{"report_id":"bdd22a0d-4852-428a-9271-93e986bdeeac","version":6,"status":"done","tags":[],"date":"2026-03-02T02:50:37Z","url":{"schema":"https","addr":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","fqdn":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","domain":"azurecontainerapps.io","tld":"io"},"ip":{"addr":"20.252.81.187","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io/","fqdn":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","domain":"azurecontainerapps.io","tld":"io"},"title":"Helpdesk","dom":{"size":1708,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"1f8631744d642504256a2ecf56e1621e","sha1":"c127f2473c20f4276d06b0233c81e7a4e68e4db9","sha256":"14bdef9192543b78cf1c53f8a671f83883f72d1ac3ad1d05ef3a8a93ca4c94c7","sha512":"a6a6a4c69b17fa1f53cdbf2aea56d688605eeec5f393407014e3380802c546c7292cb97856775f0d5d490861cd29b54c8f0b37627228cd31b7d4051da3d3d5bd","ssdeep":"","tlshash":"9431798442d1233a09b76a948b9be6247073514b72489d057b8d42886f69f1b53b7eec","dom_hash":"domhashba0b80f495a91bf2b02ed4566a3b35e8","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","fqdn":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","domain":"azurecontainerapps.io","tld":"io"},"ip":{"addr":"20.252.81.187","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-06T02:50:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","ip":{"addr":"20.252.81.187","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"2021-08-26","domain_rank":0,"first_seen":"2026-03-02T02:47:06.781055Z","last_seen":"2026-03-02T02:47:06.781055Z","alert_count":2,"request_count":2,"received_data":5142,"sent_data":1062,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.29.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io/","fqdn":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","domain":"azurecontainerapps.io","tld":"io"},"ip":{"addr":"20.252.81.187","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"69e9a0914fdc262cbbc3bedd2aa6a89c","sha1":"6002dcafba5bc5ea371634588d305aaf219fedb9","sha256":"bcf119970a73bc327f42dcaf78c6f463edfe936f7fee19e4bf2c8e05039df28b","sha512":"21be818a885168655239b6f8d35838effa88bf9ae9aa20b3e384a8e8e2c770cb3654d0b6f4cfc2ea827c52189b0ae8e95b0bef3055d528034d1e79766d62694b","ssdeep":"","tlshash":"6021388853c6233609b72aa88b5b9a247033118b314cdd057b9d46846f69f1a13baeec","size":1440,"data":"","first_seen":"2026-03-02T02:47:08.142274Z","last_seen":"2026-03-02T02:54:10.967167Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io/","fqdn":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","domain":"azurecontainerapps.io","tld":"io"},"ip":{"addr":"20.252.81.187","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-02T02:50:16.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nicetree-8386a650.westus2.azurecontainerapps.io","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft Azure RSA TLS Issuing CA 08","organization":"Microsoft Corporation"},"validity":{"start":"Fri, 27 Feb 2026 13:25:09 GMT","end":"Tue, 25 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4C:37:E9:F0:2F:76:AC:A6:11:CF:13:A4:7D:D2:32:8F:51:0F:CC:EF","sha256":"F4:2C:00:BD:34:11:EA:DF:F4:93:E0:7E:6D:2F:46:7C:F6:A5:4F:11:E2:03:34:65:B8:EF:6B:9D:E7:9F:AC:19"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.5\r\ndate: Mon, 02 Mar 2026 02:50:17 GMT\r\ncontent-type: text/html\r\ncontent-length: 1726\r\nlast-modified: Sun, 18 Jan 2026 14:56:19 GMT\r\netag: \"696cf493-6be\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1726,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"abd88c813af0e7a8ab48dfc303962254","sha1":"e37a49318234788d75a86488e6dea5db53e051b0","sha256":"5cbb80d5595dfa97a1a58ca25dfe8edd29e415656f2016e172c6fd599bad9761","sha512":"52ecba17cc85e80459c97efbef7ae7b96825ad14f63254bb1db5612088df1713d21493138c1a9efe88850358efb799c8a3df80643106ec1b7048d21f808d408d","ssdeep":"","tlshash":"37318b8402d1233a09b76a948f9be6247073518b764cdd057f8d42886f69f1b53b7eec","first_seen":"2026-03-02T02:47:08.137669Z","last_seen":"2026-03-02T02:54:10.965872Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1054,"timings":{"blocked":439,"dns":1,"connect":162,"send":0,"wait":169,"receive":1,"ssl":279},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io/favicon.ico","fqdn":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","domain":"azurecontainerapps.io","tld":"io"},"ip":{"addr":"20.252.81.187","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io/","date":"2026-03-02T02:50:17.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nicetree-8386a650.westus2.azurecontainerapps.io","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft Azure RSA TLS Issuing CA 08","organization":"Microsoft Corporation"},"validity":{"start":"Fri, 27 Feb 2026 13:25:09 GMT","end":"Tue, 25 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4C:37:E9:F0:2F:76:AC:A6:11:CF:13:A4:7D:D2:32:8F:51:0F:CC:EF","sha256":"F4:2C:00:BD:34:11:EA:DF:F4:93:E0:7E:6D:2F:46:7C:F6:A5:4F:11:E2:03:34:65:B8:EF:6B:9D:E7:9F:AC:19"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.5\r\ndate: Mon, 02 Mar 2026 02:50:17 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 2947\r\nlast-modified: Sun, 18 Jan 2026 13:58:16 GMT\r\netag: \"696ce6f8-b83\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2947,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"01d3f16b2bdab39a69d2e0f2019dd696","sha1":"2f7e0b5e6f9563772942dde295c66c54e163c157","sha256":"8ee5be289b25fe1868edb80dd7ebd3f8de6f9cc581c1324261bc74146a2bd0e8","sha512":"fea9220b6d809612a42874d595f53cfa82ac8b567bc814d7ddbf964d5df7ca664cc6c7449d05129890308328ecc3967ede637a4054743a263ab3e60c2c50f142","ssdeep":"","tlshash":"6351a18a13004787a439dc2ddb470ce48df29bc71bbf83a8294d23291598b21fb48fd8","first_seen":"2023-05-18T19:11:41Z","last_seen":"2026-06-11T17:42:24.311322Z","times_seen":385,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"eqweqeqeqwrrrr.nicetree-8386a650.westus2.azurecontainerapps.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}