{"report_id":"e4a73290-b4cc-47d4-9ba7-924063b51d7a","version":6,"status":"done","tags":["microsoft","phishing"],"date":"2026-05-04T09:55:57Z","url":{"schema":"http","addr":"exchange.martinwaldmeier.com","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":0,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"final":{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"title":"Outlook","dom":{"size":56985,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (10412)","md5":"9e56018601e26c26e5100cc95a39b0c0","sha1":"24abb0dd1c15c6e6453932c8ac4bb9e9c570f173","sha256":"ac4675cbe63bf98d97e0e28ea911c228a55619fffc3daa17c84f3a8cb79f885c","sha512":"5ccc6e826c39a3d2abb93f8dce6550688c48b9aa5cfd2a4e5eea4d79b8315295c8077f3355686b8372ddeadb6079de627829ea6ba2b1135ca89091c2971d314f","ssdeep":"768:ByDwuJmtz7e05Nnfvi2aD2xpkzdKV7aQblNoJmgK4e2FuzUEQnclYtcY:PtzK05N7aD2xpEkF5F4nFuYcScY","tlshash":"dc43af3fa9572c332867607463dbb28a3f2a8417824ed924387c1758ef81d76417ebd9","dom_hash":"domhash17329f9747385756a7021532ffde11da","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"exchange.martinwaldmeier.com","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":0,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-08T09:55:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"exchange.martinwaldmeier.com","ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"domain_registered":"2010-01-20","domain_rank":0,"first_seen":"2026-05-04T09:55:57.860544Z","last_seen":"2026-05-04T09:55:57.860544Z","alert_count":6,"request_count":6,"received_data":194683,"sent_data":3585,"comment":"","tags":null,"fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Outlook Web App:15.1.2507","description":"Outlook on the web is an information manager web app. It includes a web-based email client, a calendar tool, a contact manager, and a task manager.","website":"https://help.outlook.com","common_platform_enumeration":"cpe:2.3:a:microsoft:outlook_web_access:*:*:*:*:*:*:*:*","icon":"Outlook.svg","categories":["Webmail"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"introduction_type":"scriptElement","is_inline":true,"md5":"8e2bc1b488831cdc5841d3abfb0ba6bb","sha1":"50aed9715e2a5c3018ae336875294f64a202eaf2","sha256":"b7cd8d9758300e4190d07cfc88be4aabadff6e837e68d93eb73648dbcd89351b","sha512":"05c4c12df45551e8279a5d866076ae4febff08dfe5b389f611e7c1fc1ac20e97d70ccdc6c192d2796654a86566bb9af7dd716b7d33acd9e55a42bd1173b44c07","ssdeep":"384:/p/t8tz4HAo99QeRwiWSM7iFi5NJsl8oWGixlY:/Jmtz7e05NnfvU","tlshash":"3b52943dac9d18321973b239075fb28af3668917930cdd143c2e93a4bf40576857ead6","size":14415,"data":"","first_seen":"2023-03-07T01:02:58Z","last_seen":"2026-05-04T09:56:02.187109Z","times_seen":2807,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"introduction_type":"scriptElement","is_inline":true,"md5":"97eb9cc59146b048bdf9f61b499bf16f","sha1":"3bcf316328c997d9768a59393894a989052e5198","sha256":"d656711ef4d2a655d04b516c9dbafbe90bc4b24b57b0c3bc3c197ef4d287b641","sha512":"68b17a6d7c9421262ea279fbec333bd928a2f9b463f1a0353220b907283ea3dec40fb54190e89aceac48fbb1ad9c6d144258b2d614a288758c336e4e9d6382da","ssdeep":"","tlshash":"7d21864ef224133778196937a7db8097b7a98e37c21ced2690ad0cbb388640e107e533","size":1393,"data":"","first_seen":"2023-03-07T01:02:58Z","last_seen":"2026-05-04T09:56:02.188162Z","times_seen":2598,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/logon.aspx?url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f\u0026reason=0","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"8e2bc1b488831cdc5841d3abfb0ba6bb","sha1":"50aed9715e2a5c3018ae336875294f64a202eaf2","sha256":"b7cd8d9758300e4190d07cfc88be4aabadff6e837e68d93eb73648dbcd89351b","sha512":"05c4c12df45551e8279a5d866076ae4febff08dfe5b389f611e7c1fc1ac20e97d70ccdc6c192d2796654a86566bb9af7dd716b7d33acd9e55a42bd1173b44c07","ssdeep":"384:/p/t8tz4HAo99QeRwiWSM7iFi5NJsl8oWGixlY:/Jmtz7e05NnfvU","tlshash":"3b52943dac9d18321973b239075fb28af3668917930cdd143c2e93a4bf40576857ead6","size":14415,"data":"","first_seen":"2023-03-07T01:02:58Z","last_seen":"2026-05-04T09:56:02.187109Z","times_seen":2807,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/logon.aspx?url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f\u0026reason=0","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"0f4634ceb653b5ff5930a03f3f17513d","sha1":"7fa53774de1e9d045e2dfb2dc96e03ae0b854d9f","sha256":"84f18c6dc048fe48f315099ea91807b5a0f44817a93b082cb63a52cc4b57bbfa","sha512":"9cf9c8008c3bd3f606a2027abb65a9a66c2c50a3f5b8a6baf3b5ef144048915e7548fcec9ae6e0b387ccd77626d601f23e0bc951fc6ad657348b02abc284576a","ssdeep":"","tlshash":"63d02e004c0213bb78ffc1aaa5eca00a81a28a2b0068dd8aa308d8a50e0c1a610b82e1","size":273,"data":"","first_seen":"2026-05-04T09:56:02.190559Z","last_seen":"2026-05-04T09:56:02.190559Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"introduction_type":"scriptElement","is_inline":true,"md5":"25162df66169bb02d171cefb0705b9aa","sha1":"d14d0b165804e5bc0af701aab04c896206f99189","sha256":"a581e957006f4ce637991baad1381f69785a4a9f183afbf67602b22eb3ab6a7a","sha512":"4e0749423c28e47376dbb25fb7b8b501d0b655199b4faef4ea8810415045481eb0ddc7bcfe2dece015ac3cfa94ce6d4cd0d4d7b5c3f5b2fda586af7963ba2729","ssdeep":"","tlshash":"7731c76a7447092079eef63d126b678c3939c003450699003d7cd71a6f36ec7c4a9eee","size":1766,"data":"","first_seen":"2023-03-07T01:34:50Z","last_seen":"2026-05-04T09:56:02.19487Z","times_seen":1224,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"introduction_type":"scriptElement","is_inline":true,"md5":"24f6a9c606199b766addcdaf630a6f4a","sha1":"e25cfd579629e6e410927500f3e9a728261c0553","sha256":"e74b3de0ef4501689fdd96e8ecf0f120e7761bb3d9bfe6544e38790c0d386bf0","sha512":"a074c42aa263064b61aef817bf15c5b13d4c3702d068f6d6e79697f8ed723470aa4bf8dcd50b1eb886534d8af9b6bea4807a6a4e4b15fe786d3f111d73ea6141","ssdeep":"","tlshash":"ed70000b020002c0a22a820f0880002022200003a03a0c20200000a0022002c2002220","size":19,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-05-04T09:56:02.195962Z","times_seen":4597,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"introduction_type":"scriptElement","is_inline":true,"md5":"3012703a3a5c709a38f2cba896e8e5e6","sha1":"d574b12ce7043b1ee47eb6934c39f19379fcf0ec","sha256":"2c65e217804431e380651ce713d311bd5b5a5fb81cebc58392505cb35c854cdc","sha512":"7ca0891d8d30781341b26e92353fda805a4383605a93bd41a402b1724c3712b345b0b354366952c5927de326e1e075f4198c50f82085127b36e07cc6dbf3cb8a","ssdeep":"","tlshash":"59c0486a6a4206a41ab6b65d32af22013b8280435b05f88cb87de1028b10a838878f8c","size":137,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-05-04T09:56:02.199826Z","times_seen":5102,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"introduction_type":"scriptElement","is_inline":true,"md5":"db8216e217de9a14420fa187142b00b5","sha1":"50f9fdaa34b7caa061db879baa23a7d75f048e9e","sha256":"ebc3102ee92075887df69ec8c18ca2c24015e728566d302598a63c06697754ed","sha512":"6f40947f7a23bee134b9d48603ae1350677e7a2017883aeb86173bb320e0b8ffc8a5755a216580fe60a93b6251baf0a5ed7dc31875d938143148818ed3c0e6a7","ssdeep":"","tlshash":"1ba0020c04af42510e1be93d2566cc4851535453a1a69715780c03469f418a485b1ad5","size":68,"data":"","first_seen":"2023-03-07T01:02:58Z","last_seen":"2026-05-04T09:56:02.200427Z","times_seen":3735,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-04T09:55:36.156Z","timestamp":0,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: exchange.martinwaldmeier.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\ncache-control: no-cache\r\npragma: no-cache\r\nlocation: https://exchange.martinwaldmeier.com/owa/\r\nserver: Microsoft-IIS/10.0\r\nx-feserver: EX-02\r\nx-requestid: b603f1a4-1f0d-4f76-85be-bd0ab9ee71a9\r\ndate: Mon, 04 May 2026 09:55:35 GMT\r\ncontent-length: 0\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":28002,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T14:05:20.54426Z","times_seen":14637885,"resource_available":true,"data":null}},"time_used":425,"timings":{"blocked":194,"dns":115,"connect":33,"send":0,"wait":37,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-04T09:55:36.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchange.martinwaldmeier.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Apr 2026 00:08:00 GMT","end":"Wed, 01 Jul 2026 00:07:59 GMT"},"fingerprint":{"sha1":"3C:7C:FD:48:7E:9A:E2:AB:1B:AD:92:67:EA:B2:4C:3F:F7:B3:D4:03","sha256":"3E:8C:44:B6:B8:14:1A:EA:1F:6B:0A:AD:9A:61:6C:9A:77:53:CD:74:05:FF:34:AD:86:C9:EE:D6:6E:37:CE:EA"}}},"request":{"raw":"GET /owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f HTTP/1.1\r\nHost: exchange.martinwaldmeier.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://exchange.martinwaldmeier.com/owa/auth/logon.aspx?url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f\u0026reason=0\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ncache-control: no-cache, no-store\r\npragma: no-cache\r\ncontent-type: text/html; charset=utf-8\r\nexpires: -1\r\nserver: Microsoft-IIS/10.0\r\nrequest-id: 66298f66-6ea5-41ea-89cf-b5500848f8e3\r\nx-frame-options: SAMEORIGIN\r\nx-aspnet-version: 4.0.30319\r\nx-powered-by: ASP.NET\r\ndate: Mon, 04 May 2026 09:55:36 GMT\r\ncontent-length: 58800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Outlook Web App:15.1.2507","description":"Outlook on the web is an information manager web app. It includes a web-based email client, a calendar tool, a contact manager, and a task manager.","website":"https://help.outlook.com","common_platform_enumeration":"cpe:2.3:a:microsoft:outlook_web_access:*:*:*:*:*:*:*:*","icon":"Outlook.svg","categories":["Webmail"]}],"data":{"size":58800,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (10414), with CRLF, LF line terminators","md5":"f53ccbe0e209a68065cd9fc0d1b3e357","sha1":"afbc91de21d47a580236c4abfd855492adaa3428","sha256":"411542b048f6b2ff3c16e0e36f9d1d6f1ec0701ab353cc035522f02588bf0df4","sha512":"68f2b926f9e605b395453af1864e27142b434a7f5ace1ff2c6c05047875683c072b106d5a4c0d6a2d010305ffdd30d47fc7c472773ded6efce77ec42b3e4d3a3","ssdeep":"768:839QS4/yu1GirLX9ciGwPLzz+mUokRdKV7aQblHoJmgK4e2Fuz04qPclTrcO:JGinX9c4zz+mBokF5r4nFu6cZcO","tlshash":"f1439d3fe806693b17339625a7b3720aff114017474a8a2078fc1756afb1c75816aedd","first_seen":"2026-05-04T09:56:02.179509Z","last_seen":"2026-05-04T09:56:02.179509Z","times_seen":1,"resource_available":true,"data":null}},"time_used":314,"timings":{"blocked":81,"dns":1,"connect":35,"send":0,"wait":72,"receive":79,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-04T09:55:36.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchange.martinwaldmeier.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Apr 2026 00:08:00 GMT","end":"Wed, 01 Jul 2026 00:07:59 GMT"},"fingerprint":{"sha1":"3C:7C:FD:48:7E:9A:E2:AB:1B:AD:92:67:EA:B2:4C:3F:F7:B3:D4:03","sha256":"3E:8C:44:B6:B8:14:1A:EA:1F:6B:0A:AD:9A:61:6C:9A:77:53:CD:74:05:FF:34:AD:86:C9:EE:D6:6E:37:CE:EA"}}},"request":{"raw":"GET /owa/ HTTP/1.1\r\nHost: exchange.martinwaldmeier.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T14:05:20.54426Z","times_seen":14637885,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","date":"2026-05-04T09:55:37.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchange.martinwaldmeier.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Apr 2026 00:08:00 GMT","end":"Wed, 01 Jul 2026 00:07:59 GMT"},"fingerprint":{"sha1":"3C:7C:FD:48:7E:9A:E2:AB:1B:AD:92:67:EA:B2:4C:3F:F7:B3:D4:03","sha256":"3E:8C:44:B6:B8:14:1A:EA:1F:6B:0A:AD:9A:61:6C:9A:77:53:CD:74:05:FF:34:AD:86:C9:EE:D6:6E:37:CE:EA"}}},"request":{"raw":"GET /owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf HTTP/1.1\r\nHost: exchange.martinwaldmeier.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ncache-control: public,max-age=2592000\r\ncontent-type: application/octet-stream\r\nlast-modified: Sun, 20 Mar 2022 14:39:34 GMT\r\naccept-ranges: bytes\r\netag: \"017f650683cd81:0\"\r\nserver: Microsoft-IIS/10.0\r\nrequest-id: 6e0217b5-f4bf-4c68-ab4c-93bc05550e57\r\nx-powered-by: ASP.NET\r\ndate: Mon, 04 May 2026 09:55:36 GMT\r\ncontent-length: 56760\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":56760,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 18 tables, 1st \"LTSH\", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S","md5":"8af990b6ad3ba192c2dd6a193890bf5f","sha1":"4db5bf117ff8f1392fab3b438216d7cff4ae4976","sha256":"c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708","sha512":"9eb10b5965ec7f272d854d46778d3f61f07edf9e13b5b6b6184f52fb1bdeaf552756e54f7abd0b2422cfb76aa9917fc3db42e0cd713cc7651c2650b6d9417c0d","ssdeep":"768:V6VwA2/UhWmTcrZslrc1pMEEfTsjRvlJ2LQ5XUAat0bJlZy+mO1F3iIezxHJLrLr:GwdMTwN1Dw6tewUZtyVy+mI7qfrLFKpi","tlshash":"66437d7ad3b4eb1ee5b471b4ccf453b101b1b82587654aba274b8533e84893ac361f4e","first_seen":"2023-04-17T17:35:42Z","last_seen":"2026-05-04T09:56:02.183697Z","times_seen":3871,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","date":"2026-05-04T09:55:37.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchange.martinwaldmeier.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Apr 2026 00:08:00 GMT","end":"Wed, 01 Jul 2026 00:07:59 GMT"},"fingerprint":{"sha1":"3C:7C:FD:48:7E:9A:E2:AB:1B:AD:92:67:EA:B2:4C:3F:F7:B3:D4:03","sha256":"3E:8C:44:B6:B8:14:1A:EA:1F:6B:0A:AD:9A:61:6C:9A:77:53:CD:74:05:FF:34:AD:86:C9:EE:D6:6E:37:CE:EA"}}},"request":{"raw":"GET /owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf HTTP/1.1\r\nHost: exchange.martinwaldmeier.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ncache-control: public,max-age=2592000\r\ncontent-type: application/octet-stream\r\nlast-modified: Sun, 20 Mar 2022 14:41:26 GMT\r\naccept-ranges: bytes\r\netag: \"0efb793683cd81:0\"\r\nserver: Microsoft-IIS/10.0\r\nrequest-id: 26b49446-f05a-4791-a844-e44f5608d12e\r\nx-powered-by: ASP.NET\r\ndate: Mon, 04 May 2026 09:55:36 GMT\r\ncontent-length: 41560\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":41560,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 16 tables, 1st \"OS/2\", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16","md5":"6c26c24aabe31040657665b1e0d9505c","sha1":"b3bdc48643752665e3e5798a192b27432a87d234","sha256":"2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25","sha512":"96bd759271df842f333b8085650dbf2006fe8e35b9485afc91b5de5b88d158d6147f594475fb4b5d086fa1b93720e935a346ba7d343171e6cbf8e08d4c7396ee","ssdeep":"768:FF6XesIz0ymUHmLg0e8sSM7tq2v40ezxHJLrLFKaXhU:zlHmLFejlbqfrLFKB","tlshash":"c0138e6b63b0bb05f2a664b888b507f10aa53c0523a28b4f245dc077d6dd677dad1f0b","first_seen":"2023-04-17T17:35:42Z","last_seen":"2026-05-04T09:56:02.18452Z","times_seen":3914,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":79,"dns":1,"connect":35,"send":0,"wait":71,"receive":36,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"exchange.martinwaldmeier.com/owa/auth/15.1.2507/themes/resources/favicon.ico","fqdn":"exchange.martinwaldmeier.com","domain":"martinwaldmeier.com","tld":"com"},"ip":{"addr":"82.220.91.111","port":443,"asn":9044,"as":"BSE Software GmbH","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f","date":"2026-05-04T09:55:37.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchange.martinwaldmeier.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Apr 2026 00:08:00 GMT","end":"Wed, 01 Jul 2026 00:07:59 GMT"},"fingerprint":{"sha1":"3C:7C:FD:48:7E:9A:E2:AB:1B:AD:92:67:EA:B2:4C:3F:F7:B3:D4:03","sha256":"3E:8C:44:B6:B8:14:1A:EA:1F:6B:0A:AD:9A:61:6C:9A:77:53:CD:74:05:FF:34:AD:86:C9:EE:D6:6E:37:CE:EA"}}},"request":{"raw":"GET /owa/auth/15.1.2507/themes/resources/favicon.ico HTTP/1.1\r\nHost: exchange.martinwaldmeier.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://exchange.martinwaldmeier.com/owa/auth/logon.aspx?replaceCurrent=1\u0026url=https%3a%2f%2fexchange.martinwaldmeier.com%2fowa%2f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ncache-control: public,max-age=2592000\r\ncontent-type: image/x-icon\r\nlast-modified: Sat, 26 Mar 2022 18:40:39 GMT\r\naccept-ranges: bytes\r\netag: \"806d40fd4041d81:0\"\r\nserver: Microsoft-IIS/10.0\r\nrequest-id: 97eb8962-c93a-40ce-a2f4-481a9683a742\r\nx-powered-by: ASP.NET\r\ndate: Mon, 04 May 2026 09:55:36 GMT\r\ncontent-length: 7886\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":7886,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"759fade9033aa298629e4b000dcd6dde","sha1":"34a1adf5c7326d7bde5b5735471b5d81e611c189","sha256":"cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e","sha512":"e96e93b13d70420d4d509d89a6337651440ae049b2a23d57c6250987003c46512c40c85c41bfa1c473a704801c961ffbe421522b89a1c34ba3b9e82a6d0769ed","ssdeep":"48:g8KokgDQoxTP0Vh0jV/H2kPxL6GUEtcrCOmgfzQumtGCzYoITin0iarrWtwVWsiw:97DdTGhGW6yS7Kvs/WjiUKqWmNQOWY","tlshash":"0cf130334afb6800e6171df04556f774c16a2d16394e58c3d88c3a6ae037be6706a9ef","first_seen":"2023-05-01T18:01:52Z","last_seen":"2026-05-04T09:56:02.185443Z","times_seen":5481,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":67,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}