{"report_id":"ccaa633d-c279-462f-ad83-dc9c8e095b43","version":0,"status":"done","tags":["microsoft","phishing"],"date":"2026-07-02T12:52:27Z","url":{"schema":"http","addr":"zilotti.com/vm.microsoft/auth/add.php","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":0,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/add.php","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"title":"Sign in to your account","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"zilotti.com/vm.microsoft/auth/add.php","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":0,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-06T12:52:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"zilotti.com","ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"domain_registered":"2009-12-18","domain_rank":0,"first_seen":"2026-02-14T18:00:22.925433Z","last_seen":"2026-06-29T10:19:39.103081Z","alert_count":50,"request_count":10,"received_data":904880,"sent_data":5448,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/add.php","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"eventHandler","is_inline":false,"md5":"35cbe67c28f248a0eda182fcd963bb07","sha1":"d8ab6c8b6cbd09e6f35cdd9cf423590155fce997","sha256":"749c737310ca23809bb32db69b1bfb5125b2b695b01814e0ef1d0025fe239d77","sha512":"d583fb76c2defcb5fc3f78d9ce3af1ca58f019fb0e98635cdfd481301c8110f8240914fde66db390ca173cbc1b5d168a27b1c362f3699bae070be0a342c61a43","ssdeep":"","tlshash":"456000000f0c000000c0f330f0000c30000cc303000303cf3c0c000c0cc0003c030033","size":16,"data":"","first_seen":"2023-04-10T21:05:25Z","last_seen":"2026-07-02T12:52:29.28951Z","times_seen":2203,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/convergedlogin_pcore.min.js","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b653bfbbfa69c1d39fe9719f2ca21d63","sha1":"4d6e349a616c51c359ac1a4ba6f4348af43d8b61","sha256":"32384b5bb32eb917d99d9dcd146116e24b5a8f497c2c6b8999e749899d018058","sha512":"1466fd8db25e35ccc414531dc59d1c31b9209ec1757074b00900a338f5bf528b4b5fa7ef28ebccc8fd919e730bd882d48957adffb9162ed91f3040f92bce37c5","ssdeep":"6144:+f8+eWCeiXQHe4yaVh6QSiftBix3gM77aWkY74Y:+fbCepyaK","tlshash":"f3a419a9b84035b303c3b1b5603f110b6376a919688e8624f16cc6d52ffe919f627f6d","size":474815,"data":"","first_seen":"2026-02-14T18:00:27.577267Z","last_seen":"2026-07-02T12:52:29.282285Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zilotti.com/vm.microsoft/auth/add.php","date":"2026-07-02T12:51:52.920Z","timestamp":1782996712920,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zilotti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 18:44:35 GMT","end":"Sat, 22 Aug 2026 18:44:34 GMT"},"fingerprint":{"sha1":"E4:4D:31:C0:27:27:19:C9:B2:EE:DA:A7:AB:E4:53:48:31:3E:77:FB","sha256":"44:C0:9D:F0:40:E8:1B:68:B5:7D:A7:BD:1A:F7:67:2D:3B:F1:1A:F2:F2:9E:70:54:AA:97:B8:34:89:3F:AA:C4"}}},"request":{"raw":"GET /vm.microsoft/auth/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0 HTTP/1.1\r\nHost: zilotti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zilotti.com/vm.microsoft/auth/add.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Thu, 28 May 2020 11:07:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 283351\r\ncontent-type: image/jpeg\r\ndate: Thu, 02 Jul 2026 12:51:52 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":283351,"size_decoded":283557,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 1920x1080, components 3","md5":"a5dbd4393ff6a725c7e62b61df7e72f0","sha1":"55b292f885ffc92abce18750b07aa4acfa4e903e","sha256":"211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb","sha512":"850586a05b67ef25492bd50a090f1ec0a0cc21dc4e4efeb35e19cdc78a98f9415a3807318fa02664eade87f0e2d8fa2a2958cd0d712329800fc05689e01dc614","ssdeep":"6144:hPgRhluS12CyK8XGsLzsr5XONnQ4/bEmhZSIj6xU2zyOX/:2vz1pyWsLoXqN/YWPUU2OOX/","tlshash":"e254238583b10237052a6c656d182262d7ff0b6a4a5831b0fcddf9d3b776eba018fd54","first_seen":"2023-04-30T18:11:00Z","last_seen":"2026-07-02T12:52:29.280481Z","times_seen":4484,"resource_available":false,"data":null}},"time_used":26897,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":154,"receive":26743,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/converged.v2.login.min.css","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://zilotti.com/vm.microsoft/auth/add.php","date":"2026-07-02T12:51:52.218Z","timestamp":1782996712218,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zilotti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 18:44:35 GMT","end":"Sat, 22 Aug 2026 18:44:34 GMT"},"fingerprint":{"sha1":"E4:4D:31:C0:27:27:19:C9:B2:EE:DA:A7:AB:E4:53:48:31:3E:77:FB","sha256":"44:C0:9D:F0:40:E8:1B:68:B5:7D:A7:BD:1A:F7:67:2D:3B:F1:1A:F2:F2:9E:70:54:AA:97:B8:34:89:3F:AA:C4"}}},"request":{"raw":"GET /vm.microsoft/auth/converged.v2.login.min.css HTTP/1.1\r\nHost: zilotti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zilotti.com/vm.microsoft/auth/add.php\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Thu, 28 May 2020 11:08:37 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Thu, 02 Jul 2026 12:51:52 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":95080,"size_decoded":25750,"mime_type":"text/css","magic":"ASCII text, with very long lines (61177)","md5":"b484773448d5504b40d412aa0ab32334","sha1":"78c50e0a6fb25bac7bf79419979bc63559f9c9af","sha256":"602ade30c513674e50511f6eec801063ce4aad3b8757a4405a53e6367dcdeedd","sha512":"a20e9be901ac1756f6a67664a509d0ae11c294f1e28d16c2c9df0c581a3c65db3c8d423b6bc61ca19d39d4ff281e55228935a3df7768e2b41ed4b3ae4b23816c","ssdeep":"1536:QpHDglHuhw+E3gUB+2PWrA2XU6BMxoAFinp9jSyJsF:lB2+yJm","tlshash":"8093c7906d203d269027c73561c1bd87a2252503e737babbf6226db9cf996870f32f45","first_seen":"2023-09-21T05:02:04Z","last_seen":"2026-07-02T12:52:29.281405Z","times_seen":18,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/convergedlogin_pcore.min.js","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zilotti.com/vm.microsoft/auth/add.php","date":"2026-07-02T12:51:52.224Z","timestamp":1782996712224,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zilotti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 18:44:35 GMT","end":"Sat, 22 Aug 2026 18:44:34 GMT"},"fingerprint":{"sha1":"E4:4D:31:C0:27:27:19:C9:B2:EE:DA:A7:AB:E4:53:48:31:3E:77:FB","sha256":"44:C0:9D:F0:40:E8:1B:68:B5:7D:A7:BD:1A:F7:67:2D:3B:F1:1A:F2:F2:9E:70:54:AA:97:B8:34:89:3F:AA:C4"}}},"request":{"raw":"GET /vm.microsoft/auth/convergedlogin_pcore.min.js HTTP/1.1\r\nHost: zilotti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zilotti.com/vm.microsoft/auth/add.php\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Thu, 28 May 2020 11:09:03 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript\r\ndate: Thu, 02 Jul 2026 12:51:52 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":474815,"size_decoded":179017,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (32002)","md5":"b653bfbbfa69c1d39fe9719f2ca21d63","sha1":"4d6e349a616c51c359ac1a4ba6f4348af43d8b61","sha256":"32384b5bb32eb917d99d9dcd146116e24b5a8f497c2c6b8999e749899d018058","sha512":"1466fd8db25e35ccc414531dc59d1c31b9209ec1757074b00900a338f5bf528b4b5fa7ef28ebccc8fd919e730bd882d48957adffb9162ed91f3040f92bce37c5","ssdeep":"6144:+f8+eWCeiXQHe4yaVh6QSiftBix3gM77aWkY74Y:+fbCepyaK","tlshash":"f3a419a9b84035b303c3b1b5603f110b6376a919688e8624f16cc6d52ffe919f627f6d","first_seen":"2026-02-14T18:00:27.577267Z","last_seen":"2026-07-02T12:52:29.282285Z","times_seen":9,"resource_available":true,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":304,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zilotti.com/vm.microsoft/auth/add.php","date":"2026-07-02T12:51:52.233Z","timestamp":1782996712233,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zilotti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 18:44:35 GMT","end":"Sat, 22 Aug 2026 18:44:34 GMT"},"fingerprint":{"sha1":"E4:4D:31:C0:27:27:19:C9:B2:EE:DA:A7:AB:E4:53:48:31:3E:77:FB","sha256":"44:C0:9D:F0:40:E8:1B:68:B5:7D:A7:BD:1A:F7:67:2D:3B:F1:1A:F2:F2:9E:70:54:AA:97:B8:34:89:3F:AA:C4"}}},"request":{"raw":"GET /vm.microsoft/auth/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd HTTP/1.1\r\nHost: zilotti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zilotti.com/vm.microsoft/auth/add.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Thu, 28 May 2020 11:16:47 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3651\r\ncontent-type: image/svg+xml\r\ndate: Thu, 02 Jul 2026 12:51:52 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3651,"size_decoded":3858,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ee5c8d9fb6248c938fd0dc19370e90bd","sha1":"d01a22720918b781338b5bbf9202b241a5f99ee4","sha256":"04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a","sha512":"c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58","ssdeep":"","tlshash":"6371117b132887dae9d4a78c2e997b8d377095c4b1b24290874328a5bc086f7f038d60","first_seen":"2023-04-06T08:44:24Z","last_seen":"2026-07-02T13:43:35.06298Z","times_seen":127469,"resource_available":false,"data":null}},"time_used":448,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":448,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zilotti.com/vm.microsoft/auth/add.php","date":"2026-07-02T12:51:52.918Z","timestamp":1782996712918,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zilotti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 18:44:35 GMT","end":"Sat, 22 Aug 2026 18:44:34 GMT"},"fingerprint":{"sha1":"E4:4D:31:C0:27:27:19:C9:B2:EE:DA:A7:AB:E4:53:48:31:3E:77:FB","sha256":"44:C0:9D:F0:40:E8:1B:68:B5:7D:A7:BD:1A:F7:67:2D:3B:F1:1A:F2:F2:9E:70:54:AA:97:B8:34:89:3F:AA:C4"}}},"request":{"raw":"GET /vm.microsoft/auth/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d HTTP/1.1\r\nHost: zilotti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zilotti.com/vm.microsoft/auth/add.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Thu, 28 May 2020 11:06:39 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3006\r\ncontent-type: image/jpeg\r\ndate: Thu, 02 Jul 2026 12:51:52 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3006,"size_decoded":3210,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x28, components 3","md5":"138bcee624fa04ef9b75e86211a9fe0d","sha1":"23bbcdaaebd6c9a6e57e96e44493b2212860fcab","sha256":"f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea","sha512":"d20765e5738f4ac5a91396b5f5d88057c3b5125840bce42039ac9d5d75b1c3fb9629aca6290a475625dfe60887cf59d4fb52108d024ff4fa8094c9b8458f9f33","ssdeep":"","tlshash":"4b51631dbd235409ea89ef3a34e00113b72a0502a6a16e0e35ce440f97660a56d1a9cb","first_seen":"2023-04-30T16:38:31Z","last_seen":"2026-07-02T12:52:29.284012Z","times_seen":3916,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/favicon.ico","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zilotti.com/vm.microsoft/auth/add.php","date":"2026-07-02T12:51:53.181Z","timestamp":1782996713181,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zilotti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 18:44:35 GMT","end":"Sat, 22 Aug 2026 18:44:34 GMT"},"fingerprint":{"sha1":"E4:4D:31:C0:27:27:19:C9:B2:EE:DA:A7:AB:E4:53:48:31:3E:77:FB","sha256":"44:C0:9D:F0:40:E8:1B:68:B5:7D:A7:BD:1A:F7:67:2D:3B:F1:1A:F2:F2:9E:70:54:AA:97:B8:34:89:3F:AA:C4"}}},"request":{"raw":"GET /vm.microsoft/auth/favicon.ico HTTP/1.1\r\nHost: zilotti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zilotti.com/vm.microsoft/auth/add.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Thu, 28 May 2020 11:13:24 GMT\r\naccept-ranges: bytes\r\ncontent-length: 17174\r\ncache-control: max-age=604800\r\nexpires: Thu, 09 Jul 2026 12:51:53 GMT\r\ncontent-type: image/x-icon\r\ndate: Thu, 02 Jul 2026 12:51:53 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":17174,"size_decoded":17452,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors","md5":"12e3dac858061d088023b2bd48e2fa96","sha1":"e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5","sha256":"90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21","sha512":"c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01","ssdeep":"24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO","tlshash":"b772e35b1f5f4981ec4b0db80b125e80c5e49c973854dffbdb76b62888b0364ab845eb","first_seen":"2023-04-05T03:19:57Z","last_seen":"2026-07-02T14:33:00.551998Z","times_seen":167608,"resource_available":false,"data":null}},"time_used":26636,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26636,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/add.php","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-02T12:51:50.896Z","timestamp":1782996710896,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zilotti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 18:44:35 GMT","end":"Sat, 22 Aug 2026 18:44:34 GMT"},"fingerprint":{"sha1":"E4:4D:31:C0:27:27:19:C9:B2:EE:DA:A7:AB:E4:53:48:31:3E:77:FB","sha256":"44:C0:9D:F0:40:E8:1B:68:B5:7D:A7:BD:1A:F7:67:2D:3B:F1:1A:F2:F2:9E:70:54:AA:97:B8:34:89:3F:AA:C4"}}},"request":{"raw":"GET /vm.microsoft/auth/add.php HTTP/1.1\r\nHost: zilotti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 8827\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 02 Jul 2026 12:51:51 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":23460,"size_decoded":9024,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4246)","md5":"d541f2a0a76457ad1d6bd578c0e3673b","sha1":"52a40b91c0c411c3e72985144dc4738380c12080","sha256":"d6570e383b37dd6c0daa5e8d742c7f057b40a8aaadf6b7908ee201ceb675b857","sha512":"0d96262baae6b22b2f78cb0e685b074d755b98c6a467821b64b30e6c0b36d415797065aeacec9fd9bf8966452027c868211f840fc4b99ecbee16502ce5c14c9b","ssdeep":"384:/o3ouo0kGrRtqR4x+BggPKBhlpzu3YN51ya6:orRME+B/Cblpzuwya6","tlshash":"54b2f8e4bd334f33425e8ba2ba706c023276ad074a4d6e10756cdad03ff961cd175a66","first_seen":"2026-07-02T12:52:29.285254Z","last_seen":"2026-07-02T12:52:29.285254Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1092,"timings":{"blocked":-1,"dns":322,"connect":152,"send":0,"wait":305,"receive":0,"ssl":313},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/convergedloginpaginatedstrings-en.min.js","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zilotti.com/vm.microsoft/auth/add.php","date":"2026-07-02T12:51:52.226Z","timestamp":1782996712226,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zilotti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 18:44:35 GMT","end":"Sat, 22 Aug 2026 18:44:34 GMT"},"fingerprint":{"sha1":"E4:4D:31:C0:27:27:19:C9:B2:EE:DA:A7:AB:E4:53:48:31:3E:77:FB","sha256":"44:C0:9D:F0:40:E8:1B:68:B5:7D:A7:BD:1A:F7:67:2D:3B:F1:1A:F2:F2:9E:70:54:AA:97:B8:34:89:3F:AA:C4"}}},"request":{"raw":"GET /vm.microsoft/auth/convergedloginpaginatedstrings-en.min.js HTTP/1.1\r\nHost: zilotti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zilotti.com/vm.microsoft/auth/add.php\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Thu, 28 May 2020 11:09:44 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 243\r\ncontent-type: text/javascript\r\ndate: Thu, 02 Jul 2026 12:51:52 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":293,"size_decoded":498,"mime_type":"text/javascript","magic":"ASCII text","md5":"84df0ea59f58aa9ecda1a3c57fcf7391","sha1":"93f4b5c4b33080eee32959794f7cea8f5501dfcc","sha256":"6bbc28b8e49e5e08fedb212924e2a1c05b53c7a4758b39ad197271a1325068f0","sha512":"5f63ced2e28d70a538e14d050c10d6b2d731f7b4f5b0cd2d769888e8553ae31ec832fb85521e76236af9ed9ae805400844a050feba050fe41fd909a4b69f4840","ssdeep":"","tlshash":"18e0e70e56d35405c593003fe2197330a98291d823c1d273466d85dd33c16050bde7c1","first_seen":"2026-02-14T18:00:27.58208Z","last_seen":"2026-07-02T12:52:29.287733Z","times_seen":9,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":303,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/ellipsis_white.svg?x=5ac590ee72bfe06a7cecfd75b588ad73","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zilotti.com/vm.microsoft/auth/add.php","date":"2026-07-02T12:51:52.237Z","timestamp":1782996712237,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zilotti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 18:44:35 GMT","end":"Sat, 22 Aug 2026 18:44:34 GMT"},"fingerprint":{"sha1":"E4:4D:31:C0:27:27:19:C9:B2:EE:DA:A7:AB:E4:53:48:31:3E:77:FB","sha256":"44:C0:9D:F0:40:E8:1B:68:B5:7D:A7:BD:1A:F7:67:2D:3B:F1:1A:F2:F2:9E:70:54:AA:97:B8:34:89:3F:AA:C4"}}},"request":{"raw":"GET /vm.microsoft/auth/ellipsis_white.svg?x=5ac590ee72bfe06a7cecfd75b588ad73 HTTP/1.1\r\nHost: zilotti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zilotti.com/vm.microsoft/auth/add.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Thu, 28 May 2020 11:11:42 GMT\r\naccept-ranges: bytes\r\ncontent-length: 915\r\ncontent-type: image/svg+xml\r\ndate: Thu, 02 Jul 2026 12:51:52 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":915,"size_decoded":1121,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5ac590ee72bfe06a7cecfd75b588ad73","sha1":"dda2cb89a241bc424746d8cf2a22a35535094611","sha256":"6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea","sha512":"b9135d934b9ea50b51bb0316e383b114c8f24dfe75fef11dcbd1c96170ea59202f6bafe11aaf534cc2f4ed334a8ea4dbe96af2504130896d6203bfd2da69138f","ssdeep":"","tlshash":"6511c9bb2f78c66ea08197943762a7791f76a14873893590f3432f21ee44dbb2039c40","first_seen":"2023-04-30T18:11:00Z","last_seen":"2026-07-02T12:52:29.288381Z","times_seen":4672,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"zilotti.com/vm.microsoft/auth/ellipsis_grey.svg?x=2b5d393db04a5e6e1f739cb266e65b4c","fqdn":"zilotti.com","domain":"zilotti.com","tld":"com"},"ip":{"addr":"50.87.146.235","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zilotti.com/vm.microsoft/auth/add.php","date":"2026-07-02T12:51:52.239Z","timestamp":1782996712239,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zilotti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 18:44:35 GMT","end":"Sat, 22 Aug 2026 18:44:34 GMT"},"fingerprint":{"sha1":"E4:4D:31:C0:27:27:19:C9:B2:EE:DA:A7:AB:E4:53:48:31:3E:77:FB","sha256":"44:C0:9D:F0:40:E8:1B:68:B5:7D:A7:BD:1A:F7:67:2D:3B:F1:1A:F2:F2:9E:70:54:AA:97:B8:34:89:3F:AA:C4"}}},"request":{"raw":"GET /vm.microsoft/auth/ellipsis_grey.svg?x=2b5d393db04a5e6e1f739cb266e65b4c HTTP/1.1\r\nHost: zilotti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zilotti.com/vm.microsoft/auth/add.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nlast-modified: Thu, 28 May 2020 11:10:44 GMT\r\naccept-ranges: bytes\r\ncontent-length: 915\r\ncontent-type: image/svg+xml\r\ndate: Thu, 02 Jul 2026 12:51:52 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":915,"size_decoded":1121,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2b5d393db04a5e6e1f739cb266e65b4c","sha1":"6a435df5cac3d58ccad655fe022ccf3dd4b9b721","sha256":"16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6","sha512":"3a692635ee8ebd7b15930e78d9e7e808e48c7ed3ed79003b8ca6f9290fa0e2b0fa3573409001489c00fb41d5710e75d17c3c4d65d26f9665849fb7406562a406","ssdeep":"","tlshash":"4211c9bb2f78c66ea09197943762a7791f76a14873883590f3432f11ee44dbb203dc40","first_seen":"2023-04-14T08:32:49Z","last_seen":"2026-07-02T12:52:29.288949Z","times_seen":15796,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":443,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"zilotti.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"zilotti.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}
