{"report_id":"e3e58de0-2d2f-4915-bd70-035c00c05874","version":6,"status":"done","tags":["microsoft","phishing"],"date":"2026-04-23T11:21:58Z","url":{"schema":"https","addr":"auth.properties/E.0n0B4aTckMr8iLg?/tasks/rwehome/PlanViews/OtKjpJYAELPk?Type=AssignedTo","fqdn":"auth.properties","domain":"auth.properties","tld":"properties"},"ip":{"addr":"212.104.128.0","port":0,"asn":0,"as":"","country":"Finland","country_code":"FI"},"final":{"url":{"schema":"https","addr":"auth.properties/E.0n0B4aTckMr8iLg?/tasks/rwehome/PlanViews/OtKjpJYAELPk?Type=AssignedTo","fqdn":"auth.properties","domain":"auth.properties","tld":"properties"},"title":"Sign in to your Microsoft account","dom":{"size":77464,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (22967)","md5":"9e44ff2ea53ae15825cedb09c17cc4c5","sha1":"5f7d67ee966ead349af273b384e920ce878376a8","sha256":"43e1ea2a044e7f768fa9b7c911b3890a0f46a78ad9cc10e77b633e92c3fe19ca","sha512":"9bb87cdaf9e1ed6f0c63187beaf5a8f140d0577b24d0ac1afec801458e5a91d5f85b8ef23fd34975e1d90a51d0982972ecb41e8561c354782a5c18544bdcad91","ssdeep":"768:d9IuXYyi2AduN2BJIt7qgeQm4gQ5KsrsoqcbrTf:vxifuN2IYRE5RrsoqW/f","tlshash":"3d73417a116258be530eb57473e61d012fe4c403d84bc9297bdc5a7ccf8b9c09a5e35a","dom_hash":"domhashfd281d2a4fae8a31df3823a65316d42a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"auth.properties/E.0n0B4aTckMr8iLg?/tasks/rwehome/PlanViews/OtKjpJYAELPk?Type=AssignedTo","fqdn":"auth.properties","domain":"auth.properties","tld":"properties"},"ip":{"addr":"212.104.128.0","port":0,"asn":0,"as":"","country":"Finland","country_code":"FI"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-28T11:21:58Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"auth.properties","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-23","alert":"Phishing Block","trigger":"auth.properties","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"auth.properties","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"auth.properties","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"auth.properties","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"res.cloudinary.com","ip":{"addr":"151.101.193.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2011-05-24","domain_rank":21175,"first_seen":"2012-10-03T08:31:44Z","last_seen":"2026-04-20T11:29:18.594161Z","alert_count":0,"request_count":1,"received_data":24648,"sent_data":532,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"auth.properties","ip":{"addr":"212.104.128.0","port":443,"asn":0,"as":"","country":"Finland","country_code":"FI"},"domain_registered":"2025-04-01","domain_rank":0,"first_seen":"2025-06-08T13:56:39.713119Z","last_seen":"2026-04-21T19:53:03.079733Z","alert_count":6,"request_count":1,"received_data":81301,"sent_data":555,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"auth.properties/E.0n0B4aTckMr8iLg?/tasks/rwehome/PlanViews/OtKjpJYAELPk?Type=AssignedTo","fqdn":"auth.properties","domain":"auth.properties","tld":"properties"},"ip":{"addr":"212.104.128.0","port":443,"asn":0,"as":"","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":true,"md5":"c83c222ba34cd0f28b8af22fe9d1508d","sha1":"c4634651b51e885cac106e07fac0bba156aaca37","sha256":"616a5bd40aba048b6acd2072e628e611bd8fe9c01a777661a222d73a7f744fa7","sha512":"62e01d7a4e660acbf27f67cfe4acf6456a3bfa4b1cb69f6684d463c4d10565b943d204c475ebeea15743aff65deed4a4229830e785ece5d5931729e6ea1134c8","ssdeep":"96:UKkp5rsoLeVqsewqHtRPPA0HI/Ud7T/mSG3GPM87JG:UKsrsoqVqbwq3nA0HI/Ud7K2PFM","tlshash":"cc91f1293166287201b7c1afa7c7414631a1404368d9d9607a7cd70d2fa7d52eef2bdf","size":4507,"data":"","first_seen":"2026-04-23T11:21:59.632283Z","last_seen":"2026-04-23T11:21:59.632283Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"res.cloudinary.com/hoxhunt/image/upload/v1654066826/organizations/628b2fd91ad515001b51e833-rwe.com-organization-develop.png","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"151.101.193.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://auth.properties/E.0n0B4aTckMr8iLg?/tasks/rwehome/PlanViews/OtKjpJYAELPk?Type=AssignedTo","date":"2026-04-23T11:21:36.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudinary.com","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q3","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 23 Sep 2025 16:30:27 GMT","end":"Sun, 25 Oct 2026 16:30:26 GMT"},"fingerprint":{"sha1":"77:6B:7C:56:E5:E7:51:42:ED:61:04:B9:D9:26:38:05:21:1C:F9:06","sha256":"F7:5C:28:39:1D:C1:7D:92:F0:E1:D7:3B:EF:A5:AD:B3:36:CD:F3:E5:AA:BE:EF:53:D9:F3:D5:47:D1:F3:4D:75"}}},"request":{"raw":"GET /hoxhunt/image/upload/v1654066826/organizations/628b2fd91ad515001b51e833-rwe.com-organization-develop.png HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://auth.properties/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\netag: \"59128b558e3910a33582aca14743273e\"\r\nlast-modified: Wed, 01 Jun 2022 07:00:28 GMT\r\ndate: Thu, 23 Apr 2026 11:21:37 GMT\r\nstrict-transport-security: max-age=604800\r\ncache-control: public, no-transform, immutable, max-age=2592000\r\nserver-timing: cld-fastly;dur=298;cpu=0;start=2026-04-23T11:21:37.021Z;desc=miss,rtt;dur=28,content-info;desc=\"width=1280,height=371,owidth=1280,oheight=371,obytes=26778\",cloudinary;dur=169;start=2026-04-23T11:21:37.091Z\r\nserver: Cloudinary\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nx-content-type-options: nosniff\r\naccess-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options\r\ncontent-length: 23888\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23888,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1280 x 371, 8-bit/color RGBA, non-interlaced","md5":"59128b558e3910a33582aca14743273e","sha1":"a297edee1f37eb69b1fba64adff93a3f984370d6","sha256":"1b4ff55d4b92eb2ecd3805d3e096f216366d98afab4ff4683ba1dc4022f544ae","sha512":"624b3d8aa388b958ea8e4e9908052227c2c0dfe0fef0cb41ac0c1f5f4c0a760da918e77da447bb2086d3bd76bf19485844a914efd340c42255be6e7c713410e8","ssdeep":"384:gEe2LpVpGvpMfmMcJ+m+tMi1FmxNxLY0L+q78bx2ERmtrfo9NeNmyLH:gEeGbpGRqu+m+tMqa4Y6/TNeNmyLH","tlshash":"85b2d07d848bf7d1da86094442bceac4bcb07cc1ddf119736be194277e8e6e70801a6a","first_seen":"2026-01-10T05:45:24.493779Z","last_seen":"2026-04-23T11:21:59.627725Z","times_seen":3,"resource_available":false,"data":null}},"time_used":500,"timings":{"blocked":81,"dns":20,"connect":26,"send":0,"wait":325,"receive":11,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auth.properties/E.0n0B4aTckMr8iLg?/tasks/rwehome/PlanViews/OtKjpJYAELPk?Type=AssignedTo","fqdn":"auth.properties","domain":"auth.properties","tld":"properties"},"ip":{"addr":"212.104.128.0","port":443,"asn":0,"as":"","country":"Finland","country_code":"FI"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-23T11:21:36.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth.properties","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 28 Mar 2026 17:14:29 GMT","end":"Fri, 26 Jun 2026 18:14:28 GMT"},"fingerprint":{"sha1":"95:F0:CD:2D:61:A0:36:AF:8E:4D:4D:0F:8F:00:EE:F0:9F:AC:3A:BF","sha256":"B7:34:ED:38:7B:DB:CC:A5:2A:EB:42:5A:48:8C:74:A4:7F:DF:21:94:0C:1D:C9:A4:CB:31:DE:81:E3:19:E3:16"}}},"request":{"raw":"GET /E.0n0B4aTckMr8iLg?/tasks/rwehome/PlanViews/OtKjpJYAELPk?Type=AssignedTo HTTP/1.1\r\nHost: auth.properties\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 23 Apr 2026 11:21:36 GMT\r\ncontent-type: text/html\r\naccess-control-expose-headers: X-Hox-Trace-Id\r\ncf-cache-status: DYNAMIC\r\nreferrer-policy: origin-when-cross-origin\r\nserver: cloudflare\r\nset-cookie: INGRESSCOOKIE=1776943297.25.46.424334|112633931b9d22736a011431493af478; Expires=Thu, 23-Apr-26 11:51:36 GMT; Max-Age=1800; Path=/quest/attachment/; Secure; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\nx-hox-trace-id: 67d293ed43e297a64e80a941e641feef\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-ray: 9f0c7c50cbc55690-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80673,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (22967), with CRLF line terminators","md5":"a3710efb297c7b2197f9f64520e5b0b5","sha1":"d62d13f490f637fa80fb6bfb93a0a3b473355f5a","sha256":"593e10ae35b17a8e0e69e4d3619477a8e115b8cf931b2537915fa31830e717f4","sha512":"339c3fa4bba5d31519363ffc32023721c4d12f57cd77f0d6a519531296ca4c1eee769bb4e9057e0ea15b86be989cd2dab51133aa49ab8da66b9590b2eac16f2a","ssdeep":"384:ut+zocNhJe5ohaJze1ZrPi2VayOFKevVuSq42kGxMqZKAooncMrHU:uUth43J8aJgeQh4gxMqZKAooncMrHU","tlshash":"dd737339510158bd533eb774bba20e04ffd18013d54782297bec6a7c8fb69c09a1eb5a","first_seen":"2026-04-23T11:21:59.629818Z","last_seen":"2026-04-23T11:21:59.629818Z","times_seen":1,"resource_available":true,"data":null}},"time_used":686,"timings":{"blocked":0,"dns":19,"connect":2,"send":0,"wait":640,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"auth.properties","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-23","alert":"Phishing Block","trigger":"auth.properties","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"auth.properties","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"auth.properties","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"auth.properties","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}