{"report_id":"4edbe85a-70c8-4a83-8cce-51b19522b69e","version":6,"status":"done","tags":[],"date":"2023-12-15T11:21:25Z","url":{"schema":"http","addr":"unsubscribe.be-mail.it/309/2248572/be0cc61405a8f39a739b7d2fce73bfcc/5900/","fqdn":"unsubscribe.be-mail.it","domain":"be-mail.it","tld":"it"},"ip":{"addr":"151.1.245.27","port":0,"asn":3242,"as":"ITnet S.r.l.","country":"Italy","country_code":"IT"},"final":{"url":{"schema":"http","addr":"unsubscribe.be-mail.it/309/2248572/be0cc61405a8f39a739b7d2fce73bfcc/5900/","fqdn":"unsubscribe.be-mail.it","domain":"be-mail.it","tld":"it"},"title":"unsubscribe.be-mail.it/309/2248572/be0cc61405a8f39a739b7d2fce73bfcc/5900/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T07:43:24Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"unsubscribe.be-mail.it","ip":{"addr":"151.1.245.27","port":80,"asn":3242,"as":"ITnet S.r.l.","country":"Italy","country_code":"IT"},"domain_registered":"2015-07-01","domain_rank":0,"first_seen":"2015-10-13 17:43:10","last_seen":"2023-12-10 22:32:06","alert_count":0,"request_count":2,"received_data":15702,"sent_data":872,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-15T11:21:01Z","timestamp":1702639261,"ip_dst":{"addr":"Client IP","port":55770,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"151.1.245.27","port":443,"asn":3242,"as":"ITnet S.r.l.","country":"Italy","country_code":"IT"},"severity":"high","alert":"ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)","source":"{\"timestamp\":\"2023-12-15T11:21:01.329055+0000\",\"flow_id\":935854962754315,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"151.1.245.27\",\"src_port\":443,\"dest_ip\":\"10.70.215.111\",\"dest_port\":55770,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013659,\"rev\":6,\"signature\":\"ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2011_09_15\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"SSL_Malicious_Cert\"],\"updated_at\":[\"2022_03_23\"]}},\"tls\":{\"subject\":\"C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=www.be-mail.it, Email=root@www.be-mail.it\",\"issuerdn\":\"C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=www.be-mail.it, Email=root@www.be-mail.it\",\"serial\":\"6E:41\",\"fingerprint\":\"d8:ff:3e:c1:45:ac:58:af:14:51:07:31:92:c4:20:b4:fb:95:55:27\",\"sni\":\"unsubscribe.be-mail.it\",\"version\":\"TLS 1.2\",\"notbefore\":\"2017-03-22T23:21:03\",\"notafter\":\"2018-03-22T23:21:03\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"699a80bdb17efe157c861f92c5bf5d1d\",\"string\":\"771,49199,0-65281-11\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":5,\"bytes_toserver\":1345,\"bytes_toclient\":1863,\"start\":\"2023-12-15T11:21:01.181003+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-15T11:21:01Z","timestamp":1702639261,"ip_dst":{"addr":"Client IP","port":55784,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"151.1.245.27","port":443,"asn":3242,"as":"ITnet S.r.l.","country":"Italy","country_code":"IT"},"severity":"high","alert":"ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)","source":"{\"timestamp\":\"2023-12-15T11:21:01.406097+0000\",\"flow_id\":1714654940062730,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"151.1.245.27\",\"src_port\":443,\"dest_ip\":\"10.70.215.111\",\"dest_port\":55784,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013659,\"rev\":6,\"signature\":\"ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2011_09_15\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"SSL_Malicious_Cert\"],\"updated_at\":[\"2022_03_23\"]}},\"tls\":{\"subject\":\"C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=www.be-mail.it, Email=root@www.be-mail.it\",\"issuerdn\":\"C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=www.be-mail.it, Email=root@www.be-mail.it\",\"serial\":\"6E:41\",\"fingerprint\":\"d8:ff:3e:c1:45:ac:58:af:14:51:07:31:92:c4:20:b4:fb:95:55:27\",\"sni\":\"unsubscribe.be-mail.it\",\"version\":\"TLS 1.2\",\"notbefore\":\"2017-03-22T23:21:03\",\"notafter\":\"2018-03-22T23:21:03\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"699a80bdb17efe157c861f92c5bf5d1d\",\"string\":\"771,49199,0-65281-11\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":5,\"bytes_toserver\":1210,\"bytes_toclient\":1863,\"start\":\"2023-12-15T11:21:01.287754+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"unsubscribe.be-mail.it/309/2248572/be0cc61405a8f39a739b7d2fce73bfcc/5900/","fqdn":"unsubscribe.be-mail.it","domain":"be-mail.it","tld":"it"},"ip":{"addr":"151.1.245.27","port":80,"asn":3242,"as":"ITnet S.r.l.","country":"Italy","country_code":"IT"},"introduction_type":"scriptElement","is_inline":true,"md5":"0920a247e3992e42300b795ffbd7387a","sha1":"39320737e3b45a4258c92950c0f36ec0b00c8be6","sha256":"454a0ab3f2ab276853625039e6feab115056496abb93f6e3de58c3cd03b60c5b","sha512":"bf9250106c7af7914ba9a5e4e6aeed8e0ad9be775fce6b869fc8420c9e850a64cd94c3dae0282e2779e1294b4c0f0f34a5f1b2508d2ad8b2cba32be9c3a4adf2","ssdeep":"768:4HieCsCp8Lm9obS/IaDI9c/1rf2eS/+QtuM4KkGqXCyef1hhl89+PMZmcJqQBFf9:RV8y9oBDs3XAAJpPfwTee1KAiwzSkBIh","tlshash":"ced22ac8b0d170f36bb386d6e17fc381f12255353a0ac890b19ad9f664c5dd92176e3a","size":30442,"data":"","first_seen":"2023-12-15T12:21:26Z","last_seen":"2024-08-20T15:48:53.345341Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"unsubscribe.be-mail.it/309/2248572/be0cc61405a8f39a739b7d2fce73bfcc/5900/","fqdn":"unsubscribe.be-mail.it","domain":"be-mail.it","tld":"it"},"ip":{"addr":"151.1.245.27","port":80,"asn":3242,"as":"ITnet S.r.l.","country":"Italy","country_code":"IT"},"introduction_type":"scriptElement","is_inline":true,"md5":"ca53dc207979322363c6af6ee62cce5a","sha1":"4897ca1af3f012aa604a1199520fceee65716493","sha256":"e9898ffadc377c73ba19ca8e7bb0da9afdfc0ce609527ea2f50119b73ea02319","sha512":"40b34d279a9ed22852383e7f4d23bdd742e015ed9310229c7ad145bc076fc5b124c4b15f5954e5083dd5d05182a8e8d69f53f34a9673276cd795002c9c62000a","ssdeep":"","tlshash":"95d02bc2f66740f7875751db25dbc46826eaf65c286d58d0fd4e8ab0497013d6502941","size":274,"data":"","first_seen":"2023-06-26T17:04:57Z","last_seen":"2026-04-15T09:59:33.043032Z","times_seen":51,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"unsubscribe.be-mail.it/309/2248572/be0cc61405a8f39a739b7d2fce73bfcc/5900/","fqdn":"unsubscribe.be-mail.it","domain":"be-mail.it","tld":"it"},"ip":{"addr":"151.1.245.27","port":80,"asn":3242,"as":"ITnet S.r.l.","country":"Italy","country_code":"IT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-15T11:21:01.382Z","timestamp":1702639261382,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /309/2248572/be0cc61405a8f39a739b7d2fce73bfcc/5900/ HTTP/1.1\r\nHost: unsubscribe.be-mail.it\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 Dec 2023 11:21:00 GMT\r\nServer: Apache/2.4.6 (CentOS)\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nKeep-Alive: timeout=2, max=128\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10861,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\n- HTML document, ASCII text, with very long lines (30210)","md5":"8f1ebf914cea30bc5a09531b0f00a691","sha1":"1c36d39a01a64584b9385c4d69cc355b983c7002","sha256":"75922a799e0e3c05c9e318a74b80413d7391fe80c736b1c7cc155f67cfa68e3f","sha512":"bc40e44a443111c9ab44a3b22358b47c1a30827d12d07d5f0611058f7cd8382222d7ede419ba4b0aec3a573f89967f2b6fbee5469fe54c4ef101d1c87aa15eab","ssdeep":"768:GHieCsCp8Lm9obS/IaDI9c/1rf2eS/+QtuM4KkGqXCyef1hhl89+PMZmcJqQBFfK:TV8y9oBDs3XAAJpPfwTee1KAiwzSkBIG","tlshash":"36d22ac4b1d170f36bb386d6e0bfc281f12255353a0ac890b19ad9f664c5ded2176e3a","first_seen":"2023-12-15T12:21:26Z","last_seen":"2023-12-15T12:21:26Z","times_seen":1,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":38,"dns":0,"connect":37,"send":0,"wait":61,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"unsubscribe.be-mail.it/favicon.ico","fqdn":"unsubscribe.be-mail.it","domain":"be-mail.it","tld":"it"},"ip":{"addr":"151.1.245.27","port":80,"asn":3242,"as":"ITnet S.r.l.","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://unsubscribe.be-mail.it/309/2248572/be0cc61405a8f39a739b7d2fce73bfcc/5900/","date":"2023-12-15T11:21:01.577Z","timestamp":1702639261577,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: unsubscribe.be-mail.it\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://unsubscribe.be-mail.it/309/2248572/be0cc61405a8f39a739b7d2fce73bfcc/5900/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 Dec 2023 11:21:00 GMT\r\nServer: Apache/2.4.6 (CentOS)\r\nLast-Modified: Tue, 23 Jun 2015 09:00:05 GMT\r\nETag: \"10be-5192b9dc86f40\"\r\nAccept-Ranges: bytes\r\nContent-Length: 4286\r\nKeep-Alive: timeout=2, max=127\r\nConnection: Keep-Alive\r\nContent-Type: image/vnd.microsoft.icon\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4286,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\n- data","md5":"e7efc666d82d757bf36f26b382258c31","sha1":"6fd5b52072f847a6888aa481caaa2eb92f1f2af3","sha256":"0311d3ea961155433ad931db10dd632ad48713389217e9283b7aefc08d4e7964","sha512":"466d489af7c1f33c9779fc3a938fbe2d569b1e3dcfc432dbc0865d3eb910eb4a5a458d90aea4dd5ba05c6a46ad8f467dc45c8af99ca131b3d013c032fdec7b12","ssdeep":"96:RplL04tVQ7L8gdp7SLd60VO3UHNXV/fj9Y:NS","tlshash":"fa91b5f2556100a8fcaad73154fd4fe5a0e6ddab6970ca4f016b72811133c2f6b3658e","first_seen":"2023-05-06T16:18:16Z","last_seen":"2026-04-19T02:52:19.916431Z","times_seen":460,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}