM3ZGZVBqZEJjTmhXeFh5WnUrdTVZMXNnWStTUk1BWlJzeTZVNmNibFZrdHNFcWs3VGRqVlRlZnJ4NGRBditzY2ZkWHg2MEJUbTE5UTBRbmZqU3hFdnRSVFl4SXFxSU5MVC96ZEdGakgzQ1VURDI3MXYiLCJtYWMiOiJmODJkN2E1ZTY2MjhiMTE2MGYzOGUzNTA0YzI1M2UxMDZjMzIxYjI2NTE3YzI2MTAyNGExOTAwMTliMDk2NjU5IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:08 GMT\r\npriority: u=1,i=?0\r\ncf-ray: 98f328e7bf001525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6098,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (6098), with no line terminators","md5":"db465ac53db9b51c5068b4bfd98b7d1f","sha1":"855ad0b24980f237eed8fa2e0fe8cedd2cb966dd","sha256":"6d1edcfdedbfdae50678d1d6ccd10dfe20062fc7327d028d8d41f9a9d9a6c89f","sha512":"215e8e830073aa409a02a73fc38271f9f98c1b8eb5d37c5013aa8c811a03a79bf14cfdb2c4e2ea591cb76951fdd23250e4c97bf0d8d2642a65f543c4d066d5f7","ssdeep":"96:sUNRvn7A/35uQsoKZq5077zk/LvTKGYu8Ut5IY8W/gg3aCyGiQGVeqlEIP56CwwF:bP7A/3AQRAQjT18UoY8W/gH9QQe8fQ4F","tlshash":"13c16e4ba3ae34784462b6975c47700e296cf5193335a8c7238e90f505eb17cc9ebd3a","first_seen":"2025-10-15T23:40:43.411751Z","last_seen":"2025-10-15T23:40:43.411751Z","times_seen":1,"resource_available":false,"data":null}},"time_used":410,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":407,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"apartment.wosto.info/lani!vredcb","fqdn":"apartment.wosto.info","domain":"wosto.info","tld":"info"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*","date":"2025-10-15T23:40:08.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wosto.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 09 Oct 2025 19:04:09 GMT","end":"Wed, 07 Jan 2026 20:01:49 GMT"},"fingerprint":{"sha1":"69:7B:1F:07:2A:5B:56:AF:92:30:60:C2:E2:85:83:C5:99:6F:47:D3","sha256":"D6:C9:56:BE:CF:21:A0:E9:9A:8F:BD:30:28:93:1E:CC:D7:62:34:E5:8F:13:D4:78:21:BC:06:29:22:70:B4:B6"}}},"request":{"raw":"GET /lani!vredcb HTTP/1.1\r\nHost: apartment.wosto.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/\r\nOrigin: https://queue.beryx.com.de\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:09 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FOmXvcUJH5OW7nW0aiilophMc3GNRCPXakCmZEiJ2xmCV%2FlhZ%2FAbizOy6t3fkSEm1z2LoO3yYsp0di983iWLaMEc4fyDGeThIOPl0yDppxaGVDvX\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 98f328eccf501a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-14T21:52:55.760553Z","times_seen":104866,"resource_available":true,"data":null}},"time_used":806,"timings":{"blocked":206,"dns":182,"connect":1,"send":0,"wait":394,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"apartment.wosto.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"apartment.wosto.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/xyDdH6GR3npFYpq87q6gh30","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /xyDdH6GR3npFYpq87q6gh30 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:16 GMT\r\nserver: cloudflare\r\ncontent-type: text/css;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"xyDdH6GR3npFYpq87q6gh30\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iB%2BtIJuDykDsT1LmzkhlB94S18Q%2FkD7MTTeGNYseaoZOJRSxQUPaC4g9kPiU%2FLtsEuMB6tFcH1KIhlxhMgiO1bU6lYzVDFBYWb0UX%2FfTwEU%3D\"}]}\r\ncontent-encoding: br\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\ncf-ray: 98f32916f9e11525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35786,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"38501e3fbbbd89b56aa5ba35de1a32fe","sha1":"d9b31981b6f834e8480ba28fbc1cff1be772f589","sha256":"a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b","sha512":"1547937aa9b366e76de44933ef48ef60e3d043245e8e3e01c97dfc2981f6b1f61463d9d30992fbcf2ca25fc1b7b32ff808b9789cfb965d74455522fc58e0c08c","ssdeep":"192:hToogIexLQ5WKTCFBwCIZtJ8FtX2+UBRkf1WcrScuH9Ye3YdersR8Q5oqWjfuogF:h0DKAaZtJsOodwuhx5P6mqjDggJkLRn","tlshash":"07f2ac86255066385f3a277bf3ab00aceb6882b347961564b4bcb454cffc6e410d2d9f","first_seen":"2025-01-27T17:47:42.420764Z","last_seen":"2026-01-31T00:55:03.975062Z","times_seen":44016,"resource_available":false,"data":null}},"time_used":899,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":723,"receive":176,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/GDSherpa-bold.woff","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /GDSherpa-bold.woff HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:16 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff\r\ncontent-length: 35970\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-bold.woff\"\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 15 Oct 2025 23:40:16 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ukrM0rtGnHrjIcWnfi70Wnn3n8GIQTTOVW38krYYPpIACP%2Buc1BOlhXflBNwPJbhC2xltO8KW2AQmUO3fY8ocmRbpn6sIqVwvzGOpJimqKo%3D\"}]}\r\ncache-control: max-age=14400\r\npriority: u=3,i=?0\r\ncf-ray: 98f3291709e31525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35970,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 35970, version 1.0","md5":"496b7bbde91c7dc7cf9bbabbb3921da8","sha1":"2bd3c406a715ab52dad84c803c55bf4a6e66a924","sha256":"ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798","sha512":"e02b40fea8f77292b379d7d792d9142b32dfcb887655a2d1781441227dd968589bfc5c00691b92e824f7edb47d11eba325ade67ad08a4af31a3b0ddf4bb8b967","ssdeep":"768:GJiLCleIZlcBvahjeheOQKskmCp9sE9gBkGgvU+7aAXDqWOtU:GJo9IgMKsQzJ9gBkZbuAXDqWV","tlshash":"a4f2d09831594c2aacbd58232b71d9df21e38f61ba42029ba193e4cd9c4714dbb1e47f","first_seen":"2023-05-09T17:48:02Z","last_seen":"2026-04-14T18:35:13.362652Z","times_seen":90460,"resource_available":false,"data":null}},"time_used":1081,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":902,"receive":179,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/GDSherpa-vf.woff2","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /GDSherpa-vf.woff2 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:17 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff2\r\ncontent-length: 43596\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-vf.woff2\"\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 15 Oct 2025 23:40:17 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ra%2BMtiNXDfsvNhwU4CHHrjqc0Dw9hm%2Bt%2BCRd9mwjVw4DJXpxLqeTcoeCeQ0IOshghWU%2BLX7SBbRLlAAywY7UbDuTNHh2BKfdLyZ5Ov0B\"}]}\r\ncache-control: max-age=14400\r\npriority: u=3,i=?0\r\ncf-ray: 98f3291719e61525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43596,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43596, version 1.0","md5":"2a05e9e5572abc320b2b7ea38a70dcc1","sha1":"d5fa2a856d5632c2469e42436159375117ef3c35","sha256":"3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec","sha512":"785ab5585b8a9ed762d70578bf13a6a69342441e679698fd946e3616ef5688485f099f3dc472975ef5d9248afaad6da6779813b88aa1db60abe2cc065f47eb5f","ssdeep":"768:b0nfc/3Osy1fo0tBBFF/GGXfN2ZHKTBUwL+BR49qCow3Z3HuvJ5+xXtTgXHk6/:b0fU3OdhFF/xNOoZc49ow3Z3HO+xX1mf","tlshash":"e2130258592578a9eb43bd49f00c6e64c296b3d8f5832b62334a04f0bff651620fe797","first_seen":"2023-04-18T03:10:28Z","last_seen":"2026-04-14T18:35:13.388873Z","times_seen":91854,"resource_available":false,"data":null}},"time_used":2459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2069,"receive":390,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"cloudmasonry.com/wp-content/uploads/2020/06/DocuSign-Logo.png","fqdn":"cloudmasonry.com","domain":"cloudmasonry.com","tld":"com"},"ip":{"addr":"192.124.249.161","port":443,"asn":30148,"as":"SUCURI-SEC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudmasonry.com","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 14 Oct 2025 14:44:19 GMT","end":"Tue, 23 Dec 2025 09:59:19 GMT"},"fingerprint":{"sha1":"B7:05:DD:01:4A:62:28:15:1D:95:57:A8:AC:A5:A3:AF:32:D8:32:66","sha256":"D8:89:81:DF:B6:45:14:03:05:A2:B4:5D:08:B5:1A:55:6F:E5:57:62:BD:5A:F1:07:C0:30:FC:E7:E1:D7:D8:6C"}}},"request":{"raw":"GET /wp-content/uploads/2020/06/DocuSign-Logo.png HTTP/1.1\r\nHost: cloudmasonry.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Wed, 15 Oct 2025 23:39:37 GMT\r\ncontent-type: text/html\r\nx-sucuri-id: 19002\r\nx-xss-protection: 1; mode=block\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncontent-security-policy: upgrade-insecure-requests;\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-sucuri-block: BLACK02\r\nserver: Sucuri/Cloudproxy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Sucuri","description":"Sucuri is a cybersecurity company that provides website security solutions and services.","website":"https://sucuri.net/","common_platform_enumeration":"","icon":"sucuri.svg","categories":["CDN","Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-14T21:55:28.330607Z","times_seen":13758114,"resource_available":true,"data":null}},"time_used":630,"timings":{"blocked":286,"dns":55,"connect":27,"send":0,"wait":44,"receive":0,"ssl":216},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"queue.beryx.com.de/rqRtWPIChxmUBFNXhN0h4R7iXoXnptk8MqFbAGptC1Cdfw","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*","date":"2025-10-15T23:40:11.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"POST /rqRtWPIChxmUBFNXhN0h4R7iXoXnptk8MqFbAGptC1Cdfw HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 5\r\nOrigin: https://queue.beryx.com.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/fvqvug@ztdsinv/$*@*\r\nCookie: XSRF-TOKEN=eyJpdiI6IkkydXZwWUdTeEFweVZzN0lhZWdDWFE9PSIsInZhbHVlIjoiVFdmaEhsSnFQVnVPMjRpaDVDbXpQNUJoTHlpVjNzZXc1bGM4YXpSWkNUelZydkNoTm5BK2hNVVRLanNhN3RTaUpXcHZxMTRGR3l5Z1BSRms1aDIzdjJNTmtrdm51VWZtRnhmRG9BS0tISVZvb2pqcmVJdUZLaDFiSmFJOXU5Q3UiLCJtYWMiOiIyODIwNWM2NjQzZjliNDZkMWYwYjU5Y2UyZmQ5MDA0ZjExMTJmN2UwMzM5NGNhMjEzYWY5MjlhNDBhZDYyYjU4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImY5Y3VQVVpnVWhJMFhnb204cmplb1E9PSIsInZhbHVlIjoiK25kZzM2aU4wVVdWdUlkZ1JoZ2FRdTZidEV4dWdOcmF2RENrb1hKVjBBaWZKeHB5aTF4b0xJLzJ3dEpuOWhqUVFDK0tLVkM4Skx3Zm1UY2FPcXJ2aGdEY3VNUzk2UGFDejNSYmQ5RnIvTEFTbVhLN1JvaUlYc21IZndpS2pkR1IiLCJtYWMiOiJkOTYxNTU3ZWNkZDhjYzNhOTc5MjExMTY4ZThlMWY4NDYwY2UyOTM0YmIyOWJjNjJkNDA5NjE3OGM3YmMwMmZhIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:11 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xdYwr2wQ28ZGXO4AUCcbYw7zjY9UiuFYmI8WLB2MECpZIs9E6v1yu3Wg453AZRWcrL%2FFkuQSRjlBNdKD5CaPkge7m%2BOUQ2U69T1s7xauCRk%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IlFtUW9vWjcyZnY0WWJZMFNyMHZMUlE9PSIsInZhbHVlIjoiMTFrWUNaeXM0SUNYSzEwSG5jTW9HUEZYdHdncjZuTTZZUlduVzlWYmNFNkJqZWNueFlJQkV3KyszVC90RW1hQk5ZMnVTR3pObEw1Y0tLYU9pazdJcnl3RHlMemxXVldJdm9welFFR1lGaG4rbkw4OFUzSXcrVEhZYStJM3ZRYlciLCJtYWMiOiJmMTQ1NDdjZDU3Njc0OWVjZmY0NjlmMTBkYzU4YTY3OGJlZGJlNDI3OWE4ZDJmZGRkZmQ0ZmMwYzYxM2U5NmZhIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:11 GMT\nlaravel_session=eyJpdiI6InBCc1dXdkREVXB0MnVEZ1FEbHhBTnc9PSIsInZhbHVlIjoiTENKc3RQd04xc1J3bnlIK3VKZ1ZJQXowRGhGZE9qTzZFSHVvZ2lVVmY0YjhvWGNzYlM3TXJaOC9WUXo0a09tVEJ0R1phM2dlajFtWGkza0FYb2hJTlNlSnZmeGUreFVjZ3NqMWJrQ3NSVDlhM1dDVmxDSG9zV29NS2hPcHJ0SG4iLCJtYWMiOiI0OTg3ZGU2MzQ2ZmM4YmM4NTIzMGRmOWFmOTQ4YTE2YTc0OGRiNWQ5YzgxZTQ4YmMzN2JkMzdlMTM3NDQ3MjJiIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:11 GMT\r\npriority: u=3,i=?0\r\ncf-ray: 98f328fa58471525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":164,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"f6962ae286a0b8e4904beaaa5376cdfb","sha1":"0f7e140b0271153f5c3b85f1508c5e24d6d386c1","sha256":"80dc36c2e3b3d9f8d72410080c778ee923c03676770b8f4b39f98c9d06e02c01","sha512":"bc55c2df55cbaa9ffbfdc7410ef79e11bd8d92e7f9cbabf12203dc6315700dc3b32df8cfacef5c36a37b4c18006fefb3d1661b40286e2ca6afb7ea3c3f880ca0","ssdeep":"","tlshash":"b3c08061fcc447f6535b034d5911d115425573f87151d10d148548b190767797651250","first_seen":"2025-10-15T23:40:43.427323Z","last_seen":"2025-10-15T23:40:43.427323Z","times_seen":1,"resource_available":false,"data":null}},"time_used":414,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":413,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/GDSherpa-vf2.woff2","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:15.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"GET /GDSherpa-vf2.woff2 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:18 GMT\r\nserver: cloudflare\r\ncontent-type: font/woff2\r\ncontent-length: 93276\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: inline; filename=\"GDSherpa-vf2.woff2\"\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 15 Oct 2025 23:40:18 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oHDItT3tN1TpGSlQgykw56ptWAQkh7oX44P0xMfvwGsFESXi73ycCleSi1ClDMUzYSbc7TlHk7wcTDqdffNACgfVGXsWO25O8z84grJZBE8%3D\"}]}\r\ncache-control: max-age=14400\r\npriority: u=3,i=?0\r\ncf-ray: 98f3291719e71525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":93276,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 93276, version 1.0","md5":"bcd7983ea5aa57c55f6758b4977983cb","sha1":"ef3a009e205229e07fb0ec8569e669b11c378ef1","sha256":"6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c","sha512":"e868a2702ca3b99e1abbcbd40b1c90b42a9d26086a434f1cbae79dfc072216f2f990fec6265a801bc4f96db0431e8f0b99eb0129b2ee7505b3fdfd9bb9bafe90","ssdeep":"1536:Dy7KSLv+MMqDeeIgDFSxpuQP7ObnKSWBO61LlRzSSAT6YmkSzOu7Be0OB53jIH4I:Dy7JD+net+puI7ObKHVhTSSlYmk4OuWa","tlshash":"d293029c71ec79c19e00616e94c92535f89fdab0f049d3fa9a4ed85b927c369e343b10","first_seen":"2023-05-01T02:20:29Z","last_seen":"2026-04-14T18:35:13.363589Z","times_seen":91687,"resource_available":false,"data":null}},"time_used":2609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2247,"receive":362,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"queue.beryx.com.de/cvMZSLBE1uBqQwzc0EQrQyLZ7isv4igPuqaLifWeCkcXAcXjhIrmrYL1v3R2n1","fqdn":"queue.beryx.com.de","domain":"beryx.com.de","tld":"com.de"},"ip":{"addr":"104.21.61.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/","date":"2025-10-15T23:40:17.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beryx.com.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 19:54:02 GMT","end":"Fri, 19 Dec 2025 20:52:32 GMT"},"fingerprint":{"sha1":"D7:DC:0C:4C:D8:05:52:57:FE:04:54:2E:8B:FC:FF:B9:09:0E:04:5F","sha256":"55:16:6B:A0:96:7C:20:75:A2:C4:50:4E:34:9B:23:DF:F6:C4:BD:24:06:0B:DE:CC:59:B5:10:A8:33:BA:8B:84"}}},"request":{"raw":"POST /cvMZSLBE1uBqQwzc0EQrQyLZ7isv4igPuqaLifWeCkcXAcXjhIrmrYL1v3R2n1 HTTP/1.1\r\nHost: queue.beryx.com.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 2832\r\nOrigin: https://queue.beryx.com.de\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://queue.beryx.com.de/djbkxoz7ggxww2?db2f1859353d-4da95a511fadf422c37c43c38bea/\r\nCookie: XSRF-TOKEN=eyJpdiI6Inl1bzhzb0VsdXNTSmpuZDdLaEdoOVE9PSIsInZhbHVlIjoiRzVsaTN6eDQ1dUVQalJqTzdVRHFwNExOZTdKS2x3enRWVGNkS1NJMXpLditEWlQ2cDNtUkt3L0RCNlBKTkVXTEhOaFpGUkdERHk0NW4vMGpISDljNDZYZ0dIR2VFOEtaSmZDa2xOaW9NNWdRVFBEVWVYbGlWYnkwOTVPbm9USTgiLCJtYWMiOiI4YTU1Y2NkYmRhMDA4MmQwY2I1MDljNGMyNWJkMzY4ZDZmNWE4NjE5Y2Q5Mzk3MWY1MWI4Y2JjYWNhMGExYmY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9NUXBDeE10Q3lhd0FMejJLekhCcGc9PSIsInZhbHVlIjoiUHZOU0ZoTzFJSW9MbWJ2QU1KanN3VVJXbzVINytialZBNEEwNTZORnhlVFZqL1NBblQwaHcxVXowZVdRL2tGOFZvOWUxZHVxRDFWY1JhTDF3S096c3hIS2Q3NG13dWxxNVRFdVl5MHViOEpDd1BpaFRMbGQ4Ti96aW5Zblo0QmUiLCJtYWMiOiI5NDEzMTEwMjc1OWJiNjljZTk3N2E0OGIzMTYxNTRjZGU2MWEyZDg4MWZjOThiNzM1MjFiNWQ5NzFlZGM1YWU5IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 15 Oct 2025 23:40:17 GMT\r\nserver: cloudflare\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache, private\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Jkz2JLPc2i1sailF6NmmCAwp3YaxWFpqWMRDZ1HeLF02GtRI5ZgGcJbJabBsR5M0k%2FsgUZ7wxcXZfufaI9wZEBGVU%2FCcZEalyIkmD5CKV4w%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IitxSkdkRWloZjVBeXZic1JqMVd2WVE9PSIsInZhbHVlIjoicjFkcEU5LzZreXlaYUxZWWtRdUNyV0xYOW9qaFdUNndlb3RHZkZPNEx1NkZYUVRzQ0JoYkk1QkpqVFQ2dnRXZ3FmeGdMeDJqYTdNamxleXp3QW10S1VhYTc3cU1NS2NBYmxtS2s1Y2cxUWtDdGdqdDRtRVpWRkZDejFLcnRMTUUiLCJtYWMiOiIxNjllNDZmZGIxYWJmYTRiZGU3OWEyYjUyMWUzNjYxNjU5NmI2MzhmOGFmMjg3ZTEwM2EzNDg0ZDIyMzIzZWI5IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:17 GMT\nlaravel_session=eyJpdiI6IkxkcytVZXk1aTkrbTRpdVF5SEpsa2c9PSIsInZhbHVlIjoidEYrbFIxS2RBaVR5dzdzdUVvTXE4SEdlcXFpZlJzNUdPZ3RmS0g3UnBpWXJOdnBrUDhZUHJpcGt5S0t6Y255U0lQVGN1OUpKUjI3Q1BtT2MvMmRDRUxMRVB2c0hHTTJmdHdVdEJiUDJPUlhuREwwbUs3SzZSSGhrampiNUFhZUciLCJtYWMiOiI1YzQyMWFkOWUzMjVlYTAyODY2Y2IxZWI5ZjVkNjk3ZmJkMjFjNDMyOTUxZTlhNzg1MjhiYzA1ODY4ZWI4ZDljIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 16 Oct 2025 01:40:17 GMT\r\npriority: u=3,i=?0\r\ncf-ray: 98f3291f9a671525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-04-14T21:17:43.336251Z","times_seen":106214,"resource_available":true,"data":null}},"time_used":394,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":394,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"queue.beryx.com.de","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}}]}