{"report_id":"97597963-468d-4708-965b-9ba9294f4df8","version":6,"status":"done","tags":["microsoft","phishing"],"date":"2026-04-22T00:00:09Z","url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"108.157.229.5","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"title":"Sign in to your Microsoft account","dom":{"size":10052,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (494)","md5":"85231b6e46b94caf7c1a9a9c925cbec1","sha1":"167e9ea3ddcb0ef34caa4616d57fef4cd1ba6be8","sha256":"c072fd554a1feaee01959df49d24d414d613912c793d29ac3dd66e7c89464daa","sha512":"704c711b140fb20aad44844d0349d2fa20dea529eecb2c8c3d7b3f7f31f0e7a085de6f4b8b92302f4554b838605f4effccad3ae14f6c32e8c2176aed8d63c0ec","ssdeep":"96:jTjfjaSJehD9PJo97G6I6AkeakPTjvJafY2EuG0JNRuf8fh86lv:3jUQpTv+JaZ1vfh8Gv","tlshash":"2622003164f04927418281d97bb9ae1b3f90ea07da4b8a1076ac4fd65fe3ddacc1b11c","dom_hash":"domhash47aa502ac30a1f0cfa9d0bdcec92990e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"108.157.229.5","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-27T00:00:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"microsoft.account.trustedentity.com","ip":{"addr":"52.84.50.73","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2012-11-16","domain_rank":0,"first_seen":"2026-04-21T08:41:50.65813Z","last_seen":"2026-04-21T08:41:50.65813Z","alert_count":50,"request_count":10,"received_data":152532,"sent_data":7239,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/js/common.js","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.43","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4055559d986bb83ef861fea98464e81f","sha1":"5d0344bb39419349124d250d323d8ff93f022f1c","sha256":"a02f4c009d085355be3f332b7b4440b2cc168c7a69452e52caca1472dfb1cff5","sha512":"de36606570e3b3c58e02065f9a8d7c28a06090871b58e4ab6964799bf3a9decb12e4a3dad47d8c3d847f3ebd2f2a0b6d1283e57e5f7aaccbd723f9cbd9733cd3","ssdeep":"","tlshash":"0e51fd2a30b751f045f7049c6b8bd261613a14633589d989f69d4f891fcdf2ea0a37ce","size":3114,"data":"","first_seen":"2025-12-13T04:30:56.914064Z","last_seen":"2026-04-22T00:00:21.154056Z","times_seen":128,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/js/main.js","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.43","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"33bb80bc2bd6355192658567f93fad35","sha1":"f16881ff48d9dfd7576795ef2ff6ee638de46747","sha256":"5c353902dcaa6525f2e57a8af86e23a000765da21093d55043baa846b2d7ec7d","sha512":"5f068b3fdd79bbdfca49fad4d7adc6cd1adafef606f5ed1e4e8dfffdd030fd224d8a858438af9849fe43fd0683b33377881ad03a18a01cdd3f4e601e994a3313","ssdeep":"","tlshash":"5c112cab314108290eff36df64d29aca3d70c455586a04250779ea46e236ec17d3abeb","size":868,"data":"","first_seen":"2025-07-24T16:36:54.98311Z","last_seen":"2026-04-22T00:00:21.168439Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/css/main.css","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.73","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","date":"2026-04-21T23:59:47.938Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/css/main.css HTTP/1.1\r\nHost: microsoft.account.trustedentity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/css\r\nContent-Length: 105216\r\nConnection: keep-alive\r\nx-amz-id-2: GX1f5McN0Gzla+ywvUhfQPpI4t1Bwo94jcP7R1bsxpggzGP1TFxcRRTQfkns5Hg+01ozjSyubss=\r\nx-amz-request-id: ZRDMC5R18EP3C505\r\nDate: Tue, 21 Apr 2026 23:59:49 GMT\r\nLast-Modified: Wed, 10 Dec 2025 04:48:53 GMT\r\nETag: \"75671ab4da372008bde39f3df19196a2\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nVia: 1.1 2f3a70deb5812eb0e48215ada7b72404.cloudfront.net (CloudFront)\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: Nxu2NNRdsMfDQKcWwGpFSg2ZacMOqWyJ0pQE2z5Fj4Vu4EudYKJsLg==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":105216,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"75671ab4da372008bde39f3df19196a2","sha1":"992dcc2c1d1e30ae129264092d3c8435ad9044e8","sha256":"088856f14b5b53bef73702f3333d48e35742a1ce0a4f630949f7c658d40b66aa","sha512":"c40068944b6d92c38d85917f7860f1882eca0610871bdb0275a161215d70fd407608351c688b62e4ed80fc3ee6eb25be60fb3fe8252fc777b7fb31ec4ee1fa16","ssdeep":"1536:8n7CPw+kGDazA/PWrF7qvEAFiQcpmTKgMtJ0yVU/c:IIlzyVU0","tlshash":"c4a3b79069243d26e037c73571c1bd8762211503e677aebbf6262db9cf896cb0b31e49","first_seen":"2024-02-23T23:59:54Z","last_seen":"2026-04-22T00:00:21.152083Z","times_seen":93,"resource_available":false,"data":null}},"time_used":1604,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1177,"receive":427,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/js/common.js","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.43","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","date":"2026-04-21T23:59:47.942Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/js/common.js HTTP/1.1\r\nHost: microsoft.account.trustedentity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/javascript\r\nContent-Length: 3114\r\nConnection: keep-alive\r\nx-amz-id-2: hWckBHcpSXqk5HNGOBJu+4z5Uv9rzPhR4VKgfPu+ohFB/EVFsmedNty7p2ZG1jBbGg+apwu6gCY=\r\nx-amz-request-id: ZRDZFG6802KQC147\r\nDate: Tue, 21 Apr 2026 23:59:49 GMT\r\nLast-Modified: Wed, 10 Dec 2025 04:48:44 GMT\r\nETag: \"4055559d986bb83ef861fea98464e81f\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nVia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: 8nKCdnsIs3i8EjRWJyTfwg6nCb51OdfuK8LJ1GC7cv5VvGfvYOyo3Q==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3114,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"4055559d986bb83ef861fea98464e81f","sha1":"5d0344bb39419349124d250d323d8ff93f022f1c","sha256":"a02f4c009d085355be3f332b7b4440b2cc168c7a69452e52caca1472dfb1cff5","sha512":"de36606570e3b3c58e02065f9a8d7c28a06090871b58e4ab6964799bf3a9decb12e4a3dad47d8c3d847f3ebd2f2a0b6d1283e57e5f7aaccbd723f9cbd9733cd3","ssdeep":"","tlshash":"0e51fd2a30b751f045f7049c6b8bd261613a14633589d989f69d4f891fcdf2ea0a37ce","first_seen":"2025-12-13T04:30:56.914064Z","last_seen":"2026-04-22T00:00:21.154056Z","times_seen":128,"resource_available":true,"data":null}},"time_used":921,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":919,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.43","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","date":"2026-04-21T23:59:47.943Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1\r\nHost: microsoft.account.trustedentity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/svg+xml\r\nContent-Length: 3651\r\nConnection: keep-alive\r\nx-amz-id-2: J5GoQF22hPOYRwbqjdxunDqvCA83J5Q8fvwh/qGqaKTqkxSJBgNYdNHK3p/o/ZCCLINuW/eew6pd0QwRHWnUeBuLAh5FsgKQ\r\nx-amz-request-id: 9K1XERKRR3F8TDHT\r\nDate: Tue, 21 Apr 2026 23:59:51 GMT\r\nLast-Modified: Wed, 10 Dec 2025 04:48:53 GMT\r\nETag: \"ee5c8d9fb6248c938fd0dc19370e90bd\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nVia: 1.1 d85ed2d2deba50aaf4938eae2cbcf3ac.cloudfront.net (CloudFront)\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: C_7DfpOX20Jkk1VCz07Xvys0d6xbGbnK-VkJxyA0_n1F8X8skvJHPg==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3651,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ee5c8d9fb6248c938fd0dc19370e90bd","sha1":"d01a22720918b781338b5bbf9202b241a5f99ee4","sha256":"04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a","sha512":"c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58","ssdeep":"","tlshash":"6371117b132887dae9d4a78c2e997b8d377095c4b1b24290874328a5bc086f7f038d60","first_seen":"2023-04-06T08:44:24Z","last_seen":"2026-04-22T05:02:07.519491Z","times_seen":124306,"resource_available":false,"data":null}},"time_used":4205,"timings":{"blocked":1595,"dns":1,"connect":1,"send":0,"wait":1008,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/images/2_bc3d32a696895f78c19df6c717586a5d.svg","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.43","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","date":"2026-04-21T23:59:49.573Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/images/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1\r\nHost: microsoft.account.trustedentity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/svg+xml\r\nContent-Length: 1864\r\nConnection: keep-alive\r\nx-amz-id-2: 8qIA9V6FZVC81zFcx91okRIQh1zCZp+TMvqLbs0ZVdw1vXOgq2Sjwm91XrxQ/D1CZDd63BQUmB4=\r\nx-amz-request-id: 9K1JKMRHJ4K3VJ5E\r\nDate: Tue, 21 Apr 2026 23:59:51 GMT\r\nLast-Modified: Wed, 10 Dec 2025 04:48:53 GMT\r\nETag: \"bc3d32a696895f78c19df6c717586a5d\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nVia: 1.1 a82071c7a558f0fabf37ee3b940ad600.cloudfront.net (CloudFront)\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: yjPL9ppWBQyIJNLCZ0eSSffMI_CfSBIIdcVWH01iRiawI0Vt4T3SMQ==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":1864,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bc3d32a696895f78c19df6c717586a5d","sha1":"9191cb156a30a3ed79c44c0a16c95159e8ff689d","sha256":"0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68","sha512":"8d4f38907f3423a86d90575772b292680f7970527d2090fc005f9b096cc81d3f279d59ad76eafca30c3d4bbaf2276bbaa753e2a46a149424cf6f1c319ded5a64","ssdeep":"","tlshash":"4e310059c51d3566ec04c3aceae1d468315e71efa8a581c961849b3f95b0dce0eccb70","first_seen":"2023-04-12T23:20:27Z","last_seen":"2026-04-22T00:00:21.165034Z","times_seen":102630,"resource_available":false,"data":null}},"time_used":912,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":912,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-21T23:59:46.741Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/ HTTP/1.1\r\nHost: microsoft.account.trustedentity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T05:09:04.594815Z","times_seen":14046463,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":83,"dns":0,"connect":1,"send":0,"wait":0,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/js/main.js","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.43","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","date":"2026-04-21T23:59:47.941Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/js/main.js HTTP/1.1\r\nHost: microsoft.account.trustedentity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/javascript\r\nContent-Length: 868\r\nConnection: keep-alive\r\nx-amz-id-2: ZFOV2JamCE3i6nRDh0xO73BlMdxf9utBklhE6LyeVq13OFHak4veWNoOrmuGBKwprKPxiqhwCQ8=\r\nx-amz-request-id: ZRDVPZ053SVPXW8K\r\nDate: Tue, 21 Apr 2026 23:59:49 GMT\r\nLast-Modified: Wed, 10 Dec 2025 04:48:54 GMT\r\nETag: \"33bb80bc2bd6355192658567f93fad35\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nVia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: HO8LMSq61kbjEIWKI7vtlTXOG86Wna4lgWEMm2Tzkmliqku-rtJ5jQ==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":868,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (868), with no line terminators","md5":"33bb80bc2bd6355192658567f93fad35","sha1":"f16881ff48d9dfd7576795ef2ff6ee638de46747","sha256":"5c353902dcaa6525f2e57a8af86e23a000765da21093d55043baa846b2d7ec7d","sha512":"5f068b3fdd79bbdfca49fad4d7adc6cd1adafef606f5ed1e4e8dfffdd030fd224d8a858438af9849fe43fd0683b33377881ad03a18a01cdd3f4e601e994a3313","ssdeep":"","tlshash":"5c112cab314108290eff36df64d29aca3d70c455586a04250779ea46e236ec17d3abeb","first_seen":"2025-07-24T16:36:54.98311Z","last_seen":"2026-04-22T00:00:21.168439Z","times_seen":47,"resource_available":true,"data":null}},"time_used":899,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":897,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.43","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","date":"2026-04-21T23:59:47.945Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1\r\nHost: microsoft.account.trustedentity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/svg+xml\r\nContent-Length: 1592\r\nConnection: keep-alive\r\nx-amz-id-2: 7CcBGS1WI3XrQwl4zMWkth2EgoKz4akFxxXvnB+iLtITE/8oqQVnL8FvK/sdZXbTQO91vopQgck=\r\nx-amz-request-id: 9K1Q98F6X4S0PPVG\r\nDate: Tue, 21 Apr 2026 23:59:51 GMT\r\nLast-Modified: Wed, 10 Dec 2025 04:48:54 GMT\r\nETag: \"4e48046ce74f4b89d45037c90576bfac\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nVia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: 5Ri9zXQ9FVluqEKO_XshwU1BosudQ_1_XFPvJ1ipqT6vnY5D-e5_Kg==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1592,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4e48046ce74f4b89d45037c90576bfac","sha1":"4a41b3b51ed787f7b33294202da72220c7cd2c32","sha256":"8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93","sha512":"b2bba2a68edaa1a08cfa31ed058afb5e6a3150aabb9a78db9f5ccc2364186d44a015986a57707b57e2cc855fa7da57861ad19fc4e7006c2c239c98063fe903cf","ssdeep":"","tlshash":"b931787f43b45ae7239017741760626c13f4ee917169d0b4dba30c9a8d4bd33327843a","first_seen":"2023-04-14T20:16:11Z","last_seen":"2026-04-22T05:06:18.414929Z","times_seen":75212,"resource_available":false,"data":null}},"time_used":2505,"timings":{"blocked":1592,"dns":0,"connect":0,"send":0,"wait":913,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.43","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","date":"2026-04-21T23:59:47.944Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg HTTP/1.1\r\nHost: microsoft.account.trustedentity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/svg+xml\r\nContent-Length: 1555\r\nConnection: keep-alive\r\nx-amz-id-2: QSNaAiDS3LFoN9JsO4/yNVrnGZdMQXT+FpscGuduzu7rndhvnWjQwTfbqUMNHHgKJf73kR8SDc8=\r\nx-amz-request-id: 9K1MX29D981CCQV3\r\nDate: Tue, 21 Apr 2026 23:59:51 GMT\r\nLast-Modified: Wed, 10 Dec 2025 04:48:53 GMT\r\nETag: \"bcb4d1dc4eae64f0b2b2538209d8435a\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nVia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: wRKrYiinOxGg5r6xrDR5Jg3g9v2MpmGwEWjAeBWuzcq206eNNxqmXw==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1555,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bcb4d1dc4eae64f0b2b2538209d8435a","sha1":"4f10568bc1b70bc98d5297b85812c33b3e636766","sha256":"a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea","sha512":"db41de25233b7000dd841d244ca2a7504e4b1443a7cf41aa88136764eeb3002b3b99d0e8b31a828afe4749f454adcf5d2e4f9f72d645f0a6e66918b5e5a8a7b1","ssdeep":"","tlshash":"7e31277f029946cd9ee59b543b30b24d7fb9a64b73a240844f073ed95c866b3a438d23","first_seen":"2023-05-08T01:25:43Z","last_seen":"2026-04-22T00:00:21.171248Z","times_seen":740,"resource_available":false,"data":null}},"time_used":2474,"timings":{"blocked":1593,"dns":0,"connect":0,"send":0,"wait":881,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/images/favicon.ico","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.43","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","date":"2026-04-21T23:59:50.059Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/images/favicon.ico HTTP/1.1\r\nHost: microsoft.account.trustedentity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/vnd.microsoft.icon\r\nContent-Length: 17174\r\nConnection: keep-alive\r\nx-amz-id-2: 1g6RiH3FWemCOn11Kk8GFGfHowdWHk9wsxJqHQ0Doyk5LOVXUPRZzlZJeNuMYZcIhncb3vkW8ss=\r\nx-amz-request-id: 9K1TP6Y5WSJTQ5ME\r\nDate: Tue, 21 Apr 2026 23:59:51 GMT\r\nLast-Modified: Wed, 10 Dec 2025 04:48:53 GMT\r\nETag: \"12e3dac858061d088023b2bd48e2fa96\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nVia: 1.1 ed0b1ae4224d4a858ec43080e17ab00c.cloudfront.net (CloudFront)\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: JqZlrHDbkgaVPSJJNE1S8L06GHKAuG4xbfZe4nQg2QA_lldubw18Ew==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":17174,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors","md5":"12e3dac858061d088023b2bd48e2fa96","sha1":"e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5","sha256":"90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21","sha512":"c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01","ssdeep":"24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO","tlshash":"b772e35b1f5f4981ec4b0db80b125e80c5e49c973854dffbdb76b62888b0364ab845eb","first_seen":"2023-04-05T03:19:57Z","last_seen":"2026-04-22T00:39:05.227166Z","times_seen":164140,"resource_available":false,"data":null}},"time_used":381,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":380,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"microsoft.account.trustedentity.com/http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/","fqdn":"microsoft.account.trustedentity.com","domain":"trustedentity.com","tld":"com"},"ip":{"addr":"52.84.50.73","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-21T23:59:46.857Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /http:/microsoft.authorised-support.com/new-account/EOzAFbYj1bjLmgufSIlKJJR9Kpvsy5kc3UkY=3Ag==7Wl5URVhEWFFDaFtYUF5ZaEBeQ19oR1ZEREBYRVM=/6Xx5KG1mKRNjeU3rSnC8diFTM7R4V1de/ HTTP/1.1\r\nHost: microsoft.account.trustedentity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 11640\r\nConnection: keep-alive\r\nx-amz-id-2: P8plQ9pkJexawtm20cfCqndnI99dFBYnWtM51X+NsDkQQjWEd9Ni8zkzTL0rBJqfVWXniE2H/4L0BfkHg2RQMomfTltslc0V\r\nx-amz-request-id: 05GYH8NY5HMAS1X7\r\nDate: Tue, 21 Apr 2026 23:59:48 GMT\r\nLast-Modified: Tue, 21 Apr 2026 23:59:47 GMT\r\nETag: \"6d7bce4145378473ac46bbdeb53bbb0d\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nVia: 1.1 2f3a70deb5812eb0e48215ada7b72404.cloudfront.net (CloudFront)\r\nCache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0, stale-while-revalidate=0, stale-if-error=0\r\nPragma: no-cache\r\nExpires: 0\r\nSurrogate-Control: no-store\r\nVary: *\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: -fffS_Rh0wNPggQ1WG5oP5uXhNfkHGjQEuon_ZUPitmMxSkH5Hr_qA==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":11640,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"6d7bce4145378473ac46bbdeb53bbb0d","sha1":"7330bae99206331d5c13cb1a67bc3d40d1cbe060","sha256":"aa5660d67db4acb77310ec845e0bbfe7495d01c971edff59ba32a51753357866","sha512":"0906072ae063c5fcdd22d800524293567ce3883d1d63c530e649dc76f49c43339efd1c1cb09f715e302a1d6abd51882c72d3531b521e6cf00c262642737aca36","ssdeep":"96:PpZjfpaSJehD9PpoL7o6C6AkeakPTlvhCWY2+G+qNFexClh867gu:RZFUYz9v+jCMzlh8ugu","tlshash":"e4321c2064f009a7018ac4d97afa6e1b3f80ea07da4b9a1436ac4fd55fe3dd6cc1b11c","first_seen":"2025-07-24T16:32:56.6927Z","last_seen":"2026-04-22T00:00:21.176571Z","times_seen":50,"resource_available":true,"data":null}},"time_used":939,"timings":{"blocked":1,"dns":1,"connect":1,"send":0,"wait":935,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"microsoft.account.trustedentity.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}