{"report_id":"513c8ac3-c9a4-4b80-8b5c-4e1ca92ff6a2","version":6,"status":"done","tags":[],"date":"2026-06-03T16:44:09Z","url":{"schema":"http","addr":"jocular-speculoos-27d691.netlify.app/","fqdn":"jocular-speculoos-27d691.netlify.app","domain":"jocular-speculoos-27d691.netlify.app","tld":"netlify.app"},"ip":{"addr":"35.157.26.135","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"jocular-speculoos-27d691.netlify.app/","fqdn":"jocular-speculoos-27d691.netlify.app","domain":"jocular-speculoos-27d691.netlify.app","tld":"netlify.app"},"title":"Site not found","dom":{"size":3212,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2001)","md5":"9d8498d110f10807a4efa61b18de0808","sha1":"1abad90aa654fe40127b621bfa8ddf816e7931d9","sha256":"b99fdf6136552a9e23c500a48146333bf422a2fe127a9122ee1bdb41863c137e","sha512":"a4b3ea384db21626b5562afb4c17dc1006c7a5c713d47422409154a159883d6f3256f83401e05804e61d6c74f01bcd218cdf04dbb5bcc91d546769c5f3b126a0","ssdeep":"","tlshash":"bc6162a9c41a203f6d97681f13a4ca4d60297507dd9147d8ffaa53acc2dbaf305c2438","dom_hash":"domhashcb73cfededad984076e524bf6c61df10","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"jocular-speculoos-27d691.netlify.app/","fqdn":"jocular-speculoos-27d691.netlify.app","domain":"jocular-speculoos-27d691.netlify.app","tld":"netlify.app"},"ip":{"addr":"35.157.26.135","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-08T16:44:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-03T16:43:47Z","timestamp":1780505027,"ip_dst":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":50820,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing","source":"{\"timestamp\":\"2026-06-03T16:43:47.685972+0000\",\"flow_id\":1920824697406758,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":50820,\"dest_ip\":\"63.176.8.218\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032760,\"rev\":1,\"signature\":\"ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2021_04_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2021_04_14\"]}},\"tls\":{\"sni\":\"jocular-speculoos-27d691.netlify.app\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":938,\"bytes_toclient\":3503,\"start\":\"2026-06-03T16:43:47.640294+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"jocular-speculoos-27d691.netlify.app","ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2018-05-08","domain_rank":0,"first_seen":"2026-06-03T16:44:10.021612Z","last_seen":"2026-06-03T16:44:10.021612Z","alert_count":0,"request_count":3,"received_data":7216,"sent_data":1489,"comment":"","tags":null,"fingerprints":[{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"jocular-speculoos-27d691.netlify.app/","fqdn":"jocular-speculoos-27d691.netlify.app","domain":"jocular-speculoos-27d691.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-03T16:43:47.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 16 Feb 2026 00:00:00 GMT","end":"Fri, 19 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"34:CF:A1:69:24:C8:27:24:03:C7:7C:E7:F2:A1:8C:86:4A:EB:8B:FA","sha256":"BC:3A:81:34:C2:1A:84:2E:64:EA:34:D4:88:82:6D:D2:BA:50:F5:9A:3B:CB:AE:D1:E6:B7:1A:42:42:DE:14:78"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: jocular-speculoos-27d691.netlify.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ndate: Wed, 03 Jun 2026 16:43:47 GMT\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-nf-request-id: 01KT75X9BM8KX255KW3FGE3PW4\r\ncontent-length: 3164\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3164,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1984)","md5":"e6f98eb99945eade38d8d96c597aa19c","sha1":"048a5b1936c071064396e4fd332a6578efbc4ea6","sha256":"97edd486d18d0a4d4414c1f1c119ef41d967d33efa27c93faf5ffd06eed0b7e7","sha512":"533c2f34de1bd5f4382d37e032292a0bf0bca7e00b6f2a15a9c10bbb07a8f8f5a55cea34685821b85066ae7c86862c55b61772798de96483c2a1d66fd287c568","ssdeep":"","tlshash":"df5173adc41a203f6d93681f23a48e4d60297503dc9147e8ffaa936cd6db6f305d2838","first_seen":"2026-06-03T16:44:11.891868Z","last_seen":"2026-06-03T16:44:11.891868Z","times_seen":1,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jocular-speculoos-27d691.netlify.app/favicon.ico","fqdn":"jocular-speculoos-27d691.netlify.app","domain":"jocular-speculoos-27d691.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jocular-speculoos-27d691.netlify.app/","date":"2026-06-03T16:43:48.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 16 Feb 2026 00:00:00 GMT","end":"Fri, 19 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"34:CF:A1:69:24:C8:27:24:03:C7:7C:E7:F2:A1:8C:86:4A:EB:8B:FA","sha256":"BC:3A:81:34:C2:1A:84:2E:64:EA:34:D4:88:82:6D:D2:BA:50:F5:9A:3B:CB:AE:D1:E6:B7:1A:42:42:DE:14:78"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: jocular-speculoos-27d691.netlify.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jocular-speculoos-27d691.netlify.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, max-age=0\r\ncontent-type: text/plain; charset=utf-8\r\ndate: Wed, 03 Jun 2026 16:43:48 GMT\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-nf-request-id: 01KT75X9FPCJY763YFM7EBXWRA\r\ncontent-length: 50\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":50,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"c8da715980f25b6b2d28780d986e2966","sha1":"fc6900693f54ae9e9c6e00c2ff6ce8f4bf89018d","sha256":"9abd0a12d339c68d2f3f9ec4f90635e3d89f24a84da43d34303f58156bf0d15b","sha512":"90627fee3488e22f55b8769e0099db871667e35b6016b2dadbf303d35080c85dbad36cc48848e29ec12e150b13c8d00dc270337d93333d367efd36f2328fab46","ssdeep":"","tlshash":"5f9002560096e56d4422c9517b9481018c061560f6119173a480e0d20952640d1d544b","first_seen":"2026-06-03T16:44:11.893902Z","last_seen":"2026-06-03T16:44:11.893902Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jocular-speculoos-27d691.netlify.app/","fqdn":"jocular-speculoos-27d691.netlify.app","domain":"jocular-speculoos-27d691.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-03T16:43:47.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 16 Feb 2026 00:00:00 GMT","end":"Fri, 19 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"34:CF:A1:69:24:C8:27:24:03:C7:7C:E7:F2:A1:8C:86:4A:EB:8B:FA","sha256":"BC:3A:81:34:C2:1A:84:2E:64:EA:34:D4:88:82:6D:D2:BA:50:F5:9A:3B:CB:AE:D1:E6:B7:1A:42:42:DE:14:78"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: jocular-speculoos-27d691.netlify.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ndate: Wed, 03 Jun 2026 16:43:47 GMT\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-nf-request-id: 01KT75X94JXZA32N4QED4KTQ58\r\ncontent-length: 3164\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":3164,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1984)","md5":"172a6f1f32a08dc1c0f459e5a117f280","sha1":"1b97d9b7d6f954a972012ddc196723ffad9e79ae","sha256":"27fa184dbf7edde37ff09ecbe65103ed109e89a3bfeb48268d9eb9b14d5aefbf","sha512":"a9135d0a474c1edecf28a2f0bd463664b7ea71cd3bdcebf7aee981efcb7eeef177ff0c4a4e36e556d232e4bd8473c157f23c5ce6e4686760095cff865bf93490","ssdeep":"","tlshash":"215162a9c41a203f6d93681f23a48a4d60297543dc9147e8ffaa93acd6db6f315d2438","first_seen":"2026-06-03T16:44:11.898396Z","last_seen":"2026-06-03T16:44:11.898396Z","times_seen":1,"resource_available":true,"data":null}},"time_used":254,"timings":{"blocked":91,"dns":10,"connect":22,"send":0,"wait":72,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}