{"report_id":"333b0e91-9bbd-46b6-997f-f06d6dabdd8f","version":6,"status":"done","tags":["phishing","gophish"],"date":"2026-02-22T12:24:58Z","url":{"schema":"https","addr":"linkedin.comunicazioni-sicure.it/actionrequired?rid=zgeNpN8","fqdn":"linkedin.comunicazioni-sicure.it","domain":"comunicazioni-sicure.it","tld":"it"},"ip":{"addr":"52.209.134.82","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"final":{"url":{"schema":"https","addr":"linkedin.comunicazioni-sicure.it/actionrequired?rid=zgeNpN8","fqdn":"linkedin.comunicazioni-sicure.it","domain":"comunicazioni-sicure.it","tld":"it"},"title":"linkedin.comunicazioni-sicure.it/actionrequired?rid=zgeNpN8","dom":{"size":8530,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"933e33e8409825f0d0d7c3d78b7f0c97","sha1":"95ba182bd49ab8eb03eed215ad7c8b37ba6dcdd1","sha256":"a583a69ee7f37a7fe773b9cd31a838fe0a6815dac46566f8146c43f22ecd7260","sha512":"f1858e1b332bec835f1867d3e5903993c9266afbb2d8d4471f0450442ea5b93925a129afea48dde03152c239954b0fc5cae3ca1edb68c933d76cd9ee27697329","ssdeep":"96:naNe183czSSztZOL+uVXnEsZTPDQTV+Zj1zFZza5NX0aph2aFHehsoxAf:n1GoS+utnRZTPDmV+A5N6OHV","tlshash":"c6023321df1e11cf2630adec1d70fae9230d91218b261c97fe52d57a9ec4ca84e58e97","dom_hash":"domhash1d53a33440af6f968a2394cc6380b234","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"linkedin.comunicazioni-sicure.it/actionrequired?rid=zgeNpN8","fqdn":"linkedin.comunicazioni-sicure.it","domain":"comunicazioni-sicure.it","tld":"it"},"ip":{"addr":"52.209.134.82","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-29T12:24:58Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null}]},"summary":[{"fqdn":"linkedin.comunicazioni-sicure.it","ip":{"addr":"18.200.118.190","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2023-10-05","domain_rank":0,"first_seen":"2026-02-22T12:24:58.633111Z","last_seen":"2026-02-22T12:24:58.633111Z","alert_count":15,"request_count":3,"received_data":12094,"sent_data":1535,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"linkedin.comunicazioni-sicure.it/actionrequired?rid=zgeNpN8","fqdn":"linkedin.comunicazioni-sicure.it","domain":"comunicazioni-sicure.it","tld":"it"},"ip":{"addr":"18.200.118.190","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-22T12:24:35.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.comunicazioni-sicure.it","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Wed, 09 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"52:B7:E1:DD:33:A0:FD:5F:A2:95:95:FD:28:04:15:DC:43:53:B6:1F","sha256":"C7:DD:91:0E:4C:39:68:C4:13:F7:CE:11:B7:1A:03:CA:DD:6E:AE:1B:88:AB:7B:A4:2F:C9:71:A8:40:79:80:EE"}}},"request":{"raw":"GET /actionrequired?rid=zgeNpN8 HTTP/1.1\r\nHost: linkedin.comunicazioni-sicure.it\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 22 Feb 2026 12:24:36 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 1969\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-server: gophish\r\nstrict-transport-security: max-age=15724800; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8557,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"6dd17d1f3e6bf6c2d965271d5f5b2d06","sha1":"911a2cc6f3a68fffea559202a79d161efdf8883e","sha256":"2f9b33e1ff6f0c5d4165a433feabb47030d2f538ed2e5f469805f11b8dd83be4","sha512":"757855aab6cce1498d9938be837e6051ad6a57d041967e6103b3c39c0bd3cb6cd23c9090d234d18762c16c4a17dd6e2d989ef0f3290e6dafd3fbed710e24a448","ssdeep":"96:TnNe183czSSztZOL+uVXnEsZTPDQTV+Zj1zFZza5NX0aph5aFHehv9xAf:01GoS+utnRZTPDmV+A5N9OHF","tlshash":"59024321df1e11cf2630adec1d70fae9230d91214b221c97fe52d57a5ec4ca84a58ed7","first_seen":"2026-02-22T12:25:00.059948Z","last_seen":"2026-06-05T13:30:23.233111Z","times_seen":2,"resource_available":true,"data":null}},"time_used":833,"timings":{"blocked":281,"dns":127,"connect":34,"send":0,"wait":270,"receive":0,"ssl":118},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null}]}},{"url":{"schema":"https","addr":"linkedin.comunicazioni-sicure.it/cdn/img/linkedinnlogo.png","fqdn":"linkedin.comunicazioni-sicure.it","domain":"comunicazioni-sicure.it","tld":"it"},"ip":{"addr":"18.200.118.190","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://linkedin.comunicazioni-sicure.it/actionrequired?rid=zgeNpN8","date":"2026-02-22T12:24:36.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.comunicazioni-sicure.it","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Wed, 09 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"52:B7:E1:DD:33:A0:FD:5F:A2:95:95:FD:28:04:15:DC:43:53:B6:1F","sha256":"C7:DD:91:0E:4C:39:68:C4:13:F7:CE:11:B7:1A:03:CA:DD:6E:AE:1B:88:AB:7B:A4:2F:C9:71:A8:40:79:80:EE"}}},"request":{"raw":"GET /cdn/img/linkedinnlogo.png HTTP/1.1\r\nHost: linkedin.comunicazioni-sicure.it\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://linkedin.comunicazioni-sicure.it/actionrequired?rid=zgeNpN8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 22 Feb 2026 12:24:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 2118\r\nlast-modified: Wed, 09 Jul 2025 08:35:20 GMT\r\netag: \"686e29c8-846\"\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15724800; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2118,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 168 x 42, 8-bit/color RGBA, non-interlaced","md5":"00ab1ad2c0df44f00f1bbdf98243df69","sha1":"59456e9ddc220346089b1b16df6c5b0a6862008a","sha256":"a66a0453e7d89afc8a9a989531ceffda32908cc9763355d3f4a24f990c1a4006","sha512":"b625901787e84172f61a5446e68922e95ec80389b4756f158d028bb56c888bf0a78abfee67f2db0a0563a408dcc3c9cc47c107b31c6dd63db50cdad1a371f212","ssdeep":"","tlshash":"3a413c6ed51fb93417e25c6bbbc20d4bc941c32238f11f769820a0515316bfa193f11d","first_seen":"2024-12-05T15:03:52.386506Z","last_seen":"2026-06-05T13:30:23.234366Z","times_seen":6,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null}]}},{"url":{"schema":"https","addr":"linkedin.comunicazioni-sicure.it/favicon.ico","fqdn":"linkedin.comunicazioni-sicure.it","domain":"comunicazioni-sicure.it","tld":"it"},"ip":{"addr":"18.200.118.190","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://linkedin.comunicazioni-sicure.it/actionrequired?rid=zgeNpN8","date":"2026-02-22T12:24:36.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.comunicazioni-sicure.it","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Wed, 09 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"52:B7:E1:DD:33:A0:FD:5F:A2:95:95:FD:28:04:15:DC:43:53:B6:1F","sha256":"C7:DD:91:0E:4C:39:68:C4:13:F7:CE:11:B7:1A:03:CA:DD:6E:AE:1B:88:AB:7B:A4:2F:C9:71:A8:40:79:80:EE"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: linkedin.comunicazioni-sicure.it\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://linkedin.comunicazioni-sicure.it/actionrequired?rid=zgeNpN8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 22 Feb 2026 12:24:36 GMT\r\ncontent-type: text/html\r\ncontent-length: 604\r\nlast-modified: Mon, 16 Feb 2026 16:37:25 GMT\r\netag: \"699347c5-25c\"\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15724800; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":604,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (604), with no line terminators","md5":"72bc3d043fc8f35140ad05a61741d067","sha1":"29d372ed2f097c7b7a2654e3362cfbb4121ccd8f","sha256":"84c6c3bc742f31a1ff9d72f27e42b4fba7ae25f615431615266da95e70fe0188","sha512":"3c39091399c12fdb55b8506e4c5840706a61ea1afdbdc602c50797ca8ca47d1e80cd6f119617c4d5a3ed5d80b81303237e054be9de116d5a8783ffde01516ce0","ssdeep":"","tlshash":"c1f04182cc20d08d43605f95ad30f32ec88aaa0c8e219cc071f440bd18f4fcd8dabc14","first_seen":"2026-02-16T18:16:04.985589Z","last_seen":"2026-03-03T09:58:14.391583Z","times_seen":74,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"linkedin.comunicazioni-sicure.it","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Gophish Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","gophish"],"meta":null}]}}]}