{"report_id":"9fb28362-0e65-4374-9ccb-e0e6a57f80a8","version":0,"status":"done","tags":["microsoft","phishing"],"date":"2026-07-17T09:05:24Z","url":{"schema":"http","addr":"microsoft.team365.realtrade4.com/api/v3/auth/login.php","fqdn":"microsoft.team365.realtrade4.com","domain":"realtrade4.com","tld":"com"},"ip":{"addr":"162.0.214.119","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"microsoft.team365.realtrade4.com/api/v3/auth/login.php","fqdn":"microsoft.team365.realtrade4.com","domain":"realtrade4.com","tld":"com"},"title":"Sign in to your Microsoft account","dom":{"size":4973,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"1a3273ad7b280777a3999aec7daf6bfc","sha1":"a6a48a7ff3646e6bc27dff0b51c15dad66dfd5cc","sha256":"070b86425196c55a3156fa684acc51690b0dc324b70e62fb20c72e7b47082795","sha512":"b341c95a7788f985f92f6cc32054d6587c2b9cee62a96b5aa9d7a5dec0855e98b26334354a892e26816ecd2b5ab660328ee153da5d71850020a0a2d24f6800d8","ssdeep":"96:nQSK4AEsfsd6VTgw5Qeqmz4uBd18sD2PReT2gmUzge2ZaEm:gEKi6dFqmz4kd6syPRmX+al","tlshash":"88a164d656b708463843d8242be74646392d8013c50bfe1c3faca388cf822d5d952bcc","dom_hash":"domhash1d4506b1ec0f9118af3706457facc8b5","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"microsoft.team365.realtrade4.com/api/v3/auth/login.php","fqdn":"microsoft.team365.realtrade4.com","domain":"realtrade4.com","tld":"com"},"ip":{"addr":"162.0.214.119","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-21T09:05:24Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-17","alert":"Phishing Block","trigger":"microsoft.team365.realtrade4.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"microsoft.team365.realtrade4.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"microsoft.team365.realtrade4.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"microsoft.team365.realtrade4.com","ip":{"addr":"162.0.214.119","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2024-11-17","domain_rank":0,"first_seen":"2026-07-15T18:07:40.198063Z","last_seen":"2026-07-15T18:07:40.198063Z","alert_count":16,"request_count":4,"received_data":28691,"sent_data":2420,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"microsoft.team365.realtrade4.com/api/v3/auth/assets/images/logo.svg","fqdn":"microsoft.team365.realtrade4.com","domain":"realtrade4.com","tld":"com"},"ip":{"addr":"162.0.214.119","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://microsoft.team365.realtrade4.com/api/v3/auth/login.php","date":"2026-07-17T09:04:58.205Z","timestamp":1784279098205,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"microsoft.team365.realtrade4.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Jun 2026 22:03:27 GMT","end":"Thu, 17 Sep 2026 22:03:26 GMT"},"fingerprint":{"sha1":"8E:11:E8:9F:47:53:45:FF:23:90:57:70:07:DC:35:83:E7:45:46:43","sha256":"84:2A:B2:E2:58:11:1F:0E:C8:7E:CB:71:B6:51:DE:24:6E:4D:FE:45:64:E3:5F:39:B4:25:90:8D:59:53:8C:B4"}}},"request":{"raw":"GET /api/v3/auth/assets/images/logo.svg HTTP/1.1\r\nHost: microsoft.team365.realtrade4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoft.team365.realtrade4.com/api/v3/auth/login.php\r\nCookie: PHPSESSID=hcnilrnkn32b3bcbb3m6m1raai\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Fri, 17 Jul 2026 09:04:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 14 May 2026 17:19:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a060426-e43\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3651,"size_decoded":1726,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ee5c8d9fb6248c938fd0dc19370e90bd","sha1":"d01a22720918b781338b5bbf9202b241a5f99ee4","sha256":"04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a","sha512":"c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58","ssdeep":"","tlshash":"6371117b132887dae9d4a78c2e997b8d377095c4b1b24290874328a5bc086f7f038d60","first_seen":"2023-04-06T08:44:24Z","last_seen":"2026-07-17T19:30:07.605217Z","times_seen":127781,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-17","alert":"Phishing Block","trigger":"microsoft.team365.realtrade4.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"microsoft.team365.realtrade4.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"microsoft.team365.realtrade4.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"microsoft.team365.realtrade4.com/api/v3/auth/assets/images/key.svg","fqdn":"microsoft.team365.realtrade4.com","domain":"realtrade4.com","tld":"com"},"ip":{"addr":"162.0.214.119","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://microsoft.team365.realtrade4.com/api/v3/auth/login.php","date":"2026-07-17T09:04:58.207Z","timestamp":1784279098207,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"microsoft.team365.realtrade4.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Jun 2026 22:03:27 GMT","end":"Thu, 17 Sep 2026 22:03:26 GMT"},"fingerprint":{"sha1":"8E:11:E8:9F:47:53:45:FF:23:90:57:70:07:DC:35:83:E7:45:46:43","sha256":"84:2A:B2:E2:58:11:1F:0E:C8:7E:CB:71:B6:51:DE:24:6E:4D:FE:45:64:E3:5F:39:B4:25:90:8D:59:53:8C:B4"}}},"request":{"raw":"GET /api/v3/auth/assets/images/key.svg HTTP/1.1\r\nHost: microsoft.team365.realtrade4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoft.team365.realtrade4.com/api/v3/auth/login.php\r\nCookie: PHPSESSID=hcnilrnkn32b3bcbb3m6m1raai\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Fri, 17 Jul 2026 09:04:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 14 May 2026 17:47:53 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a060ac9-638\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1592,"size_decoded":899,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4e48046ce74f4b89d45037c90576bfac","sha1":"4a41b3b51ed787f7b33294202da72220c7cd2c32","sha256":"8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93","sha512":"b2bba2a68edaa1a08cfa31ed058afb5e6a3150aabb9a78db9f5ccc2364186d44a015986a57707b57e2cc855fa7da57861ad19fc4e7006c2c239c98063fe903cf","ssdeep":"","tlshash":"b931787f43b45ae7239017741760626c13f4ee917169d0b4dba30c9a8d4bd33327843a","first_seen":"2023-04-14T20:16:11Z","last_seen":"2026-07-17T20:50:43.564275Z","times_seen":87134,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"microsoft.team365.realtrade4.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"microsoft.team365.realtrade4.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-17","alert":"Phishing Block","trigger":"microsoft.team365.realtrade4.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"microsoft.team365.realtrade4.com/api/v3/auth/assets/images/favicon.png","fqdn":"microsoft.team365.realtrade4.com","domain":"realtrade4.com","tld":"com"},"ip":{"addr":"162.0.214.119","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://microsoft.team365.realtrade4.com/api/v3/auth/login.php","date":"2026-07-17T09:04:58.388Z","timestamp":1784279098388,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"microsoft.team365.realtrade4.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Jun 2026 22:03:27 GMT","end":"Thu, 17 Sep 2026 22:03:26 GMT"},"fingerprint":{"sha1":"8E:11:E8:9F:47:53:45:FF:23:90:57:70:07:DC:35:83:E7:45:46:43","sha256":"84:2A:B2:E2:58:11:1F:0E:C8:7E:CB:71:B6:51:DE:24:6E:4D:FE:45:64:E3:5F:39:B4:25:90:8D:59:53:8C:B4"}}},"request":{"raw":"GET /api/v3/auth/assets/images/favicon.png HTTP/1.1\r\nHost: microsoft.team365.realtrade4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoft.team365.realtrade4.com/api/v3/auth/login.php\r\nCookie: PHPSESSID=hcnilrnkn32b3bcbb3m6m1raai\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Fri, 17 Jul 2026 09:04:58 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 07 Feb 2023 22:30:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63e2d0ea-4316\"\r\nexpires: Sun, 16 Aug 2026 09:04:58 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17174,"size_decoded":889,"mime_type":"image/png","magic":"MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors","md5":"12e3dac858061d088023b2bd48e2fa96","sha1":"e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5","sha256":"90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21","sha512":"c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01","ssdeep":"24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO","tlshash":"b772e35b1f5f4981ec4b0db80b125e80c5e49c973854dffbdb76b62888b0364ab845eb","first_seen":"2023-04-05T03:19:57Z","last_seen":"2026-07-17T20:41:54.46816Z","times_seen":169073,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-17","alert":"Phishing Block","trigger":"microsoft.team365.realtrade4.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"microsoft.team365.realtrade4.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"microsoft.team365.realtrade4.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"microsoft.team365.realtrade4.com/api/v3/auth/login.php","fqdn":"microsoft.team365.realtrade4.com","domain":"realtrade4.com","tld":"com"},"ip":{"addr":"162.0.214.119","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-17T09:04:57.276Z","timestamp":1784279097276,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"microsoft.team365.realtrade4.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Jun 2026 22:03:27 GMT","end":"Thu, 17 Sep 2026 22:03:26 GMT"},"fingerprint":{"sha1":"8E:11:E8:9F:47:53:45:FF:23:90:57:70:07:DC:35:83:E7:45:46:43","sha256":"84:2A:B2:E2:58:11:1F:0E:C8:7E:CB:71:B6:51:DE:24:6E:4D:FE:45:64:E3:5F:39:B4:25:90:8D:59:53:8C:B4"}}},"request":{"raw":"GET /api/v3/auth/login.php HTTP/1.1\r\nHost: microsoft.team365.realtrade4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Fri, 17 Jul 2026 09:04:57 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=hcnilrnkn32b3bcbb3m6m1raai; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4984,"size_decoded":2225,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"4197345fd2e8b640486ba7b4c06e13a5","sha1":"c9443e9d5e7e86503388d6e35414f0e7fa73f359","sha256":"53be62d1296fb1b66035b1fd21d0ba704f6331644f110aecbf4f102631a8dbd8","sha512":"b03b8a00bf09ead09bbeb82ae701adab1cdf9f66f26c9c7af6cfc9c2c1d7de0439838bb01807d80f1afe9837d5b3228dcfb1e331d22a6f96441664dd4c127db5","ssdeep":"96:eSK4AEsfsd6VTgw5Qeqmz4uBd18sD2PReT2gmUzge2Za7V:mEKi6dFqmz4kd6syPRmX+aR","tlshash":"7ba163d656b718463843d8242be78646392d8013d50bfe1c3fada388cfc26d5da52bcc","first_seen":"2026-07-15T18:07:43.752904Z","last_seen":"2026-07-17T09:20:13.940355Z","times_seen":7,"resource_available":true,"data":null}},"time_used":716,"timings":{"blocked":-1,"dns":19,"connect":173,"send":0,"wait":182,"receive":0,"ssl":342},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"microsoft.team365.realtrade4.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-17","alert":"Phishing Block","trigger":"microsoft.team365.realtrade4.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"microsoft.team365.realtrade4.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}
