{"report_id":"b5857a70-a4b7-45e2-9850-4f9b9c19dff9","version":0,"status":"done","tags":[],"date":"2026-06-12T09:07:09Z","url":{"schema":"http","addr":"microsoftweb365.fwh.is","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/?i=1","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"title":"Iniciar sesión en tu cuenta Microsoft","dom":{"size":25339,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"3bbe317ac2243192ee65b156fc2e55ef","sha1":"cd76697161ee3f2ab1365678c3d1c0badc03e82c","sha256":"34ec963f5295793c9b669ecd269a6e73ff45e7e9baa64ace5f5fd80116d7f42f","sha512":"7945af5f8bcf12aacf9fe211bd9a928118caf50c13aa5eab57eb6c78ba9f4b835b503549085b4a014d37cc63a0b79775ec1597d459d51d6b37a60c376217d772","ssdeep":"768:k9ADTleymTXFAxR1HFcKxE/IdFhNdFhrv:CGEAdFhNdFhrv","tlshash":"e9b28556a9b319637413e4a827f786063364c003d50bcd293fac938c9f87ada9d9379d","dom_hash":"domhash907373e88df911d29461a464a3109c0e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"microsoftweb365.fwh.is","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-17T09:07:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"i.ibb.co","ip":{"addr":"45.43.142.3","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"domain_registered":"2010-07-20","domain_rank":21643,"first_seen":"2018-11-25T10:13:48Z","last_seen":"2026-06-11T17:37:13.569548Z","alert_count":0,"request_count":1,"received_data":26435,"sent_data":564,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"c.s-microsoft.com","ip":{"addr":"2.18.174.85","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"2012-02-07","domain_rank":46140,"first_seen":"2013-11-06T15:56:27Z","last_seen":"2026-06-11T21:39:28.020746Z","alert_count":0,"request_count":1,"received_data":367,"sent_data":549,"comment":"","tags":null,"fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-06-07T22:22:03.23237Z","alert_count":0,"request_count":1,"received_data":508,"sent_data":533,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-06-07T22:40:26.930816Z","alert_count":0,"request_count":1,"received_data":102999,"sent_data":531,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2026-06-08T07:31:13.685477Z","alert_count":0,"request_count":1,"received_data":90458,"sent_data":508,"comment":"","tags":null,"fingerprints":null},{"fqdn":"microsoftweb365.fwh.is","ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":20,"request_count":4,"received_data":28178,"sent_data":2025,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]}]},{"fqdn":"www.freepnglogos.com","ip":{"addr":"78.46.22.25","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2016-10-07","domain_rank":880176,"first_seen":"2017-02-09T09:00:11Z","last_seen":"2026-06-10T01:00:27.216732Z","alert_count":0,"request_count":1,"received_data":46327,"sent_data":596,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/?i=1","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"b80f72a309a5ae60e3bf984922d9a3c8","sha1":"a54ace43e127880a2ab6a47a4c9bf779be00cec9","sha256":"6cd1567f99a5771361981cf77c707627de6de1c63448b86cd796b2cd217f224d","sha512":"1b8f92ddfc033d3e434418f1f95398493bd3341b091d6523e841e0cb7a0c22eae173913b874717935337540e5e9b26b44ef8a53fb1460513c90a4ec407543374","ssdeep":"","tlshash":"4bd0c9d9e8d27874924821a21c3ad0216a395884548fa549f8400409eec630cdb26c30","size":198,"data":"","first_seen":"2026-06-07T15:59:48.443596Z","last_seen":"2026-07-02T13:36:14.356094Z","times_seen":29,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/?i=1","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"e082cae781a4e57c3b8a318f297c1961","sha1":"edf75b408a9669518f2b617a5e79be8ce450e0cf","sha256":"6e025c31506a465c7e05371dcf8a89048ca4305923242e4f148b88a4b6ac044e","sha512":"801b277d9404957de13458f24783fbbbfef2bfcd34f976b57d599a2174aba14839ff171d99ec541df17316bdee219f1b10c912ea8d867e8a7cd98c5033d60420","ssdeep":"96:xdFhsWdFhcTuzb8xQhNLxAFoN/FNJnyvvalHAOvzBKKgrYu:xdFhsWdFhbzb8qNHN9y3alHXzErv","tlshash":"a7b10115b8b31da10573e1ad27bbc105361540472806ce017facdb8c3f66eabba627db","size":5451,"data":"","first_seen":"2026-06-12T01:16:29.843552Z","last_seen":"2026-06-12T09:07:13.950509Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/aes.js","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc66e046447092c606f2587837f96874","sha1":"fcf354a8044f494ee1f9fe868dde3f570f50e593","sha256":"5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96","sha512":"51cd149b2876e90621afc579fb172e253548a851d4c202181e1faba812f5beb1ae9ccf9f153137f60c569e05a79dcb272176e0126eceac54316208d2699a689f","ssdeep":"192:4hsoEj776Bn/tnHcgaollys/6+EgH3JLg7oLu0MyMVu:i50/3xoGs/jE839g2FB1","tlshash":"355200c203894a7cf2c92ed68c2f605620f3e54a3d251249efb399dbbc77d895075a36","size":13733,"data":"","first_seen":"2023-10-15T19:29:47Z","last_seen":"2026-07-02T19:35:31.916056Z","times_seen":7893,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89476,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-07-02T20:37:30.974574Z","times_seen":256830,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/telgm1.js","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb8b8a5850945b598e315670b08020ba","sha1":"56fb8692038cf75b649710e0decaaaeb27ab68c3","sha256":"865527bfa539c4f4be54b1957d004c48f7f6e13aed5ad54302da0a28412f8ce9","sha512":"b94bba3c9c8ffaf81819088efa3869577372fda31cee2863f8cd3ca304a9c8287432ae3e17be43311ffcc1be5308f16d4b2081225d36cf0019c4dbc989e1540e","ssdeep":"","tlshash":"f5c080832369583e293357d41516153cfbc1a4e914480ccea2a662350c8801376134d3","size":175,"data":"","first_seen":"2026-06-12T01:16:29.835308Z","last_seen":"2026-06-12T09:07:13.94361Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/?i=1","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"b80f72a309a5ae60e3bf984922d9a3c8","sha1":"a54ace43e127880a2ab6a47a4c9bf779be00cec9","sha256":"6cd1567f99a5771361981cf77c707627de6de1c63448b86cd796b2cd217f224d","sha512":"1b8f92ddfc033d3e434418f1f95398493bd3341b091d6523e841e0cb7a0c22eae173913b874717935337540e5e9b26b44ef8a53fb1460513c90a4ec407543374","ssdeep":"","tlshash":"4bd0c9d9e8d27874924821a21c3ad0216a395884548fa549f8400409eec630cdb26c30","size":198,"data":"","first_seen":"2026-06-07T15:59:48.443596Z","last_seen":"2026-07-02T13:36:14.356094Z","times_seen":29,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/?i=1","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"e082cae781a4e57c3b8a318f297c1961","sha1":"edf75b408a9669518f2b617a5e79be8ce450e0cf","sha256":"6e025c31506a465c7e05371dcf8a89048ca4305923242e4f148b88a4b6ac044e","sha512":"801b277d9404957de13458f24783fbbbfef2bfcd34f976b57d599a2174aba14839ff171d99ec541df17316bdee219f1b10c912ea8d867e8a7cd98c5033d60420","ssdeep":"96:xdFhsWdFhcTuzb8xQhNLxAFoN/FNJnyvvalHAOvzBKKgrYu:xdFhsWdFhbzb8qNHN9y3alHXzErv","tlshash":"a7b10115b8b31da10573e1ad27bbc105361540472806ce017facdb8c3f66eabba627db","size":5451,"data":"","first_seen":"2026-06-12T01:16:29.843552Z","last_seen":"2026-06-12T09:07:13.950509Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Segoe+UI:wght@400;600\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://microsoftweb365.fwh.is/?i=1","date":"2026-06-12T09:06:46.362Z","timestamp":1781255206362,"http_version":"HTTP/2","security_state":"","security_info":null,"request":{"raw":"GET /css2?family=Segoe+UI:wght@400;600\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoftweb365.fwh.is/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 \r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Fri, 12 Jun 2026 09:06:46 GMT\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T21:08:06.749897Z","times_seen":16922945,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://microsoftweb365.fwh.is/?i=1","date":"2026-06-12T09:06:46.364Z","timestamp":1781255206364,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoftweb365.fwh.is/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Fri, 12 Jun 2026 09:06:46 GMT\r\ncontent-type: text/css; charset=utf-8\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\nlast-modified: Mon, 27 Mar 2023 17:46:59 GMT\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/r2\r\nx-cdnjs-cache: HIT\r\ncf-cache-status: HIT\r\nage: 573315\r\nexpires: Wed, 02 Jun 2027 09:06:46 GMT\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mRUUBXnxUDZeis7EXrd3fONiR2TUhZp7LAakcfKk2NWfiT9wiCY%2BjT%2FiYt7DDI9VwhtWuwxuJA0OpxmP%2BUy3egGkA3Xq3pXAcsP2BTE9YzQBww7utSNQ6opfmU6w0A5EZLq4QqNA\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: a0a7b38fdda40883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":102025,"size_decoded":19726,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (52276)","md5":"ded1c367363e8b20bdc6a19b8350a737","sha1":"8c06d82739d14b094ff6d9036021a252bd1d985d","sha256":"1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf","sha512":"89e71d2e66ac925ec2564aa45cd43f647fd72e5bd664e2728fb632eed71e9e6a43d72a404a8ce9993fc4d223ed985201e3a66676d01cf5e341bc7d07fd9a6207","ssdeep":"1536:OwMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPGuZprfZCl:S709gMGFiyPGuZpfZCl","tlshash":"2ea3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-04-06T15:05:25Z","last_seen":"2026-07-02T20:11:29.849629Z","times_seen":53383,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":3,"connect":10,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://microsoftweb365.fwh.is/?i=1","date":"2026-06-12T09:06:46.366Z","timestamp":1781255206366,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:19 GMT","end":"Mon, 17 Aug 2026 08:38:18 GMT"},"fingerprint":{"sha1":"4D:E0:8E:62:2F:B2:3D:28:5D:7D:B5:8D:C5:3A:72:E4:EE:AB:7D:93","sha256":"AE:0B:4F:B5:B7:41:E5:0C:70:C0:E1:2A:F9:DB:AD:A8:64:94:F3:70:6D:38:1C:8A:8A:CA:52:96:5C:D8:5C:87"}}},"request":{"raw":"GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoftweb365.fwh.is/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 31021\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 12 Jun 2026 06:22:40 GMT\r\nexpires: Sat, 12 Jun 2027 06:22:40 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 9846\r\nlast-modified: Fri, 08 May 2020 07:05:03 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":89476,"size_decoded":32003,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-07-02T20:37:30.974574Z","times_seen":256830,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":3,"connect":15,"send":0,"wait":16,"receive":15,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/telgm1.js","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://microsoftweb365.fwh.is/?i=1","date":"2026-06-12T09:06:46.367Z","timestamp":1781255206367,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fwh.is","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Sat, 18 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"64:9D:4C:C4:DC:3C:D1:A3:63:BA:67:09:B6:6D:A9:E2:46:84:71:27","sha256":"CC:C1:06:79:84:89:86:9C:4E:88:DB:58:6F:80:87:FA:FB:A0:F8:52:1E:6F:FA:F3:F7:0E:99:72:D0:19:90:8E"}}},"request":{"raw":"GET /telgm1.js HTTP/1.1\r\nHost: microsoftweb365.fwh.is\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoftweb365.fwh.is/?i=1\r\nCookie: __test=91f40475faa1aad9f52014812100540d\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 12 Jun 2026 09:06:46 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 175\r\nConnection: keep-alive\r\nLast-Modified: Sat, 23 May 2026 19:28:15 GMT\r\nETag: \"af-65281259df85f\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate\r\nExpires: Sun, 12 Jul 2026 09:06:46 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":175,"size_decoded":542,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"eb8b8a5850945b598e315670b08020ba","sha1":"56fb8692038cf75b649710e0decaaaeb27ab68c3","sha256":"865527bfa539c4f4be54b1957d004c48f7f6e13aed5ad54302da0a28412f8ce9","sha512":"b94bba3c9c8ffaf81819088efa3869577372fda31cee2863f8cd3ca304a9c8287432ae3e17be43311ffcc1be5308f16d4b2081225d36cf0019c4dbc989e1540e","ssdeep":"","tlshash":"f5c080832369583e293357d41516153cfbc1a4e914480ccea2a662350c8801376134d3","first_seen":"2026-06-12T01:16:29.835308Z","last_seen":"2026-06-12T09:07:13.94361Z","times_seen":2,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.freepnglogos.com/uploads/microsoft-logo-png-transparent-background-1.png","fqdn":"www.freepnglogos.com","domain":"freepnglogos.com","tld":"com"},"ip":{"addr":"78.46.22.25","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://microsoftweb365.fwh.is/?i=1","date":"2026-06-12T09:06:46.373Z","timestamp":1781255206373,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"freepnglogos.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 05 May 2026 03:36:54 GMT","end":"Mon, 03 Aug 2026 03:36:53 GMT"},"fingerprint":{"sha1":"EE:23:79:61:B6:BD:EB:9E:F3:33:21:B3:72:F3:D3:8D:A3:0B:31:0C","sha256":"69:13:91:15:6A:72:5C:D8:32:88:8B:76:F0:22:C2:9B:4A:F1:44:6F:DA:AB:4D:4E:9C:1B:B6:FB:86:CB:88:59"}}},"request":{"raw":"GET /uploads/microsoft-logo-png-transparent-background-1.png HTTP/1.1\r\nHost: www.freepnglogos.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoftweb365.fwh.is/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx/1.18.0 (Ubuntu)\r\ndate: Fri, 12 Jun 2026 09:06:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 46043\r\nlast-modified: Sat, 20 Aug 2022 14:09:47 GMT\r\netag: \"6300eb2b-b3db\"\r\ncache-control: no-cache, must-revalidate\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":46043,"size_decoded":46327,"mime_type":"image/png","magic":"PNG image data, 5471 x 1280, 8-bit/color RGBA, non-interlaced","md5":"c117a0bda103aeb25c145a71b0b8ac5a","sha1":"3dd6e5ccf39e92e840404bdab510c8d67bd6e768","sha256":"4bad04d35478f23907ff0e6433a492400840cec4fbd6a487752dd5bdcbbca029","sha512":"73136f1a544983f8ed0e909d0811bbf7fd61ccbeb84bb2023af56943949ea082306576bff227fc71c864d2022e429059231aa082d19977dead2de25c07e17bc8","ssdeep":"768:sgFuRUyAenFPQDYEP6BI1fdR9QgPla9qO:sfZZiPpLR9d9a9qO","tlshash":"1f2329b54c9b89f5c10d4876dc789fa972f81ade6224332d433e7a3d78963ca6004add","first_seen":"2023-11-03T14:17:52Z","last_seen":"2026-07-02T13:36:14.35503Z","times_seen":239,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":72,"dns":0,"connect":33,"send":0,"wait":33,"receive":67,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.ibb.co/273WcRJm/imgnew.jpg?v=1749764353828","fqdn":"i.ibb.co","domain":"ibb.co","tld":"co"},"ip":{"addr":"45.43.142.3","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://microsoftweb365.fwh.is/?i=1","date":"2026-06-12T09:06:46.486Z","timestamp":1781255206486,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ibb.co","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 08:46:45 GMT","end":"Tue, 14 Jul 2026 08:46:44 GMT"},"fingerprint":{"sha1":"AB:FE:0C:54:E2:24:E0:D9:B7:F9:DC:18:02:C9:05:26:34:63:E8:65","sha256":"F0:A7:95:74:CF:C2:BC:7A:69:1D:6A:03:47:B4:D3:2A:76:24:DE:28:F8:31:95:41:B2:F8:86:C9:B3:F8:E3:01"}}},"request":{"raw":"GET /273WcRJm/imgnew.jpg?v=1749764353828 HTTP/1.1\r\nHost: i.ibb.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoftweb365.fwh.is/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: openresty\r\ndate: Fri, 12 Jun 2026 09:06:46 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 26069\r\nlast-modified: Fri, 09 Jan 2026 13:19:28 GMT\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":26069,"size_decoded":26435,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], progressive, precision 8, 640x360, components 3","md5":"c9129dcf019c0fd5ca90625a611a1caa","sha1":"96b078c9e9d06ac8f14e8f308d7b711d5c2917c7","sha256":"dcd27185e5511e9bd250f7ac4a93a81ff8a895fb5f45b6cb1115da7d493457f4","sha512":"044e9ccd5960e74ab142692ce17dda3813870d3cb7ed7ff11180ec5e13e9a89e82d74574ecd83385cab40009e773d3280ec6b86af76d4bfe46fb594912599296","ssdeep":"768:kiP4Fc9ghIDDiUhB/26HrjDAFSNR566fULq3Z/BBoMN:kfFc9g6DDiUxjsFS06fzJ7oMN","tlshash":"1ec2f2399bc52ac5e8128f306205d727fa4fff7ad637600621c9cd25b8c79a63d00765","first_seen":"2026-06-12T01:16:29.837035Z","last_seen":"2026-06-12T09:07:13.94606Z","times_seen":2,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":0,"dns":2,"connect":22,"send":0,"wait":45,"receive":22,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.s-microsoft.com/favicon.ico?v2","fqdn":"c.s-microsoft.com","domain":"s-microsoft.com","tld":"com"},"ip":{"addr":"2.18.174.85","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://microsoftweb365.fwh.is/?i=1","date":"2026-06-12T09:06:46.657Z","timestamp":1781255206657,"http_version":"HTTP/2","security_state":"","security_info":null,"request":{"raw":"GET /favicon.ico?v2 HTTP/1.1\r\nHost: c.s-microsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoftweb365.fwh.is/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nx-azure-ref: 20260612T090646Z-1657c765fbcfpjcrhC1FRAhpgc000000033g000000000mxb\r\ncontent-encoding: gzip\r\ncache-control: max-age=604800\r\nexpires: Fri, 19 Jun 2026 09:06:46 GMT\r\ndate: Fri, 12 Jun 2026 09:06:46 GMT\r\naccess-control-allow-methods: GET,POST\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T21:08:06.749897Z","times_seen":16922945,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-12T09:06:45.503Z","timestamp":1781255205503,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fwh.is","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Sat, 18 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"64:9D:4C:C4:DC:3C:D1:A3:63:BA:67:09:B6:6D:A9:E2:46:84:71:27","sha256":"CC:C1:06:79:84:89:86:9C:4E:88:DB:58:6F:80:87:FA:FB:A0:F8:52:1E:6F:FA:F3:F7:0E:99:72:D0:19:90:8E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: microsoftweb365.fwh.is\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 12 Jun 2026 09:06:45 GMT\r\nContent-Type: text/html\r\nContent-Length: 849\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":849,"size_decoded":1059,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (849), with no line terminators","md5":"2ac5c7094084e844ff20a8d37cd4408a","sha1":"c250845a3b484bc126aafbbffa155d91c2435f2e","sha256":"649e7d62329a1b0fac3dd25cb8e9b8d2641f96744f871834316577093bebe6da","sha512":"dfdabc1e3f44a18fed5f835a950db233e2c567687c7c3620341757194859f8e40be8fcc90182928b43d32d6cf03d34b07893a21f0893b3314fc27db985cac70a","ssdeep":"","tlshash":"ac0141b5eca1e0c5dfc100c00976d66f6416aaa2e551c9afc0c242e462d1bdc0e8ad7a","first_seen":"2026-06-12T09:07:13.947028Z","last_seen":"2026-06-12T09:07:13.947028Z","times_seen":1,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":139,"connect":30,"send":0,"wait":31,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/aes.js","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://microsoftweb365.fwh.is/","date":"2026-06-12T09:06:46.013Z","timestamp":1781255206013,"http_version":"HTTP/1.1","security_state":"secure","security_info":null,"request":{"raw":"GET /aes.js HTTP/1.1\r\nHost: microsoftweb365.fwh.is\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoftweb365.fwh.is/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T21:08:06.749897Z","times_seen":16922945,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"microsoftweb365.fwh.is/?i=1","fqdn":"microsoftweb365.fwh.is","domain":"fwh.is","tld":"is"},"ip":{"addr":"185.27.134.225","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-12T09:06:46.102Z","timestamp":1781255206102,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fwh.is","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Sat, 18 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"64:9D:4C:C4:DC:3C:D1:A3:63:BA:67:09:B6:6D:A9:E2:46:84:71:27","sha256":"CC:C1:06:79:84:89:86:9C:4E:88:DB:58:6F:80:87:FA:FB:A0:F8:52:1E:6F:FA:F3:F7:0E:99:72:D0:19:90:8E"}}},"request":{"raw":"GET /?i=1 HTTP/1.1\r\nHost: microsoftweb365.fwh.is\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://microsoftweb365.fwh.is/\r\nCookie: __test=91f40475faa1aad9f52014812100540d\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Fri, 12 Jun 2026 09:06:45 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 26221\r\nConnection: keep-alive\r\nLast-Modified: Sat, 23 May 2026 19:28:13 GMT\r\nETag: \"666d-6528125798811\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=2592000, public, proxy-revalidate\r\nExpires: Sun, 12 Jul 2026 09:06:45 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26221,"size_decoded":26577,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"aef35ea80d85e70ff4492c0be2e8d374","sha1":"4429d980d68cd664c818cae5e83c9025a8780837","sha256":"238208f030cc361737a193cee60d3f7bfbc5cbf0b0bcf2bf9ab13f00034ded39","sha512":"46750754dfbba43e3bdcb0730121d76ad842fc34e10bb5fb2f7c8ef8b795d667564b2fa60861db140c98d27a418b3f8083674339b6739b6b90a937d5513bfcc4","ssdeep":"768:D9HDTleymTXFAxR1HFcK6b8IdFhNdFhr9:kNb3dFhNdFhr9","tlshash":"30c27456a9b319636413e4a827f786063364c003d50bcd293fac938c9f87bda999379d","first_seen":"2026-06-12T01:16:29.838781Z","last_seen":"2026-06-12T09:07:13.948451Z","times_seen":2,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"microsoftweb365.fwh.is","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}
