Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "_source": {
- "to": [
- [
- "",
- "gwenaelle.bauza@test.it"
- ]
- ],
- "tags": [
- "mails",
- "analysis",
- "geoip"
- ],
- "x-mimeole": "Produced By Microsoft MimeOLE V6.1.7601.17514",
- "mailbox": "postfix",
- "sha1": "04cdbb2515fa9abacf13829edc2f6a4e4db2d392",
- "x-original-to": "gwenaelle.bauza@test.it",
- "@timestamp": "2018-07-26T13:50:17.443Z",
- "subject": "Avete Messaggio urgente",
- "thread-index": "Acx6h4269uya6487x6h4269uya6487==",
- "to_domains": [
- "test.it"
- ],
- "ssdeep": "48:sUreUVEl9YMHicF+KkTDOppklHkIGHkI+kJU4IaAtv7Ushk/xVU:9e4w9sZOp2oFW7XWsInU",
- "content-type": "multipart/alternative;\n\tboundary=\"----=_NextPart_000_0034_01D42500.058CC117\"",
- "date": "2018-07-26T16:27:39",
- "body": ".style1 { COLOR: #ffffff}.style2 { COLOR: #001f6b}// \n \nSalve\n \nIl suo profilo e stato chiuso\n \nPremere sul link per effettuare lo sblocco\n \nhttps://www.intesasanpaolo.com/bloccato/ID-72242916/ \n\n\nGrazie, Intesasanpaolo.\n--- mail_boundary ---\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n<HTML><HEAD>\n<META content=\"text/html; charset=us-ascii\" http-equiv=Content-Type>\n<META name=GENERATOR content=\"MSHTML 8.00.7601.17514\"></HEAD>\n<BODY>\n<DIV><SPAN class=941117457-26072018><FONT size=2 \nface=Arial><STYLE type=text/css>.style1 {\n\n COLOR: #ffffff\n\n}\n\n.style2 {\n\n COLOR: #001f6b\n\n}\n\n</STYLE>\n\n\n\n<SCRIPT type=colorScheme>// <![CDATA[\n\n {\n\n \"name\":\"Default\",\n\n \"bgBody\":\"ffffff\",\n\n \"link\":\"fff\",\n\n \"color\":\"555555\",\n\n \"bgItem\":\"ffffff\",\n\n \"title\":\"181818\"\n\n }\n\n// ]]></SCRIPT>\n\n</HEAD>\n\n<BODY>\n\n<DIV><FONT size=2 face=Arimo><IMG border=0 hspace=0 alt=\"\" \n\nsrc=\"https://media.smau.it/x-exhibition/upload/partner/2015/09/26/001-B1010-dwl02.jpg\" \n\nwidth=276 height=34></FONT></DIV>\n\n<DIV> </DIV>\n\n<DIV><FONT size=2 face=Arimo>Salve</FONT></DIV>\n\n<DIV>\n\n<DIV><FONT face=Arimo></FONT> </DIV>\n\n<DIV align=left><FONT size=2 face=Arimo>Il suo profilo e stato chiuso</FONT></DIV>\n\n<DIV><FONT face=Arimo></FONT> </DIV>\n\n<DIV align=left><FONT size=2 face=Arimo>Premere sul link per effettuare lo sblocco</FONT></DIV>\n\n<DIV align=left><FONT size=2 face=Arimo></FONT> </DIV>\n\n<DIV align=left><FONT size=2><A href=\"http://hanumaninternationalmission.com/yOegkh.html\"><FONT \n\nface=Arimo>https://www.intesasanpaolo.com/bloccato/ID-72242916/</FONT></A></A></A><FONT \n\nface=Arimo> </FONT></FONT></DIV>\n\n<DIV align=left><FONT size=2><FONT face=Arimo></A></A></FONT></FONT></DIV>\n\n<DIV align=left><FONT size=2 face=Arimo></FONT></DIV>\n\n<DIV><FONT face=Arimo>Grazie, Intesasanpaolo.</FONT></DIV></FONT></SPAN></DIV></BODY></HTML>",
- "size": 3078,
- "sha512": "4a157a4425b55067ff0307ef1f2f2fc27f3cd819f5ca2f9d1d89a37c0054068b54e2fd4e3f87c60465bbac112e95e1cfbb71d01f0eeed691b5ccbc8567f9c9c1",
- "from": [
- [
- "Intesasanpaolo",
- "security@intesasanpaolo.com"
- ]
- ],
- "analisys_date": "2018-07-26T13:50:17.443124",
- "received": [
- {
- "date_utc": "2018-07-26T13:50:11",
- "date": "Thu, 26 Jul 2018 13:50:11 +0000 UTC",
- "by": "localhost Postfix",
- "hop": 1,
- "with": "ESMTP id DD3171E20DE for <gwenaelle.bauza@test.it>",
- "delay": 0,
- "from": "94.187.48.124 unknown 94.187.48.124"
- }
- ],
- "@version": "1",
- "sender_ip": "94.187.48.124",
- "mail_file": "1532613012.Vfe00I184c16M637300.6d12ed72789c",
- "delivered-to": [
- [
- "",
- "root@localhost"
- ]
- ],
- "urls": {
- "body": [
- {
- "fragment": null,
- "subdomain": "media",
- "domain_without_tld": "smau",
- "scheme": "https",
- "domain": "smau.it",
- "tld": "it",
- "port": null,
- "url": "https://media.smau.it/x-exhibition/upload/partner/2015/09/26/001-B1010-dwl02.jpg",
- "resource_path": "/x-exhibition/upload/partner/2015/09/26/001-B1010-dwl02.jpg",
- "host": "media.smau.it",
- "query_string": null
- },
- {
- "fragment": null,
- "subdomain": null,
- "domain_without_tld": "hanumaninternationalmission",
- "scheme": "http",
- "domain": "hanumaninternationalmission.com",
- "tld": "com",
- "port": null,
- "url": "http://hanumaninternationalmission.com/yOegkh.html",
- "resource_path": "/yOegkh.html",
- "host": "hanumaninternationalmission.com",
- "query_string": null
- }
- ]
- },
- "network": {
- "is_filtered": false
- },
- "geoip": {
- "ip": "94.187.48.124",
- "region_code": "BA",
- "city_name": "Beirut",
- "timezone": "Asia/Beirut",
- "country_code2": "LB",
- "longitude": 35.5097,
- "latitude": 33.8719,
- "continent_code": "AS",
- "region_name": "Beyrouth",
- "country_name": "Lebanon",
- "country_code3": "LB",
- "location": {
- "lon": 35.5097,
- "lat": 33.8719
- }
- },
- "return-path": "<security@intesasanpaolo.com>",
- "x-mailer": "Microsoft Office Outlook 11",
- "with_attachments": false,
- "raw_mail": {
- "is_filtered": false
- },
- "priority": 10,
- "mime-version": "1.0",
- "mail_server": "spamscope",
- "sha256": "8aace268c4b2e3e2b9bcd957d28068d0efa3bd6139e947207d4906a48228452b",
- "phishing": {
- "score": 33,
- "targets": [
- "Intesa Sanpaolo Spa"
- ],
- "score_expanded": [
- "mail_body",
- "mail_from"
- ],
- "with_phishing": true
- },
- "md5": "814e9490109e5e21ef9d8d88f888f27c",
- "message-id": "<003701d42500$05908673$9cc59c8e$@intesasanpaolo.com>",
- "is_filtered": false,
- "has_defects": false
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement