{"report_id":"edebe3ab-6c5a-4f35-a4a3-ea3b097d5812","version":6,"status":"done","tags":[],"date":"2026-04-05T21:16:32Z","url":{"schema":"http","addr":"bright-palmier-84cc57.netlify.app/?subid=1064765989448593409","fqdn":"bright-palmier-84cc57.netlify.app","domain":"bright-palmier-84cc57.netlify.app","tld":"netlify.app"},"ip":{"addr":"35.157.26.135","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"bright-palmier-84cc57.netlify.app/?subid=1064765989448593409","fqdn":"bright-palmier-84cc57.netlify.app","domain":"bright-palmier-84cc57.netlify.app","tld":"netlify.app"},"title":"Claim Your Free K6 Bonus","dom":{"size":4994,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"4b3de6a18060d2bb37616e8689ce89bb","sha1":"4bc6aaeca436a13280793b2ad9fb0de6c0bb1ebc","sha256":"93ac9400a41a6645182c704548f1fd0dfab6502027a78f4db3a50b107aa5486c","sha512":"b915179c3cafe4196664b87a75099b6e368c0ca38f8d47de472c5385ffabb7498d80d445255ec02d7ed881434583afc53e57ccd77b6a4a66324b3d229e3d96e4","ssdeep":"96:nCuIYllSRHAR4O2ACWrCL6QmWhKhFcKyrmiyJ3ss/HxJuXE58qD+skVpUL4bMj:qYl8RHAR4O2ACW2WQmWhKhFcKyrmiyJ7","tlshash":"36a1ca1666a22003a557607a3be7b71c37248043d20bcdb47edd4788cfcdaaa98e734d","dom_hash":"domhashc92d35bcf9ec2fd7ce8623dd4fa1398f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bright-palmier-84cc57.netlify.app/?subid=1064765989448593409","fqdn":"bright-palmier-84cc57.netlify.app","domain":"bright-palmier-84cc57.netlify.app","tld":"netlify.app"},"ip":{"addr":"35.157.26.135","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-10T21:16:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-05T21:16:09Z","timestamp":1775423769,"ip_dst":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":57604,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing","source":"{\"timestamp\":\"2026-04-05T21:16:09.705447+0000\",\"flow_id\":691239839665154,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":57604,\"dest_ip\":\"63.176.8.218\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032760,\"rev\":1,\"signature\":\"ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2021_04_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2021_04_14\"]}},\"tls\":{\"sni\":\"bright-palmier-84cc57.netlify.app\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":935,\"bytes_toclient\":3503,\"start\":\"2026-04-05T21:16:09.658434+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"bright-palmier-84cc57.netlify.app","ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2018-05-08","domain_rank":0,"first_seen":"2026-04-05T21:16:32.160786Z","last_seen":"2026-04-05T21:16:32.160786Z","alert_count":0,"request_count":2,"received_data":9495,"sent_data":1027,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"bright-palmier-84cc57.netlify.app/?subid=1064765989448593409","fqdn":"bright-palmier-84cc57.netlify.app","domain":"bright-palmier-84cc57.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"79a59797a7731c318641515402ec3bab","sha1":"acff76138d3ae3ccca9e8105e1690d52a1c6dd76","sha256":"2149113ae1b5afe1f6c67c4711d77cc8f3058f8a944a9349ceba693334c312db","sha512":"f988fa87cfc8e2696169cfbf2f092ad588c2aaa25e523fa0f7b25fae4cc0c69b04ce1e7bbb9e8a8ee9806bacefecf1f45e99f001c5a8daac70c636a18807d9e0","ssdeep":"","tlshash":"7121cc1a267320618ddb253f839f32583632505f5145cd08be4d87116fb9e3ea593b8f","size":1356,"data":"","first_seen":"2026-04-05T21:16:34.424877Z","last_seen":"2026-04-05T21:16:34.424877Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"bright-palmier-84cc57.netlify.app/favicon.ico","fqdn":"bright-palmier-84cc57.netlify.app","domain":"bright-palmier-84cc57.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bright-palmier-84cc57.netlify.app/?subid=1064765989448593409","date":"2026-04-05T21:16:09.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 16 Feb 2026 00:00:00 GMT","end":"Fri, 19 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"34:CF:A1:69:24:C8:27:24:03:C7:7C:E7:F2:A1:8C:86:4A:EB:8B:FA","sha256":"BC:3A:81:34:C2:1A:84:2E:64:EA:34:D4:88:82:6D:D2:BA:50:F5:9A:3B:CB:AE:D1:E6:B7:1A:42:42:DE:14:78"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: bright-palmier-84cc57.netlify.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bright-palmier-84cc57.netlify.app/?subid=1064765989448593409\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nage: 2384\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; hit\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sun, 05 Apr 2026 21:16:09 GMT\r\netag: 1774871440-ssl-df\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KNFR1KB3ND3WCTSYENQZ94DA\r\ncontent-length: 1214\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":3449,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"0f89e18d0abacb99149c5e59bf69b5e1","sha1":"9e1ebb10be890c5855eec444233c028270d3e65a","sha256":"8514f0009a58c6e0acb5468f88037732b59b70af5e524f452e3bef8fb33effc5","sha512":"5275d80f3f8f1f5e0d1b6b6b0745732a69d669d66dcdab418fc5a2094bffcb81ff1d34252c97c6dffe5470f0d359a3be03cfd3dfe3d729bf186917c8cf21ece0","ssdeep":"","tlshash":"1f61848dc9a7209b5c93643e27eb560a2274a247cd46da4c3fde6348cf492f214d36ac","first_seen":"2024-12-12T10:00:11.490986Z","last_seen":"2026-06-12T02:00:05.099752Z","times_seen":11899,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bright-palmier-84cc57.netlify.app/?subid=1064765989448593409","fqdn":"bright-palmier-84cc57.netlify.app","domain":"bright-palmier-84cc57.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T21:16:09.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 16 Feb 2026 00:00:00 GMT","end":"Fri, 19 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"34:CF:A1:69:24:C8:27:24:03:C7:7C:E7:F2:A1:8C:86:4A:EB:8B:FA","sha256":"BC:3A:81:34:C2:1A:84:2E:64:EA:34:D4:88:82:6D:D2:BA:50:F5:9A:3B:CB:AE:D1:E6:B7:1A:42:42:DE:14:78"}}},"request":{"raw":"GET /?subid=1064765989448593409 HTTP/1.1\r\nHost: bright-palmier-84cc57.netlify.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nage: 2385\r\ncache-control: public,max-age=0,must-revalidate\r\ncache-status: \"Netlify Edge\"; hit\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sun, 05 Apr 2026 21:16:09 GMT\r\netag: \"bc84eaf30e8e523b76d6d4d71c7dfb28-ssl-df\"\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nx-nf-request-id: 01KNFR1K4K6SK98TV0Z48TRFHM\r\ncontent-length: 1920\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":5121,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"35adaefddd715a36bee971c3bedbbcab","sha1":"542d17c227f745086c03593d19a2d76af73199de","sha256":"d2ded1a77cb997e3d07448a3d062fe63f0ca434773cd34ed179d831654fa2518","sha512":"4d0c86dc9bb1c8174a358556f8a9919ed89139c6ff4beeebfa4aa1d947f4df06f239e9be5023933a12c79f8d2b96f740b101b4c6d538eee034b25ee0c7b5436b","ssdeep":"96:uuXGzz//zIYt6+XxR/E1/jQurUCqK4I2pUHbi:JGP/7It+XxRe/8urUCc+bi","tlshash":"e5b1951665402002a577637aeba3e35cfb254093d30786b83edd42868ffda2585e3f8d","first_seen":"2026-04-05T21:16:34.423728Z","last_seen":"2026-04-05T21:16:34.423728Z","times_seen":1,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":86,"dns":8,"connect":23,"send":0,"wait":23,"receive":1,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}