{"report_id":"ec5be979-f0da-43d0-ace2-b7d9a1e6d2ac","version":0,"status":"done","tags":["microsoft","phishing"],"date":"2026-06-25T12:18:23Z","url":{"schema":"http","addr":"gh.sdtznt.com/serv","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":0,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"http","addr":"gh.sdtznt.com/9f2e77d2-8cc4-4681-881e-76a059598777","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"title":"Outlook Web App","dom":{"size":470560,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65488)","md5":"e7c9196d02a39b15de9e0433f01565d6","sha1":"afa44371ef2ba30dc4f4ee03878d7e8266428f8e","sha256":"0b0eaa80bbad0036e8b4a03e6ee915af2c6ba8ef327ca2bdc11c4d5e25f40867","sha512":"bff64ff72e6756745de250cc00be37f54c9f5e5c699dbe5e5b57b5c5b008fea745cdb4f590f37b1ebf8befc962bdf6e6547f5972749a8b9a0d91d37b41d8689d","ssdeep":"3072:JYobuWEGUYvJnzl/yKXpQDo+j9pWZTaSZ1Vad2c+Cs86:JYobLEG/vJnzl/lQDBvWZGSZ1Vad2D","tlshash":"41a42c287f14506b63111d2baa1e7db8be503b06a9c5c747701bea5dfe8107beb344b2","dom_hash":"domhash23ffa63dd212db053ca4dd815a4c1a9c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"gh.sdtznt.com/serv","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":0,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-30T12:18:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-25","alert":"Phishing Block","trigger":"gh.sdtznt.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"gh.sdtznt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"gh.sdtznt.com","ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"domain_registered":"2026-05-23","domain_rank":0,"first_seen":"2026-06-10T13:03:57.508599Z","last_seen":"2026-06-22T15:31:00.263327Z","alert_count":9,"request_count":3,"received_data":491,"sent_data":1291,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"adriana-dsa.com","ip":{"addr":"104.193.173.236","port":443,"asn":54643,"as":"IDIGITAL","country":"Canada","country_code":"CA"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-16T07:46:34.807798Z","last_seen":"2026-06-24T13:58:35.891982Z","alert_count":3,"request_count":3,"received_data":124649,"sent_data":1570,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"gh.sdtznt.com","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"7cb5bad3ea88ffc675606a076f1f1161","sha1":"f349cbcf63836a55435bf4fc853912b2dc6d4cb6","sha256":"98aeff545d29fb93be0c5274ba8443dfae892564d2bcd0b83b792da33d3a5b75","sha512":"82eb2f5e745d97f74aa4ef99ec0d6bdc39d8074d387219de248910a76a61f98a3e374aa83e42883e0263b2ee5763ffaf76e527af6ab8c62ec09d4330a9263235","ssdeep":"","tlshash":"6e31324eb6721272be03993b97df605073a48927c21dcc15306e1bf26f86428117e7a7","size":1823,"data":"","first_seen":"2024-01-19T15:54:51Z","last_seen":"2026-06-29T10:32:29.686675Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gh.sdtznt.com","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"52ba7c53b3c5e52f398f0791cdfc3511","sha1":"d187447120b2bab0ab044d2f7108ed522b88faf9","sha256":"a2b38019e4d84386273c2153e17401713a00b444da7b2fc023c2562d6a21d14e","sha512":"33d4c699ad3500704372c1a763ddd4973d9b3962debd41d28b057a30c0fbbd82dd9928ed3a63f5f28479b44484353949dc7d9e7804ef6936b07b7609cc2e9c88","ssdeep":"","tlshash":"3580000bc20002c0a22a823f08c0002c23200003e03a0c20200000a00a2002c2002220","size":31,"data":"","first_seen":"2024-01-19T15:54:51Z","last_seen":"2026-06-29T10:32:29.687368Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gh.sdtznt.com","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"b10d5f358d8599d84e3de0574747804e","sha1":"8afab108e0ece90968549ff805d1a4048db211c3","sha256":"c51b81148d87a9477bffd19158fabed6043ff792da3311cd5776cdf3056cd6cc","sha512":"f50a630a5585333e5fcba259f73ceb7f16e03b3f56a50901c4dccc1ebe4b5a8f8a57299bf6eaf9d4cf0d5637977f8baf148bc9152cdb8c5fe4674456e632490c","ssdeep":"","tlshash":"2dc04c59ea4206a41ab6b67d32df110537418043db05f48c747de1018b109834478f8c","size":179,"data":"","first_seen":"2024-01-19T15:54:51Z","last_seen":"2026-06-29T10:32:29.688016Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gh.sdtznt.com","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"8583fe4f9f016a25dbba23b18bc6ffee","sha1":"a250b932576fa7bdccba818471d69f2bfc9bf7dd","sha256":"8d781d60234d9b5d9810bc7868f8299b42b978ced0e34de2469e23b2917aed8c","sha512":"5fb1c759f62774fe0a7af456f3d21f75c84353c9ef3c11c8c1c251a4963dac06697d691f7fb075742e745a2e63973c3c87b67d643d7f719a8e3630f8aa534e84","ssdeep":"96:z2ivWimJWEuMqQucyHoHId33puLOI05/W5VVmn5/8n5VGigQMHRkrKBkEqsLNl+o:6wMXyHooF3tkAa4XirKBxqul+1HG6qf","tlshash":"51d1210da5f212b21b23b0b557af72453172551b1c87d9203c4d834a2f988766eb5bde","size":6180,"data":"","first_seen":"2026-06-24T21:28:58.095177Z","last_seen":"2026-06-27T17:34:31.02937Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gh.sdtznt.com","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"e97b837fbc1f6f75f01642f8ada1d68d","sha1":"d65c9157c0bd6392a7d307040d139911d165a001","sha256":"8bfc629e1270cede6354471c5e290226ccef3dd3b2211b3be5675ce693423951","sha512":"70e0c94c6855ac988c43e0b0f94a908601e9fc552d14968f4c760181e800388595709e9ef2a9755c25f8db9f288183b19f36ea7c0ed66295674d9640da9098b9","ssdeep":"192:TzsY/lSrYvtF73U6qwSEKmn4nGS14WiXiZnXlbz9IW3WHcwBYpYRixjCCd5WB:vPtmvLfiXiZ1n9ILQEixjy","tlshash":"0f22222decf995331c63e47a078f7148f3658817e309cc093c2ea764af4556646be6ca","size":10463,"data":"","first_seen":"2024-08-19T12:47:28.007876Z","last_seen":"2026-06-29T10:32:29.683832Z","times_seen":34,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gh.sdtznt.com","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"ae0b69a20642340e8ed2e60e4b900b9c","sha1":"f78d8c41c23285594b86540167cf2ae2b568954d","sha256":"976adf5b493e997df460c3718d02f74e92afe0e82fe5cd9f106041aea09d8975","sha512":"29a925e13e5fffec410e72dba9a0779294cf906dddc11673d4a9d8cb68c3b2c1c7b4f28ccfc2cd75d2b2cc86a1cf6d7d5931c34586e6548be7e894275a393057","ssdeep":"","tlshash":"7d31d86a7447092079eef63d126a678c3939c013850699003dbcd71e6f36ec7c4a9eee","size":1729,"data":"","first_seen":"2024-01-19T15:54:51Z","last_seen":"2026-06-29T10:32:29.684532Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gh.sdtznt.com","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"b86c20af41168e6b2499bd3c1e122815","sha1":"ec425411da56479948db1c69e068e31f5f4c833f","sha256":"33540a1ee0e497f0cf635e6ca4c1c7e49df15396a1f1b3181acaa3765f680508","sha512":"9ab892afc940837c20b02527d16cff45cb53e77067f821189c12ccc0a7151ffcd0d0d02367936441406e8264b96d1d480285e6cbcb5d4ce37938161a193a3aff","ssdeep":"","tlshash":"84c0020cc4af42510e1be93d25e6cc4c52535453e1a69715780c03469f418a485b1ad5","size":144,"data":"","first_seen":"2024-01-19T15:54:51Z","last_seen":"2026-06-29T10:32:29.688566Z","times_seen":112,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gh.sdtznt.com/9f2e77d2-8cc4-4681-881e-76a059598777","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"0e940040f30626e7d71baf9022c31a09","sha1":"d3bc12f648b203e6a3fdf123edb4a9df386c6152","sha256":"ccbb0158cec0226f8097d5361de70df34dbc8ed4836ab4dbe61c7cea3686742b","sha512":"3c6e73ed754a9fe9d96b39e794c5dd2b1239009a13995a8ea56af739898005bb8fad621395c4e7145a20a7a5a30b870d1abcf916ac61e933336c15c86479beed","ssdeep":"1536:fSzL0buxSsFG1EGU9SveU6jKgMsq27Z7HwQ5NXIuE35ORDB6UwXpQDo+j9g:fYobuWEGUYvJnzl/yKXpQDo+j9g","tlshash":"8294942c7f14906b63111d2baa1d7eb8be503b05a9c5cb4b6017e95dfe8107beb344b2","size":415177,"data":"","first_seen":"2026-06-24T21:28:58.091998Z","last_seen":"2026-06-27T17:34:31.026088Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"gh.sdtznt.com/serv/","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-25T12:18:02.050Z","timestamp":1782389882050,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /serv/ HTTP/1.1\r\nHost: gh.sdtznt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Jun 2026 12:18:02 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 24 Jun 2026 21:04:58 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 557910\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-01T10:18:58.66886Z","times_seen":16887239,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-25","alert":"Phishing Block","trigger":"gh.sdtznt.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"gh.sdtznt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"adriana-dsa.com/app/arsmtp/media/favicon.ico","fqdn":"adriana-dsa.com","domain":"adriana-dsa.com","tld":"com"},"ip":{"addr":"104.193.173.236","port":443,"asn":54643,"as":"IDIGITAL","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://gh.sdtznt.com/serv/","date":"2026-06-25T12:18:02.696Z","timestamp":1782389882696,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adriana-dsa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 May 2026 18:32:41 GMT","end":"Wed, 05 Aug 2026 18:32:40 GMT"},"fingerprint":{"sha1":"CA:27:C7:98:D9:27:25:EF:E8:25:C2:B9:FC:3E:F5:92:9B:9C:5A:30","sha256":"13:CD:1E:BA:9C:30:FF:63:81:0A:D3:E0:94:36:57:75:27:8D:CB:EF:7B:69:93:D9:04:CC:7F:94:EA:9F:06:B0"}}},"request":{"raw":"GET /app/arsmtp/media/favicon.ico HTTP/1.1\r\nHost: adriana-dsa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Jun 2026 12:18:04 GMT\r\nServer: Apache\r\nLast-Modified: Fri, 06 Jun 2025 21:50:23 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 7886\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/x-icon\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":7886,"size_decoded":8132,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"759fade9033aa298629e4b000dcd6dde","sha1":"34a1adf5c7326d7bde5b5735471b5d81e611c189","sha256":"cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e","sha512":"e96e93b13d70420d4d509d89a6337651440ae049b2a23d57c6250987003c46512c40c85c41bfa1c473a704801c961ffbe421522b89a1c34ba3b9e82a6d0769ed","ssdeep":"48:g8KokgDQoxTP0Vh0jV/H2kPxL6GUEtcrCOmgfzQumtGCzYoITin0iarrWtwVWsiw:97DdTGhGW6yS7Kvs/WjiUKqWmNQOWY","tlshash":"0cf130334afb6800e6171df04556f774c16a2d16394e58c3d88c3a6ae037be6706a9ef","first_seen":"2023-05-01T18:01:52Z","last_seen":"2026-07-01T09:58:56.132238Z","times_seen":5632,"resource_available":false,"data":null}},"time_used":1429,"timings":{"blocked":0,"dns":72,"connect":150,"send":0,"wait":299,"receive":0,"ssl":907},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"gh.sdtznt.com/serv","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-25T12:17:55.787Z","timestamp":1782389875787,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /serv HTTP/1.1\r\nHost: gh.sdtznt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-01T10:18:58.66886Z","times_seen":16887239,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-25","alert":"Phishing Block","trigger":"gh.sdtznt.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"gh.sdtznt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"gh.sdtznt.com/serv","fqdn":"gh.sdtznt.com","domain":"sdtznt.com","tld":"com"},"ip":{"addr":"82.165.110.163","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-25T12:18:00.764Z","timestamp":1782389880764,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /serv HTTP/1.1\r\nHost: gh.sdtznt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Thu, 25 Jun 2026 12:18:02 GMT\r\nServer: Apache\r\nLocation: http://gh.sdtznt.com/serv/\r\nContent-Length: 274\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-01T10:18:58.66886Z","times_seen":16887239,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-25","alert":"Phishing Block","trigger":"gh.sdtznt.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"gh.sdtznt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"adriana-dsa.com/app/arsmtp/media/download-logo.png","fqdn":"adriana-dsa.com","domain":"adriana-dsa.com","tld":"com"},"ip":{"addr":"104.193.173.236","port":443,"asn":54643,"as":"IDIGITAL","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://gh.sdtznt.com/serv/","date":"2026-06-25T12:18:02.434Z","timestamp":1782389882434,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adriana-dsa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 May 2026 18:32:41 GMT","end":"Wed, 05 Aug 2026 18:32:40 GMT"},"fingerprint":{"sha1":"CA:27:C7:98:D9:27:25:EF:E8:25:C2:B9:FC:3E:F5:92:9B:9C:5A:30","sha256":"13:CD:1E:BA:9C:30:FF:63:81:0A:D3:E0:94:36:57:75:27:8D:CB:EF:7B:69:93:D9:04:CC:7F:94:EA:9F:06:B0"}}},"request":{"raw":"GET /app/arsmtp/media/download-logo.png HTTP/1.1\r\nHost: adriana-dsa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Jun 2026 12:18:04 GMT\r\nServer: Apache\r\nLast-Modified: Fri, 06 Jun 2025 21:50:23 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 7746\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":7746,"size_decoded":7989,"mime_type":"image/png","magic":"PNG image data, 300 x 76, 8-bit/color RGBA, non-interlaced","md5":"8f66b06c5aedba6a75ce7f9a49619c4a","sha1":"cef70286faa37d152c3b2af9a60f8340534f1f3d","sha256":"a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6","sha512":"65c7a0e856db0e42954891a1e5eebb99156e2e23312f01223dd6d40d35e66c067ab38cdf1e453840a2476d3b9e8f64f9e64bf67c67e8d2d11fbc2dcc8470b815","ssdeep":"96:75QSAVeb6f7oLVN56aqo+vv5MmWB1zfGhbhdmhcblk4PceNEEe0mjjZ:tQSAVya7mVK/Ry/zePshHyNEEJs","tlshash":"6ef1bfed34d1f1f859b89bffe1453291ec5b1fa78222f05ce229d470546c851b24ae2e","first_seen":"2023-05-03T15:00:06Z","last_seen":"2026-06-29T10:32:29.682314Z","times_seen":449,"resource_available":false,"data":null}},"time_used":1691,"timings":{"blocked":0,"dns":334,"connect":149,"send":0,"wait":298,"receive":0,"ssl":910},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"adriana-dsa.com/app/arsmtp/media/download.gif","fqdn":"adriana-dsa.com","domain":"adriana-dsa.com","tld":"com"},"ip":{"addr":"104.193.173.236","port":443,"asn":54643,"as":"IDIGITAL","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://gh.sdtznt.com/serv/","date":"2026-06-25T12:18:02.436Z","timestamp":1782389882436,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adriana-dsa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 May 2026 18:32:41 GMT","end":"Wed, 05 Aug 2026 18:32:40 GMT"},"fingerprint":{"sha1":"CA:27:C7:98:D9:27:25:EF:E8:25:C2:B9:FC:3E:F5:92:9B:9C:5A:30","sha256":"13:CD:1E:BA:9C:30:FF:63:81:0A:D3:E0:94:36:57:75:27:8D:CB:EF:7B:69:93:D9:04:CC:7F:94:EA:9F:06:B0"}}},"request":{"raw":"GET /app/arsmtp/media/download.gif HTTP/1.1\r\nHost: adriana-dsa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 25 Jun 2026 12:18:04 GMT\r\nServer: Apache\r\nLast-Modified: Fri, 06 Jun 2025 21:50:23 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 108283\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/gif\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":108283,"size_decoded":108528,"mime_type":"image/gif","magic":"GIF image data, version 89a, 362 x 362","md5":"be0d9fd5a1c00a70c7cc41abd73709ff","sha1":"62394a9d43bbffaaa117c0baca9e10d41c397097","sha256":"2b491e2211f7003c16a9132d78a95753e0315bf30b1977518d65e3a76dccec20","sha512":"ea92a5825ce15c80f83e44cea54a5474aa55b734c268e2179628ef6c5fa4f79288a662c2716c6953bfe236645613dbcfc050a71ac6963f92dcf2c28f8e6090e9","ssdeep":"3072:SuYszn//XvDWmLz34AdakjsNKDoWqb5Z6xNt:/VnHCmN8UCKDoBb5ZwNt","tlshash":"f3b301019a6e4e9bee7534bc323e2a11978423ec2dd9f67f95e0b7422fe52605690c07","first_seen":"2023-07-02T06:06:02Z","last_seen":"2026-06-29T10:32:29.681533Z","times_seen":444,"resource_available":false,"data":null}},"time_used":2104,"timings":{"blocked":0,"dns":332,"connect":147,"send":0,"wait":294,"receive":441,"ssl":890},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}
