{"report_id":"95794f40-c44f-4b07-a98a-cbfe8e4ac5ee","version":6,"status":"done","tags":[],"date":"2026-02-24T13:50:13Z","url":{"schema":"http","addr":"s.teams-pa.com","fqdn":"s.teams-pa.com","domain":"teams-pa.com","tld":"com"},"ip":{"addr":"172.67.185.223","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"s.teams-pa.com/","fqdn":"s.teams-pa.com","domain":"teams-pa.com","tld":"com"},"title":"Our website is coming soon","dom":{"size":3251,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"039ccc32597b4a65e728ef84b0a883c9","sha1":"0afe4158cd062d806ef14057d7feaeff40758f9f","sha256":"bb6717c6d4d02e0b0694b23f1bc7c31ade56b5c2095c4a2c3c4f97d71d20e75a","sha512":"668f37547778eebe8bcb472cc8cf3568207cd01f384f6dcaa01e89d3ad8ee8a4e8eef5b6a97a402e10af6347fe95dc1147340fbb5f7d42230134e653498d4b7f","ssdeep":"","tlshash":"90610d97ab0d105ad15ed1462f7023c5202fc833ed9b9dfb7ca2563cc0de01a4aaa39c","dom_hash":"domhash47013d9ba11ab9b52cba8b6d5794ed1f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"s.teams-pa.com","fqdn":"s.teams-pa.com","domain":"teams-pa.com","tld":"com"},"ip":{"addr":"172.67.185.223","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-31T13:50:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"s.teams-pa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"s.teams-pa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-24","alert":"Phishing Block","trigger":"s.teams-pa.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"s.teams-pa.com","ip":{"addr":"172.67.185.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-17","domain_rank":0,"first_seen":"2026-02-24T12:23:53.534155Z","last_seen":"2026-02-24T12:23:53.534155Z","alert_count":6,"request_count":2,"received_data":46429,"sent_data":918,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"s.teams-pa.com/","fqdn":"s.teams-pa.com","domain":"teams-pa.com","tld":"com"},"ip":{"addr":"172.67.185.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-24T13:49:45.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"teams-pa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Feb 2026 22:56:52 GMT","end":"Mon, 18 May 2026 22:56:51 GMT"},"fingerprint":{"sha1":"60:AD:D9:CE:83:14:8C:05:B1:83:16:E7:34:2A:0B:4B:FC:A2:5E:96","sha256":"11:76:7A:8A:02:86:FF:E9:38:3D:DD:89:7B:90:0A:79:15:64:DB:49:21:D1:0F:24:1F:9F:C0:C2:04:4E:80:39"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: s.teams-pa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 13:49:45 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-security-policy: upgrade-insecure-requests\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=x2mLA8h18ggWtnrPDUq2pgNO%2F1ynzjrjI%2B5gJp1n5fUThbiuz4fkyg5sfa0sxPs587UK0%2BwIcegs%2Bpe82Hxv9LOWkpuvkVQV6dfY5Vqr\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9d2f6d948a4c8b20-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3426,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"7a6a8881eec28b42914d98db2f2922d0","sha1":"8c1ea1d3ddf44cb83e4b4ebcec16bf50a8d8c9fd","sha256":"5f5c43c9fc3294932d08a193ec6a85ac335bab94c4b9d3a3162f1f13a584aba1","sha512":"829316b1987a3ed3422729972e8651195190a333252e6d690a41568ee42a24013cf45727d173e2e19f208596915fc98e471658b9fe342574f04d49bde4d60b6d","ssdeep":"","tlshash":"62612096b30d600ed39ba29737b03305ec6ec832a65741fbf8b25635c1ee0155b693e5","first_seen":"2026-02-24T13:50:14.550764Z","last_seen":"2026-02-24T13:50:14.550764Z","times_seen":1,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":35,"dns":0,"connect":8,"send":0,"wait":149,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"s.teams-pa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"s.teams-pa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-24","alert":"Phishing Block","trigger":"s.teams-pa.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.teams-pa.com/favicon.ico","fqdn":"s.teams-pa.com","domain":"teams-pa.com","tld":"com"},"ip":{"addr":"172.67.185.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://s.teams-pa.com/","date":"2026-02-24T13:49:45.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teams-pa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Feb 2026 22:56:52 GMT","end":"Mon, 18 May 2026 22:56:51 GMT"},"fingerprint":{"sha1":"60:AD:D9:CE:83:14:8C:05:B1:83:16:E7:34:2A:0B:4B:FC:A2:5E:96","sha256":"11:76:7A:8A:02:86:FF:E9:38:3D:DD:89:7B:90:0A:79:15:64:DB:49:21:D1:0F:24:1F:9F:C0:C2:04:4E:80:39"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: s.teams-pa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://s.teams-pa.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 24 Feb 2026 13:49:45 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JTA8pKwKJLa1vKSuJan%2FvZei5%2BnSzBNrxV%2F8noOs69QUWgGH95l8HME%2BQhwic55MRD4gJKHV%2FWgIryjJzOsw95XAmcYVp009T6bFt8DL\"}]}\r\npriority: u=6,i=?0\r\ncontent-security-policy: upgrade-insecure-requests\r\nlast-modified: Sat, 17 Jan 2026 08:36:50 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nage: 5179\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"a2be-648915bed4c80\"\r\ncf-ray: 9d2f6d969a34481e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41662,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 100x100, 32 bits/pixel","md5":"e7f3a0e45d145ff5eff9ae10b4010395","sha1":"3e9d0a63102c9ef46fc1ededf3847e5e219d89e0","sha256":"85aed9d67fbfa117b0647467c6e519ff32f1bf904b3ef6677bb11836e56a9797","sha512":"b027f94490b4a8b00068825a99ce680a3b1292e541ebed6af72d844def0539d4f7d3a313ec53f7ff8ba04128759bf166f905eb6abe5b56b9ccee45c740508e40","ssdeep":"384:Ms+4qAaoDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDoDDDDDDDDdZmb:Ms+aaA","tlshash":"a613ead82a8895bff8e1de382de7771a232d5ecc51aa464311f5bf06a136d2057e31c1","first_seen":"2025-05-01T11:29:52.88959Z","last_seen":"2026-06-07T02:17:16.231655Z","times_seen":82,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"s.teams-pa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"s.teams-pa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-24","alert":"Phishing Block","trigger":"s.teams-pa.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}