@Hadi D Thank you for reaching out to us, As I understand your concern is related to false alert reported by defender for cloud for "Communication with possible phishing domain" example: bstatic.com
Similar issue has been reported by one of the customers via support ticket last week, below are the findings and recommendations about this alert.
alertDisplayName: Communication with possible phishing domain
domainName: bstatic.com,
If there are no security events or DNS events on the resource reporting this alert, indicates DNS resolutions for bstatic.com
Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference
On further investigating on this issue (by our internal team) - Analysis of DNS transactions from %{CompromisedEntity} detected a request for a possible phishing domain. Such activity, while possibly benign, is frequently performed by attackers to harvest credentials to remote services. Typical related attacker activity is likely to include the exploitation of any credentials on the legitimate service. False positive alerts are expected from security tools from time to time.
There is not much we can do to suppress/ignore these alerts at the broader level, would recommend to triage these alerts and proceed with IR.
However I will share your feedback with my team if there is something we can do about this alert.
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.