{"report_id":"4a465ff7-8506-4441-b967-598c0b22d6d5","version":6,"status":"done","tags":[],"date":"2025-12-12T01:57:29Z","url":{"schema":"http","addr":"meuplano.blob.core.windows.net/","fqdn":"meuplano.blob.core.windows.net","domain":"windows.net","tld":"net"},"ip":{"addr":"20.209.12.41","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Brazil","country_code":"BR"},"final":{"url":{"schema":"http","addr":"meuplano.blob.core.windows.net/","fqdn":"meuplano.blob.core.windows.net","domain":"windows.net","tld":"net"},"title":"meuplano.blob.core.windows.net/","dom":{"size":232,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"1223a065f7b210526d9246e2aeb2b2bd","sha1":"77671a703426d3877ce3b4da0cfdd703d87cdd15","sha256":"f7b8499e7a23576b84e77a1748814d40c90875034365a560a41f6fd1ec7beeed","sha512":"9fb0835d6e0111755a140cac2f9c268e30a7573be9aa6ec4a0d329d55ea29566ddf277916ff058fcd905749a1277cb0309f895ec4bfa48c0fa4348d92d7dabc9","ssdeep":"","tlshash":"3bd023751208345b8f442c5bf939777e9455711505c5353190d5624713d10d5cd61d38","dom_hash":"domhash1c3dd99ebf4aa0659a39aa738cb5f3a8","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"meuplano.blob.core.windows.net/","fqdn":"meuplano.blob.core.windows.net","domain":"windows.net","tld":"net"},"ip":{"addr":"20.209.12.41","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Brazil","country_code":"BR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-16T01:57:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-12","alert":"Sinkholed","trigger":"meuplano.blob.core.windows.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"meuplano.blob.core.windows.net","ip":{"addr":"20.209.12.41","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Brazil","country_code":"BR"},"domain_registered":"1995-08-10","domain_rank":0,"first_seen":"2025-10-31T11:16:37.790439Z","last_seen":"2025-10-31T11:16:37.79044Z","alert_count":3,"request_count":3,"received_data":1649,"sent_data":1299,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft HTTPAPI:2.0","description":"Microsoft HTTPAPI is a kernel-mode HTTP driver in the Windows operating system responsible for handling HTTP requests and responses with efficiency, scalability, and security.","website":"https://learn.microsoft.com/en-us/windows/win32/http/http-api-start-page","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"meuplano.blob.core.windows.net/","fqdn":"meuplano.blob.core.windows.net","domain":"windows.net","tld":"net"},"ip":{"addr":"20.209.12.41","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Brazil","country_code":"BR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-12T01:57:06.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.blob.core.windows.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft Azure RSA TLS Issuing CA 07","organization":"Microsoft Corporation"},"validity":{"start":"Mon, 29 Sep 2025 20:01:43 GMT","end":"Sat, 28 Mar 2026 20:01:43 GMT"},"fingerprint":{"sha1":"11:86:57:1A:A5:4A:36:BD:36:87:0E:60:07:66:64:EC:D8:7B:16:17","sha256":"95:3C:60:6F:A6:DA:95:05:14:C6:CC:29:B9:2C:6B:A4:F4:91:FE:0F:E2:14:4E:1E:4B:B2:83:BB:9E:F3:5A:0E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: meuplano.blob.core.windows.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 400 Value for one of the query parameters specified in the request URI is invalid.\r\nContent-Length: 351\r\nContent-Type: application/xml\r\nServer: Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: d5884a6d-701e-003d-160a-6bef0d000000\r\nDate: Fri, 12 Dec 2025 01:57:07 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Value for one of the query parameters specified in the request URI is invalid.","fingerprints":[{"name":"Microsoft HTTPAPI:2.0","description":"Microsoft HTTPAPI is a kernel-mode HTTP driver in the Windows operating system responsible for handling HTTP requests and responses with efficiency, scalability, and security.","website":"https://learn.microsoft.com/en-us/windows/win32/http/http-api-start-page","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":351,"size_decoded":0,"mime_type":"application/xml","magic":"XML 1.0 document, ASCII text","md5":"1683fc0e6679c753aced711bd5540a13","sha1":"a1e31c4f3123ddb7dc7f34050b89ae3d2b23cd33","sha256":"530bc5b74a7ca0e8d87514b1ae18f75620e3c6dcd4cfb76e7a8c332c0df5958b","sha512":"8fc00955a3c970d6d00853a85234552498e90fa10b7b761b651d91e3da4df687b4d312966120a979ed0819299a225152a9b2821a39a38c30ff73049b1d80c223","ssdeep":"","tlshash":"63e0df401b50235f46381252ba1db670b7fdb39671e51414549b4291638ecb1ba24639","first_seen":"2025-12-12T01:57:30.050321Z","last_seen":"2025-12-12T01:57:30.050321Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1017,"timings":{"blocked":410,"dns":3,"connect":194,"send":0,"wait":196,"receive":1,"ssl":210},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-12","alert":"Sinkholed","trigger":"meuplano.blob.core.windows.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"meuplano.blob.core.windows.net/","fqdn":"meuplano.blob.core.windows.net","domain":"windows.net","tld":"net"},"ip":{"addr":"20.209.12.41","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Brazil","country_code":"BR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-12T01:57:07.638Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: meuplano.blob.core.windows.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 400 The account being accessed does not support http.\r\nContent-Length: 273\r\nContent-Type: application/xml\r\nServer: Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: e0f00aef-001e-0027-660a-6b8ed2000000\r\nDate: Fri, 12 Dec 2025 01:57:07 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"The account being accessed does not support http.","fingerprints":[{"name":"Microsoft HTTPAPI:2.0","description":"Microsoft HTTPAPI is a kernel-mode HTTP driver in the Windows operating system responsible for handling HTTP requests and responses with efficiency, scalability, and security.","website":"https://learn.microsoft.com/en-us/windows/win32/http/http-api-start-page","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":273,"size_decoded":0,"mime_type":"application/xml","magic":"XML 1.0 document, ASCII text","md5":"0981c382ba558806a127686ea0bf5d8b","sha1":"1890d3d09eae4737ef9eab2c102bfeea5d75f98a","sha256":"7938e769a834f772203359b562f683de278e067f7ff8186e38a4a5c86064d014","sha512":"0b898465853fcbb5a90092cb0747788adef80b02b75b10a1ebfe45d9e534bb29739f8167076e4573fab1b1ad7310a81f097f662adc9fbc37543346d9235e1940","ssdeep":"","tlshash":"c1d097612308742b8f842c5bfb3ea23ea2a5322608e1383194d1a28713d20d9cea1938","first_seen":"2025-12-12T01:57:30.053555Z","last_seen":"2025-12-12T01:57:30.053555Z","times_seen":1,"resource_available":false,"data":null}},"time_used":581,"timings":{"blocked":188,"dns":1,"connect":194,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-12","alert":"Sinkholed","trigger":"meuplano.blob.core.windows.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"meuplano.blob.core.windows.net/favicon.ico","fqdn":"meuplano.blob.core.windows.net","domain":"windows.net","tld":"net"},"ip":{"addr":"20.209.12.41","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Brazil","country_code":"BR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://meuplano.blob.core.windows.net/","date":"2025-12-12T01:57:08.148Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: meuplano.blob.core.windows.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://meuplano.blob.core.windows.net/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 400 The account being accessed does not support http.\r\nContent-Length: 273\r\nContent-Type: application/xml\r\nServer: Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: e0f00c4d-001e-0027-350a-6b8ed2000000\r\nDate: Fri, 12 Dec 2025 01:57:08 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"The account being accessed does not support http.","fingerprints":[{"name":"Microsoft HTTPAPI:2.0","description":"Microsoft HTTPAPI is a kernel-mode HTTP driver in the Windows operating system responsible for handling HTTP requests and responses with efficiency, scalability, and security.","website":"https://learn.microsoft.com/en-us/windows/win32/http/http-api-start-page","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":273,"size_decoded":0,"mime_type":"application/xml","magic":"XML 1.0 document, ASCII text","md5":"368b29952992f32496f3c87ee84f58aa","sha1":"163511703fc57bc96b18f5ab21f29a158982914a","sha256":"8bc7053c2a63e0a0b3b60426994cd93fe2bbb43775f10bf9d8ff6d842e4c4e48","sha512":"1cd35011b1a166c8b70008139a0f28f34a7abccaae247a0cad4afe737c154d2a064b2300ef1f3559b2fd71910fe39ff9955934352ca1ad095b148475080e9917","ssdeep":"","tlshash":"51d0975022047827df845c3afb3ef26da324732618f8283484d0a2c703d40eacea1d38","first_seen":"2025-12-12T01:57:30.056447Z","last_seen":"2025-12-12T01:57:30.056447Z","times_seen":1,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-12","alert":"Sinkholed","trigger":"meuplano.blob.core.windows.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}