{"report_id":"a40551d7-ecc9-4ec9-a929-38bb1bf87409","version":6,"status":"done","tags":["microsoft","phishing"],"date":"2026-03-20T18:33:13Z","url":{"schema":"http","addr":"login.polcu.microsoftenline.com","fqdn":"login.polcu.microsoftenline.com","domain":"microsoftenline.com","tld":"com"},"ip":{"addr":"34.19.207.32","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Canada","country_code":"CA"},"final":{"url":{"schema":"https","addr":"login.polcu.microsoftenline.com/","fqdn":"login.polcu.microsoftenline.com","domain":"microsoftenline.com","tld":"com"},"title":"Sign in to your account","dom":{"size":8762,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"35e00863c3662a92487a35dc9080e12e","sha1":"843d41455efdf3fcc1c8970c02099a83c36eb5a1","sha256":"7f859644ef5b31be1d0f83cb65bffd7cf016f6ca6e82720f15b28cba7be881fc","sha512":"c3a376a24d29d7a25b6cad0fae4cec1c6ae2cb609602fc787cf7febbc5838dcf36f43a25866717606682c60a2a85b70ff84e89883bad2c7d0035a498592e3a33","ssdeep":"192:W4IG0SCDsJlg/R5/NGwn4oId10HHqM3lSFYIIFp5Yx139DmR4ya7fJ2StxXeJE9z:nIPimqH","tlshash":"d3022e9a2aa320466983a4bd37f257483670d103d806cd6c3fec6794cf85b44ada37dc","dom_hash":"domhash2850efb36411bedfbeea60fdb75f0eeb","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"login.polcu.microsoftenline.com","fqdn":"login.polcu.microsoftenline.com","domain":"microsoftenline.com","tld":"com"},"ip":{"addr":"34.19.207.32","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Canada","country_code":"CA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-24T18:33:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-20","alert":"Phishing Block","trigger":"login.polcu.microsoftenline.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"login.polcu.microsoftenline.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"login.polcu.microsoftenline.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"login.polcu.microsoftenline.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"aadcdn.msftauth.net","ip":{"addr":"2.22.225.34","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"domain_registered":"2018-10-25","domain_rank":5262,"first_seen":"2018-11-19T10:50:32Z","last_seen":"2026-03-16T09:08:27.902147Z","alert_count":0,"request_count":3,"received_data":53861,"sent_data":1565,"comment":"","tags":null,"fingerprints":null},{"fqdn":"login.polcu.microsoftenline.com","ip":{"addr":"34.19.207.32","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Canada","country_code":"CA"},"domain_registered":"2023-10-16","domain_rank":0,"first_seen":"2026-03-20T11:38:23.33811Z","last_seen":"2026-03-20T11:38:23.33811Z","alert_count":10,"request_count":2,"received_data":9975,"sent_data":969,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"login.polcu.microsoftenline.com/","fqdn":"login.polcu.microsoftenline.com","domain":"microsoftenline.com","tld":"com"},"ip":{"addr":"34.19.207.32","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":true,"md5":"89f72243022a9de196c73c09cac3354b","sha1":"2f26afcd25b9b4c0d1b4f6b5b0226ca30a0fbcfc","sha256":"9d69cb7b4781c9eb9910cdf75e79828b9661f9e51cbd4d0e911fd6d95569df46","sha512":"3cac786ca8b7940616229b600a0e221c9dcbe5c95659c00d371a56af0f40243b74d7866c5765c5900ca4b823938f0187eb077e1a15de6adc39a6f5fc6f546aaa","ssdeep":"","tlshash":"0111d2ba349720b98ef764ba73db42d5305040673c55d6a4b56c921a4f00e4abef2be8","size":967,"data":"","first_seen":"2026-03-20T11:38:24.53549Z","last_seen":"2026-03-22T12:37:01.217602Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg","fqdn":"aadcdn.msftauth.net","domain":"msftauth.net","tld":"net"},"ip":{"addr":"2.22.225.34","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.polcu.microsoftenline.com/","date":"2026-03-20T18:32:52.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"idnaakamaicdn.msftauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 ECC CA OCSP 02","organization":"Microsoft Corporation"},"validity":{"start":"Tue, 10 Feb 2026 18:29:15 GMT","end":"Fri, 05 Feb 2027 18:29:15 GMT"},"fingerprint":{"sha1":"11:6E:B1:51:6A:18:5E:8A:A2:FA:F0:B4:38:78:7E:52:0D:55:06:B5","sha256":"26:06:65:FC:25:8B:05:0E:C1:76:C6:E2:3C:FF:76:A2:A3:52:4E:8D:FC:2D:48:D0:74:7E:6E:33:DA:49:4A:3D"}}},"request":{"raw":"GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1\r\nHost: aadcdn.msftauth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.polcu.microsoftenline.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 1435\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\ncontent-md5: nzaLxFgP7ZB3dfMcaybWzw==\r\nlast-modified: Thu, 05 Dec 2024 00:02:53 GMT\r\naccept-ranges: bytes\r\netag: \"0x8DD14C02A8563EB\"\r\nx-ms-request-id: 1e321b9e-001e-0086-0b9d-669877000000\r\nx-ms-version: 2018-03-28\r\naccess-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=23002527\r\ndate: Fri, 20 Mar 2026 18:32:52 GMT\r\nvary: Accept-Encoding\r\nakamai-grn: 0.47e11602.1774031572.39da9f2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3651,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ee5c8d9fb6248c938fd0dc19370e90bd","sha1":"d01a22720918b781338b5bbf9202b241a5f99ee4","sha256":"04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a","sha512":"c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58","ssdeep":"","tlshash":"6371117b132887dae9d4a78c2e997b8d377095c4b1b24290874328a5bc086f7f038d60","first_seen":"2023-04-06T08:44:24Z","last_seen":"2026-06-24T20:42:22.098316Z","times_seen":127267,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":36,"dns":1,"connect":1,"send":0,"wait":6,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg","fqdn":"aadcdn.msftauth.net","domain":"msftauth.net","tld":"net"},"ip":{"addr":"2.22.225.34","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.polcu.microsoftenline.com/","date":"2026-03-20T18:32:52.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"idnaakamaicdn.msftauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 ECC CA OCSP 02","organization":"Microsoft Corporation"},"validity":{"start":"Tue, 10 Feb 2026 18:29:15 GMT","end":"Fri, 05 Feb 2027 18:29:15 GMT"},"fingerprint":{"sha1":"11:6E:B1:51:6A:18:5E:8A:A2:FA:F0:B4:38:78:7E:52:0D:55:06:B5","sha256":"26:06:65:FC:25:8B:05:0E:C1:76:C6:E2:3C:FF:76:A2:A3:52:4E:8D:FC:2D:48:D0:74:7E:6E:33:DA:49:4A:3D"}}},"request":{"raw":"GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1\r\nHost: aadcdn.msftauth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.polcu.microsoftenline.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 621\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\ncontent-md5: R2FAVxfpONfnQAuxVxXbHg==\r\nlast-modified: Thu, 05 Dec 2024 00:03:00 GMT\r\naccept-ranges: bytes\r\netag: \"0x8DD14C02EE2769A\"\r\nx-ms-request-id: 3fedeaa7-201e-004f-6e9e-66bb78000000\r\nx-ms-version: 2018-03-28\r\naccess-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=23468725\r\ndate: Fri, 20 Mar 2026 18:32:52 GMT\r\nvary: Accept-Encoding\r\nakamai-grn: 0.47e11602.1774031572.39da9f3\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1592,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4e48046ce74f4b89d45037c90576bfac","sha1":"4a41b3b51ed787f7b33294202da72220c7cd2c32","sha256":"8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93","sha512":"b2bba2a68edaa1a08cfa31ed058afb5e6a3150aabb9a78db9f5ccc2364186d44a015986a57707b57e2cc855fa7da57861ad19fc4e7006c2c239c98063fe903cf","ssdeep":"","tlshash":"b931787f43b45ae7239017741760626c13f4ee917169d0b4dba30c9a8d4bd33327843a","first_seen":"2023-04-14T20:16:11Z","last_seen":"2026-06-24T20:59:46.574414Z","times_seen":85292,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":34,"dns":4,"connect":1,"send":0,"wait":6,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/4_eae2dd7eb3a55636dc2d74f4fa4c386e.svg","fqdn":"aadcdn.msftauth.net","domain":"msftauth.net","tld":"net"},"ip":{"addr":"2.22.225.34","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.polcu.microsoftenline.com/","date":"2026-03-20T18:32:52.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"idnaakamaicdn.msftauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 ECC CA OCSP 02","organization":"Microsoft Corporation"},"validity":{"start":"Tue, 10 Feb 2026 18:29:15 GMT","end":"Fri, 05 Feb 2027 18:29:15 GMT"},"fingerprint":{"sha1":"11:6E:B1:51:6A:18:5E:8A:A2:FA:F0:B4:38:78:7E:52:0D:55:06:B5","sha256":"26:06:65:FC:25:8B:05:0E:C1:76:C6:E2:3C:FF:76:A2:A3:52:4E:8D:FC:2D:48:D0:74:7E:6E:33:DA:49:4A:3D"}}},"request":{"raw":"GET /shared/1.0/content/images/backgrounds/4_eae2dd7eb3a55636dc2d74f4fa4c386e.svg HTTP/1.1\r\nHost: aadcdn.msftauth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.polcu.microsoftenline.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 8703\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\ncontent-md5: sMaVUk102tEadelHjqLx4Q==\r\nlast-modified: Wed, 16 Jul 2025 19:22:14 GMT\r\naccept-ranges: bytes\r\netag: \"0x8DDC49E12525B9E\"\r\nx-ms-request-id: fc0a76fe-d01e-0074-5d22-27fedc000000\r\nx-ms-version: 2018-03-28\r\naccess-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=24132622\r\ndate: Fri, 20 Mar 2026 18:32:52 GMT\r\nvary: Accept-Encoding\r\nakamai-grn: 0.47e11602.1774031572.39daa0d\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":46579,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"145a07dcb971527a82b8d95ca2a1a3ee","sha1":"8b5baca5e87693484035d4e7bfd5eebbd73ac931","sha256":"b7872b9635702c64d0e30f951372d3d62383f52a0f3f01497d9c429e4c292338","sha512":"cbf9fbafc5f4e69bc348077ce16a6a8266e8b70802954506436a56d4a411c56244fce3bcf492467d31462e6e4d133ce8d9f967708bea50cf46ea9eed88ad1165","ssdeep":"768:stFVOr1cBhgbydHDaQTzHdLqKyIpFIo9JRMkgArZQn:stKpcBhgbydHDaQTzHdLqKyIpFIcJRMP","tlshash":"5823249ce16ca97ed54dc2fcc64b68b8310e41eba550835d906b6f0f29b85cb384dbe1","first_seen":"2025-08-13T09:49:20.296327Z","last_seen":"2026-06-24T20:42:22.0827Z","times_seen":15690,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":48,"dns":8,"connect":1,"send":0,"wait":2,"receive":1,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"login.polcu.microsoftenline.com/favicon.ico","fqdn":"login.polcu.microsoftenline.com","domain":"microsoftenline.com","tld":"com"},"ip":{"addr":"34.19.207.32","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.polcu.microsoftenline.com/","date":"2026-03-20T18:32:52.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"login.polcu.microsoftenline.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 19:07:07 GMT","end":"Wed, 17 Jun 2026 19:07:06 GMT"},"fingerprint":{"sha1":"CD:0A:72:57:72:00:BE:95:AD:B4:61:22:89:95:94:B5:5B:10:38:91","sha256":"36:51:7A:14:B6:EA:C3:E3:EC:C2:9C:85:14:E9:D6:37:80:00:7A:98:00:AB:FA:F3:D9:DF:67:7A:7E:AC:40:C2"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: login.polcu.microsoftenline.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.polcu.microsoftenline.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Fri, 20 Mar 2026 18:32:52 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":760,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"bbf8afe6a2fa92e7dc91196cb9c07563","sha1":"9c605886281ae9332be5f0a362ad6ba26c03e35d","sha256":"887fb1359a525fcbb15258069f267224db655b0c3400292ddcade30fdeeba7f8","sha512":"1c6a859426e27d609e58c3cbf452022003ebf208a3e5854abdc0d7ec9e16c8360d845bb51d600a09364e330ba372d34145a2e6fad0a40a90f5cfca2b4315eb3c","ssdeep":"","tlshash":"e001a26c94f62a4bb212101096d6f3435e1a474fdd0dc9b97a5f15604f4db6c84df18c","first_seen":"2026-03-20T11:38:24.530201Z","last_seen":"2026-03-20T18:43:38.891687Z","times_seen":3,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-20","alert":"Phishing Block","trigger":"login.polcu.microsoftenline.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"login.polcu.microsoftenline.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"login.polcu.microsoftenline.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"login.polcu.microsoftenline.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"login.polcu.microsoftenline.com/","fqdn":"login.polcu.microsoftenline.com","domain":"microsoftenline.com","tld":"com"},"ip":{"addr":"34.19.207.32","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-20T18:32:51.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"login.polcu.microsoftenline.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 19:07:07 GMT","end":"Wed, 17 Jun 2026 19:07:06 GMT"},"fingerprint":{"sha1":"CD:0A:72:57:72:00:BE:95:AD:B4:61:22:89:95:94:B5:5B:10:38:91","sha256":"36:51:7A:14:B6:EA:C3:E3:EC:C2:9C:85:14:E9:D6:37:80:00:7A:98:00:AB:FA:F3:D9:DF:67:7A:7E:AC:40:C2"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: login.polcu.microsoftenline.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Fri, 20 Mar 2026 18:32:52 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 19 Mar 2026 20:13:29 GMT\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":8756,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"fd5977f3a9e97e1433c99c4a142a1463","sha1":"43bb3eb3fada764159d4c32bc9a5b339372758bb","sha256":"2e4348a8026d47a58260543774e4738b0b32cc67aaba1d33261a4462396513d0","sha512":"90df42b95082c6d2f93584371a55590633f8224ccab86f3d94dd12faf4ee36929e0e332ef09bd69df4ae5273edd1817f500fbedd1cf1e0c43822e2e5d65ffc6d","ssdeep":"192:04IG0SCDsJlg/R5/NGwn4oId10HHqM3lSFYIIFp5Yx139DmR4ya7fJ2Stx9eJ99X:JIPimqe","tlshash":"63021e9a2aa720566983a4bd37f257483670d103d806cd6c3fec6794cf85b44aea37dc","first_seen":"2026-03-20T11:38:24.532586Z","last_seen":"2026-03-20T18:43:38.888588Z","times_seen":3,"resource_available":false,"data":null}},"time_used":621,"timings":{"blocked":255,"dns":28,"connect":106,"send":0,"wait":109,"receive":1,"ssl":119},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"login.polcu.microsoftenline.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"login.polcu.microsoftenline.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"login.polcu.microsoftenline.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-20","alert":"Phishing Block","trigger":"login.polcu.microsoftenline.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}