{"report_id":"f951de5c-773d-476f-80ec-b18a52f081e0","version":6,"status":"done","tags":["microsoft","phishing"],"date":"2025-11-14T21:45:10Z","url":{"schema":"http","addr":"5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","fqdn":"5mp.eu","domain":"5mp.eu","tld":"eu"},"ip":{"addr":"185.80.49.249","port":0,"asn":62214,"as":"Rackforest Zrt.","country":"Hungary","country_code":"HU"},"final":{"url":{"schema":"https","addr":"www.5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","fqdn":"www.5mp.eu","domain":"5mp.eu","tld":"eu"},"title":"Outlook Web App","dom":{"size":54582,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (7901)","md5":"e5c996b994772744060441271be62d01","sha1":"98d6746026938c7c713df228df080403519f9675","sha256":"136da384e8b79b4b07c42452d8da8ed9dcfb695d35c44786063d2d3a4b0d84db","sha512":"368b4b9b729f976af11afdb196a682e79fd60470eb056f7e61757674552bb45f5a1b14ac07858db67a12d815e4a9fc126fbbaa127db34169385687ef8346e8d1","ssdeep":"768:kLq8YW0dtIlX5qEEFI8u7oGTDkzdKV7aQblAANaH17aNCB0rD01xiOQ:FdtgX5rR7oGTDEkF5roVeNd3SsOQ","tlshash":"a1339e2f29e63b3518566078a3f7ea87bb1d8903c74dd424786c2798ef8099141be7dc","dom_hash":"domhashcdaa7928dc0a5a6c01f35deb15472beb","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","fqdn":"5mp.eu","domain":"5mp.eu","tld":"eu"},"ip":{"addr":"185.80.49.249","port":0,"asn":62214,"as":"Rackforest Zrt.","country":"Hungary","country_code":"HU"},"tags":["openphish"],"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-19T21:45:10Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":9}},"detection":{"ids":null,"analyzer":[{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2025-09-05","alert":"Phishing - Other","trigger":"www.5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-14","alert":"Phishing - Outlook","trigger":"www.5mp.eu","verdict":"phishing","severity":"medium","comment":"Outlook","link":"https://openphish.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-14","alert":"Phishing - Outlook","trigger":"5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","verdict":"phishing","severity":"medium","comment":"Outlook","link":"https://openphish.com","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"5mp.eu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"www.5mp.eu","ip":{"addr":"185.80.49.249","port":443,"asn":62214,"as":"Rackforest Zrt.","country":"Hungary","country_code":"HU"},"domain_registered":"unknown","domain_rank":2594421,"first_seen":"2012-10-02T02:28:26Z","last_seen":"2025-11-07T04:30:59.503376Z","alert_count":17,"request_count":3,"received_data":102371,"sent_data":1520,"comment":"","tags":null,"fingerprints":[{"name":"Outlook Web App:15.0.1497","description":"Outlook on the web is an information manager web app. It includes a web-based email client, a calendar tool, a contact manager, and a task manager.","website":"https://help.outlook.com","common_platform_enumeration":"cpe:2.3:a:microsoft:outlook_web_access:*:*:*:*:*:*:*:*","icon":"Outlook.svg","categories":["Webmail"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"5mp.eu","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":344903,"first_seen":"2012-07-05T15:10:03Z","last_seen":"2025-11-07T06:36:33.656834Z","alert_count":8,"request_count":2,"received_data":220,"sent_data":932,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","fqdn":"www.5mp.eu","domain":"5mp.eu","tld":"eu"},"ip":{"addr":"185.80.49.249","port":443,"asn":62214,"as":"Rackforest Zrt.","country":"Hungary","country_code":"HU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-14T21:44:49.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.5mp.eu","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 22 Oct 2024 09:08:40 GMT","end":"Sun, 23 Nov 2025 09:08:39 GMT"},"fingerprint":{"sha1":"41:67:A7:1F:ED:AE:81:48:AF:28:E2:B1:0D:B1:0F:09:CF:C0:0A:93","sha256":"88:C5:40:DF:0A:A4:E0:99:37:91:8E:A1:CD:D7:39:DA:EF:C0:F0:77:A4:1A:2C:16:52:7E:8F:8C:77:09:6F:44"}}},"request":{"raw":"GET /fajlok2/css4/owa_www.5mp.eu_.html HTTP/1.1\r\nHost: www.5mp.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 14 Nov 2025 21:44:49 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 26386\r\nlast-modified: Wed, 03 Sep 2025 12:37:21 GMT\r\netag: \"dbed-63de4ddb049b1-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nfront-end-https: on\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Outlook Web App:15.0.1497","description":"Outlook on the web is an information manager web app. It includes a web-based email client, a calendar tool, a contact manager, and a task manager.","website":"https://help.outlook.com","common_platform_enumeration":"cpe:2.3:a:microsoft:outlook_web_access:*:*:*:*:*:*:*:*","icon":"Outlook.svg","categories":["Webmail"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":56301,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (7903), with CRLF line terminators","md5":"37eab4570e3e06676f23c484e16f02c8","sha1":"d44eb59b5cc121b54f8c5b5da27619d8bb92816c","sha256":"c9099e7f7ab3ba478cf75b1784519457a9a20a34ea3b5c5776c5c05e7d450160","sha512":"897fad97cfe8b2bb3f5f049f1ce0baea3d4e644c4293b25b3113c7ee004a51c64785d1075f4f8c0956c3b08d126bb3764be4e344def5cab913db4f5583c5dcbd","ssdeep":"1536:vSqTk9ECq/O/pq0UoeokF5ToVeNd3SDcOQ:vbTk9EYq0UVweNgoOQ","tlshash":"e5439e2ea885373957336a34e7b3a607ff2445038b4ad51474ec1797afb08a441abedc","first_seen":"2025-09-04T04:30:53.311004Z","last_seen":"2026-03-01T07:25:35.373598Z","times_seen":11,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":75,"dns":1,"connect":33,"send":0,"wait":55,"receive":33,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2025-09-05","alert":"Phishing - Other","trigger":"www.5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-14","alert":"Phishing - Outlook","trigger":"www.5mp.eu","verdict":"phishing","severity":"medium","comment":"Outlook","link":"https://openphish.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"www.5mp.eu/owa/auth/15.0.1497/themes/resources/favicon.ico","fqdn":"www.5mp.eu","domain":"5mp.eu","tld":"eu"},"ip":{"addr":"185.80.49.249","port":443,"asn":62214,"as":"Rackforest Zrt.","country":"Hungary","country_code":"HU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","date":"2025-11-14T21:44:49.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.5mp.eu","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 22 Oct 2024 09:08:40 GMT","end":"Sun, 23 Nov 2025 09:08:39 GMT"},"fingerprint":{"sha1":"41:67:A7:1F:ED:AE:81:48:AF:28:E2:B1:0D:B1:0F:09:CF:C0:0A:93","sha256":"88:C5:40:DF:0A:A4:E0:99:37:91:8E:A1:CD:D7:39:DA:EF:C0:F0:77:A4:1A:2C:16:52:7E:8F:8C:77:09:6F:44"}}},"request":{"raw":"GET /owa/auth/15.0.1497/themes/resources/favicon.ico HTTP/1.1\r\nHost: www.5mp.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Fri, 14 Nov 2025 21:44:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 25 Jan 2024 08:56:39 GMT\r\netag: W/\"b1b2-60fc15b946612\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45490,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (41162)","md5":"c773d78f391f8b60e7eaff42df7ae3b5","sha1":"08ce9c2dd828e66623ebf38125650f679d26bbd3","sha256":"cf7ec674c001b474d88b804d5bdd4aa9caf85d326d5c48f16ccac664bebefd71","sha512":"45d113fe314be5e58459246f6d7c6775b3905743d5e557079bc8fbc335105f307f2332aeb6a5c3b387737a1c852b8770374de0b1808fb5dd2ebd8123a5f627a6","ssdeep":"768:sTxeJqHab5K/IRXv5oK37GKLPWwiWsz+nP+/02MwMzEYdv5R4LgXyA:sTxT//IR/r3TLPWw5sz+nP+bKB4LIyA","tlshash":"a213f1b5c74fff8fd9854814395fa3ad5f1ed417e4094d6a30e108aa90ec02bf1ab2a4","first_seen":"2023-09-09T00:26:18Z","last_seen":"2026-04-15T16:35:22.740468Z","times_seen":124,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-14","alert":"Phishing - Outlook","trigger":"www.5mp.eu","verdict":"phishing","severity":"medium","comment":"Outlook","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","fqdn":"5mp.eu","domain":"5mp.eu","tld":"eu"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-14T21:44:48.239Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /fajlok2/css4/owa_www.5mp.eu_.html HTTP/1.1\r\nHost: 5mp.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T21:38:41.569918Z","times_seen":13799339,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":0,"dns":51,"connect":33,"send":0,"wait":0,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-14","alert":"Phishing - Outlook","trigger":"5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","verdict":"phishing","severity":"medium","comment":"Outlook","link":"https://openphish.com","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"5mp.eu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","fqdn":"5mp.eu","domain":"5mp.eu","tld":"eu"},"ip":{"addr":"185.80.49.249","port":80,"asn":62214,"as":"Rackforest Zrt.","country":"Hungary","country_code":"HU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-14T21:44:48.374Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /fajlok2/css4/owa_www.5mp.eu_.html HTTP/1.1\r\nHost: 5mp.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Fri, 14 Nov 2025 21:44:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://www.5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T21:38:41.569918Z","times_seen":13799339,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":51,"dns":17,"connect":34,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-14","alert":"Phishing - Outlook","trigger":"5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","verdict":"phishing","severity":"medium","comment":"Outlook","link":"https://openphish.com","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"5mp.eu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","fqdn":"www.5mp.eu","domain":"5mp.eu","tld":"eu"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-14T21:44:48.471Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /fajlok2/css4/owa_www.5mp.eu_.html HTTP/1.1\r\nHost: www.5mp.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T21:38:41.569918Z","times_seen":13799339,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":38,"connect":33,"send":0,"wait":0,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2025-09-05","alert":"Phishing - Other","trigger":"www.5mp.eu/fajlok2/css4/owa_www.5mp.eu_.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-14","alert":"Phishing - Outlook","trigger":"www.5mp.eu","verdict":"phishing","severity":"medium","comment":"Outlook","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"www.5mp.eu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}