{"report_id":"7c563e0c-1f89-4612-a76f-46708c838912","version":6,"status":"done","tags":["phishing_box","phishing"],"date":"2026-02-09T12:39:30Z","url":{"schema":"http","addr":"m.icrosoft.org","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"ip":{"addr":"64.238.34.20","port":0,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"m.icrosoft.org/","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"title":"Phishing Simulation Landing Page","dom":{"size":2395,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"5a34f2103bd7c075d60824d7a8ecca85","sha1":"72640a18ca7de5c5cf519903b13786f30ac30d02","sha256":"59b3651f5ac4b37f7a22588b16069abe29255f9913c5b542b42994548719baf2","sha512":"01435bbe15fd036d9e17cc523774ccc30951ea10619c72648fcbf7c18e120321e854fe5271838a147985ecdbec58efaf66958cab6d37208ddf0d57df0630fa6d","ssdeep":"","tlshash":"594196e65a63000aa05791019ba7314876784803c21bcc7e7bbda2dfcf919dcd633b84","dom_hash":"domhashe7f2e1a82ea76f5d6ebd935d620fd75c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"m.icrosoft.org","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"ip":{"addr":"64.238.34.20","port":0,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-16T12:39:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]},"summary":[{"fqdn":"m.icrosoft.org","ip":{"addr":"64.238.34.20","port":443,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"domain_registered":"2022-05-24","domain_rank":0,"first_seen":"2020-01-18T23:05:16Z","last_seen":"2026-02-09T12:29:44.301322Z","alert_count":22,"request_count":6,"received_data":291069,"sent_data":2665,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"m.icrosoft.org/assets/js/jquery.js","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"ip":{"addr":"64.238.34.20","port":443,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c013ea4cf6af491ac038943a68ad4fe","sha1":"7704864ce63adb0d61f79acc3e5cc9ea488e35f6","sha256":"35dc8edc236b06df2825bce1b00900e2e976ecdb928b02809647e7eb2f91bfc8","sha512":"60cd96a316e40daf530e06bfd59df9f3f25826e2a072c137ceceb66f89a5eddf512e3a64b8081149249aa486a81de9e4da5e7555c4ffebd03a5585342f404f09","ssdeep":"1536:cNhEyjjTikEJO4edXXe9J578go6MWXqcVhcLyB4Lw13sh2bzrlc+iuH7U3gBORDU:axcq0hcLZwpsYbDzORDU8Cu+","tlshash":"9583d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f068c5d57eb8a8e507bf2c","size":86717,"data":"","first_seen":"2023-03-07T12:08:30Z","last_seen":"2026-06-04T11:52:17.694635Z","times_seen":614,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"m.icrosoft.org/assets/js/bootstrap.min.js","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"ip":{"addr":"64.238.34.20","port":443,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","size":37045,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-08T17:36:21.015645Z","times_seen":90470,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"m.icrosoft.org/assets/js/bootstrap.min.js","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"ip":{"addr":"64.238.34.20","port":443,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://m.icrosoft.org/","date":"2026-02-09T12:39:09.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.icrosoft.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 17:01:20 GMT","end":"Fri, 08 May 2026 17:01:19 GMT"},"fingerprint":{"sha1":"31:68:AB:3C:80:36:82:FA:03:30:F6:6D:39:5B:2F:8F:13:F3:25:2C","sha256":"50:9B:61:E8:DD:B3:1A:CD:B5:77:E1:15:C2:01:C2:04:36:11:4D:13:A8:54:F4:43:94:A2:5C:9E:F0:18:D7:03"}}},"request":{"raw":"GET /assets/js/bootstrap.min.js HTTP/1.1\r\nHost: m.icrosoft.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://m.icrosoft.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 09 Feb 2026 12:39:09 GMT\r\nserver: Apache\r\nupgrade: h2,h2c\r\nconnection: Upgrade\r\nlast-modified: Mon, 12 Jun 2023 17:28:31 GMT\r\netag: \"90b5-5fdf20c2abe6e-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 9833\r\ncontent-type: application/javascript\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":37045,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32033)","md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-08T17:36:21.015645Z","times_seen":90470,"resource_available":true,"data":null}},"time_used":188,"timings":{"blocked":66,"dns":1,"connect":31,"send":0,"wait":35,"receive":17,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"m.icrosoft.org/favicon.ico","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"ip":{"addr":"64.238.34.20","port":443,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://m.icrosoft.org/","date":"2026-02-09T12:39:09.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.icrosoft.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 17:01:20 GMT","end":"Fri, 08 May 2026 17:01:19 GMT"},"fingerprint":{"sha1":"31:68:AB:3C:80:36:82:FA:03:30:F6:6D:39:5B:2F:8F:13:F3:25:2C","sha256":"50:9B:61:E8:DD:B3:1A:CD:B5:77:E1:15:C2:01:C2:04:36:11:4D:13:A8:54:F4:43:94:A2:5C:9E:F0:18:D7:03"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: m.icrosoft.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://m.icrosoft.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 09 Feb 2026 12:39:09 GMT\r\nserver: Apache\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 1105\r\ncontent-type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":2525,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"0e5538314355b258205f4a4fafc1f547","sha1":"0d97bf69dbafdb0e519d9e1bd15a842d2f484ac9","sha256":"ac9c2cec10b942d83e6372b72f68e7bdf7b852ca6181d9780aaa3b93a8e1bb1b","sha512":"aa82bd66243d81132ddd75f58cbc266f171d6f7e372a7a3374c389255ffd31cb4809c01cf2ddfb96e3a7a47cec42830e242bce65dacf3adf9a255ada2e4fc77a","ssdeep":"","tlshash":"c85197aa99400409c17752328b63714cf9744543d703096e77bda3978fb16cc8b33f94","first_seen":"2023-09-17T04:18:06Z","last_seen":"2026-02-09T12:39:30.996624Z","times_seen":4,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m.icrosoft.org/","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"ip":{"addr":"64.238.34.20","port":443,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-09T12:39:08.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.icrosoft.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 17:01:20 GMT","end":"Fri, 08 May 2026 17:01:19 GMT"},"fingerprint":{"sha1":"31:68:AB:3C:80:36:82:FA:03:30:F6:6D:39:5B:2F:8F:13:F3:25:2C","sha256":"50:9B:61:E8:DD:B3:1A:CD:B5:77:E1:15:C2:01:C2:04:36:11:4D:13:A8:54:F4:43:94:A2:5C:9E:F0:18:D7:03"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: m.icrosoft.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 09 Feb 2026 12:39:08 GMT\r\nserver: Apache\r\nupgrade: h2,h2c\r\nconnection: Upgrade\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 1105\r\ncontent-type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":2525,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"0e5538314355b258205f4a4fafc1f547","sha1":"0d97bf69dbafdb0e519d9e1bd15a842d2f484ac9","sha256":"ac9c2cec10b942d83e6372b72f68e7bdf7b852ca6181d9780aaa3b93a8e1bb1b","sha512":"aa82bd66243d81132ddd75f58cbc266f171d6f7e372a7a3374c389255ffd31cb4809c01cf2ddfb96e3a7a47cec42830e242bce65dacf3adf9a255ada2e4fc77a","ssdeep":"","tlshash":"c85197aa99400409c17752328b63714cf9744543d703096e77bda3978fb16cc8b33f94","first_seen":"2023-09-17T04:18:06Z","last_seen":"2026-02-09T12:39:30.996624Z","times_seen":4,"resource_available":false,"data":null}},"time_used":150,"timings":{"blocked":59,"dns":1,"connect":22,"send":0,"wait":32,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m.icrosoft.org/assets/css/bootstrap.css","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"ip":{"addr":"64.238.34.20","port":443,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://m.icrosoft.org/","date":"2026-02-09T12:39:09.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.icrosoft.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 17:01:20 GMT","end":"Fri, 08 May 2026 17:01:19 GMT"},"fingerprint":{"sha1":"31:68:AB:3C:80:36:82:FA:03:30:F6:6D:39:5B:2F:8F:13:F3:25:2C","sha256":"50:9B:61:E8:DD:B3:1A:CD:B5:77:E1:15:C2:01:C2:04:36:11:4D:13:A8:54:F4:43:94:A2:5C:9E:F0:18:D7:03"}}},"request":{"raw":"GET /assets/css/bootstrap.css HTTP/1.1\r\nHost: m.icrosoft.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://m.icrosoft.org/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 09 Feb 2026 12:39:09 GMT\r\nserver: Apache\r\nlast-modified: Mon, 12 Jun 2023 17:37:34 GMT\r\netag: \"23a5a-5fdf22c85abc6-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 21330\r\ncontent-type: text/css\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":146010,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (540)","md5":"2a31dca112f26923b51676cb764c58d5","sha1":"f597f59f955cda06e5d7a79342d9e0c22b5ec6d2","sha256":"7e630d90c7234b0df1729f62b8f9e4bbfaf293d91a5a0ac46df25f2a6759e39a","sha512":"a658bd68aabbe7c3cc76caa3340f80bb8089ed96ad2c20978a79e549fbf4db7cf8c66ce5f2cf896e3daa351ed123c0ecc45a797bc3af6d8183002cca9ed644f7","ssdeep":"1536:n8dvmSUZjywX7H53/BHsWj8g1UCFz96nOdG/JP9IZptcJ23NsOCj+:noUZO4ZpHkgCc8nOU/JP9IZptcJ23z","tlshash":"b7e395d8f6b039407223c09835938e52b71d9143d41fed79b7ea35acafc81958973b8a","first_seen":"2023-04-05T04:22:28Z","last_seen":"2026-06-08T17:13:36.002051Z","times_seen":3912,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"m.icrosoft.org/assets/img/phishingbox_logo.png","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"ip":{"addr":"64.238.34.20","port":443,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://m.icrosoft.org/","date":"2026-02-09T12:39:09.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.icrosoft.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 17:01:20 GMT","end":"Fri, 08 May 2026 17:01:19 GMT"},"fingerprint":{"sha1":"31:68:AB:3C:80:36:82:FA:03:30:F6:6D:39:5B:2F:8F:13:F3:25:2C","sha256":"50:9B:61:E8:DD:B3:1A:CD:B5:77:E1:15:C2:01:C2:04:36:11:4D:13:A8:54:F4:43:94:A2:5C:9E:F0:18:D7:03"}}},"request":{"raw":"GET /assets/img/phishingbox_logo.png HTTP/1.1\r\nHost: m.icrosoft.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://m.icrosoft.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 09 Feb 2026 12:39:09 GMT\r\nserver: Apache\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nupgrade: h2,h2c\r\nconnection: Upgrade\r\nlast-modified: Tue, 31 Oct 2023 21:05:56 GMT\r\netag: \"391f-609098550d9c5\"\r\naccept-ranges: bytes\r\ncontent-length: 14623\r\ncontent-type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14623,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 523, 8-bit colormap, non-interlaced","md5":"dbd7fc56bc4da8db26060ace8755af73","sha1":"3da1f0716f969c4c621e0b0a688c6638df72a6b3","sha256":"537772c08f4088cd4c535a38aad43346ea650b1f964cefae4b91e3def40721cd","sha512":"5224618ac640bf008ec04d5fd3f7629f10011841805cf612cd0afd4c4f486c81ae774829c307a522a1c3140f7bad310746db2a5947fd1aea3895f7894cbe3713","ssdeep":"192:y4Dob6OF46tQ3VISVG2Zlk2fZ4MsZMcN81AoEonypo7qXqMkHddqTHyKPOds56U:yB6otQ9JZlRfZTGM+8+RSy2OXSLq2+","tlshash":"5362c0763625f6e4e07dd7fdb67069112206e39eead2386314a9638ec8d70cced5b900","first_seen":"2023-05-01T05:35:39Z","last_seen":"2026-06-04T11:52:17.692783Z","times_seen":614,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":53,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"m.icrosoft.org/assets/js/jquery.js","fqdn":"m.icrosoft.org","domain":"icrosoft.org","tld":"org"},"ip":{"addr":"64.238.34.20","port":443,"asn":29802,"as":"HVC-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://m.icrosoft.org/","date":"2026-02-09T12:39:09.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.icrosoft.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 17:01:20 GMT","end":"Fri, 08 May 2026 17:01:19 GMT"},"fingerprint":{"sha1":"31:68:AB:3C:80:36:82:FA:03:30:F6:6D:39:5B:2F:8F:13:F3:25:2C","sha256":"50:9B:61:E8:DD:B3:1A:CD:B5:77:E1:15:C2:01:C2:04:36:11:4D:13:A8:54:F4:43:94:A2:5C:9E:F0:18:D7:03"}}},"request":{"raw":"GET /assets/js/jquery.js HTTP/1.1\r\nHost: m.icrosoft.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://m.icrosoft.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 09 Feb 2026 12:39:09 GMT\r\nserver: Apache\r\nupgrade: h2,h2c\r\nconnection: Upgrade\r\nlast-modified: Wed, 31 May 2023 20:50:09 GMT\r\netag: \"152bd-5fd03772ba1ac-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 30085\r\ncontent-type: application/javascript\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":86717,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32030), with CR line terminators","md5":"6c013ea4cf6af491ac038943a68ad4fe","sha1":"7704864ce63adb0d61f79acc3e5cc9ea488e35f6","sha256":"35dc8edc236b06df2825bce1b00900e2e976ecdb928b02809647e7eb2f91bfc8","sha512":"60cd96a316e40daf530e06bfd59df9f3f25826e2a072c137ceceb66f89a5eddf512e3a64b8081149249aa486a81de9e4da5e7555c4ffebd03a5585342f404f09","ssdeep":"1536:cNhEyjjTikEJO4edXXe9J578go6MWXqcVhcLyB4Lw13sh2bzrlc+iuH7U3gBORDU:axcq0hcLZwpsYbDzORDU8Cu+","tlshash":"9583d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f068c5d57eb8a8e507bf2c","first_seen":"2023-03-07T12:08:30Z","last_seen":"2026-06-04T11:52:17.694635Z","times_seen":614,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":60,"dns":0,"connect":29,"send":0,"wait":59,"receive":7,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"m.icrosoft.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Phishing Box","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Phishing Box","tags":["phishing_box","phishing"],"meta":null}]}}]}