From 3c7ae1306586174961d0cd8bc7b2ec0e8a4f862f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingebrigt=20Nyg=C3=A5rd?= Date: Fri, 14 Jan 2022 13:20:16 +0100 Subject: [PATCH 1/7] Add MailRisk by SecurePractice connector, logo and sample data. --- DataConnectors/SecurePractice_MailRisk.json | 136 + Logos/securepractice_logo.svg | 31 + Sample Data/Custom/MailRiskEmails_CL.json | 6008 +++++++++++++++++++ 3 files changed, 6175 insertions(+) create mode 100644 DataConnectors/SecurePractice_MailRisk.json create mode 100644 Logos/securepractice_logo.svg create mode 100644 Sample Data/Custom/MailRiskEmails_CL.json diff --git a/DataConnectors/SecurePractice_MailRisk.json b/DataConnectors/SecurePractice_MailRisk.json new file mode 100644 index 0000000000..5167b4b929 --- /dev/null +++ b/DataConnectors/SecurePractice_MailRisk.json @@ -0,0 +1,136 @@ +{ + "id": "SecurePractice_MailRisk", + "title": "MailRisk by Secure Practice", + "publisher": "Secure Practice", + "descriptionMarkdown": "Data connector to push emails from MailRisk into Azure Sentinel Log Analytics.", + "graphQueries": [ + { + "metricName": "Total emails received", + "legend": "MailRiskEmails_CL", + "baseQuery": "MailRiskEmails_CL" + } + ], + "sampleQueries": [ + { + "description" : "All emails", + "query": "MailRiskEmails_CL\n| sort by TimeGenerated desc" + }, + { + "description" : "Emails with SPF pass", + "query": "MailRiskEmails_CL\n| where spf_s == 'pass' \n| sort by TimeGenerated desc" + }, + { + "description" : "Emails with specific category", + "query": "MailRiskEmails_CL\n| where Category == 'scam' \n| sort by TimeGenerated desc" + }, + { + "description" : "Emails with link urls that contain the string \"microsoft\"", + "query": "MailRiskEmails_CL\n| sort by TimeGenerated desc\n| mv-expand link = parse_json(links_s)\n| where link.url contains \"microsoft\"" + } + ], + "dataTypes": [ + { + "name": "MailRiskEmails_CL", + "lastDataReceivedQuery": "MailRiskEmails_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriterias": [ + { + "type": "IsConnectedQuery", + "value": [ + "MailRiskEmails_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "API credentials", + "description": "Your Secure Practice API key pair is also needed, which are created in the [settings in the admin portal](https://manage.securepractice.co/settings/security). If you have lost your API secret, you can generate a new key pair (WARNING: Any other integrations using the old key pair will stop working)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to the Secure Practice API to push logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": "Please have these the Workspace ID and Workspace Primary Key (can be copied from the following), readily available.", + "instructions":[ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the MailRisk data connector using an ARM Template.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fgithub.com%2Fsecurepractice%2Fmailrisk-sentinel-connector%2Fblob%2Fmaster%2Fazuredeploy.json)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **Secure Practice API Key**, **Secure Practice API Secret** \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.\n5. Click **Purchase** to deploy." + }, + { + "title": "Manual deployment", + "description": "In the open source repository on [GitHub](https://github.com/securepractice/mailrisk-sentinel-connector) you can find instructions for how to manually deploy the data connector." + } + ], + "metadata": { + "id": "c9c97ce4-2093-466c-846e-49be58a39197", + "version": "0.1", + "kind": "dataConnector", + "source": { + "kind": "sourceRepository", + "name": "mailrisk-sentinel-connector", + "url": "https://github.com/securepractice/mailrisk-sentinel-connector" + }, + "author": { + "name": "Secure Practice" + }, + "support": { + "tier": "developer", + "name": "Secure Practice", + "email": "support@securepractice.co", + "link": "https://securepractice.co/support" + } + } +} \ No newline at end of file diff --git a/Logos/securepractice_logo.svg b/Logos/securepractice_logo.svg new file mode 100644 index 0000000000..378e5e3e94 --- /dev/null +++ b/Logos/securepractice_logo.svg @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Sample Data/Custom/MailRiskEmails_CL.json b/Sample Data/Custom/MailRiskEmails_CL.json new file mode 100644 index 0000000000..b1c091341d --- /dev/null +++ b/Sample Data/Custom/MailRiskEmails_CL.json @@ -0,0 +1,6008 @@ +[ + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:40:06.246 AM", + "Computer": "", + "RawData": "", + "event_type_s": "email_reported", + "reported_at_s": "2022-01-14 09:39:36", + "id_d": 1698, + "message_id_s": "0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com", + "size_bytes_d": 0, + "subject_s": "FW: Action Required: Update your payment information now", + "from_email_s": "invoice.i1Xt@office.onmicrosoft.com", + "from_name_s": "ITMicrosoft", + "reply_to_s": "", + "spam_score_d": 5, + "spf_s": "none", + "originating_ip_s": "", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://view.email.microsoftonline.com/?qs=68bf1f82012c27e94fe8d2172f9b7182686712020011d74988a8a7d5cc25140d58ceb825d7cf236669675429dfa118e0a050f745fc3437c40035897e267241bf73b58efd9c83a8606fa83043531645d7284894f664835cb2", + "text": "View this email in your browser.", + "hostname": "view.email.microsoftonline.com" + }, + { + "url": "http://18.136.196.156/", + "text": "UPDATE YOUR PAYMENT INFORMATION", + "hostname": "18.136.196.156" + }, + { + "url": "http://18.136.196.156/", + "text": "customer portal", + "hostname": "18.136.196.156" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=52a72b91226ecc694f6d382a93385149177f2fd413fd1d15e0dc8f8fd0eff986674d2f44c81b8c5dfb1fa270f76526f99a08eb145d58e4d62e95fd71275f29d0", + "text": "Sign in", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=995f41b322a641a38094c1bbb81ee22b55fbfbd611d45a9d6e86156ceef417b6bbb13f9a19e29efd90b9223b63731e33f14eac10f9b75bd2408e43ae7cbdc45c", + "text": "Visit the Community", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=3aff1d0bc19e65110ab3baad537ef2f7acf7d3aa023ecdff3e074c5b087f71a10f7ef19a62d274bb1f52e18bc52232173181a5b52f0f3338e9dff886d8e90e9f", + "text": "click here", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=71463b1103fd3f45c8e3fa9a291fa9ed9ff8773e5caebac30bfac16ef72ce3938bd44543c26a3135dfad791faf773a40f30d43900694ed3f", + "text": "", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=429ee6b24672b84cdbc91e3027c62bcfea21142eb884fa081a2433dc79e25ea1be20cb4845f829f8cea0c48b5b39ee19eb04e9a884defae15882020457616b6a", + "text": "Privacy", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=143a1afdcdf3a3c15c02bf0b3dcd10b314d867cab62ef9ff9227034e4e04ea952fa39995d1bd198ffab4ae9f1920e11c16f83ba0d614d0f57faf4779a40a2642", + "text": "Legal", + "hostname": "click.email.microsoftonline.com" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "phishing", + "risk_d": 3, + "risk_source_s": "phishtank", + "sent_at_s": "2019-06-12 04:47:46", + "assessed_at_s": "2022-01-14 09:39:49", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "SpCl@lyceedespiau.fr" + }, + { + "key": "Received", + "value": "from DB6P192MB0101.EURP192.PROD.OUTLOOK.COM (2603:10a6:7:52::21) by HE1P192MB0107.EURP192.PROD.OUTLOOK.COM with HTTPS via \r\n HE1P190CA0032.EURP190.PROD.OUTLOOK.COM; Thu, 9 May 2019 22:54:08 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ch arlesdespiau.onmicrosoft.com;\n s=selector1-lyceedespiau-fr; \r\n h=From:Date:Subject:Message-ID:Content-Type:MIME \r\n -Version:X-MS-Exchange-SenderADCheck; \r\n bh=UXlKV1Q/uZJaAM5qfO0rXdm9+pmr7rR0TqKFtgeyHWw=; \r\n b=joXlO8/n0gd4NoIdqmOGEQ/JNRk/MSrYQRkNR/LBF4vOcgUZu0DSS5hap3cSxqmasx+VP3RXwpyOlzwSOzXILqTenR8GZmmOeIhO4YqkidzodYrs5p3ocLXFEWpuX9WQ5ZDdG98RYoVPrsO0o39Ie+mnftZkSXHJre543w3kd00=" + }, + { + "key": "Message-ID", + "value": "<0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com>" + }, + { + "key": "Date", + "value": "Wed, 12 Jun 2019 04:47:46 +0000" + }, + { + "key": "Subject", + "value": "FW: Action Required: Update your payment information now" + }, + { + "key": "From", + "value": "ITMicrosoft " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1560314867_85e97cdf854363e8fc0797a6408fc4f7_=_\"" + }, + { + "key": "X-OriginalArrivalTime", + "value": "08 May 2019 21:08:00.0534 (UTC) FILETIME=" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "AM5P195MB0098:|DB6P192MB0101:" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Oob-TLC-OOBClassifiers", + "value": "OLM:7219;OLM:7219;" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "756a14ae-840c-4b9a-88bf-08d6d4d13ce9" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:01.9672942" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "AM5P195MB0098" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersPromoted", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-SenderADCheck", + "value": "2" + }, + { + "key": "X-MS-Exchange-Safelinks-Url-KeyVer", + "value": "1" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "8" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.1856.000" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "5" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "09 May 2019 22:54:07.0109 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "2:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp", + "value": "TenantId=0d52f93d-37ff-4b6f-b5f6-38b4f20d5b82;Ip=[54.254.138.144];Helo=[ciroc.com]" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "09 May 2019 22:54:06.8878 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-MS-Exchange-ATPSafeLinks-Stat", + "value": "0" + }, + { + "key": "X-MS-Exchange-ATPSafeLinks-BitVector", + "value": "100:0x0|0x100;" + }, + { + "key": "X-MS-Exchange-AtpMessageProperties", + "value": "sap=1;slp=1;" + }, + { + "key": "X-MimeOLE", + "value": "Produced By Microsoft MimeOLE V6.0.6002.19728" + }, + { + "key": "X-Mimecast-Spam-Score", + "value": "0" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(7168020)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7025125)(7027125)(7023125)(5600141)(711020)(4605104)(2017052603328);SRVR:AM5P195MB0098;" + }, + { + "key": "X-Microsoft-Antispam-PRVS", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "vs17R9tfmusnStwFGV86tHJnlg82KqiCyjLT0tUsRtHF5ZzM66fSnp9kbuRwcxnKII4dNLKJy/K5thwhq3srn/Rn1gJzpuOkOTIPKiOYLECcyDu/33ktGg9aC/IdiBUwzN35URv+hqEnfq+aJKSYkzz0ag9ks548dYsG5ySorN2k9hem3X/MLC2mkTjUkyI4oB75miw/lc+498er3c6K7UYtlNyHoO3ofyd+W6RWzHj0dTdeP9ZAaPLG72EpDCYIVPWacVQQFBh3TDRla5yRXrpTYdkM0nwTGF63zoVQG7lRZMhPuEEaX1ls1Kca6hmRcmdj1j1xPGyqRm+OyaaKB1tsI+2GylAHj+mQIIpys51sSoEOUTxUtlM1yDShglFuXj/FbixWDUFEXCsLSsD1/wkhOLumhJz+LmDfd/72GQM=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "wxgZZaoBm3m75vu4g5UbTQ+Z2Hh9qOpsRJHkuFBOombqcp/KdiAVsjkpPGuA FkVoC/OBMw0+hkYwv2W9CjT/V6D2zYZoA9OZoaDiFGc6STbHaBqBc/yPgqA4\r\n \n pyOpI9BKOZxX1Rzqme9YwOFNdnnUCvDzIAkP3RorJJWiDiBYJGcH6TT2LPMf\r\n \n ryVsAQ5awVYf4839jvLnckj4Z+32HgLJIz98UCQEQjn56cgJZ9RqIGktsNoo\r\n \n 2FBBe1f6jnsUA94QqJhoZp17V7OQ91jn1KMbsiHVfG/WLJoRT7sPV9BPO87n\r\n \n hVNcuIEJTY3XhRapQckUYrI96N3u7ZDt7er/LBxgs5MTs+7eV3pAgkXlbBUc\r\n \n XvXKmKNoVO+mxgQeLqYGzzbAlxcyWYxZcvwuVC6rt1a8lwoxmTLKY9RboQcw\r\n \n XCoaAiTOswF9DJaVAsgKnfbZj+605QVa+t2KWeazEtCvJ2YIxudrL8dn1E4f\r\n \n 8zFIFNuODc+n7mrahFclQJlIXrN8ewFoGlccjdAsAd/QGvPa8NcM8GQCDvMa\r\n \n OTiQuSEQFywBkGQgvvl6Ofuf213ixH+QI3MAklSu2HYfYlWNg9NEMs1uREZs\r\n \n biM4LqU2YfRYJB6gei1QaQJHmJspvHyfKryDXNGRfDMdFlyNd5tsm6plNGZY\r\n \n A3eeD0CDywUGAt/hUw4hvpKxt7OxEsmSNEQeb3sz1PglL4apfFNUqlmtWsyj\r\n \n ZD3uGzcpaYsIMu8QN39LvMKL4t4dq73OC44JA4KSYP+A7eh5XKT0XeDtcvVT\r\n \n MivkEbwyYOS8qVs0N7bIonJEhGbvGut8CFKZNOntZVTGPI5GYWmppKTq1+Ab\r\n \n 26TtAjuu80WBx1GpYD5jo3nRgVTo6nZi0wzxDSenk0mCKFOr3Y1BV0cfVPCn\r\n \n q5au5I9PO+Gyk7e2mgenKhDDtvrGa2t65/VaaeN/WMAJp7xE/7hAbQGnRXMF\r\n \n Nzz+EIMUS4UyEMtORXk/4c2d2Hlt87THADy56I5CJpWzHQ+V6JOJBXMddkRP\r\n \n jlcmge9VsQd9Ukfu4CIcQcb5Xwns8g46sFPBh41YYVJC28drkZknpL6EZBbu\r\n \n 2/fknmmPot1UHGJYgSFyJ+gl0Bf601EfD0CdwVl8j/obgFN00BUvxY/nJdnS\r\n \n cHGe0/VdC0X2S4Oy2xfLT4M0ADh6J5+7P5aIGQcsYt/FH3Jqfk6tS6qMNl0H\r\n \n nI/OPjqm25J6PHzd8wESUIoKWSs3alXFSnp2W+QzrXCJWyHdH8e2ZBEWCpe/\r\n \n 3uHh1+Iwo9zURXS9E4jd5fZVTd7GNW70F8D1TrDG0R7Fo7GGSXoSg0KYvUOx\r\n \n i7vGucfYgZYatvUAocIu0asXjS93zAYb9cnIt7wsklXE0vbiMPYudwhnDqA5\r\n \n gjMPE9AoNHnlfIa+TNC3eMdtRY/WLrT8E1QQxnbD4mez55jWulK4LvnUp/dA\r\n \n fPlQX+/Qc+TktQMT1X/zzW4iWyE1TueTd88AcnvzgUW4gJ/S8b+y42opB45M\r\n \n VMuGJkGLRM5FZXnaCCW7pscqSw8wufrBVvHDRP5qkRfzE1NZFzTmtEnGpQ ==" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:1;ex:0;auth:0;dest:J;ENG:(20160513016)(750119)(520011016)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600141)(710020)(711020)(4605104)(4701035)(4802007)(4709054)(1401320)(8001031)(1421009)(1422010)(1427001)(1414054)(71702078);SRVR:DB6P192MB0101;" + }, + { + "key": "X-MC-Unique", + "value": "-w2Oo0QYPc6LaLKZOSA_hQ-8" + }, + { + "key": "X-Mailer", + "value": "Microsoft CDO for Windows 2000" + }, + { + "key": "X-Forefront-PRVS", + "value": "003245E729" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "CIP:54.254.138.144;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(100 09020)(6019001)(346002)(376002)(39860400002)(396003)(136003)\r\n \n (2980300002)(428003)(269900001)(20864003)(199004)(189003)(66\r\n \n 66004)(356004)(26005)(786003)(52230400001)(80792005)(2274600\r\n \n 8)(8676002)(64872007)(10126004)(40036005)(81166006)(81156014\r\n \n )(22756006)(50226002)(71190400001)(70206006)(7826002)(102836\r\n \n 004)(6916009)(5660300002)(861006)(2906002)(186003)(70586007)\r\n \n (66574012)(84326002)(8936002)(72206003)(21096001)(508600001)\r\n \n (33964004)(606006)(31696002)(733005)(2420400007)(15650500001\r\n \n )(7066003)(64544003)(305945005)(14444005)(55236004)(316002)(\r\n \n 62236002)(2473003)(6306002)(13216001)(69596002)(236005)(9686\r\n \n 003)(86902001)(31686004)(74316002)(86442003)(2351001)(476003\r\n \n )(61296003)(126002)(16586007)(336012)(79686004)(71636004)(71\r\n \n 10500001)(229853002)(33026002)(486006)(81816011)(42882007)(4\r\n \n 3246002)(256605007);DIR:OUT;SFP:1101;SCL:1;SRVR:AM5P195MB009\r\n \n 8;H:ciroc.com;FPR:;SPF:None;LANG:en;PTR:ec2-54-254-138-144.a\r\n \n p-southeast-1.compute.amazonaws.com;A:1;MX:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:40.107.4.45;IPV:NLI;CTRY:US;EFV:NLI;SFV:SPM;SFS:(10001);DIR:INB;SFP:;SCL:5;SRVR:DB6P192MB0101;H:EUR03-DB5-obe.outbound.protection.outlook.com;FPR:;SPF:None;LANG:en;CAT:SPM;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "1" + }, + { + "key": "X-EndpointSecurity-0xde81-EV", + "value": "v:6.6.10.146, d:out, a:y, w:t, t:47, sv:1557338393, ts:1557349680" + }, + { + "key": "Thread-Topic", + "value": "From Creditsafe UK In the portfolio:Four 04" + }, + { + "key": "thread-index", + "value": "AdUF4h46ogKDvbJwSdWYTxn6dcJrwg==" + }, + { + "key": "Received-SPF", + "value": "None (protection.outlook.com: lyceedespiau.fr does not designate permitted sender hosts)" + }, + { + "key": "Priority", + "value": "normal" + }, + { + "key": "Importance", + "value": "normal" + }, + { + "key": "Content-Class", + "value": "urn:content-classes:message" + }, + { + "key": "Authentication-Results-Original", + "value": "spf=none (sender IP is 54.254.138.144) smtp.mailfrom=lyceedespiau.fr; mailrisk.com; dkim=none\r\n (message\n not signed) header.d=none;mailrisk.com; dmarc=none action=none header.from=office.onmicrosoft.com;" + }, + { + "key": "Authentication-Results", + "value": "spf=none (sender IP is 40.107.4.45) smtp.mailfrom=lyceedespiau.fr; mailrisk.com; dkim=pass\r\n (signature\n was verified) header.d=charlesdespiau.onmicrosoft.com;mailrisk .com; \r\n dmarc=bestguesspass action=none \r\n header.from=office.onmicrosoft.com;compauth=pass reason=109" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4522, + "assessed_at": "2022-01-14 09:39:36" + }, + { + "risk": 2, + "category": null, + "confidence": 0.5, + "source": "recipient", + "source_id": 26, + "assessed_at": "2022-01-14 09:39:36" + }, + { + "risk": 3, + "category": "phishing", + "confidence": 0.9, + "source": "signature", + "source_id": 450, + "assessed_at": "2022-01-14 09:39:48" + }, + { + "risk": 3, + "category": "phishing", + "confidence": 0.9, + "source": "phishtank", + "source_id": 6061498, + "assessed_at": "2022-01-14 09:39:48" + } + ], + "reported_risk_d": 2, + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:40:06.246 AM", + "Computer": "", + "RawData": "", + "event_type_s": "contents_received", + "reported_at_s": "2022-01-14 09:39:36", + "id_d": 1698, + "message_id_s": "0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com", + "size_bytes_d": 0, + "subject_s": "FW: Action Required: Update your payment information now", + "from_email_s": "invoice.i1Xt@office.onmicrosoft.com", + "from_name_s": "ITMicrosoft", + "reply_to_s": "", + "spam_score_d": 5, + "spf_s": "none", + "originating_ip_s": "", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://view.email.microsoftonline.com/?qs=68bf1f82012c27e94fe8d2172f9b7182686712020011d74988a8a7d5cc25140d58ceb825d7cf236669675429dfa118e0a050f745fc3437c40035897e267241bf73b58efd9c83a8606fa83043531645d7284894f664835cb2", + "text": "View this email in your browser.", + "hostname": "view.email.microsoftonline.com" + }, + { + "url": "http://18.136.196.156/", + "text": "UPDATE YOUR PAYMENT INFORMATION", + "hostname": "18.136.196.156" + }, + { + "url": "http://18.136.196.156/", + "text": "customer portal", + "hostname": "18.136.196.156" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=52a72b91226ecc694f6d382a93385149177f2fd413fd1d15e0dc8f8fd0eff986674d2f44c81b8c5dfb1fa270f76526f99a08eb145d58e4d62e95fd71275f29d0", + "text": "Sign in", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=995f41b322a641a38094c1bbb81ee22b55fbfbd611d45a9d6e86156ceef417b6bbb13f9a19e29efd90b9223b63731e33f14eac10f9b75bd2408e43ae7cbdc45c", + "text": "Visit the Community", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=3aff1d0bc19e65110ab3baad537ef2f7acf7d3aa023ecdff3e074c5b087f71a10f7ef19a62d274bb1f52e18bc52232173181a5b52f0f3338e9dff886d8e90e9f", + "text": "click here", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=71463b1103fd3f45c8e3fa9a291fa9ed9ff8773e5caebac30bfac16ef72ce3938bd44543c26a3135dfad791faf773a40f30d43900694ed3f", + "text": "", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=429ee6b24672b84cdbc91e3027c62bcfea21142eb884fa081a2433dc79e25ea1be20cb4845f829f8cea0c48b5b39ee19eb04e9a884defae15882020457616b6a", + "text": "Privacy", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=143a1afdcdf3a3c15c02bf0b3dcd10b314d867cab62ef9ff9227034e4e04ea952fa39995d1bd198ffab4ae9f1920e11c16f83ba0d614d0f57faf4779a40a2642", + "text": "Legal", + "hostname": "click.email.microsoftonline.com" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "phishing", + "risk_d": 3, + "risk_source_s": "phishtank", + "sent_at_s": "2019-06-12 04:47:46", + "assessed_at_s": "2022-01-14 09:39:49", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "SpCl@lyceedespiau.fr" + }, + { + "key": "Received", + "value": "from DB6P192MB0101.EURP192.PROD.OUTLOOK.COM (2603:10a6:7:52::21) by HE1P192MB0107.EURP192.PROD.OUTLOOK.COM with HTTPS via \r\n HE1P190CA0032.EURP190.PROD.OUTLOOK.COM; Thu, 9 May 2019 22:54:08 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ch arlesdespiau.onmicrosoft.com;\n s=selector1-lyceedespiau-fr; \r\n h=From:Date:Subject:Message-ID:Content-Type:MIME \r\n -Version:X-MS-Exchange-SenderADCheck; \r\n bh=UXlKV1Q/uZJaAM5qfO0rXdm9+pmr7rR0TqKFtgeyHWw=; \r\n b=joXlO8/n0gd4NoIdqmOGEQ/JNRk/MSrYQRkNR/LBF4vOcgUZu0DSS5hap3cSxqmasx+VP3RXwpyOlzwSOzXILqTenR8GZmmOeIhO4YqkidzodYrs5p3ocLXFEWpuX9WQ5ZDdG98RYoVPrsO0o39Ie+mnftZkSXHJre543w3kd00=" + }, + { + "key": "Message-ID", + "value": "<0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com>" + }, + { + "key": "Date", + "value": "Wed, 12 Jun 2019 04:47:46 +0000" + }, + { + "key": "Subject", + "value": "FW: Action Required: Update your payment information now" + }, + { + "key": "From", + "value": "ITMicrosoft " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1560314867_85e97cdf854363e8fc0797a6408fc4f7_=_\"" + }, + { + "key": "X-OriginalArrivalTime", + "value": "08 May 2019 21:08:00.0534 (UTC) FILETIME=" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "AM5P195MB0098:|DB6P192MB0101:" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Oob-TLC-OOBClassifiers", + "value": "OLM:7219;OLM:7219;" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "756a14ae-840c-4b9a-88bf-08d6d4d13ce9" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:01.9672942" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "AM5P195MB0098" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersPromoted", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-SenderADCheck", + "value": "2" + }, + { + "key": "X-MS-Exchange-Safelinks-Url-KeyVer", + "value": "1" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "8" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.1856.000" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "5" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "09 May 2019 22:54:07.0109 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "2:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp", + "value": "TenantId=0d52f93d-37ff-4b6f-b5f6-38b4f20d5b82;Ip=[54.254.138.144];Helo=[ciroc.com]" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "09 May 2019 22:54:06.8878 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-MS-Exchange-ATPSafeLinks-Stat", + "value": "0" + }, + { + "key": "X-MS-Exchange-ATPSafeLinks-BitVector", + "value": "100:0x0|0x100;" + }, + { + "key": "X-MS-Exchange-AtpMessageProperties", + "value": "sap=1;slp=1;" + }, + { + "key": "X-MimeOLE", + "value": "Produced By Microsoft MimeOLE V6.0.6002.19728" + }, + { + "key": "X-Mimecast-Spam-Score", + "value": "0" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(7168020)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7025125)(7027125)(7023125)(5600141)(711020)(4605104)(2017052603328);SRVR:AM5P195MB0098;" + }, + { + "key": "X-Microsoft-Antispam-PRVS", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "vs17R9tfmusnStwFGV86tHJnlg82KqiCyjLT0tUsRtHF5ZzM66fSnp9kbuRwcxnKII4dNLKJy/K5thwhq3srn/Rn1gJzpuOkOTIPKiOYLECcyDu/33ktGg9aC/IdiBUwzN35URv+hqEnfq+aJKSYkzz0ag9ks548dYsG5ySorN2k9hem3X/MLC2mkTjUkyI4oB75miw/lc+498er3c6K7UYtlNyHoO3ofyd+W6RWzHj0dTdeP9ZAaPLG72EpDCYIVPWacVQQFBh3TDRla5yRXrpTYdkM0nwTGF63zoVQG7lRZMhPuEEaX1ls1Kca6hmRcmdj1j1xPGyqRm+OyaaKB1tsI+2GylAHj+mQIIpys51sSoEOUTxUtlM1yDShglFuXj/FbixWDUFEXCsLSsD1/wkhOLumhJz+LmDfd/72GQM=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "wxgZZaoBm3m75vu4g5UbTQ+Z2Hh9qOpsRJHkuFBOombqcp/KdiAVsjkpPGuA FkVoC/OBMw0+hkYwv2W9CjT/V6D2zYZoA9OZoaDiFGc6STbHaBqBc/yPgqA4\r\n \n pyOpI9BKOZxX1Rzqme9YwOFNdnnUCvDzIAkP3RorJJWiDiBYJGcH6TT2LPMf\r\n \n ryVsAQ5awVYf4839jvLnckj4Z+32HgLJIz98UCQEQjn56cgJZ9RqIGktsNoo\r\n \n 2FBBe1f6jnsUA94QqJhoZp17V7OQ91jn1KMbsiHVfG/WLJoRT7sPV9BPO87n\r\n \n hVNcuIEJTY3XhRapQckUYrI96N3u7ZDt7er/LBxgs5MTs+7eV3pAgkXlbBUc\r\n \n XvXKmKNoVO+mxgQeLqYGzzbAlxcyWYxZcvwuVC6rt1a8lwoxmTLKY9RboQcw\r\n \n XCoaAiTOswF9DJaVAsgKnfbZj+605QVa+t2KWeazEtCvJ2YIxudrL8dn1E4f\r\n \n 8zFIFNuODc+n7mrahFclQJlIXrN8ewFoGlccjdAsAd/QGvPa8NcM8GQCDvMa\r\n \n OTiQuSEQFywBkGQgvvl6Ofuf213ixH+QI3MAklSu2HYfYlWNg9NEMs1uREZs\r\n \n biM4LqU2YfRYJB6gei1QaQJHmJspvHyfKryDXNGRfDMdFlyNd5tsm6plNGZY\r\n \n A3eeD0CDywUGAt/hUw4hvpKxt7OxEsmSNEQeb3sz1PglL4apfFNUqlmtWsyj\r\n \n ZD3uGzcpaYsIMu8QN39LvMKL4t4dq73OC44JA4KSYP+A7eh5XKT0XeDtcvVT\r\n \n MivkEbwyYOS8qVs0N7bIonJEhGbvGut8CFKZNOntZVTGPI5GYWmppKTq1+Ab\r\n \n 26TtAjuu80WBx1GpYD5jo3nRgVTo6nZi0wzxDSenk0mCKFOr3Y1BV0cfVPCn\r\n \n q5au5I9PO+Gyk7e2mgenKhDDtvrGa2t65/VaaeN/WMAJp7xE/7hAbQGnRXMF\r\n \n Nzz+EIMUS4UyEMtORXk/4c2d2Hlt87THADy56I5CJpWzHQ+V6JOJBXMddkRP\r\n \n jlcmge9VsQd9Ukfu4CIcQcb5Xwns8g46sFPBh41YYVJC28drkZknpL6EZBbu\r\n \n 2/fknmmPot1UHGJYgSFyJ+gl0Bf601EfD0CdwVl8j/obgFN00BUvxY/nJdnS\r\n \n cHGe0/VdC0X2S4Oy2xfLT4M0ADh6J5+7P5aIGQcsYt/FH3Jqfk6tS6qMNl0H\r\n \n nI/OPjqm25J6PHzd8wESUIoKWSs3alXFSnp2W+QzrXCJWyHdH8e2ZBEWCpe/\r\n \n 3uHh1+Iwo9zURXS9E4jd5fZVTd7GNW70F8D1TrDG0R7Fo7GGSXoSg0KYvUOx\r\n \n i7vGucfYgZYatvUAocIu0asXjS93zAYb9cnIt7wsklXE0vbiMPYudwhnDqA5\r\n \n gjMPE9AoNHnlfIa+TNC3eMdtRY/WLrT8E1QQxnbD4mez55jWulK4LvnUp/dA\r\n \n fPlQX+/Qc+TktQMT1X/zzW4iWyE1TueTd88AcnvzgUW4gJ/S8b+y42opB45M\r\n \n VMuGJkGLRM5FZXnaCCW7pscqSw8wufrBVvHDRP5qkRfzE1NZFzTmtEnGpQ ==" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:1;ex:0;auth:0;dest:J;ENG:(20160513016)(750119)(520011016)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600141)(710020)(711020)(4605104)(4701035)(4802007)(4709054)(1401320)(8001031)(1421009)(1422010)(1427001)(1414054)(71702078);SRVR:DB6P192MB0101;" + }, + { + "key": "X-MC-Unique", + "value": "-w2Oo0QYPc6LaLKZOSA_hQ-8" + }, + { + "key": "X-Mailer", + "value": "Microsoft CDO for Windows 2000" + }, + { + "key": "X-Forefront-PRVS", + "value": "003245E729" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "CIP:54.254.138.144;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(100 09020)(6019001)(346002)(376002)(39860400002)(396003)(136003)\r\n \n (2980300002)(428003)(269900001)(20864003)(199004)(189003)(66\r\n \n 66004)(356004)(26005)(786003)(52230400001)(80792005)(2274600\r\n \n 8)(8676002)(64872007)(10126004)(40036005)(81166006)(81156014\r\n \n )(22756006)(50226002)(71190400001)(70206006)(7826002)(102836\r\n \n 004)(6916009)(5660300002)(861006)(2906002)(186003)(70586007)\r\n \n (66574012)(84326002)(8936002)(72206003)(21096001)(508600001)\r\n \n (33964004)(606006)(31696002)(733005)(2420400007)(15650500001\r\n \n )(7066003)(64544003)(305945005)(14444005)(55236004)(316002)(\r\n \n 62236002)(2473003)(6306002)(13216001)(69596002)(236005)(9686\r\n \n 003)(86902001)(31686004)(74316002)(86442003)(2351001)(476003\r\n \n )(61296003)(126002)(16586007)(336012)(79686004)(71636004)(71\r\n \n 10500001)(229853002)(33026002)(486006)(81816011)(42882007)(4\r\n \n 3246002)(256605007);DIR:OUT;SFP:1101;SCL:1;SRVR:AM5P195MB009\r\n \n 8;H:ciroc.com;FPR:;SPF:None;LANG:en;PTR:ec2-54-254-138-144.a\r\n \n p-southeast-1.compute.amazonaws.com;A:1;MX:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:40.107.4.45;IPV:NLI;CTRY:US;EFV:NLI;SFV:SPM;SFS:(10001);DIR:INB;SFP:;SCL:5;SRVR:DB6P192MB0101;H:EUR03-DB5-obe.outbound.protection.outlook.com;FPR:;SPF:None;LANG:en;CAT:SPM;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "1" + }, + { + "key": "X-EndpointSecurity-0xde81-EV", + "value": "v:6.6.10.146, d:out, a:y, w:t, t:47, sv:1557338393, ts:1557349680" + }, + { + "key": "Thread-Topic", + "value": "From Creditsafe UK In the portfolio:Four 04" + }, + { + "key": "thread-index", + "value": "AdUF4h46ogKDvbJwSdWYTxn6dcJrwg==" + }, + { + "key": "Received-SPF", + "value": "None (protection.outlook.com: lyceedespiau.fr does not designate permitted sender hosts)" + }, + { + "key": "Priority", + "value": "normal" + }, + { + "key": "Importance", + "value": "normal" + }, + { + "key": "Content-Class", + "value": "urn:content-classes:message" + }, + { + "key": "Authentication-Results-Original", + "value": "spf=none (sender IP is 54.254.138.144) smtp.mailfrom=lyceedespiau.fr; mailrisk.com; dkim=none\r\n (message\n not signed) header.d=none;mailrisk.com; dmarc=none action=none header.from=office.onmicrosoft.com;" + }, + { + "key": "Authentication-Results", + "value": "spf=none (sender IP is 40.107.4.45) smtp.mailfrom=lyceedespiau.fr; mailrisk.com; dkim=pass\r\n (signature\n was verified) header.d=charlesdespiau.onmicrosoft.com;mailrisk .com; \r\n dmarc=bestguesspass action=none \r\n header.from=office.onmicrosoft.com;compauth=pass reason=109" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4522, + "assessed_at": "2022-01-14 09:39:36" + }, + { + "risk": 2, + "category": null, + "confidence": 0.5, + "source": "recipient", + "source_id": 26, + "assessed_at": "2022-01-14 09:39:36" + }, + { + "risk": 3, + "category": "phishing", + "confidence": 0.9, + "source": "signature", + "source_id": 450, + "assessed_at": "2022-01-14 09:39:48" + }, + { + "risk": 3, + "category": "phishing", + "confidence": 0.9, + "source": "phishtank", + "source_id": 6061498, + "assessed_at": "2022-01-14 09:39:48" + } + ], + "reported_risk_d": 2, + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:40:06.246 AM", + "Computer": "", + "RawData": "", + "event_type_s": "risk_changed", + "reported_at_s": "2022-01-14 09:39:36", + "id_d": 1698, + "message_id_s": "0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com", + "size_bytes_d": 0, + "subject_s": "FW: Action Required: Update your payment information now", + "from_email_s": "invoice.i1Xt@office.onmicrosoft.com", + "from_name_s": "ITMicrosoft", + "reply_to_s": "", + "spam_score_d": 5, + "spf_s": "none", + "originating_ip_s": "", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://view.email.microsoftonline.com/?qs=68bf1f82012c27e94fe8d2172f9b7182686712020011d74988a8a7d5cc25140d58ceb825d7cf236669675429dfa118e0a050f745fc3437c40035897e267241bf73b58efd9c83a8606fa83043531645d7284894f664835cb2", + "text": "View this email in your browser.", + "hostname": "view.email.microsoftonline.com" + }, + { + "url": "http://18.136.196.156/", + "text": "UPDATE YOUR PAYMENT INFORMATION", + "hostname": "18.136.196.156" + }, + { + "url": "http://18.136.196.156/", + "text": "customer portal", + "hostname": "18.136.196.156" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=52a72b91226ecc694f6d382a93385149177f2fd413fd1d15e0dc8f8fd0eff986674d2f44c81b8c5dfb1fa270f76526f99a08eb145d58e4d62e95fd71275f29d0", + "text": "Sign in", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=995f41b322a641a38094c1bbb81ee22b55fbfbd611d45a9d6e86156ceef417b6bbb13f9a19e29efd90b9223b63731e33f14eac10f9b75bd2408e43ae7cbdc45c", + "text": "Visit the Community", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=3aff1d0bc19e65110ab3baad537ef2f7acf7d3aa023ecdff3e074c5b087f71a10f7ef19a62d274bb1f52e18bc52232173181a5b52f0f3338e9dff886d8e90e9f", + "text": "click here", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=71463b1103fd3f45c8e3fa9a291fa9ed9ff8773e5caebac30bfac16ef72ce3938bd44543c26a3135dfad791faf773a40f30d43900694ed3f", + "text": "", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=429ee6b24672b84cdbc91e3027c62bcfea21142eb884fa081a2433dc79e25ea1be20cb4845f829f8cea0c48b5b39ee19eb04e9a884defae15882020457616b6a", + "text": "Privacy", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=143a1afdcdf3a3c15c02bf0b3dcd10b314d867cab62ef9ff9227034e4e04ea952fa39995d1bd198ffab4ae9f1920e11c16f83ba0d614d0f57faf4779a40a2642", + "text": "Legal", + "hostname": "click.email.microsoftonline.com" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "phishing", + "risk_d": 3, + "risk_source_s": "phishtank", + "sent_at_s": "2019-06-12 04:47:46", + "assessed_at_s": "2022-01-14 09:39:49", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "SpCl@lyceedespiau.fr" + }, + { + "key": "Received", + "value": "from DB6P192MB0101.EURP192.PROD.OUTLOOK.COM (2603:10a6:7:52::21) by HE1P192MB0107.EURP192.PROD.OUTLOOK.COM with HTTPS via \r\n HE1P190CA0032.EURP190.PROD.OUTLOOK.COM; Thu, 9 May 2019 22:54:08 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ch arlesdespiau.onmicrosoft.com;\n s=selector1-lyceedespiau-fr; \r\n h=From:Date:Subject:Message-ID:Content-Type:MIME \r\n -Version:X-MS-Exchange-SenderADCheck; \r\n bh=UXlKV1Q/uZJaAM5qfO0rXdm9+pmr7rR0TqKFtgeyHWw=; \r\n b=joXlO8/n0gd4NoIdqmOGEQ/JNRk/MSrYQRkNR/LBF4vOcgUZu0DSS5hap3cSxqmasx+VP3RXwpyOlzwSOzXILqTenR8GZmmOeIhO4YqkidzodYrs5p3ocLXFEWpuX9WQ5ZDdG98RYoVPrsO0o39Ie+mnftZkSXHJre543w3kd00=" + }, + { + "key": "Message-ID", + "value": "<0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com>" + }, + { + "key": "Date", + "value": "Wed, 12 Jun 2019 04:47:46 +0000" + }, + { + "key": "Subject", + "value": "FW: Action Required: Update your payment information now" + }, + { + "key": "From", + "value": "ITMicrosoft " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1560314867_85e97cdf854363e8fc0797a6408fc4f7_=_\"" + }, + { + "key": "X-OriginalArrivalTime", + "value": "08 May 2019 21:08:00.0534 (UTC) FILETIME=" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "AM5P195MB0098:|DB6P192MB0101:" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Oob-TLC-OOBClassifiers", + "value": "OLM:7219;OLM:7219;" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "756a14ae-840c-4b9a-88bf-08d6d4d13ce9" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:01.9672942" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "AM5P195MB0098" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersPromoted", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-SenderADCheck", + "value": "2" + }, + { + "key": "X-MS-Exchange-Safelinks-Url-KeyVer", + "value": "1" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "8" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.1856.000" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "5" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "09 May 2019 22:54:07.0109 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "2:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp", + "value": "TenantId=0d52f93d-37ff-4b6f-b5f6-38b4f20d5b82;Ip=[54.254.138.144];Helo=[ciroc.com]" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "09 May 2019 22:54:06.8878 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-MS-Exchange-ATPSafeLinks-Stat", + "value": "0" + }, + { + "key": "X-MS-Exchange-ATPSafeLinks-BitVector", + "value": "100:0x0|0x100;" + }, + { + "key": "X-MS-Exchange-AtpMessageProperties", + "value": "sap=1;slp=1;" + }, + { + "key": "X-MimeOLE", + "value": "Produced By Microsoft MimeOLE V6.0.6002.19728" + }, + { + "key": "X-Mimecast-Spam-Score", + "value": "0" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(7168020)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7025125)(7027125)(7023125)(5600141)(711020)(4605104)(2017052603328);SRVR:AM5P195MB0098;" + }, + { + "key": "X-Microsoft-Antispam-PRVS", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "vs17R9tfmusnStwFGV86tHJnlg82KqiCyjLT0tUsRtHF5ZzM66fSnp9kbuRwcxnKII4dNLKJy/K5thwhq3srn/Rn1gJzpuOkOTIPKiOYLECcyDu/33ktGg9aC/IdiBUwzN35URv+hqEnfq+aJKSYkzz0ag9ks548dYsG5ySorN2k9hem3X/MLC2mkTjUkyI4oB75miw/lc+498er3c6K7UYtlNyHoO3ofyd+W6RWzHj0dTdeP9ZAaPLG72EpDCYIVPWacVQQFBh3TDRla5yRXrpTYdkM0nwTGF63zoVQG7lRZMhPuEEaX1ls1Kca6hmRcmdj1j1xPGyqRm+OyaaKB1tsI+2GylAHj+mQIIpys51sSoEOUTxUtlM1yDShglFuXj/FbixWDUFEXCsLSsD1/wkhOLumhJz+LmDfd/72GQM=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "wxgZZaoBm3m75vu4g5UbTQ+Z2Hh9qOpsRJHkuFBOombqcp/KdiAVsjkpPGuA FkVoC/OBMw0+hkYwv2W9CjT/V6D2zYZoA9OZoaDiFGc6STbHaBqBc/yPgqA4\r\n \n pyOpI9BKOZxX1Rzqme9YwOFNdnnUCvDzIAkP3RorJJWiDiBYJGcH6TT2LPMf\r\n \n ryVsAQ5awVYf4839jvLnckj4Z+32HgLJIz98UCQEQjn56cgJZ9RqIGktsNoo\r\n \n 2FBBe1f6jnsUA94QqJhoZp17V7OQ91jn1KMbsiHVfG/WLJoRT7sPV9BPO87n\r\n \n hVNcuIEJTY3XhRapQckUYrI96N3u7ZDt7er/LBxgs5MTs+7eV3pAgkXlbBUc\r\n \n XvXKmKNoVO+mxgQeLqYGzzbAlxcyWYxZcvwuVC6rt1a8lwoxmTLKY9RboQcw\r\n \n XCoaAiTOswF9DJaVAsgKnfbZj+605QVa+t2KWeazEtCvJ2YIxudrL8dn1E4f\r\n \n 8zFIFNuODc+n7mrahFclQJlIXrN8ewFoGlccjdAsAd/QGvPa8NcM8GQCDvMa\r\n \n OTiQuSEQFywBkGQgvvl6Ofuf213ixH+QI3MAklSu2HYfYlWNg9NEMs1uREZs\r\n \n biM4LqU2YfRYJB6gei1QaQJHmJspvHyfKryDXNGRfDMdFlyNd5tsm6plNGZY\r\n \n A3eeD0CDywUGAt/hUw4hvpKxt7OxEsmSNEQeb3sz1PglL4apfFNUqlmtWsyj\r\n \n ZD3uGzcpaYsIMu8QN39LvMKL4t4dq73OC44JA4KSYP+A7eh5XKT0XeDtcvVT\r\n \n MivkEbwyYOS8qVs0N7bIonJEhGbvGut8CFKZNOntZVTGPI5GYWmppKTq1+Ab\r\n \n 26TtAjuu80WBx1GpYD5jo3nRgVTo6nZi0wzxDSenk0mCKFOr3Y1BV0cfVPCn\r\n \n q5au5I9PO+Gyk7e2mgenKhDDtvrGa2t65/VaaeN/WMAJp7xE/7hAbQGnRXMF\r\n \n Nzz+EIMUS4UyEMtORXk/4c2d2Hlt87THADy56I5CJpWzHQ+V6JOJBXMddkRP\r\n \n jlcmge9VsQd9Ukfu4CIcQcb5Xwns8g46sFPBh41YYVJC28drkZknpL6EZBbu\r\n \n 2/fknmmPot1UHGJYgSFyJ+gl0Bf601EfD0CdwVl8j/obgFN00BUvxY/nJdnS\r\n \n cHGe0/VdC0X2S4Oy2xfLT4M0ADh6J5+7P5aIGQcsYt/FH3Jqfk6tS6qMNl0H\r\n \n nI/OPjqm25J6PHzd8wESUIoKWSs3alXFSnp2W+QzrXCJWyHdH8e2ZBEWCpe/\r\n \n 3uHh1+Iwo9zURXS9E4jd5fZVTd7GNW70F8D1TrDG0R7Fo7GGSXoSg0KYvUOx\r\n \n i7vGucfYgZYatvUAocIu0asXjS93zAYb9cnIt7wsklXE0vbiMPYudwhnDqA5\r\n \n gjMPE9AoNHnlfIa+TNC3eMdtRY/WLrT8E1QQxnbD4mez55jWulK4LvnUp/dA\r\n \n fPlQX+/Qc+TktQMT1X/zzW4iWyE1TueTd88AcnvzgUW4gJ/S8b+y42opB45M\r\n \n VMuGJkGLRM5FZXnaCCW7pscqSw8wufrBVvHDRP5qkRfzE1NZFzTmtEnGpQ ==" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:1;ex:0;auth:0;dest:J;ENG:(20160513016)(750119)(520011016)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600141)(710020)(711020)(4605104)(4701035)(4802007)(4709054)(1401320)(8001031)(1421009)(1422010)(1427001)(1414054)(71702078);SRVR:DB6P192MB0101;" + }, + { + "key": "X-MC-Unique", + "value": "-w2Oo0QYPc6LaLKZOSA_hQ-8" + }, + { + "key": "X-Mailer", + "value": "Microsoft CDO for Windows 2000" + }, + { + "key": "X-Forefront-PRVS", + "value": "003245E729" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "CIP:54.254.138.144;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(100 09020)(6019001)(346002)(376002)(39860400002)(396003)(136003)\r\n \n (2980300002)(428003)(269900001)(20864003)(199004)(189003)(66\r\n \n 66004)(356004)(26005)(786003)(52230400001)(80792005)(2274600\r\n \n 8)(8676002)(64872007)(10126004)(40036005)(81166006)(81156014\r\n \n )(22756006)(50226002)(71190400001)(70206006)(7826002)(102836\r\n \n 004)(6916009)(5660300002)(861006)(2906002)(186003)(70586007)\r\n \n (66574012)(84326002)(8936002)(72206003)(21096001)(508600001)\r\n \n (33964004)(606006)(31696002)(733005)(2420400007)(15650500001\r\n \n )(7066003)(64544003)(305945005)(14444005)(55236004)(316002)(\r\n \n 62236002)(2473003)(6306002)(13216001)(69596002)(236005)(9686\r\n \n 003)(86902001)(31686004)(74316002)(86442003)(2351001)(476003\r\n \n )(61296003)(126002)(16586007)(336012)(79686004)(71636004)(71\r\n \n 10500001)(229853002)(33026002)(486006)(81816011)(42882007)(4\r\n \n 3246002)(256605007);DIR:OUT;SFP:1101;SCL:1;SRVR:AM5P195MB009\r\n \n 8;H:ciroc.com;FPR:;SPF:None;LANG:en;PTR:ec2-54-254-138-144.a\r\n \n p-southeast-1.compute.amazonaws.com;A:1;MX:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:40.107.4.45;IPV:NLI;CTRY:US;EFV:NLI;SFV:SPM;SFS:(10001);DIR:INB;SFP:;SCL:5;SRVR:DB6P192MB0101;H:EUR03-DB5-obe.outbound.protection.outlook.com;FPR:;SPF:None;LANG:en;CAT:SPM;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "1" + }, + { + "key": "X-EndpointSecurity-0xde81-EV", + "value": "v:6.6.10.146, d:out, a:y, w:t, t:47, sv:1557338393, ts:1557349680" + }, + { + "key": "Thread-Topic", + "value": "From Creditsafe UK In the portfolio:Four 04" + }, + { + "key": "thread-index", + "value": "AdUF4h46ogKDvbJwSdWYTxn6dcJrwg==" + }, + { + "key": "Received-SPF", + "value": "None (protection.outlook.com: lyceedespiau.fr does not designate permitted sender hosts)" + }, + { + "key": "Priority", + "value": "normal" + }, + { + "key": "Importance", + "value": "normal" + }, + { + "key": "Content-Class", + "value": "urn:content-classes:message" + }, + { + "key": "Authentication-Results-Original", + "value": "spf=none (sender IP is 54.254.138.144) smtp.mailfrom=lyceedespiau.fr; mailrisk.com; dkim=none\r\n (message\n not signed) header.d=none;mailrisk.com; dmarc=none action=none header.from=office.onmicrosoft.com;" + }, + { + "key": "Authentication-Results", + "value": "spf=none (sender IP is 40.107.4.45) smtp.mailfrom=lyceedespiau.fr; mailrisk.com; dkim=pass\r\n (signature\n was verified) header.d=charlesdespiau.onmicrosoft.com;mailrisk .com; \r\n dmarc=bestguesspass action=none \r\n header.from=office.onmicrosoft.com;compauth=pass reason=109" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4522, + "assessed_at": "2022-01-14 09:39:36" + }, + { + "risk": 2, + "category": null, + "confidence": 0.5, + "source": "recipient", + "source_id": 26, + "assessed_at": "2022-01-14 09:39:36" + }, + { + "risk": 3, + "category": "phishing", + "confidence": 0.9, + "source": "signature", + "source_id": 450, + "assessed_at": "2022-01-14 09:39:48" + }, + { + "risk": 3, + "category": "phishing", + "confidence": 0.9, + "source": "phishtank", + "source_id": 6061498, + "assessed_at": "2022-01-14 09:39:48" + } + ], + "reported_risk_d": 2, + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:40:06.246 AM", + "Computer": "", + "RawData": "", + "event_type_s": "risk_changed", + "reported_at_s": "2022-01-14 09:39:36", + "id_d": 1698, + "message_id_s": "0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com", + "size_bytes_d": 0, + "subject_s": "FW: Action Required: Update your payment information now", + "from_email_s": "invoice.i1Xt@office.onmicrosoft.com", + "from_name_s": "ITMicrosoft", + "reply_to_s": "", + "spam_score_d": 5, + "spf_s": "none", + "originating_ip_s": "", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://view.email.microsoftonline.com/?qs=68bf1f82012c27e94fe8d2172f9b7182686712020011d74988a8a7d5cc25140d58ceb825d7cf236669675429dfa118e0a050f745fc3437c40035897e267241bf73b58efd9c83a8606fa83043531645d7284894f664835cb2", + "text": "View this email in your browser.", + "hostname": "view.email.microsoftonline.com" + }, + { + "url": "http://18.136.196.156/", + "text": "UPDATE YOUR PAYMENT INFORMATION", + "hostname": "18.136.196.156" + }, + { + "url": "http://18.136.196.156/", + "text": "customer portal", + "hostname": "18.136.196.156" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=52a72b91226ecc694f6d382a93385149177f2fd413fd1d15e0dc8f8fd0eff986674d2f44c81b8c5dfb1fa270f76526f99a08eb145d58e4d62e95fd71275f29d0", + "text": "Sign in", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=995f41b322a641a38094c1bbb81ee22b55fbfbd611d45a9d6e86156ceef417b6bbb13f9a19e29efd90b9223b63731e33f14eac10f9b75bd2408e43ae7cbdc45c", + "text": "Visit the Community", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=3aff1d0bc19e65110ab3baad537ef2f7acf7d3aa023ecdff3e074c5b087f71a10f7ef19a62d274bb1f52e18bc52232173181a5b52f0f3338e9dff886d8e90e9f", + "text": "click here", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=71463b1103fd3f45c8e3fa9a291fa9ed9ff8773e5caebac30bfac16ef72ce3938bd44543c26a3135dfad791faf773a40f30d43900694ed3f", + "text": "", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=429ee6b24672b84cdbc91e3027c62bcfea21142eb884fa081a2433dc79e25ea1be20cb4845f829f8cea0c48b5b39ee19eb04e9a884defae15882020457616b6a", + "text": "Privacy", + "hostname": "click.email.microsoftonline.com" + }, + { + "url": "https://click.email.microsoftonline.com/?qs=143a1afdcdf3a3c15c02bf0b3dcd10b314d867cab62ef9ff9227034e4e04ea952fa39995d1bd198ffab4ae9f1920e11c16f83ba0d614d0f57faf4779a40a2642", + "text": "Legal", + "hostname": "click.email.microsoftonline.com" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "phishing", + "risk_d": 3, + "risk_source_s": "phishtank", + "sent_at_s": "2019-06-12 04:47:46", + "assessed_at_s": "2022-01-14 09:39:49", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "SpCl@lyceedespiau.fr" + }, + { + "key": "Received", + "value": "from DB6P192MB0101.EURP192.PROD.OUTLOOK.COM (2603:10a6:7:52::21) by HE1P192MB0107.EURP192.PROD.OUTLOOK.COM with HTTPS via \r\n HE1P190CA0032.EURP190.PROD.OUTLOOK.COM; Thu, 9 May 2019 22:54:08 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ch arlesdespiau.onmicrosoft.com;\n s=selector1-lyceedespiau-fr; \r\n h=From:Date:Subject:Message-ID:Content-Type:MIME \r\n -Version:X-MS-Exchange-SenderADCheck; \r\n bh=UXlKV1Q/uZJaAM5qfO0rXdm9+pmr7rR0TqKFtgeyHWw=; \r\n b=joXlO8/n0gd4NoIdqmOGEQ/JNRk/MSrYQRkNR/LBF4vOcgUZu0DSS5hap3cSxqmasx+VP3RXwpyOlzwSOzXILqTenR8GZmmOeIhO4YqkidzodYrs5p3ocLXFEWpuX9WQ5ZDdG98RYoVPrsO0o39Ie+mnftZkSXHJre543w3kd00=" + }, + { + "key": "Message-ID", + "value": "<0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com>" + }, + { + "key": "Date", + "value": "Wed, 12 Jun 2019 04:47:46 +0000" + }, + { + "key": "Subject", + "value": "FW: Action Required: Update your payment information now" + }, + { + "key": "From", + "value": "ITMicrosoft " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1560314867_85e97cdf854363e8fc0797a6408fc4f7_=_\"" + }, + { + "key": "X-OriginalArrivalTime", + "value": "08 May 2019 21:08:00.0534 (UTC) FILETIME=" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "AM5P195MB0098:|DB6P192MB0101:" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Oob-TLC-OOBClassifiers", + "value": "OLM:7219;OLM:7219;" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "756a14ae-840c-4b9a-88bf-08d6d4d13ce9" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:01.9672942" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "AM5P195MB0098" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersPromoted", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-SenderADCheck", + "value": "2" + }, + { + "key": "X-MS-Exchange-Safelinks-Url-KeyVer", + "value": "1" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "8" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.1856.000" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "5" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "09 May 2019 22:54:07.0109 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "2:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "VE1EUR01FT045.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp", + "value": "TenantId=0d52f93d-37ff-4b6f-b5f6-38b4f20d5b82;Ip=[54.254.138.144];Helo=[ciroc.com]" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "09 May 2019 22:54:06.8878 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "de7895cd-aac1-4cf0-bdc9-08d6d4d13dd4" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-MS-Exchange-ATPSafeLinks-Stat", + "value": "0" + }, + { + "key": "X-MS-Exchange-ATPSafeLinks-BitVector", + "value": "100:0x0|0x100;" + }, + { + "key": "X-MS-Exchange-AtpMessageProperties", + "value": "sap=1;slp=1;" + }, + { + "key": "X-MimeOLE", + "value": "Produced By Microsoft MimeOLE V6.0.6002.19728" + }, + { + "key": "X-Mimecast-Spam-Score", + "value": "0" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(7168020)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7025125)(7027125)(7023125)(5600141)(711020)(4605104)(2017052603328);SRVR:AM5P195MB0098;" + }, + { + "key": "X-Microsoft-Antispam-PRVS", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "vs17R9tfmusnStwFGV86tHJnlg82KqiCyjLT0tUsRtHF5ZzM66fSnp9kbuRwcxnKII4dNLKJy/K5thwhq3srn/Rn1gJzpuOkOTIPKiOYLECcyDu/33ktGg9aC/IdiBUwzN35URv+hqEnfq+aJKSYkzz0ag9ks548dYsG5ySorN2k9hem3X/MLC2mkTjUkyI4oB75miw/lc+498er3c6K7UYtlNyHoO3ofyd+W6RWzHj0dTdeP9ZAaPLG72EpDCYIVPWacVQQFBh3TDRla5yRXrpTYdkM0nwTGF63zoVQG7lRZMhPuEEaX1ls1Kca6hmRcmdj1j1xPGyqRm+OyaaKB1tsI+2GylAHj+mQIIpys51sSoEOUTxUtlM1yDShglFuXj/FbixWDUFEXCsLSsD1/wkhOLumhJz+LmDfd/72GQM=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "wxgZZaoBm3m75vu4g5UbTQ+Z2Hh9qOpsRJHkuFBOombqcp/KdiAVsjkpPGuA FkVoC/OBMw0+hkYwv2W9CjT/V6D2zYZoA9OZoaDiFGc6STbHaBqBc/yPgqA4\r\n \n pyOpI9BKOZxX1Rzqme9YwOFNdnnUCvDzIAkP3RorJJWiDiBYJGcH6TT2LPMf\r\n \n ryVsAQ5awVYf4839jvLnckj4Z+32HgLJIz98UCQEQjn56cgJZ9RqIGktsNoo\r\n \n 2FBBe1f6jnsUA94QqJhoZp17V7OQ91jn1KMbsiHVfG/WLJoRT7sPV9BPO87n\r\n \n hVNcuIEJTY3XhRapQckUYrI96N3u7ZDt7er/LBxgs5MTs+7eV3pAgkXlbBUc\r\n \n XvXKmKNoVO+mxgQeLqYGzzbAlxcyWYxZcvwuVC6rt1a8lwoxmTLKY9RboQcw\r\n \n XCoaAiTOswF9DJaVAsgKnfbZj+605QVa+t2KWeazEtCvJ2YIxudrL8dn1E4f\r\n \n 8zFIFNuODc+n7mrahFclQJlIXrN8ewFoGlccjdAsAd/QGvPa8NcM8GQCDvMa\r\n \n OTiQuSEQFywBkGQgvvl6Ofuf213ixH+QI3MAklSu2HYfYlWNg9NEMs1uREZs\r\n \n biM4LqU2YfRYJB6gei1QaQJHmJspvHyfKryDXNGRfDMdFlyNd5tsm6plNGZY\r\n \n A3eeD0CDywUGAt/hUw4hvpKxt7OxEsmSNEQeb3sz1PglL4apfFNUqlmtWsyj\r\n \n ZD3uGzcpaYsIMu8QN39LvMKL4t4dq73OC44JA4KSYP+A7eh5XKT0XeDtcvVT\r\n \n MivkEbwyYOS8qVs0N7bIonJEhGbvGut8CFKZNOntZVTGPI5GYWmppKTq1+Ab\r\n \n 26TtAjuu80WBx1GpYD5jo3nRgVTo6nZi0wzxDSenk0mCKFOr3Y1BV0cfVPCn\r\n \n q5au5I9PO+Gyk7e2mgenKhDDtvrGa2t65/VaaeN/WMAJp7xE/7hAbQGnRXMF\r\n \n Nzz+EIMUS4UyEMtORXk/4c2d2Hlt87THADy56I5CJpWzHQ+V6JOJBXMddkRP\r\n \n jlcmge9VsQd9Ukfu4CIcQcb5Xwns8g46sFPBh41YYVJC28drkZknpL6EZBbu\r\n \n 2/fknmmPot1UHGJYgSFyJ+gl0Bf601EfD0CdwVl8j/obgFN00BUvxY/nJdnS\r\n \n cHGe0/VdC0X2S4Oy2xfLT4M0ADh6J5+7P5aIGQcsYt/FH3Jqfk6tS6qMNl0H\r\n \n nI/OPjqm25J6PHzd8wESUIoKWSs3alXFSnp2W+QzrXCJWyHdH8e2ZBEWCpe/\r\n \n 3uHh1+Iwo9zURXS9E4jd5fZVTd7GNW70F8D1TrDG0R7Fo7GGSXoSg0KYvUOx\r\n \n i7vGucfYgZYatvUAocIu0asXjS93zAYb9cnIt7wsklXE0vbiMPYudwhnDqA5\r\n \n gjMPE9AoNHnlfIa+TNC3eMdtRY/WLrT8E1QQxnbD4mez55jWulK4LvnUp/dA\r\n \n fPlQX+/Qc+TktQMT1X/zzW4iWyE1TueTd88AcnvzgUW4gJ/S8b+y42opB45M\r\n \n VMuGJkGLRM5FZXnaCCW7pscqSw8wufrBVvHDRP5qkRfzE1NZFzTmtEnGpQ ==" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:1;ex:0;auth:0;dest:J;ENG:(20160513016)(750119)(520011016)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600141)(710020)(711020)(4605104)(4701035)(4802007)(4709054)(1401320)(8001031)(1421009)(1422010)(1427001)(1414054)(71702078);SRVR:DB6P192MB0101;" + }, + { + "key": "X-MC-Unique", + "value": "-w2Oo0QYPc6LaLKZOSA_hQ-8" + }, + { + "key": "X-Mailer", + "value": "Microsoft CDO for Windows 2000" + }, + { + "key": "X-Forefront-PRVS", + "value": "003245E729" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "CIP:54.254.138.144;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(100 09020)(6019001)(346002)(376002)(39860400002)(396003)(136003)\r\n \n (2980300002)(428003)(269900001)(20864003)(199004)(189003)(66\r\n \n 66004)(356004)(26005)(786003)(52230400001)(80792005)(2274600\r\n \n 8)(8676002)(64872007)(10126004)(40036005)(81166006)(81156014\r\n \n )(22756006)(50226002)(71190400001)(70206006)(7826002)(102836\r\n \n 004)(6916009)(5660300002)(861006)(2906002)(186003)(70586007)\r\n \n (66574012)(84326002)(8936002)(72206003)(21096001)(508600001)\r\n \n (33964004)(606006)(31696002)(733005)(2420400007)(15650500001\r\n \n )(7066003)(64544003)(305945005)(14444005)(55236004)(316002)(\r\n \n 62236002)(2473003)(6306002)(13216001)(69596002)(236005)(9686\r\n \n 003)(86902001)(31686004)(74316002)(86442003)(2351001)(476003\r\n \n )(61296003)(126002)(16586007)(336012)(79686004)(71636004)(71\r\n \n 10500001)(229853002)(33026002)(486006)(81816011)(42882007)(4\r\n \n 3246002)(256605007);DIR:OUT;SFP:1101;SCL:1;SRVR:AM5P195MB009\r\n \n 8;H:ciroc.com;FPR:;SPF:None;LANG:en;PTR:ec2-54-254-138-144.a\r\n \n p-southeast-1.compute.amazonaws.com;A:1;MX:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:40.107.4.45;IPV:NLI;CTRY:US;EFV:NLI;SFV:SPM;SFS:(10001);DIR:INB;SFP:;SCL:5;SRVR:DB6P192MB0101;H:EUR03-DB5-obe.outbound.protection.outlook.com;FPR:;SPF:None;LANG:en;CAT:SPM;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "1" + }, + { + "key": "X-EndpointSecurity-0xde81-EV", + "value": "v:6.6.10.146, d:out, a:y, w:t, t:47, sv:1557338393, ts:1557349680" + }, + { + "key": "Thread-Topic", + "value": "From Creditsafe UK In the portfolio:Four 04" + }, + { + "key": "thread-index", + "value": "AdUF4h46ogKDvbJwSdWYTxn6dcJrwg==" + }, + { + "key": "Received-SPF", + "value": "None (protection.outlook.com: lyceedespiau.fr does not designate permitted sender hosts)" + }, + { + "key": "Priority", + "value": "normal" + }, + { + "key": "Importance", + "value": "normal" + }, + { + "key": "Content-Class", + "value": "urn:content-classes:message" + }, + { + "key": "Authentication-Results-Original", + "value": "spf=none (sender IP is 54.254.138.144) smtp.mailfrom=lyceedespiau.fr; mailrisk.com; dkim=none\r\n (message\n not signed) header.d=none;mailrisk.com; dmarc=none action=none header.from=office.onmicrosoft.com;" + }, + { + "key": "Authentication-Results", + "value": "spf=none (sender IP is 40.107.4.45) smtp.mailfrom=lyceedespiau.fr; mailrisk.com; dkim=pass\r\n (signature\n was verified) header.d=charlesdespiau.onmicrosoft.com;mailrisk .com; \r\n dmarc=bestguesspass action=none \r\n header.from=office.onmicrosoft.com;compauth=pass reason=109" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4522, + "assessed_at": "2022-01-14 09:39:36" + }, + { + "risk": 2, + "category": null, + "confidence": 0.5, + "source": "recipient", + "source_id": 26, + "assessed_at": "2022-01-14 09:39:36" + }, + { + "risk": 3, + "category": "phishing", + "confidence": 0.9, + "source": "signature", + "source_id": 450, + "assessed_at": "2022-01-14 09:39:48" + }, + { + "risk": 3, + "category": "phishing", + "confidence": 0.9, + "source": "phishtank", + "source_id": 6061498, + "assessed_at": "2022-01-14 09:39:48" + } + ], + "reported_risk_d": 2, + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:40:06.246 AM", + "Computer": "", + "RawData": "", + "event_type_s": "contents_received", + "reported_at_s": "", + "id_d": 1697, + "message_id_s": "b6898566c8c1c59a4636c73d32526e55@klikdapur.com", + "size_bytes_d": 0, + "subject_s": "Få dine penger (89.486,73 NOK) utbetalt i dag via Vipps", + "from_email_s": "michiel@klikdapur.com", + "from_name_s": "Vipps", + "reply_to_s": "michiel@klikdapur.com", + "spam_score_d": 0, + "spf_s": "", + "originating_ip_s": "127.0.0.1", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "http://klikdapur.com/link.php?M=11685831&N=187&L=89&F=H", + "text": "", + "hostname": "klikdapur.com" + }, + { + "url": "http://klikdapur.com/link.php?M=11685831&N=187&L=89&F=H", + "text": "(89.486,73 NOK)", + "hostname": "klikdapur.com" + }, + { + "url": "http://klikdapur.com/link.php?M=11685831&N=187&L=89&F=H", + "text": "her", + "hostname": "klikdapur.com" + }, + { + "url": "http://klikdapur.com/link.php?M=11685831&N=187&L=89&F=H", + "text": "Gjennomfør registreringen her", + "hostname": "klikdapur.com" + }, + { + "url": "http://klikdapur.com/unsubscribe.php?M=11685831&C=daf96092199dd146f3ddb15f4a504f57&L=20&N=187", + "text": "her", + "hostname": "klikdapur.com" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "", + "risk_d": "", + "risk_source_s": "", + "sent_at_s": "2019-08-02 13:41:20", + "assessed_at_s": "", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "cornelia@klikdapur.com" + }, + { + "key": "Received", + "value": "from EXGW001 (localhost [127.0.0.1]) \tby EXGW001 (8.14.4/8.14.4/Debian-2ubuntu2.1) with Microsoft SMTP\n Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id\n 15.1.1713.5\n via Mailbox Transport; Fri, 21 Jun 2019 15:30:19 +0200" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=klikdapur.com; \ts=key; t=1561116852;\n \tbh=nIjZkO5mLVAOZu5BmNQZkzesMEouiSpPTQPT2aqu9Mw=;\n \th=To:Subject:Date:From:Reply-To:List-Unsubscribe ;\n \tb=Q+zV0dOs+lM3sD/SmYS4H41N2zQ+efFaf10ZYZ7448M+onwp/2FMzHaIOt \r\n bfkXANT\n \t KXIe5tVXAKJod9OpW/lJKym8SJrfZxykyL+/5/KZ3gqb7QpF+1H9NVoENPjS \r\n B/ro7h\n \t JXMRbWZJWGIbTQsM3ncWIDA4uka1PReR55bu1uBw=" + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Fri, 02 Aug 2019 13:41:20 +0000" + }, + { + "key": "Subject", + "value": "Få dine penger (89.486,73 NOK) utbetalt i dag via Vipps" + }, + { + "key": "From", + "value": "Vipps " + }, + { + "key": "Reply-To", + "value": "michiel@klikdapur.com" + }, + { + "key": "To", + "value": "demo@mailrisk.com" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564753280_072d4d542b75a88ab6a653cf006741b9_=_\"" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:00.4591333" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.01.1713.001" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "50cbb89a-a3ab-4a94-a5c3-08d6f64c9a9b" + }, + { + "key": "X-MS-Exchange-Organization-AVStamp-Enterprise", + "value": "1.0" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "taco-exc02-vm.prd.tasp.tikt.no" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-Mailer-SID", + "value": "187" + }, + { + "key": "X-Mailer-Sent-By", + "value": "1" + }, + { + "key": "X-Mailer-RecptId", + "value": "1685831" + }, + { + "key": "X-Mailer-LID", + "value": "20" + }, + { + "key": "X-C2ProcessedOrg", + "value": "db89f42a-9e17-46f5-bb28-ef43d3cfb3a8" + }, + { + "key": "List-Unsubscribe", + "value": "" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4521, + "assessed_at": "2022-01-14 09:39:22" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:40:06.246 AM", + "Computer": "", + "RawData": "", + "event_type_s": "contents_received", + "reported_at_s": "", + "id_d": 1696, + "message_id_s": "VI1PR05MB3374D0CF6ED4E5BA44DCEC6D86F30@VI1PR05MB3374.eurprd05.prod.outlook.com", + "size_bytes_d": 654, + "subject_s": "shared document", + "from_email_s": "Goldberg.Sue@osman.ru", + "from_name_s": "Sue Goldberg", + "reply_to_s": "", + "spam_score_d": 1, + "spf_s": "none", + "originating_ip_s": "82.102.27.50", + "_links_count_hard_d": "", + "links_s": [], + "_attachments_count_hard_d": "", + "attachments_s": [ + { + "filename": "Agreement-July 2019- Dully Signed.pdf", + "extension": "pdf", + "content_type": "application/pdf", + "content_id": null, + "is_inline": false, + "size_bytes": 34359, + "md5_hash": "cc48d0dcbf07ef8fe4ff89b82a2b5382", + "sha1_hash": "d5b85cca3914c8df90298adefe659a09a8afcd2a", + "sha256_hash": "6f4b28caeb4c13f66afafb4f5226c31711bb32c19a4640ff1969e2e57d204da0", + "last_modified_at": null, + "download_screenshot": "https://api.test.mailrisk.net/v1/emails/1696/attachments/1277/screenshot", + "download_file": "https://api.test.mailrisk.net/v1/emails/1696/attachments/1277/export" + } + ], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "", + "risk_d": "", + "risk_source_s": "", + "sent_at_s": "2019-08-03 09:03:54", + "assessed_at_s": "", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "goldberg.jane@osman.com.tr" + }, + { + "key": "Received", + "value": "from AM6PR0302MB3464.eurprd03.prod.outlook.com (2603:10a6:20b:2e::41) by\r\n AM6PR0302MB3464.eurprd03.prod.outlook.com\n with HTTPS via AM6PR05CA0028.EURPRD05.PROD.OUTLOOK.COM; Thu, 11 Jul 2019\r\n 10:36:12 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=os man.onmicrosoft.com;\n s=selector2-osman-onmicrosoft-com; \r\n h=From:Date:Subject:Message-ID:Content-Type:MIME \r\n -Version:X-MS-Exchange-SenderADCheck; \r\n bh=l4iTf2KEj5ly/peGv+IAp2hZ8/15dhvBYSIe6+l4Teg=; \r\n b=lB30GF7aBhQ4GV2vsBtXwdeQkwy8f+SSLrrlLYFyAMY2kMwhn8oN2DmzHnDwiiJl4VvqTrrLo2RU5ANDJBLtZ7O4D+EPOVt0QxJWGz0JAzQf0AHcaUuonjnelBCH8Qsi7nPPVOGe5/Pxki3SUhcFUT0Yh841XV81qKt8ehBfHZo=" + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Sat, 03 Aug 2019 09:03:54 +0000" + }, + { + "key": "Subject", + "value": "shared document" + }, + { + "key": "From", + "value": "Sue Goldberg " + }, + { + "key": "To", + "value": "Undisclosed recipients:;" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/mixed; boundary=\"_=_swift_1564823034_e3be558b0e8759e5b584c66d7d6ced38_=_\"" + }, + { + "key": "x-originating-ip", + "value": "[82.102.27.50]" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "VI1PR05MB3135:|AM6PR0302MB3464:" + }, + { + "key": "x-ms-publictraffictype", + "value": "Email" + }, + { + "key": "x-ms-oob-tlc-oobclassifiers", + "value": "OLM:1728;OLM:1728;" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "039334de-5c7a-4ac0-b49b-08d705eb4eee" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "ad343d30-769d-48ce-f6fe-08d705eb9724" + }, + { + "key": "X-MS-Has-Attach", + "value": "yes" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:01.5074883" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "AM5EUR03FT025.eop-EUR03.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "VI1PR05MB3135" + }, + { + "key": "x-ms-exchange-senderadcheck", + "value": "1" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "2" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.2052.002" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "1" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "ad343d30-769d-48ce-f6fe-08d705eb9724" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "11 Jul 2019 10:36:10.7450 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "1:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "AM5EUR03FT025.eop-EUR03.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "11 Jul 2019 10:36:10.6929 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "ad343d30-769d-48ce-f6fe-08d705eb9724" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "1b7083a4-0e92-4065-87fc-eb5482b64854" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020);SRVR:VI1PR05MB3135;" + }, + { + "key": "x-microsoft-antispam-prvs", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "60TsBh700jDzNZ+mrxm1VG3LOhw34YoN9fSDP6GTyt62XioqqKY7Ac6ubDcdav39v0lR5EuCCU4lw+UXVou65k+x5bi25mwmuUw7iyHiBX07VrvHdoSPiqCDlZEdRi8Iy1TglpdlHilwlNoYR1UEWdQPgDdMlMGdTF+p5bqSbiQqXPWBXryLLVJzMZGPE/5oILrzHPxUyS8gar0FUBBd2V/M1rlRQaRaAWdXgfPzLO5KNIraBW2TjbsonWbfG71EZ8WJcMUwnw06WgJos2wvrgUM/SNOZd+F0u7+wiGv/oE11Lri2GYRpl65WVD5yfh5tc5PFPddBF46DrU1+8lWODYQzZHEqjifBVsL8b45NSXZdg+vzbLqWmgx5Mealwei+ef8Vp0XHP092B6RkV6ZtP/C25yzGbZ0W+8g6GJ+P7Q=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "9WiDo+452qMuyh979R+Fc2K1zkYrzwgcnuoXf2foNDC7DfXk3AT/7mfdF2m+ WrFQZPhEOjTt2ZwQY0FLjrEDUnsIgyXBNS5zCcXC0fgiVYIzghrNXHkjGdx3\r\n \n /AKTNyfZjKuTCAGgn22VH2U2cLlEG3ga/h5/L0fResBW+OjqKNdSAbozdayE\r\n \n PfbTtebSJ9yMU0Glawt92AyPgCmyDsUUOKnKRQ0NElq0V62+6K1RRWL8bld6\r\n \n uWevxv4AKHtx1Wiizp9LLTfYegjxxLzVdVXfHa7u++PcYZs4R5k9pHYsohlQ\r\n \n o36vnVVSMKdfo3E1WTxbnBUver1nn3zOuO/uWBsUuytxqhWYbMc+vc/q6qCY\r\n \n YyFVKf+iMOV20nkIbapqrH09AxDNYFb7pnkfeqvG+U1gcal1rYbUP6BD244z\r\n \n w5JbjLsxntt6HeasRqOjgeaSAhNCnadglxOFHKIlIBbPEcC4HwKbC0RHsqeP\r\n \n voGVcOcafP0jxOAxte/WhQsk4nzsHEzPaLbIOoPkvVXxgcGz+IiiNFjfhply\r\n \n p5/vb1yq1G0UHvLI2WDPNcCsJgQzBJv0Rg1YgSt5M+73oL9zyjz3qfw4tiK0\r\n \n V5qbyGm2i68WFU7jXDA0UN3o67cdli6C//CLRvoDBiQbXWHC36621QGi+xV4\r\n \n buj2/ybhFEZuXtsj1c36ElIIx9yr2yZFvyebFPZWpcEfdF00QLqSCDRL/yl9\r\n \n IK3GeUXMii7Y8PqOozdwgkrg4IpGac4Y4PvsuzEvDhIPCd2IKyxgS25k/tCW\r\n \n UEnmZ07+p572DWCC+CaLuAfIeZY5USLf4QE3mYsXxBBcwhT3evAdEzi9nsTS\r\n \n auvHHLPL576VgMceHLmEnH9bG0GsmHhsFR2XACD88Cu0p0DtVggTbiVpJug8\r\n \n nvSY5tJfKDJbL8CDK/7B8FfZXqpygDPDWt/7a6Sxnnw+eyQPVkQlR6I5naUj\r\n \n DK+5U0s1GmegRU22uVrLMoEhqdRRGmLKc3MaRTeylLg=" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160514016)(750119)(520011016)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600148)(710020)(711020)(4605104)(4709080)(1420029)(8001031)(1414054)(49563074)(71702078)(7193020);SRVR:AM6PR0302MB3464;" + }, + { + "key": "x-ld-processed", + "value": "d79555d1-8adb-46ea-af6c-b6b2a24e4fe7,ExtAddr" + }, + { + "key": "x-forefront-prvs", + "value": "0095BCF226" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "SFV:NSPM;SFS:(10019020)(4636009)(346002)(136003)(396003)(39860400002)(376002)(366004)(189003)(199004)(53936002)(66576008)(71190400001)(76116006)(478600001)(99286004)(55016002)(606006)(66446008)(7366002)(66556008)(7116003)(86362001)(7406005)(733005)(6506007)(74316002)(65706003)(54896002)(66476007)(64756008)(6306002)(71200400001)(6436002)(7696005)(102836004)(7276002)(5660300002)(109986005)(9686003)(88732003)(3480700005)(76576003)(7336002)(14454004)(52536014)(316002)(26005)(7736002)(25786009)(17550700004)(7416002)(66066001)(68736007)(81156014)(8936002)(1671002)(66946007)(861006)(236005)(99936001)(2906002)(6116002)(54556002)(6606003)(558084003)(19627405001)(256004)(486006)(476003)(81166006)(89122003)(881003)(186003)(3846002)(8676002)(221733001)(33656002)(16040700028);DIR:OUT;SFP:1501;SCL:1;SRVR:VI1PR05MB3135;H:VI1PR05MB3374.eurprd05.prod.outlook.com;FPR:;SPF:None;LANG:nb;PTR:InfoNoRecords;MX:1;A:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:194.37.255.150;IPV:NLI;CTRY:DE;EFV:NLI;SFV:NSPM;SFS:(2980300002)(199004)(189003)(246002)(52536014)(496002)(3480700005)(486006)(74316002)(568964002)(2476003)(7116003)(3846002)(7736002)(7636002)(58800400005)(881003)(19627405001)(1671002)(22186003)(5000100001)(25786009)(99286004)(28085005)(45080400002)(6116002)(8636004)(356004)(8676002)(476003)(3672435006)(71190400001)(21480400003)(86362001)(7596002)(126002)(14454004)(606006)(66066001)(336012)(106002)(7696005)(26005)(15843345004)(1096003)(16586007)(63106013)(6506007)(5024004)(15974865002)(55016002)(63266004)(221733001)(54556002)(733005)(236005)(33656002)(102836004)(54896002)(99936001)(5660300002)(109986005)(15003)(61614004)(6306002)(36386004)(9686003)(127190200001);DIR:INB;SFP:;SCL:1;SRVR:AM6PR0302MB3464;H:mxout150.expurgate.net;FPR:;SPF:Pass;LANG:nb;PTR:mxout150.expurgate.net;A:1;MX:1;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "1b7083a4-0e92-4065-87fc-eb5482b64854:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "0" + }, + { + "key": "Thread-Topic", + "value": "shared document" + }, + { + "key": "Thread-Index", + "value": "AQHVN9Lbt4EwsKBq9EetIwzIPJgAsQ==" + }, + { + "key": "Received-SPF", + "value": "None (protection.outlook.com: osman.ru does not designate permitted sender hosts)" + }, + { + "key": "Content-Language", + "value": "nb-NO" + }, + { + "key": "Authentication-Results", + "value": "spf=none (sender IP is 91.185.204.65) osma n.ru\n smtp.mailfrom=osman.ru; mailrisk.com; dkim=fail (no key for\n signature) header.d=osman.ru;mailrisk.com; dmar c=none\n action=none header.from=osman.ru; dkim=fail (no key\n for signature) head er.d=osman.ru;" + }, + { + "key": "Accept-Language", + "value": "nb-NO, en-US" + } + ], + "assessments_s": [ + { + "risk": 2, + "category": null, + "confidence": 0.5, + "source": "heuristics", + "source_id": 4520, + "assessed_at": "2022-01-14 09:39:09" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:40:06.246 AM", + "Computer": "", + "RawData": "", + "event_type_s": "contents_received", + "reported_at_s": "", + "id_d": 1695, + "message_id_s": "BY5PR16MB3094176126368BE03515A83EB9C80@BY5PR16MB3094.namprd16.prod.outlook.com", + "size_bytes_d": 0, + "subject_s": "Document Received 7/18/2019 6:44 AM", + "from_email_s": "Jose.Porras@la-panthers.org", + "from_name_s": "Jose Porras", + "reply_to_s": "karl.schubert90@mail.ru ", + "spam_score_d": 1, + "spf_s": "pass", + "originating_ip_s": "40.126.2.50", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://1drv.ms/xs/s!AoyI6FpgdXonhGpLWO9LIVGlWTj8", + "text": "", + "hostname": "1drv.ms" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "", + "risk_d": "", + "risk_source_s": "", + "sent_at_s": "2019-08-03 05:52:32", + "assessed_at_s": "", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "Jose.Porras@la-panthers.org" + }, + { + "key": "Received", + "value": "from VI1P192MB0077.EURP192.PROD.OUTLOOK.COM (2603:10a6:3:bc::22) by HE1P192MB0076.EURP192.PROD.OUTLOOK.COM with HTTPS via \r\n HE1P190CA0012.EURP190.PROD.OUTLOOK.COM; Thu, 18 Jul 2019 13:45:27 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=la panthers.onmicrosoft.com;\n s=selector1-lapanthers-onmicrosoft-com; \r\n h=From:Date:Subject:Message-ID:Content-Type:MIME \r\n -Version:X-MS-Exchange-SenderADCheck; \r\n bh=7Z0nSF1uRjl3lG5QFO1Ke7ikKpIpPLHF+1qOea5CJDU=; \r\n b=uemSEmiXghVAt7/Y04KjwAu2GcVQ+H62M+NoPLlZ7QaRmqVLF6yeuqlFZIkTX28JqfnZ/B8wmpuUwFWmyGuHdlqSzJwaqfOFvHZWDR/o5U93zPlIOzGG82FFkzFE4xP0oBPl4xdxxwtCY7Owsg1lpMOZ44+ya1UPDKgxzyfGPWQ=" + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Sat, 03 Aug 2019 05:52:32 +0000" + }, + { + "key": "Subject", + "value": "Document Received 7/18/2019 6:44 AM" + }, + { + "key": "From", + "value": "Jose Porras " + }, + { + "key": "Reply-To", + "value": "\"karl.schubert90@mail.ru\" " + }, + { + "key": "To", + "value": "\"demo@mailrisk.com\" " + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564811552_b09ccc2647f8efe28af2a365bd908438_=_\"" + }, + { + "key": "x-originating-ip", + "value": "[40.126.2.50]" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "BY5PR16MB3620:|BY5PR16MB3620:|VI1P192MB0077:" + }, + { + "key": "x-ms-publictraffictype", + "value": "Email" + }, + { + "key": "x-ms-oob-tlc-oobclassifiers", + "value": "OLM:134;OLM:134;" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "6a71bb86-26d0-461e-434a-08d70b862e0f" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "95d293ac-528f-4cc8-c44a-08d70b862fa0" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:02.8161166" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "HE1EUR01FT044.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "BY5PR16MB3620" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersPromoted", + "value": "HE1EUR01FT044.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "x-ms-exchange-senderadcheck", + "value": "1" + }, + { + "key": "X-MS-Exchange-Safelinks-Url-KeyVer", + "value": "1" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "1" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.2073.000" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "1" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "95d293ac-528f-4cc8-c44a-08d70b862fa0" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "18 Jul 2019 13:45:24.8802 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "1:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "HE1EUR01FT044.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "18 Jul 2019 13:45:24.2010 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "95d293ac-528f-4cc8-c44a-08d70b862fa0" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-MS-Exchange-ATPSafeLinks-Stat", + "value": "0" + }, + { + "key": "X-MS-Exchange-AtpMessageProperties", + "value": "SA|SL" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7025125)(7027125)(7023125)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);SRVR:BY5PR16MB3620;" + }, + { + "key": "x-microsoft-antispam-prvs", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "mxQOwF1Q5Vt0ASYpxARA+MvnVvelZXz6adzgbxisWNCcBj9Z7ePv7GKJRtq40tIdVFsc1WlCTTwA6zibVOEJc2AKmNdRkzDbw09mKirGZCnSM0c7EiIKOLm6hbLp0fZWgekgok5io1/uToVZF0tZjXPferyG+0ZtGEdEzg2P60pLgsYxmSYL0lE8kfpMUim0u2u0RjLNB2Jdgk4Psbw3zxUtNk8/9KcAnTNIL/7GfV/KdKrOKfB4Bl8ZuzoJqiiH0o6vUsJ88Vwc7jjDPJicpeJ3XHICrhDw/RlOU+srJt13NxklUvItYlTSLvSrG7SAGJAoBOxIpb5zcUNopvTsuz502GS0BgjkQB6HrPmsG8WYryhI818ziiUizaIUQcbsBWlsNZDVAxxFGHiaoHJHTrvab+e6Hxieh2H9UEw5gvg=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "2idCpenykI3D6g+HB7ibtB2VdP30s6RRJYLsq1QRPhAtf/10JyH37tM2QSKX 7DrtUDL6hQV0rvs90SpJjWR3mGJakunZ5m7i5EEa0dQg193OJ1u0EcAYyBO+\r\n \n lPZknfs8h13sONJ1Il6eLXCO8cQqeVn8WEsOiNJDsyShmCN8uGER337Cvmtq\r\n \n gl4ubULm9O1pUU8xCpsPWXK07znNIZWwaPzlSWnC7WLJlFls4fbRga+TkY41\r\n \n QXycdWIUO6RpV4KruYYnwBcx7N3EugLWBswdGHSsCKtB3YhbmmhyeRt60yVD\r\n \n LBizfVWWfVKynTyp1nrTfB7XPHketzP3jxfk/RLrqAT9oNaYL0vkWPUBLyur\r\n \n jxd46BkmfSUewHh66SCK7CP1Ko8bXSJmxi9ruw1HvZ66T5LN0ayim9qev9As\r\n \n rGftwMdw1ZfSDYiU9uZG/FAELTaYWvwl4vXr4MFehNHWWkqGYq7x6PW+Q2c5\r\n \n RF9puPEmOTGbGk8KnYz1XPT+TFPobnxAuD19DnbP21fH1QXioao+vvr/hd8N\r\n \n 946U/J+4n8kAvRilOdd8VwzSUuNwnFcsyvpoBFeb0JgfRL2PhHJovMZJKQWN\r\n \n cfdWaxu0DBnXkmQ3PLVUL9dFUW/w6UsFvQTDnqCtJ2lwS9dVOYmea0unt8FZ\r\n \n XFGgO6639UZzOLR1ZGiB2r9hS+v0fRfOx2tYipRPdKBqLkg1iYW5aTqsAzkH\r\n \n EvqbJkLWiyWWejqoW6n2qvp6E5BsYgxauxTvvk3/7Irtpa9K0o74hXHT+lbR\r\n \n BqbF6BXMDeiKW2GzeX00gnWvdbDOJgL6oIu2023LuL4QUreZUIelLbbOmA3F\r\n \n sLqpK/HgW8rHfGIvKiPIiZVU4u3IjQojEiz+vWIgi2qCKPEI29Vw8RA41sDq\r\n \n eIcLrt76leoUPnGJDw8F34WSwynpAfMLzP+HI0N4cYB0Lzht4Pbh1kZDRNlG\r\n \n jxjU+XznScrkDI7d8EhDp0IHq7AfRfpU7o5jrqV005SiFuBDAmf6QfN6wz9h\r\n \n ynS/t2iBhXSzb5wQqNwSVV701g==" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160514016)(750119)(520011016)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600148)(710020)(711020)(4605104)(4709080)(1420029)(8001031)(1414054)(1124261)(71702078)(7193020);SRVR:VI1P192MB0077;" + }, + { + "key": "x-forefront-prvs", + "value": "01026E1310" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "SFV:NSPM;SFS:(10009020)(39850400004)(376002)(136003)(366004)(346002)(396003)(23433003)(189003)(199004)(66476007)(66806009)(76116006)(66946007)(91956017)(5660300002)(102836004)(26005)(476003)(86362001)(6506007)(53936002)(6916009)(6666004)(7696005)(71200400001)(71190400001)(256004)(68736007)(486006)(66556008)(99286004)(186003)(8796002)(1730700003)(74316002)(64756008)(2501003)(52536014)(66446008)(8936002)(316002)(786003)(45080400002)(14454004)(2860700004)(2351001)(81156014)(81166006)(508600001)(43066004)(33656002)(3846002)(55016002)(38605005)(71646002)(236005)(558084003)(606006)(6116002)(7736002)(25786009)(54896002)(66066001)(6436002)(1250700005)(8676002)(2906002)(9686003)(6306002)(5640700003)(48046002);DIR:OUT;SFP:1101;SCL:1;SRVR:BY5PR16MB3620;H:BY5PR16MB3094.namprd16.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:40.107.76.47;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10001)(4636009)(2980300002)(189003)(199004)(23433003)(8156004)(8796002)(6916009)(5000100001)(2160300002)(3846002)(2501003)(1096003)(1730700003)(6116002)(26005)(8636004)(486006)(48046002)(476003)(14454004)(58800400005)(102836004)(2351001)(5660300002)(66806009)(5640700003)(8676002)(126002)(61614004)(606006)(6436002)(356004)(6666004)(336012)(71190400001)(38605005)(52536014)(86362001)(45080400002)(54896002)(6506007)(106002)(1250700005)(9686003)(25786009)(564344004)(33656002)(99286004)(43066004)(16003)(55016002)(36906005)(66066001)(71646002)(74316002)(7696005)(236005)(33964004)(16586007)(246002)(7636002)(7736002)(2860700004)(6306002);DIR:INB;SFP:;SCL:1;SRVR:VI1P192MB0077;H:NAM02-CY1-obe.outbound.protection.outlook.com;FPR:;SPF:Pass;LANG:en;PTR:mail-eopbgr760047.outbound.protection.outlook.com;MX:1;A:1;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "0" + }, + { + "key": "Thread-Topic", + "value": "Document Received 7/18/2019 6:44 AM" + }, + { + "key": "Thread-Index", + "value": "AQHVPW7617zE4gE1fEufepy3P+kxLg==" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of la-panthers.org designates 40.107.76.47 as permitted sender)\n receiver=protection.outlook.com; client-ip=40.107.76.47; \r\n helo=NAM02-CY1-obe.outbound.protection.outlook.com;" + }, + { + "key": "Content-Language", + "value": "en-US" + }, + { + "key": "Authentication-Results-Original", + "value": "spf=none (sender IP is ) smtp.mailfrom=Jose.Porras@la-panthers.org;" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 40.107.76.47) smtp.mailfrom=la-panthers.org; mailrisk.com; dkim=pass\r\n (signature\n was verified) header.d=lapanthers.onmicrosoft.com;mailrisk .com; dmarc=bestguesspass\r\n action=none header.from=la-panthers.org;compauth=pass reason=109" + }, + { + "key": "ARC-Seal", + "value": "i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=XPFfcmI0holVNZjhUaAK1DrBwr2ZBkkeRdtJUBLqO5gIx6USdDDesUcP58a/9LxQGDGoVO91f2aGzNZtFz+pWIzvgoPI6811nTwudg71HS79FLv+rxWqWumeOyehXPWmtNZpIh+8RHVanramrQihm90USO3A/mFN2mOpHjvPSe16F8pBXdu1e+4HhyZoN1VJ3mHur0W1xeI/1ABV6mKfkEjZr33P3JmKYGrsXEfp2B77kbCGpqcAfRL2G/ItU0/hoRFfYiaovIlX/j0OPwFlABXDSD0FvKVmyWFkXit5yTh5Lz98GCsomtUe/AuNXiehX2bMkRQyIeL/60uaRkZIzg==" + }, + { + "key": "ARC-Message-Signature", + "value": "i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME \r\n -Version:X-MS-Exchange-SenderADCheck; \r\n bh=7Z0nSF1uRjl3lG5QFO1Ke7ikKpIpPLHF+1qOea5CJDU=; \r\n b=MO8RPqyOba7LLYPQF9Pche5yFL8yQYJwKxOr97SQLE438rusE4vxDrLlqCQzTOROChQDFcqhavAzMjUztVPSOtLHtpqJJOEDBK82BH+efGR3I7h7X6UflwlIpGqA/HWXBMp08Fi7c4LTbTrG9RwyWy2QOeRI7SidBOkq9bR2pK/lWkY0Yh7sZwJ3BLXaKg0HhBrn/ezRw8BUj7e4OL9eJXlgWkDji1VZwUYMllKGWqbh8crjxp9NoL4dNC8vJHzNFDDiSIq0TqFPDmM+ZnulXWuRJlZS+BgkI33nvuMHFJK8hsQmPolB5vCZ+F5ZYG0xEDOR9vAmT8I5lhkgnr4Vrw==" + }, + { + "key": "ARC-Authentication-Results", + "value": "i=2; mx.microsoft.com 1;spf=pass (sender ip is 40.107.76.47) smtp.rcpttodomain=mailrisk.com \r\n smtp.mailfrom=la-panthers.org;dmarc=bestguesspass action=none \r\n header.from=la-panthers.org;dkim=pass (signature was verified) \r\n header.d=lapanthers.onmicrosoft.com;arc=pass (0 oda=1 ltdi=1 \r\n spf=[1,1,smtp.mailfrom=la-panthers.org] dkim=[1,1,header.d=la-panthers.org] \r\n dmarc=[1,1,header.from=la-panthers.org])" + }, + { + "key": "Accept-Language", + "value": "en-US" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4519, + "assessed_at": "2022-01-14 09:38:51" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:40:06.246 AM", + "Computer": "", + "RawData": "", + "event_type_s": "contents_received", + "reported_at_s": "", + "id_d": 1694, + "message_id_s": "1641920649.safelinks.protection61ddb88947f9f@telecomservic.es", + "size_bytes_d": 0, + "subject_s": "Secure Practice AS message for {{FIRSTNAME}}", + "from_email_s": "safelinks.protection@telecomservic.es", + "from_name_s": "Safelinks protection", + "reply_to_s": "", + "spam_score_d": -1, + "spf_s": "pass", + "originating_ip_s": "207.154.247.120", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "mailto:{{EMAIL}}", + "text": "{{EMAIL}}", + "hostname": null + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "", + "risk_d": "", + "risk_source_s": "", + "sent_at_s": "2022-01-11 17:04:09", + "assessed_at_s": "", + "content_status_s": "received", + "headers_s": [ + { + "key": "Received", + "value": "from SV0P279MB0481.NORP279.PROD.OUTLOOK.COM (2603:10a6:f10:19::13) by SVAP279MB0478.NORP279.PROD.OUTLOOK.COM with HTTPS; Tue, 11 Jan 2022\r\n 17:04:14 +0000" + }, + { + "key": "Received", + "value": "from AS8PR05CA0001.eurprd05.prod.outlook.com (2603:10a6:20b:311::6) by SV0P279MB0481.NORP279.PROD.OUTLOOK.COM (2603:10a6:f10:19::13) with\r\n Microsoft SMTP Server (version=TLS1_2,\r\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4888.9; Tue, 11 Jan\r\n 2022 17:04:13 +0000" + }, + { + "key": "Received", + "value": "from VI1EUR04FT050.eop-eur04.prod.protection.outlook.com (2603:10a6:20b:311:cafe::46) by AS8PR05CA0001.outlook.office365.com\r\n (2603:10a6:20b:311::6) with Microsoft SMTP Server (version=TLS1_2,\r\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4888.9 via Frontend\r\n Transport; Tue, 11 Jan 2022 17:04:13 +0000" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 207.154.247.120) smtp.mailfrom=telecomservic.es; dkim=pass (signature was verified)\r\n header.d=smtp.sendfiend.com;dmarc=permerror action=none\r\n header.from=telecomservic.es;compauth=pass reason=105" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of telecomservic.es designates 207.154.247.120 as permitted sender)\r\n receiver=protection.outlook.com; client-ip=207.154.247.120;\r\n helo=smtp.sendfiend.com;" + }, + { + "key": "Received", + "value": "from smtp.sendfiend.com (207.154.247.120) by VI1EUR04FT050.mail.protection.outlook.com (10.152.29.113) with Microsoft SMTP\r\n Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id\r\n 15.20.4867.7 via Frontend Transport; Tue, 11 Jan 2022 17:04:13 +0000" + }, + { + "key": "Message-ID", + "value": "<1641920649.safelinks.protection61ddb88947f9f@telecomservic.es>" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=smtp.sendfiend.com; \ts=selector1; t=1641920652;\r\n \tbh=mJGoGh3rHvuq/4haP8rrf3KHyxoRJkZ/b73prEedcTw=;\r\n \th=Date:Subject:From:To:From;\r\n \tb=o8oBpilb7Gz3tcPDKP2nj83bTp3pi6sYL9wi0wGkzjVE2I8g7jt+ljfo+VS9ICikp\r\n \t VtoZTz4opCZJc/ptAabG/ofoeRfinf/6Ql12f6JpQ2PlE2p+1+jVTVUoeuBnf7Txtg\r\n \t 27xjJu4iy1rqgwh7JHO0oKia6nhabc3qpUqA83bZm3+Prn6zQKFCwszlNhcsbBzweM\r\n \t 2fysJlC8+qYl9WsvcS2ztCX76/ZTlPfbxNX1qAsUxR6uz0y03D6vCIWYa+1AvdTYa2\r\n \t jasfrllrpQ1QfO3StDyOUqM41FlOxmHHwVDk34RZ9kHBDGfZsw0+fXF1wwbMYi5mNB\r\n \t +8IpXZh0kouLA==" + }, + { + "key": "Date", + "value": "Tue, 11 Jan 2022 17:04:09 +0000" + }, + { + "key": "Subject", + "value": "Secure Practice AS message for MailRisk" + }, + { + "key": "From", + "value": "Safelinks protection " + }, + { + "key": "To", + "value": "demo@mailrisk.com" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1641920649_0f856b366b9a69aa3f59a5baf218a3e0_=_\"" + }, + { + "key": "X-SP-Tenant", + "value": "bf3b580dbae9e7857b3182dc36434cab2f6e4771" + }, + { + "key": "X-SIMULATED-PHISHING", + "value": "THIS IS ONLY A SIMULATION" + }, + { + "key": "X-SECURITY-INFO", + "value": "https://securepractice.co/.well-known/security.txt" + }, + { + "key": "X-Key", + "value": "wru0ReoUd0uOUM8TpbuE228rpcryVGz9" + }, + { + "key": "X-Identifier", + "value": "DL9dJh4LMj0OgeDmgDuYz2uaor0mctYK" + }, + { + "key": "Return-Path", + "value": "safelinks.protection@telecomservic.es" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "11 Jan 2022 17:04:13.1185 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "1:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "13b52626-ff94-4669-7a33-08d9d524647e" + }, + { + "key": "X-EOPAttributedMessage", + "value": "0" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79:0" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "VI1EUR04FT050.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "13b52626-ff94-4669-7a33-08d9d524647e" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "SV0P279MB0481:EE_" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "-1" + }, + { + "key": "X-MS-Exchange-Organization-BypassClutter", + "value": "true" + }, + { + "key": "X-MS-Oob-TLC-OOBClassifiers", + "value": "OLM:6108;" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:207.154.247.120;CTRY:DE;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:NSPM;H:smtp.sendfiend.com;PTR:smtp.sendfiend.com;CAT:NONE;SFS:;DIR:INB;" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "11 Jan 2022 17:04:13.0404 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "13b52626-ff94-4669-7a33-08d9d524647e" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79" + }, + { + "key": "X-MS-Exchange-CrossTenant-AuthSource", + "value": "VI1EUR04FT050.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-CrossTenant-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "SV0P279MB0481" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:01.4661025" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.4867.012" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506458)(944626604)(920097)(930097);" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "N1AYO5109++efM1k8Mj/X41NiFA3iPPdBAypvWTgKETyARG9kccUEfnhJrQn oDoc+EmgDFJRUlSiYEA12xoS9E4e1y6GreEndNbxdUnIVO0gz6WPCtVjhvkC VY+lxGiymHsBGXrMQCsQst42nwByPPXu5y/oobw97ycqYslnIlY8zDrZf0io L1JEywz6+GXZAxtjW41E5d0OdeC9ilJ3ttkruuxDabYTTsAdtlOOIhzMcQu6 0eqjk7ORO9M+mzY8xJtvKjXFtWkBvGKshUEqjpT/FRFnMM+aHaKJU4cQeRY5 o2TvZq9RDUXqHkPllOkak4FkZtl/0F2uJ0CqAahGwMYmIs+RgTr6cGPcchRi HFCY9yS0/+9oYRdmhtD3Deo8nAXvad0xKYDnprflLJi+d5eERJOylqmb4J1B LhskXCEzvja7kBf9Wh6SJrq4KppsR86aIfO5Y2y2IQPKX1YJB75eSgbfVUX+ HTfBho+XLptWKa7vqk2+V87FF2yHkoNXaQjwBXNiQwYPWpMhABChsdRgorqr t9tSuSyT5+ORwj24V1FK/LUo/3O28U+hiCh4lvhGxFf6GeRqpPhdj8R0IxCX CnW1qV1+8lcBUDYvu3WlmFJPW6YvSkEBBGdVLSvr/+a8T4KvIarmVxjqCYW4 wHKzbwM4xFKU4zL5fJcu0leRF2/D1/29kuB6DyhbgsTX5NuLnxbs2GGllfUi ZGOeVdIawRHgiSnBMp77DFQL958zvqULAp9Od9/Y479foIKvn0xf5SjZMHs0 E7IbOHkj8RiX3+DV6M7XoT9LCw0L9ThsD9a5myntRzWMgyv8LgSdRw6yQnxQ Lk/jSiU1K6Yb35gDaRysUZYOGIkEZA2hZ1PUG/o28QnZRgqQUhGBM+QXXtRg c3CsDu/c80Cdce56GJtUoWkcCI3Aoug5tLP6I+su6X+nH4bTJvA6mTs/+lmz 3z3HhOku4Px8RTSAQqDpvkD4RmWvHX3aqgQ8CSx16VS7VGT84UcLi362cD44 PKzXo5p8XjfWZJMur6iwFGws0RKZyOig1PFesWC5cFlPJiLEdbtX7LxPv0ru ZpJLzTth+HA0mBfdCvqjsDFINJN6lxYzCiIbPppUgP9jhIRUXChl+moAIiAz kYQLS1Cvu3TpvKQkdcYhtxpptgy/fIKbxzaevGmCcj5//haboVHzBpCW2scO /Uv2ph1gyJjZ16A5BqLYesw/0LFWPt9tVD3UjYBVsW56Ld+lkyJvr0D5sEzs tEA08p7ABVOTavbVkGwrOuPtj5qYBVtZZT7Tdxbx+1xhm83dtGlBlSp1Si7g D+dem8uRZ5r0E+nF0fD+xB3Td/Fm1eai+uo+/g8oZDbHcieODMMZFbQzqFbh Ie+WtlklsndTjro/Gs+kOx8FIQ7JVq2XGVOZKgFEm2BSXu+vzK6u7+GfUByK IphTx6gllmkvKjywQHSC7d0GIrzoFxx7SfXEqywEbYb5NOskhvMYAFaX8zsp tkyecLRYHXrKIYbm1unRLOld6L/lL9aNkUPwgy1SwwyQ3FtJ8bU629goFJy1 jcmk6Ie78Fciok799SneKOxqNOjTAIHZ+Y/f2MoI8YGunFBxO+I0BdNrsU4A S3Az2be63hk/atwkl/WxQtV/9MdYkZPO4BLViKF3muX9JC/AtMtF3qE1bHpH C5qxviSObfWuTDRBr0vTp9gsTC1xu8v4EEzK4zsVAUAaNysWDzuUfF1FTnFc APMAgI2jhUoLkOxj8gzp2o6flKmnkk2IDW+66lXouIOUq8Vd2dHSksCyBCYm W+bRQJ/dTFleaR/XUaJQOHlbfTzfzMocQIGQKMfj1UwTpXuEhwuY86DXasoq AFF8OaWtvDTIxdOHxcviRJvzGPJ9H7IGoXOYu3v4IK5Fla1K+CBSfXxLsf5b irTe0XQy20vP5svixpUbVZOaoiNet0IvxzyyAKxuCVEfqIuNxeoXHlH+YtNW MjKhLZEUmxuDji50XqOJah0KCE4+1K4km6tAWgu+wwJxI7zi0LhuL/0Wmmt7 uoqVeQDPj1BtngEAAljGxMWeDhSO5y8O3S5elcBv59T4jvEy8rTn2RFa0xCU WSOG0aKOyoyqTCdOhM8V5b+qG823pi0LWULITw/SCDChvP4eZjQZLdYvXXsA uA9BRwVCQBt6GROEgZaPQuv025ztWs6UTN77GRajGlIqOfsDTrbD1uXpRhk =" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4518, + "assessed_at": "2022-01-14 09:38:07" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "contents_received", + "reported_at_s": "2022-01-14 09:41:16", + "id_d": 1703, + "message_id_s": "trinity-3570feb1-4561-4b03-a0de-74934e27a322-1504288206404@3c-app-mailcom-bs14", + "size_bytes_d": 0, + "subject_s": "Vi hjelper deg gjerne", + "from_email_s": "dionexvdyh@gmx.com", + "from_name_s": "Hayley Loughrey", + "reply_to_s": "", + "spam_score_d": 1, + "spf_s": "pass", + "originating_ip_s": "", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "http://bit.ly/2xBLbKb", + "text": "http://bit.ly/2xBLbKb", + "hostname": "bit.ly" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "", + "risk_d": "", + "risk_source_s": "", + "sent_at_s": "2019-08-02 13:18:44", + "assessed_at_s": "", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "SRS0=sbZ62=AC=gmx.com=demo@securepractice.no" + }, + { + "key": "Received", + "value": "from VI1PR05MB3359.eurprd05.prod.outlook.com (2603:10a6:802:2::45) by VI1PR05MB3359.eurprd05.prod.outlook.com with HTTPS via\n VI1PR04CA0074.EURPRD04.PROD.OUTLOOK.COM; Fri, 1 Sep 2017 17:50:21 +0000" + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Fri, 02 Aug 2019 13:18:44 +0000" + }, + { + "key": "Subject", + "value": "Vi hjelper deg gjerne" + }, + { + "key": "From", + "value": "Hayley Loughrey " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564751925_9e0425a6b56fc93581fac15fbd19072c_=_\"" + }, + { + "key": "X-UI-Out-Filterresults", + "value": "notjunk:1;V01:K0:HFowzeW8F+M=:lvkM+fvxAHldLu248/od3y 8aoLMDRm2WPqIDmq8oYiMLsw8usSoAvDqRSRMMIXBJJCCTwctbSbR7zg4F9i KqsVN4NSA5qFr\n 5pN8OD8ezXCvZA21ZX3x3OT3zlIVE1ERXDCIGDOQ/Aa0ENWrqWTvDqRSuZsT st8YRdLBDesI1\n +vvCI1snQoaxbL9H8gEPBrb/ui1jazFDqGP/kJKvLIam4WL15htb6hsvs/l7 wZhaU9oy1Rf/M\n ioZGYWUyIjK5H2HNegrZPxUD9wqM6xfvXuuXmt6GILkusb+u7P9VGlfUk61E viyRa0RSEBtwO\n cLErA8mATtJo7olERQqDaUpTKOQvKMK/N9l8tfFOxW8tLXRdqr86uQVQKmTj 758YAh76vFrqI\n vAoxgL8RvizXNh4RWU/5sBoVhctNY+OkF95+yyxuXn9fOB9p8VHgc/gMg1qB 6/UsmL4q3Ga1K\n yGxp+yO4+/Zwk2Js8LGkIEsEji3oDcoJnS9J6hV3KGxhffmsoKXp8f1l9dD4 TT9C3SKGxPLe4\n OXF7xggP+J7kJ5dHD/wGgOI98tUDv87jk0On1haYeyQ" + }, + { + "key": "X-Spam-Status", + "value": "No, score=-1.2" + }, + { + "key": "X-Spam-Score", + "value": "-11" + }, + { + "key": "X-Spam-Flag", + "value": "NO" + }, + { + "key": "X-Spam-Bar", + "value": "-" + }, + { + "key": "X-Provags-ID", + "value": "V03:K1:f4Ahw3NOVESNxUh20O2A4lDks9kmf6EDMZBAnV+awBT x2s+ OzbpK4k8YcrqTka9OpM0MKvOjCeWZLPOP/sWHBiquvv8ig\n umOU s6dxGmON6A1g2X7n8d3BFNiPH4881nGsxHins8YMfrOMkj\n D+Cm JChmnmNmPXro1gU/mIHaND/Sb/93PMYvbczTVJ3RNKTbC0\n T6Xx jUa2n2/cKpjb/5HkHc7yajQ7D0AHXSlUI0wIhTqVuxdJV8\n gPUTczQWKtner5lbk8yVtzUX2GDORVtFFcex2FGvDcVRZ2a6GW +tcRrM=" + }, + { + "key": "X-Priority", + "value": "3" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "VI1PR05MB3359:" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "22adc859-699c-4f7f-e9ed-08d4f161e88f" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:03.1041883" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "VI1PR05MB3359" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.01.1385.016" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "1" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "22adc859-699c-4f7f-e9ed-08d4f161e88f" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "AM5EUR02FT052.eop-EUR02.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "01 Sep 2018 17:50:17.8981 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "ac509aa7-52c0-458b-b795-643a5c81680a" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-Microsoft-Exchange-Diagnostics", + "value": "1;AM5EUR02FT052;1:xt3MxrAgGFOdbFaTK7oqrwHJaVk0V308JQhp1LgUlq5xvP8CHkx0rh8fTXvq+m0K7nA3cI7NIrnC4bNuPdWvRbFM8gP0rBCIxfrSXmHXlQyHAMfU2UkjqKWi51A50SFR" + }, + { + "key": "X-Microsoft-Antispam", + "value": "UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(23075)(300000502095)(300135100095)(300000503095)(300135400095)(71702078)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:VI1PR05MB3359;" + }, + { + "key": "X-Ham-Report", + "value": "Spam detection software, running on the system \"cpanel25.proisp.no\", has NOT identified this incoming email as spam. The\r\n original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n root\\@localhost for details.\n\n Content preview: Elkj??p ??nsker ?? takke deg for din lojalitet og informere\n deg om v??rt 2017 bel??nningsprogram. iPhone 8 er nesten her! Er du\r\n spent?\n Et lite antall personer fra Norge har blitt valgt for ?? teste og beholde\n en ny iPhone 8. [...] \n\n Content analysis details: (-1.2 points, 5.0 required)\n\n pts rule name description\n ---- ---------------------- --------------------------------------------------\n 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was\r\n blocked.\nSee\n \r\n http://wiki.apache.org/spamassassin/DnsBlocklists#dn sbl-block\n for more information.\n [URIs: bit.ly]\n -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)\n [212.227.15.15 listed in wl.mailspike.net]\n -0.0 SPF_PASS SPF: sender matches SPF record\n 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\r\n provider\n (dionexvdyh[at]gmx.com)\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts\n 0.0 HTML_MESSAGE BODY: HTML included in message\n -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:213.162.241.73;IPV:NLI;CTRY:NO;EFV:NLI;SFV:NSPM;SFS:(8196002)(2990300002)(438002)(48550400004)(189002)(199003)(626005)(48500400002)(966005)(189998001)(45086001)(21086003)(106466001)(1096003)(97736004)(606006)(6862004)(23676002)(42882006)(3480700004)(23846002)(8746002)(22730200002)(33716001)(81156014)(53366004)(53376002)(110136004)(81166006)(50466002)(40036005)(22756006)(8676002)(5820100001)(5660300001)(6306002)(68736007)(9686003)(236005)(50986999)(54356999)(81686999)(53936002)(33646002)(356003)(69596002)(110756004)(2351001)(34003)(72206003)(50140200003)(93300200001)(493534005)(42262002);DIR:INB;SFP:;SCL:1;SRVR:VI1PR05MB3359;H:mweb.no;FPR:;SPF:Pass;PTR:InfoDomainNonexistent;MX:1;A:1;LANG:nb;" + }, + { + "key": "X-Exchange-Antispam-Report-Test", + "value": "UriScan:;" + }, + { + "key": "X-Exchange-Antispam-Report-CFA-Test", + "value": "BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(601004)(2401047)(13018025)(13016025)(8121501046)(9101536074)(100000703101)(100105400095)(3002001)(93006095)(93004095)(10201501046)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:VI1PR05MB3359;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:VI1PR05MB3359;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "ac509aa7-52c0-458b-b795-643a5c81680a:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "0" + }, + { + "key": "X-AntiAbuse", + "value": "This header was added to track abuse, please include it with any abuse report" + }, + { + "key": "SpamDiagnosticOutput", + "value": "1:99" + }, + { + "key": "SpamDiagnosticMetadata", + "value": "NSPM" + }, + { + "key": "Sensitivity", + "value": "Normal" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of securepractice.no designates 213.162.241.73 as permitted sender)\r\n receiver=protection.outlook.com;\n client-ip=213.162.241.73; helo=securepractice.no;" + }, + { + "key": "Importance", + "value": "normal" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 213.162.241.73) smtp.mailfrom=securepractice.no; mweb.no; dkim=none (message not\r\n signed)\n header.d=none;securepractice.no; dmarc=none action=none header.from=gmx.com;" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4527, + "assessed_at": "2022-01-14 09:41:14" + }, + { + "risk": 2, + "category": null, + "confidence": 0.5, + "source": "recipient", + "source_id": 26, + "assessed_at": "2022-01-14 09:41:16" + } + ], + "reported_risk_d": 2, + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "email_reported", + "reported_at_s": "2022-01-14 09:41:16", + "id_d": 1703, + "message_id_s": "trinity-3570feb1-4561-4b03-a0de-74934e27a322-1504288206404@3c-app-mailcom-bs14", + "size_bytes_d": 0, + "subject_s": "Vi hjelper deg gjerne", + "from_email_s": "dionexvdyh@gmx.com", + "from_name_s": "Hayley Loughrey", + "reply_to_s": "", + "spam_score_d": 1, + "spf_s": "pass", + "originating_ip_s": "", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "http://bit.ly/2xBLbKb", + "text": "http://bit.ly/2xBLbKb", + "hostname": "bit.ly" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "", + "risk_d": "", + "risk_source_s": "", + "sent_at_s": "2019-08-02 13:18:44", + "assessed_at_s": "", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "SRS0=sbZ62=AC=gmx.com=demo@securepractice.no" + }, + { + "key": "Received", + "value": "from VI1PR05MB3359.eurprd05.prod.outlook.com (2603:10a6:802:2::45) by VI1PR05MB3359.eurprd05.prod.outlook.com with HTTPS via\n VI1PR04CA0074.EURPRD04.PROD.OUTLOOK.COM; Fri, 1 Sep 2017 17:50:21 +0000" + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Fri, 02 Aug 2019 13:18:44 +0000" + }, + { + "key": "Subject", + "value": "Vi hjelper deg gjerne" + }, + { + "key": "From", + "value": "Hayley Loughrey " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564751925_9e0425a6b56fc93581fac15fbd19072c_=_\"" + }, + { + "key": "X-UI-Out-Filterresults", + "value": "notjunk:1;V01:K0:HFowzeW8F+M=:lvkM+fvxAHldLu248/od3y 8aoLMDRm2WPqIDmq8oYiMLsw8usSoAvDqRSRMMIXBJJCCTwctbSbR7zg4F9i KqsVN4NSA5qFr\n 5pN8OD8ezXCvZA21ZX3x3OT3zlIVE1ERXDCIGDOQ/Aa0ENWrqWTvDqRSuZsT st8YRdLBDesI1\n +vvCI1snQoaxbL9H8gEPBrb/ui1jazFDqGP/kJKvLIam4WL15htb6hsvs/l7 wZhaU9oy1Rf/M\n ioZGYWUyIjK5H2HNegrZPxUD9wqM6xfvXuuXmt6GILkusb+u7P9VGlfUk61E viyRa0RSEBtwO\n cLErA8mATtJo7olERQqDaUpTKOQvKMK/N9l8tfFOxW8tLXRdqr86uQVQKmTj 758YAh76vFrqI\n vAoxgL8RvizXNh4RWU/5sBoVhctNY+OkF95+yyxuXn9fOB9p8VHgc/gMg1qB 6/UsmL4q3Ga1K\n yGxp+yO4+/Zwk2Js8LGkIEsEji3oDcoJnS9J6hV3KGxhffmsoKXp8f1l9dD4 TT9C3SKGxPLe4\n OXF7xggP+J7kJ5dHD/wGgOI98tUDv87jk0On1haYeyQ" + }, + { + "key": "X-Spam-Status", + "value": "No, score=-1.2" + }, + { + "key": "X-Spam-Score", + "value": "-11" + }, + { + "key": "X-Spam-Flag", + "value": "NO" + }, + { + "key": "X-Spam-Bar", + "value": "-" + }, + { + "key": "X-Provags-ID", + "value": "V03:K1:f4Ahw3NOVESNxUh20O2A4lDks9kmf6EDMZBAnV+awBT x2s+ OzbpK4k8YcrqTka9OpM0MKvOjCeWZLPOP/sWHBiquvv8ig\n umOU s6dxGmON6A1g2X7n8d3BFNiPH4881nGsxHins8YMfrOMkj\n D+Cm JChmnmNmPXro1gU/mIHaND/Sb/93PMYvbczTVJ3RNKTbC0\n T6Xx jUa2n2/cKpjb/5HkHc7yajQ7D0AHXSlUI0wIhTqVuxdJV8\n gPUTczQWKtner5lbk8yVtzUX2GDORVtFFcex2FGvDcVRZ2a6GW +tcRrM=" + }, + { + "key": "X-Priority", + "value": "3" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "VI1PR05MB3359:" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "22adc859-699c-4f7f-e9ed-08d4f161e88f" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:03.1041883" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "VI1PR05MB3359" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.01.1385.016" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "1" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "22adc859-699c-4f7f-e9ed-08d4f161e88f" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "AM5EUR02FT052.eop-EUR02.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "01 Sep 2018 17:50:17.8981 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "ac509aa7-52c0-458b-b795-643a5c81680a" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-Microsoft-Exchange-Diagnostics", + "value": "1;AM5EUR02FT052;1:xt3MxrAgGFOdbFaTK7oqrwHJaVk0V308JQhp1LgUlq5xvP8CHkx0rh8fTXvq+m0K7nA3cI7NIrnC4bNuPdWvRbFM8gP0rBCIxfrSXmHXlQyHAMfU2UkjqKWi51A50SFR" + }, + { + "key": "X-Microsoft-Antispam", + "value": "UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(23075)(300000502095)(300135100095)(300000503095)(300135400095)(71702078)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:VI1PR05MB3359;" + }, + { + "key": "X-Ham-Report", + "value": "Spam detection software, running on the system \"cpanel25.proisp.no\", has NOT identified this incoming email as spam. The\r\n original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n root\\@localhost for details.\n\n Content preview: Elkj??p ??nsker ?? takke deg for din lojalitet og informere\n deg om v??rt 2017 bel??nningsprogram. iPhone 8 er nesten her! Er du\r\n spent?\n Et lite antall personer fra Norge har blitt valgt for ?? teste og beholde\n en ny iPhone 8. [...] \n\n Content analysis details: (-1.2 points, 5.0 required)\n\n pts rule name description\n ---- ---------------------- --------------------------------------------------\n 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was\r\n blocked.\nSee\n \r\n http://wiki.apache.org/spamassassin/DnsBlocklists#dn sbl-block\n for more information.\n [URIs: bit.ly]\n -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)\n [212.227.15.15 listed in wl.mailspike.net]\n -0.0 SPF_PASS SPF: sender matches SPF record\n 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\r\n provider\n (dionexvdyh[at]gmx.com)\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts\n 0.0 HTML_MESSAGE BODY: HTML included in message\n -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:213.162.241.73;IPV:NLI;CTRY:NO;EFV:NLI;SFV:NSPM;SFS:(8196002)(2990300002)(438002)(48550400004)(189002)(199003)(626005)(48500400002)(966005)(189998001)(45086001)(21086003)(106466001)(1096003)(97736004)(606006)(6862004)(23676002)(42882006)(3480700004)(23846002)(8746002)(22730200002)(33716001)(81156014)(53366004)(53376002)(110136004)(81166006)(50466002)(40036005)(22756006)(8676002)(5820100001)(5660300001)(6306002)(68736007)(9686003)(236005)(50986999)(54356999)(81686999)(53936002)(33646002)(356003)(69596002)(110756004)(2351001)(34003)(72206003)(50140200003)(93300200001)(493534005)(42262002);DIR:INB;SFP:;SCL:1;SRVR:VI1PR05MB3359;H:mweb.no;FPR:;SPF:Pass;PTR:InfoDomainNonexistent;MX:1;A:1;LANG:nb;" + }, + { + "key": "X-Exchange-Antispam-Report-Test", + "value": "UriScan:;" + }, + { + "key": "X-Exchange-Antispam-Report-CFA-Test", + "value": "BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(601004)(2401047)(13018025)(13016025)(8121501046)(9101536074)(100000703101)(100105400095)(3002001)(93006095)(93004095)(10201501046)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:VI1PR05MB3359;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:VI1PR05MB3359;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "ac509aa7-52c0-458b-b795-643a5c81680a:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "0" + }, + { + "key": "X-AntiAbuse", + "value": "This header was added to track abuse, please include it with any abuse report" + }, + { + "key": "SpamDiagnosticOutput", + "value": "1:99" + }, + { + "key": "SpamDiagnosticMetadata", + "value": "NSPM" + }, + { + "key": "Sensitivity", + "value": "Normal" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of securepractice.no designates 213.162.241.73 as permitted sender)\r\n receiver=protection.outlook.com;\n client-ip=213.162.241.73; helo=securepractice.no;" + }, + { + "key": "Importance", + "value": "normal" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 213.162.241.73) smtp.mailfrom=securepractice.no; mweb.no; dkim=none (message not\r\n signed)\n header.d=none;securepractice.no; dmarc=none action=none header.from=gmx.com;" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4527, + "assessed_at": "2022-01-14 09:41:14" + }, + { + "risk": 2, + "category": null, + "confidence": 0.5, + "source": "recipient", + "source_id": 26, + "assessed_at": "2022-01-14 09:41:16" + } + ], + "reported_risk_d": 2, + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "contents_received", + "reported_at_s": "", + "id_d": 1702, + "message_id_s": "1522727703.09864785@mail.softcom.net", + "size_bytes_d": 0, + "subject_s": "You've got a new document", + "from_email_s": "noreply@alerts-drpbox.com", + "from_name_s": "Ɗropbox", + "reply_to_s": "limallen412@gmail.com ", + "spam_score_d": 1, + "spf_s": "", + "originating_ip_s": "", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://x.co//G4G4G4G4G4//?=%3c%3cEMAIL%3e%3mgf", + "text": "Access file now.", + "hostname": "x.co" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "", + "risk_d": "", + "risk_source_s": "", + "sent_at_s": "2019-08-03 08:11:14", + "assessed_at_s": "", + "content_status_s": "received", + "headers_s": [ + { + "key": "Received", + "value": "from VI1P195CA0015.OUTLOOK.OFFICE365.COM (260 3:10a6:800:90::21)\n by VI1P195MB0064.EURP195.PROD.OUTLOOK.COM with HTTPS via\n VI1PR0701CA0035.EURPRD07.PROD.OUTLOOK.COM; Tue, 3 Apr 2018 03:55:16 +0000" + }, + { + "key": "Message-ID", + "value": "<1522727703.09864785@mail.softcom.net>" + }, + { + "key": "Date", + "value": "Sat, 03 Aug 2019 08:11:14 +0000" + }, + { + "key": "Subject", + "value": "You've got a new document" + }, + { + "key": "From", + "value": "Ɗropbox " + }, + { + "key": "Reply-To", + "value": "\"limallen412@gmail.com\" " + }, + { + "key": "To", + "value": "\"contacts@alerts-drpbox.com\" " + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564819874_b1c319b557c8bb9c76942f96fe47bda3_=_\"" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "1" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "cd48c0cf-d2fd-46cd-aa43-08d5995ed3a0" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "AM5EUR03FT005.eop-EUR03.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-Microsoft-Exchange-Diagnostics", + "value": "1;VI1P195CA0015;27:lRzuWtI7NES+MObmET5lPX8wHq2bY//RNFtTvojWtniFrZGle2DANlZt4AElVc9VEPF+SeOFVlJ/r2BIiglttWUhRbJfYdMYzzBrwYJeEBGGV0knKM1wgfIMABwwgYD0" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "gbnM/5uec+vrf8zifdy3p7VPmO7Qks2UDb47vRseagJHQ5Mjcu2oVuTUfkGHojU6DO6AZNmet/YXtPq94dTmktWP7xKY9tXNg2FNoq1N2x7Pa0qqKq+0P3f/6l4BSVpSbJEabp0ceTcfsQZ7sGNjA/odngHkFC2XhcIDS/Pl92JY9ovp5GINc7Q7EQ3S38fNxA1/+UyJDsyL51D7RuN+WYgOZjVOPqrZ5RtYQNMxwcgnQfje8of+i5njwxGjcGjyhSLpUp6YPE7e/HDpDIfiHkeh5S/dFV+7iaCySTf+ZccQsz9NFLrrPHg7mE7ETDK9gQ9QfTEF3NfPrf6LBSCDwQ==" + }, + { + "key": "Thread-Topic", + "value": "You've got a new document" + }, + { + "key": "Thread-Index", + "value": "AQHTyv/gh+ruB+sC7kONZES2ao9l/w==" + }, + { + "key": "Received-SPF", + "value": "PermError (protection.outlook.com: domain of tutordoctor.co.uk used an invalid SPF mechanism)" + }, + { + "key": "Content-Language", + "value": "nb-NO" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4526, + "assessed_at": "2022-01-14 09:40:53" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "contents_received", + "reported_at_s": "2022-01-14 09:40:40", + "id_d": 1701, + "message_id_s": "201812131102.wBDB2o2L010536@TOKLINUX001", + "size_bytes_d": 0, + "subject_s": "Apple-ID-en din ble brukt til å logge på iCloud med en nettleser", + "from_email_s": "git@replay.com", + "from_name_s": "Apple", + "reply_to_s": "", + "spam_score_d": 0, + "spf_s": "none", + "originating_ip_s": "127.0.0.1", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&uact=8&ved=2ahUKEwjH0L6Ow5zfAhVrkosKHasYDowQFjAJegQIABAB&url=http%3A%2F%2F5thguy.com%2Fradio.htm&usg=AOvVaw3Ot8amLPMfgKMS4RnlSiwv", + "text": "https://appleid.apple.com", + "hostname": "www.google.com" + }, + { + "url": "https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&uact=8&ved=2ahUKEwjH0L6Ow5zfAhVrkosKHasYDowQFjAJegQIABAB&url=http%3A%2F%2F5thguy.com%2Fradio.htm&usg=AOvVaw3Ot8amLPMfgKMS4RnlSiwv", + "text": "Apple-ID", + "hostname": "www.google.com" + }, + { + "url": "https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&uact=8&ved=2ahUKEwjH0L6Ow5zfAhVrkosKHasYDowQFjAJegQIABAB&url=http%3A%2F%2F5thguy.com%2Fradio.htm&usg=AOvVaw3Ot8amLPMfgKMS4RnlSiwv", + "text": "Kundestøtte", + "hostname": "www.google.com" + }, + { + "url": "https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&uact=8&ved=2ahUKEwjH0L6Ow5zfAhVrkosKHasYDowQFjAJegQIABAB&url=http%3A%2F%2F5thguy.com%2Fradio.htm&usg=AOvVaw3Ot8amLPMfgKMS4RnlSiwv", + "text": "Personvern", + "hostname": "www.google.com" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "phishing", + "risk_d": 3, + "risk_source_s": "super", + "sent_at_s": "2019-08-02 13:26:43", + "assessed_at_s": "2022-01-14 09:41:56", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "git@replay.com" + }, + { + "key": "Received", + "value": "from TOKLINUX001 (localhost [127.0.0.1]) \tby TOKLINUX001 (8.14.4/8.14.4/Debian-2ubuntu2.1) with SMTP id\n wBDB2o2L010536\n \tfor ; Thu, 13 Dec 2018 20:02:51 +0900" + }, + { + "key": "Message-ID", + "value": "<201812131102.wBDB2o2L010536@TOKLINUX001>" + }, + { + "key": "Date", + "value": "Fri, 02 Aug 2019 13:26:43 +0000" + }, + { + "key": "Subject", + "value": "Apple-ID-en din ble brukt til å logge på iCloud med en nettleser" + }, + { + "key": "From", + "value": "Apple " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564752403_672a11c2e9f15d24cc87165b37113505_=_\"" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:00.3889067" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.01.1591.008" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "c6c5c6a9-02a6-4d5d-bf06-08d660ea5a30" + }, + { + "key": "X-MS-Exchange-Organization-AVStamp-Enterprise", + "value": "1.0" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-C2ProcessedOrg", + "value": "db89f42a-9e17-46f5-bb28-ef43d3cfb3a8" + }, + { + "key": "Authentication-Results", + "value": "mailrisk.com; \tspf=none smtp.mailfrom=git@replay.com" + } + ], + "assessments_s": [ + { + "risk": 2, + "category": null, + "confidence": 0.5, + "source": "heuristics", + "source_id": 4525, + "assessed_at": "2022-01-14 09:40:35" + }, + { + "risk": 1, + "category": null, + "confidence": 0.5, + "source": "recipient", + "source_id": 26, + "assessed_at": "2022-01-14 09:40:40" + }, + { + "risk": 3, + "category": "phishing", + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:41:55" + } + ], + "reported_risk_d": 1, + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "risk_changed", + "reported_at_s": "2022-01-14 09:40:40", + "id_d": 1701, + "message_id_s": "201812131102.wBDB2o2L010536@TOKLINUX001", + "size_bytes_d": 0, + "subject_s": "Apple-ID-en din ble brukt til å logge på iCloud med en nettleser", + "from_email_s": "git@replay.com", + "from_name_s": "Apple", + "reply_to_s": "", + "spam_score_d": 0, + "spf_s": "none", + "originating_ip_s": "127.0.0.1", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&uact=8&ved=2ahUKEwjH0L6Ow5zfAhVrkosKHasYDowQFjAJegQIABAB&url=http%3A%2F%2F5thguy.com%2Fradio.htm&usg=AOvVaw3Ot8amLPMfgKMS4RnlSiwv", + "text": "https://appleid.apple.com", + "hostname": "www.google.com" + }, + { + "url": "https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&uact=8&ved=2ahUKEwjH0L6Ow5zfAhVrkosKHasYDowQFjAJegQIABAB&url=http%3A%2F%2F5thguy.com%2Fradio.htm&usg=AOvVaw3Ot8amLPMfgKMS4RnlSiwv", + "text": "Apple-ID", + "hostname": "www.google.com" + }, + { + "url": "https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&uact=8&ved=2ahUKEwjH0L6Ow5zfAhVrkosKHasYDowQFjAJegQIABAB&url=http%3A%2F%2F5thguy.com%2Fradio.htm&usg=AOvVaw3Ot8amLPMfgKMS4RnlSiwv", + "text": "Kundestøtte", + "hostname": "www.google.com" + }, + { + "url": "https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&uact=8&ved=2ahUKEwjH0L6Ow5zfAhVrkosKHasYDowQFjAJegQIABAB&url=http%3A%2F%2F5thguy.com%2Fradio.htm&usg=AOvVaw3Ot8amLPMfgKMS4RnlSiwv", + "text": "Personvern", + "hostname": "www.google.com" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "phishing", + "risk_d": 3, + "risk_source_s": "super", + "sent_at_s": "2019-08-02 13:26:43", + "assessed_at_s": "2022-01-14 09:41:56", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "git@replay.com" + }, + { + "key": "Received", + "value": "from TOKLINUX001 (localhost [127.0.0.1]) \tby TOKLINUX001 (8.14.4/8.14.4/Debian-2ubuntu2.1) with SMTP id\n wBDB2o2L010536\n \tfor ; Thu, 13 Dec 2018 20:02:51 +0900" + }, + { + "key": "Message-ID", + "value": "<201812131102.wBDB2o2L010536@TOKLINUX001>" + }, + { + "key": "Date", + "value": "Fri, 02 Aug 2019 13:26:43 +0000" + }, + { + "key": "Subject", + "value": "Apple-ID-en din ble brukt til å logge på iCloud med en nettleser" + }, + { + "key": "From", + "value": "Apple " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564752403_672a11c2e9f15d24cc87165b37113505_=_\"" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:00.3889067" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.01.1591.008" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "c6c5c6a9-02a6-4d5d-bf06-08d660ea5a30" + }, + { + "key": "X-MS-Exchange-Organization-AVStamp-Enterprise", + "value": "1.0" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-C2ProcessedOrg", + "value": "db89f42a-9e17-46f5-bb28-ef43d3cfb3a8" + }, + { + "key": "Authentication-Results", + "value": "mailrisk.com; \tspf=none smtp.mailfrom=git@replay.com" + } + ], + "assessments_s": [ + { + "risk": 2, + "category": null, + "confidence": 0.5, + "source": "heuristics", + "source_id": 4525, + "assessed_at": "2022-01-14 09:40:35" + }, + { + "risk": 1, + "category": null, + "confidence": 0.5, + "source": "recipient", + "source_id": 26, + "assessed_at": "2022-01-14 09:40:40" + }, + { + "risk": 3, + "category": "phishing", + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:41:55" + } + ], + "reported_risk_d": 1, + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "feedback_requested", + "reported_at_s": "2022-01-14 09:40:23", + "id_d": 1700, + "message_id_s": "fe8a91f7-5e16-4cbd-8e25-40caf19c855c@BN3NAM01FT034.eop-nam01.prod.protection.outlook.com", + "size_bytes_d": 9330, + "subject_s": "Tonya Winders is inviting you to collaborate on Project Docs", + "from_email_s": "no-reply@sharepointonline.com", + "from_name_s": "Tonya Winders", + "reply_to_s": "", + "spam_score_d": 5, + "spf_s": "pass", + "originating_ip_s": "", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://allergyasth-my.sharepoint.com:443/:b:/g/personal/tonya_allergyasth_onmicrosoft_com/EcdFjA1AxcdCl9eu5tXptFEByNQ3G4RFAMYeBG6KFdJ9Sg?e=4%3afbae41f9a9e8486ca46f883141e7e283&at=9", + "text": "", + "hostname": "allergyasth-my.sharepoint.com" + }, + { + "url": "https://allergyasth-my.sharepoint.com:443/:b:/g/personal/tonya_allergyasth_onmicrosoft_com/EcdFjA1AxcdCl9eu5tXptFEByNQ3G4RFAMYeBG6KFdJ9Sg?e=4%3afbae41f9a9e8486ca46f883141e7e283&at=9", + "text": "Project Docs", + "hostname": "allergyasth-my.sharepoint.com" + }, + { + "url": "https://allergyasth-my.sharepoint.com:443/:b:/g/personal/tonya_allergyasth_onmicrosoft_com/EcdFjA1AxcdCl9eu5tXptFEByNQ3G4RFAMYeBG6KFdJ9Sg?e=4%3afbae41f9a9e8486ca46f883141e7e283&at=9", + "text": "Open", + "hostname": "allergyasth-my.sharepoint.com" + }, + { + "url": "https://southcentralusr-notifyp.svc.ms:443/api/v2/tracking/method/Click?mi=GvRTi7y4nk-h7wcVhyFjLA&ru=https%3a%2f%2fprivacy.microsoft.com%2fprivacystatement&tc=PrivacyStatement&cs=0e07659b2986c666099c66b21d33f3f7", + "text": "Privacy Statement.", + "hostname": "southcentralusr-notifyp.svc.ms" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [ + { + "filename": "7188e1f5-9736-40e7-a1af-c50eb15b53d5.png", + "extension": "png", + "content_type": "image/png", + "content_id": "4cfba6549ea50458edea3cef9c75570a@manage.mailrisk.local", + "is_inline": true, + "size_bytes": 1411, + "md5_hash": "0503c673eaed6cc4eaecfa89371cf649", + "sha1_hash": "b335c644dbebf5a2761a976c21284e66e97a34f9", + "sha256_hash": "67b8de1c6b8cb9db78681a3566c953560663be849fb62a1960fa94410b40d5cd", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1700/attachments/1279/export" + }, + { + "filename": "8e4bfe4f-e5ec-43dd-84b8-3446420c104c.png", + "extension": "png", + "content_type": "image/png", + "content_id": "1e950f2ed8f2c213eb63296db7483fe3@manage.mailrisk.local", + "is_inline": true, + "size_bytes": 620, + "md5_hash": "6811830e193d140545686069d050ef87", + "sha1_hash": "f56e2459f01283fc26d26151ce776fcafb80a787", + "sha256_hash": "75ee8a0bc3c8019d91ddd0fcff20e31432abbbf73860dbbf0f72d2e2ae22f9d6", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1700/attachments/1280/export" + }, + { + "filename": "986a9605-965e-4dce-9375-06f0a12fae4f.png", + "extension": "png", + "content_type": "image/png", + "content_id": "df77e90b34a476e4090f63078d32de91@manage.mailrisk.local", + "is_inline": true, + "size_bytes": 3874, + "md5_hash": "b1c4bbb231476c1e7b852ec6f534cbea", + "sha1_hash": "b31c48d130bf080d86ec514050f21505219daea6", + "sha256_hash": "3ef1178b721170ff34bb9c0dc785910cfd18f065d1a7880cc5ef59db9ed20df9", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1700/attachments/1281/export" + } + ], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": true, + "feedback_provided_b": false, + "Category": "targeted", + "risk_d": 3, + "risk_source_s": "super", + "sent_at_s": "2019-08-02 13:29:56", + "assessed_at_s": "2022-01-14 09:41:44", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "no-reply@sharepointonline.com" + }, + { + "key": "Received", + "value": "from VI1P195MB0336.EURP195.PROD.OUTLOOK.COM (2603:10a6:3:8c::13) by HE1P195MB0266.EURP195.PROD.OUTLOOK.COM with HTTPS via\n HE1PR0202CA0003.EURPRD02.PROD.OUTLOOK.COM; Wed, 24 Apr 2019 14:10:12 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharepointonline.com; s=selector1;\n h=From:Date:Subject:Message-ID:Content-Type:MIME -Version:X-MS-Exchange-SenderADCheck;\n bh=3ev2h/n82KvxXWq33VHjE6uhUHPNGQAluFabJnLogpA=;\n b=d1OTnszXaSrBq+9ygN517gQD/L/hGJbFrYhC6vTXaeCQJNfEJ6SBnvd/lxKV/YIi2q6rl2nmEKdQbY1Rr42StoGwJlZjFsAdL48mm6GAH+aqSuM7vmRQcEABfEb0UOrVTj+3NskySRCMV2WgDStQ4V6haBlpAOiJ6cfOf3zA3VyZMIejihWuoDikJxmD8MyaGbkzNeEg+FpfU7935stmlMDWcYW/95+jVDwNg3kRuKbhAvWE9saBWH735f6tImejAkuNEesxL17rR4zGC2YZpseMsAwLDgku1BNCxz/1JZwZ1L9/cS1L3rwfY1VsFXBYlkrb89H5UB8O/R8K9sFR2Q==" + }, + { + "key": "Sender", + "value": "Tonya Winders " + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Fri, 02 Aug 2019 13:29:56 +0000" + }, + { + "key": "Subject", + "value": "Tonya Winders is inviting you to collaborate on Project Docs" + }, + { + "key": "From", + "value": "Tonya Winders " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564752596_47ed3bda9ba74af09e69bf440cda938c_=_\"" + }, + { + "key": "X-Usid", + "value": "16d47877-de2b-40b4-82f9-05ce9cf64161" + }, + { + "key": "X-Tnid", + "value": "7e983821-bf7c-4200-9a98-ef64c9ded5a5" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "BN3NAM01HT102:|VI1P195MB0336:" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "9e329092-a943-4881-d3a9-08d6c8be8df7" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "1b7af996-ca98-47a1-d92e-08d6c8be8f91" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:02.6772593" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "DB3EUR04FT016.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "BN3NAM01HT102" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersPromoted", + "value": "DB3EUR04FT016.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "2" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.1813.000" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "5" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "1b7af996-ca98-47a1-d92e-08d6c8be8f91" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "24 Apr 2019 14:10:09.7545 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "2:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "DB3EUR04FT016.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp", + "value": "TenantId=2396b2c2-187d-4b86-8827-064ef261b437;Ip=[13.84.45.239];Helo=[[10.0.0.5]]" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "24 Apr 2019 14:10:09.3952 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "1b7af996-ca98-47a1-d92e-08d6c8be8f91" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(5600141)(711020)(4605104)(4710095)(4711036)(4534185)(4627221)(201703031133081)(8559020)(8990200)(2017052603328)(49563074);SRVR:BN3NAM01HT102;" + }, + { + "key": "X-Microsoft-Antispam-PRVS", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "V3Kx1GO31/it+f6wdPx1Ak25n9Ma+avfDPW7Ym3O5OJVBBsKJzjoZVq//ofxjM+VveFNkiImvME7dr4wyh70EEgk5mux47xoOAr2Q6m5f9h5Ki2Y4ddK+gWHcy13ysPuCgN+FvledXtsqGmDNPsJ99NqRPV9E3kW1BeQI5mHT9uGzGMkHsAedoiWiKEPiMACHHhY2YpX/qdTL2Bvd15wlJ+4FdAMq7GEcmsffjiyLVGiHc+nuTd91rfat8EUlj6Pd6VQIREHY2MFpm7HmIfqS2h7xgjvgWeoEb6/c23j2FJF6bOQHk2aq6x2oGyHzptFxI4jczGsjWYUJHD9lhAJSARQLPYF13qcZsJQ/0zszgH9fKoFg0KIIDWiHnHy7F1Z3r1+lGCenniIbzrMHFK7dRmShVlY7+L/FK9rrqfbPOU=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "7KA+eaZ3ZmLBvf7FslOHU5VXWeZb84IKdJj7vnzoK7VSgfxDE+7zhGWBQyZ5 H/24BZBhOocp/h1RbfW1q6ODYRFUnCrxQD/DFV5ehmHYm/0lJNcoISHJK4Rh \r\n 5d/EI/FaiBmhkpZakKHK4BwmStvENZJz6varhg21Eq64O8daPDYlV4lcDo06 \r\n 528EXY28tzs8TjTGtrY7zSV6sxoam4N6X4qUJ6fJBxvahygrDqIQ1VaZ8jEN \r\n 4YRnqRDvoRGcAnI13V9cg3V6dC/+R5qCbdB2bzhuAPrfip2yMh0wvYkKiFYm \r\n 9V8x6nc0qgRZ0eYtr9pWZrtaNfQ75g2Ryqa1FmpdMRejT6Re9G3oQxDYDGZK \r\n oF1f9gafzqnIso909NFnA8rkRBH5DdpDXLUbOXnyCT0z6MZHre0oTEmAMcHG \r\n SsffmPR0dGXa9rncWAoVOwrKEWlxNo2NkqkeDPWKUBFRXDkihMCl9/7Z1+lV \r\n 8rCaJbqRAYwaYw0bjPLjKdaWgfzwHhDjvNe3lNanoK9ZrnJypg+guBz/vb4z \r\n 3l6WOdK/wCiT0HIZGAcMCdi25wNTbRL2FXLAtACHsKI2xOQVTr4c/qxqygDd \r\n rtkfgQ4hBdu8zBDc4De81UR0GoZ3YHegfDeA1EX1JOj/pGIAZK8c6fDZepbY \r\n GlMxixvR5nE9zvymfhAcWwtatuBDsj7pLoQ5iDlACjRo48R97GOAAOWgmj7E \r\n DxM3UOYjX+TKhyU8mIzN7YQS6fOrZ5sWIculyR0PqSiQdmLp1Gxwtnyln8Kb \r\n Kfo94QLWHesDYRzor5V79YhP6zTFtMYzvRDac5U8nUQEEhLl/W+SlAbQPjPy \r\n jz19xDS4i06TfzYAxScivYmRs3hDjZl0yt9CujLnw8sFrpgs1bs+xkLJ/Er1 \r\n WhGYh9YWCmKOcfPHo37XsrSLz0SCCfvP6LfmgGZ7OtfBr3hQeiGcv8GJ8DQF \r\n S4QFtTdxOUvpnQOBGDZtuSrjNp0FCR1sQ5GN+/s7OxMNrE6JQWhWY0LXphCH \r\n PHwB+dKaQd1TR8X8gnONI3idWvRi0f0gXeDjbtdiXbCnVFy9Y02Go4FidUUG \r\n YtPUzrI5h2ORBZCuX/NDmgIudjHptyOmb8nUGYvS9xaZtAusBGQHw2/QG6Oq \r\n Ly/CGq2weUiWFj4zRsuZD9Tmn/HMhvE0BkM7A0rac0iQDdrSRbypiZL33lcW \r\n Tto5hy39qJRVpJ5yoJ+ZEjcyx08UpUNZyeHj8e9pi5OzHJwdgCnTynGB5XLM \r\n cZ9SUxxUxu+oZIsvd1r+dDgF/D6I0mADxmW6tX1AcQOqqNsh/wvFjqScWe1v \r\n ol1h+csp4LOXSNab0OrSWWxuLOCV41okD+zXJqiStIcjKQ==" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "dwl:1;ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160513016)(750119)(520011016)(520008050)(702028)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600141)(710020)(711020)(4605104)(4709054)(49563074)(1401320)(8001031)(1421009)(1422010)(1402095)(71702078);SRVR:VI1P195MB0336;" + }, + { + "key": "X-Forefront-PRVS", + "value": "00179089FD" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "CIP:13.84.45.239;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10009020)(6049001)(396003)(376002)(346002)(39860400002)(136003)(2980300002)(1110001)(339900001)(199004)(189003)(76236002)(2351001)(89072002)(316002)(236005)(74316002)(19627405001)(31696002)(6486002)(6392003)(5660300002)(18926415008)(733005)(66926002)(105606002)(7846003)(66576008)(476003)(52230400001)(31686004)(81156014)(4186021)(16586007)(86362001)(25786009)(70206006)(2906002)(16576012)(5000100001)(77096007)(33964004)(606006)(36736006)(55885007)(5024004)(356004)(498600001)(70586007)(68736007)(14444005)(8896004)(861006)(84326002)(85426001)(53936002)(97736004)(26005)(6306002)(486006)(81166006)(54556002)(54896002)(9686003)(8676002)(126002)(6916009)(336012)(8936002)(956004)(44636010)(562774006);DIR:OUT;SFP:1101;SCL:1;SRVR:BN3NAM01HT102;H:[10.0.0.5];FPR:;SPF:Fail;LANG:en;PTR:InfoDomainNonexistent;A:1;MX:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:40.107.81.43;IPV:NLI;CTRY:US;EFV:NLI;SFV:SPM;SFS:(2980300002)(609006)(199004)(189003)(74316002)(8676002)(66926002)(6862004)(25786009)(7636002)(55885007)(1096003)(26005)(36736006)(36906005)(33964004)(86362001)(31696002)(246002)(77096007)(16576012)(8636004)(84326002)(7846003)(54556002)(5024004)(14444005)(16003)(16586007)(76236002)(31686004)(6392003)(8896004)(6306002)(54896002)(733005)(6436002)(606006)(6486002)(336012)(106002)(9686003)(52230400001)(58800400003)(19627405001)(126002)(486006)(89072002)(956004)(476003)(5000100001)(2351001)(18926415008)(5660300002)(62540400005)(236005)(76160400004);DIR:INB;SFP:;SCL:5;SRVR:VI1P195MB0336;H:NAM01-BY2-obe.outbound.protection.outlook.com;FPR:;SPF:Pass;LANG:en;PTR:mail-eopbgr810043.outbound.protection.outlook.com;A:1;MX:1;CAT:SPM;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "1" + }, + { + "key": "X-Crid", + "value": "b21dd69e-b015-0000-3322-fa9417f04ee7-8b53f41a-b8bc-4f9e-a1ef-07158721632c" + }, + { + "key": "X-Auto-Response-Suppress", + "value": "DR, OOF, AutoReply" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of sharepointonline.com designates 40.107.81.43 as permitted sender)\r\n receiver=protection.outlook.com;\n client-ip=40.107.81.43; helo=NAM01-BY2-obe.outbound.protection.outlook.com;" + }, + { + "key": "Authentication-Results-Original", + "value": "spf=fail (sender IP is 13.84.45.239) smtp.mailfrom=sharepointonline.com; securepractice.no; dkim=none (message\r\n not\n signed) header.d=none;practice.no; dmarc=fail action=oreject\n header.from=sharepointonline.com;" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 40.107.81.43) smtp.mailfrom=sharepointonline.com; practice.no; dkim=pass (signature\r\n was\n verified) header.d=sharepointonline.com;practice.no; dmarc=pass action=none\n header.from=sharepointonline.com;compauth=pass reason=100" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4524, + "assessed_at": "2022-01-14 09:40:20" + }, + { + "risk": 3, + "category": "targeted", + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:41:43" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "contents_received", + "reported_at_s": "2022-01-14 09:40:23", + "id_d": 1700, + "message_id_s": "fe8a91f7-5e16-4cbd-8e25-40caf19c855c@BN3NAM01FT034.eop-nam01.prod.protection.outlook.com", + "size_bytes_d": 9330, + "subject_s": "Tonya Winders is inviting you to collaborate on Project Docs", + "from_email_s": "no-reply@sharepointonline.com", + "from_name_s": "Tonya Winders", + "reply_to_s": "", + "spam_score_d": 5, + "spf_s": "pass", + "originating_ip_s": "", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://allergyasth-my.sharepoint.com:443/:b:/g/personal/tonya_allergyasth_onmicrosoft_com/EcdFjA1AxcdCl9eu5tXptFEByNQ3G4RFAMYeBG6KFdJ9Sg?e=4%3afbae41f9a9e8486ca46f883141e7e283&at=9", + "text": "", + "hostname": "allergyasth-my.sharepoint.com" + }, + { + "url": "https://allergyasth-my.sharepoint.com:443/:b:/g/personal/tonya_allergyasth_onmicrosoft_com/EcdFjA1AxcdCl9eu5tXptFEByNQ3G4RFAMYeBG6KFdJ9Sg?e=4%3afbae41f9a9e8486ca46f883141e7e283&at=9", + "text": "Project Docs", + "hostname": "allergyasth-my.sharepoint.com" + }, + { + "url": "https://allergyasth-my.sharepoint.com:443/:b:/g/personal/tonya_allergyasth_onmicrosoft_com/EcdFjA1AxcdCl9eu5tXptFEByNQ3G4RFAMYeBG6KFdJ9Sg?e=4%3afbae41f9a9e8486ca46f883141e7e283&at=9", + "text": "Open", + "hostname": "allergyasth-my.sharepoint.com" + }, + { + "url": "https://southcentralusr-notifyp.svc.ms:443/api/v2/tracking/method/Click?mi=GvRTi7y4nk-h7wcVhyFjLA&ru=https%3a%2f%2fprivacy.microsoft.com%2fprivacystatement&tc=PrivacyStatement&cs=0e07659b2986c666099c66b21d33f3f7", + "text": "Privacy Statement.", + "hostname": "southcentralusr-notifyp.svc.ms" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [ + { + "filename": "7188e1f5-9736-40e7-a1af-c50eb15b53d5.png", + "extension": "png", + "content_type": "image/png", + "content_id": "4cfba6549ea50458edea3cef9c75570a@manage.mailrisk.local", + "is_inline": true, + "size_bytes": 1411, + "md5_hash": "0503c673eaed6cc4eaecfa89371cf649", + "sha1_hash": "b335c644dbebf5a2761a976c21284e66e97a34f9", + "sha256_hash": "67b8de1c6b8cb9db78681a3566c953560663be849fb62a1960fa94410b40d5cd", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1700/attachments/1279/export" + }, + { + "filename": "8e4bfe4f-e5ec-43dd-84b8-3446420c104c.png", + "extension": "png", + "content_type": "image/png", + "content_id": "1e950f2ed8f2c213eb63296db7483fe3@manage.mailrisk.local", + "is_inline": true, + "size_bytes": 620, + "md5_hash": "6811830e193d140545686069d050ef87", + "sha1_hash": "f56e2459f01283fc26d26151ce776fcafb80a787", + "sha256_hash": "75ee8a0bc3c8019d91ddd0fcff20e31432abbbf73860dbbf0f72d2e2ae22f9d6", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1700/attachments/1280/export" + }, + { + "filename": "986a9605-965e-4dce-9375-06f0a12fae4f.png", + "extension": "png", + "content_type": "image/png", + "content_id": "df77e90b34a476e4090f63078d32de91@manage.mailrisk.local", + "is_inline": true, + "size_bytes": 3874, + "md5_hash": "b1c4bbb231476c1e7b852ec6f534cbea", + "sha1_hash": "b31c48d130bf080d86ec514050f21505219daea6", + "sha256_hash": "3ef1178b721170ff34bb9c0dc785910cfd18f065d1a7880cc5ef59db9ed20df9", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1700/attachments/1281/export" + } + ], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": true, + "feedback_provided_b": false, + "Category": "targeted", + "risk_d": 3, + "risk_source_s": "super", + "sent_at_s": "2019-08-02 13:29:56", + "assessed_at_s": "2022-01-14 09:41:44", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "no-reply@sharepointonline.com" + }, + { + "key": "Received", + "value": "from VI1P195MB0336.EURP195.PROD.OUTLOOK.COM (2603:10a6:3:8c::13) by HE1P195MB0266.EURP195.PROD.OUTLOOK.COM with HTTPS via\n HE1PR0202CA0003.EURPRD02.PROD.OUTLOOK.COM; Wed, 24 Apr 2019 14:10:12 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharepointonline.com; s=selector1;\n h=From:Date:Subject:Message-ID:Content-Type:MIME -Version:X-MS-Exchange-SenderADCheck;\n bh=3ev2h/n82KvxXWq33VHjE6uhUHPNGQAluFabJnLogpA=;\n b=d1OTnszXaSrBq+9ygN517gQD/L/hGJbFrYhC6vTXaeCQJNfEJ6SBnvd/lxKV/YIi2q6rl2nmEKdQbY1Rr42StoGwJlZjFsAdL48mm6GAH+aqSuM7vmRQcEABfEb0UOrVTj+3NskySRCMV2WgDStQ4V6haBlpAOiJ6cfOf3zA3VyZMIejihWuoDikJxmD8MyaGbkzNeEg+FpfU7935stmlMDWcYW/95+jVDwNg3kRuKbhAvWE9saBWH735f6tImejAkuNEesxL17rR4zGC2YZpseMsAwLDgku1BNCxz/1JZwZ1L9/cS1L3rwfY1VsFXBYlkrb89H5UB8O/R8K9sFR2Q==" + }, + { + "key": "Sender", + "value": "Tonya Winders " + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Fri, 02 Aug 2019 13:29:56 +0000" + }, + { + "key": "Subject", + "value": "Tonya Winders is inviting you to collaborate on Project Docs" + }, + { + "key": "From", + "value": "Tonya Winders " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564752596_47ed3bda9ba74af09e69bf440cda938c_=_\"" + }, + { + "key": "X-Usid", + "value": "16d47877-de2b-40b4-82f9-05ce9cf64161" + }, + { + "key": "X-Tnid", + "value": "7e983821-bf7c-4200-9a98-ef64c9ded5a5" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "BN3NAM01HT102:|VI1P195MB0336:" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "9e329092-a943-4881-d3a9-08d6c8be8df7" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "1b7af996-ca98-47a1-d92e-08d6c8be8f91" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:02.6772593" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "DB3EUR04FT016.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "BN3NAM01HT102" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersPromoted", + "value": "DB3EUR04FT016.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "2" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.1813.000" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "5" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "1b7af996-ca98-47a1-d92e-08d6c8be8f91" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "24 Apr 2019 14:10:09.7545 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "2:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "DB3EUR04FT016.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp", + "value": "TenantId=2396b2c2-187d-4b86-8827-064ef261b437;Ip=[13.84.45.239];Helo=[[10.0.0.5]]" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "24 Apr 2019 14:10:09.3952 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "1b7af996-ca98-47a1-d92e-08d6c8be8f91" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(5600141)(711020)(4605104)(4710095)(4711036)(4534185)(4627221)(201703031133081)(8559020)(8990200)(2017052603328)(49563074);SRVR:BN3NAM01HT102;" + }, + { + "key": "X-Microsoft-Antispam-PRVS", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "V3Kx1GO31/it+f6wdPx1Ak25n9Ma+avfDPW7Ym3O5OJVBBsKJzjoZVq//ofxjM+VveFNkiImvME7dr4wyh70EEgk5mux47xoOAr2Q6m5f9h5Ki2Y4ddK+gWHcy13ysPuCgN+FvledXtsqGmDNPsJ99NqRPV9E3kW1BeQI5mHT9uGzGMkHsAedoiWiKEPiMACHHhY2YpX/qdTL2Bvd15wlJ+4FdAMq7GEcmsffjiyLVGiHc+nuTd91rfat8EUlj6Pd6VQIREHY2MFpm7HmIfqS2h7xgjvgWeoEb6/c23j2FJF6bOQHk2aq6x2oGyHzptFxI4jczGsjWYUJHD9lhAJSARQLPYF13qcZsJQ/0zszgH9fKoFg0KIIDWiHnHy7F1Z3r1+lGCenniIbzrMHFK7dRmShVlY7+L/FK9rrqfbPOU=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "7KA+eaZ3ZmLBvf7FslOHU5VXWeZb84IKdJj7vnzoK7VSgfxDE+7zhGWBQyZ5 H/24BZBhOocp/h1RbfW1q6ODYRFUnCrxQD/DFV5ehmHYm/0lJNcoISHJK4Rh \r\n 5d/EI/FaiBmhkpZakKHK4BwmStvENZJz6varhg21Eq64O8daPDYlV4lcDo06 \r\n 528EXY28tzs8TjTGtrY7zSV6sxoam4N6X4qUJ6fJBxvahygrDqIQ1VaZ8jEN \r\n 4YRnqRDvoRGcAnI13V9cg3V6dC/+R5qCbdB2bzhuAPrfip2yMh0wvYkKiFYm \r\n 9V8x6nc0qgRZ0eYtr9pWZrtaNfQ75g2Ryqa1FmpdMRejT6Re9G3oQxDYDGZK \r\n oF1f9gafzqnIso909NFnA8rkRBH5DdpDXLUbOXnyCT0z6MZHre0oTEmAMcHG \r\n SsffmPR0dGXa9rncWAoVOwrKEWlxNo2NkqkeDPWKUBFRXDkihMCl9/7Z1+lV \r\n 8rCaJbqRAYwaYw0bjPLjKdaWgfzwHhDjvNe3lNanoK9ZrnJypg+guBz/vb4z \r\n 3l6WOdK/wCiT0HIZGAcMCdi25wNTbRL2FXLAtACHsKI2xOQVTr4c/qxqygDd \r\n rtkfgQ4hBdu8zBDc4De81UR0GoZ3YHegfDeA1EX1JOj/pGIAZK8c6fDZepbY \r\n GlMxixvR5nE9zvymfhAcWwtatuBDsj7pLoQ5iDlACjRo48R97GOAAOWgmj7E \r\n DxM3UOYjX+TKhyU8mIzN7YQS6fOrZ5sWIculyR0PqSiQdmLp1Gxwtnyln8Kb \r\n Kfo94QLWHesDYRzor5V79YhP6zTFtMYzvRDac5U8nUQEEhLl/W+SlAbQPjPy \r\n jz19xDS4i06TfzYAxScivYmRs3hDjZl0yt9CujLnw8sFrpgs1bs+xkLJ/Er1 \r\n WhGYh9YWCmKOcfPHo37XsrSLz0SCCfvP6LfmgGZ7OtfBr3hQeiGcv8GJ8DQF \r\n S4QFtTdxOUvpnQOBGDZtuSrjNp0FCR1sQ5GN+/s7OxMNrE6JQWhWY0LXphCH \r\n PHwB+dKaQd1TR8X8gnONI3idWvRi0f0gXeDjbtdiXbCnVFy9Y02Go4FidUUG \r\n YtPUzrI5h2ORBZCuX/NDmgIudjHptyOmb8nUGYvS9xaZtAusBGQHw2/QG6Oq \r\n Ly/CGq2weUiWFj4zRsuZD9Tmn/HMhvE0BkM7A0rac0iQDdrSRbypiZL33lcW \r\n Tto5hy39qJRVpJ5yoJ+ZEjcyx08UpUNZyeHj8e9pi5OzHJwdgCnTynGB5XLM \r\n cZ9SUxxUxu+oZIsvd1r+dDgF/D6I0mADxmW6tX1AcQOqqNsh/wvFjqScWe1v \r\n ol1h+csp4LOXSNab0OrSWWxuLOCV41okD+zXJqiStIcjKQ==" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "dwl:1;ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160513016)(750119)(520011016)(520008050)(702028)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600141)(710020)(711020)(4605104)(4709054)(49563074)(1401320)(8001031)(1421009)(1422010)(1402095)(71702078);SRVR:VI1P195MB0336;" + }, + { + "key": "X-Forefront-PRVS", + "value": "00179089FD" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "CIP:13.84.45.239;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10009020)(6049001)(396003)(376002)(346002)(39860400002)(136003)(2980300002)(1110001)(339900001)(199004)(189003)(76236002)(2351001)(89072002)(316002)(236005)(74316002)(19627405001)(31696002)(6486002)(6392003)(5660300002)(18926415008)(733005)(66926002)(105606002)(7846003)(66576008)(476003)(52230400001)(31686004)(81156014)(4186021)(16586007)(86362001)(25786009)(70206006)(2906002)(16576012)(5000100001)(77096007)(33964004)(606006)(36736006)(55885007)(5024004)(356004)(498600001)(70586007)(68736007)(14444005)(8896004)(861006)(84326002)(85426001)(53936002)(97736004)(26005)(6306002)(486006)(81166006)(54556002)(54896002)(9686003)(8676002)(126002)(6916009)(336012)(8936002)(956004)(44636010)(562774006);DIR:OUT;SFP:1101;SCL:1;SRVR:BN3NAM01HT102;H:[10.0.0.5];FPR:;SPF:Fail;LANG:en;PTR:InfoDomainNonexistent;A:1;MX:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:40.107.81.43;IPV:NLI;CTRY:US;EFV:NLI;SFV:SPM;SFS:(2980300002)(609006)(199004)(189003)(74316002)(8676002)(66926002)(6862004)(25786009)(7636002)(55885007)(1096003)(26005)(36736006)(36906005)(33964004)(86362001)(31696002)(246002)(77096007)(16576012)(8636004)(84326002)(7846003)(54556002)(5024004)(14444005)(16003)(16586007)(76236002)(31686004)(6392003)(8896004)(6306002)(54896002)(733005)(6436002)(606006)(6486002)(336012)(106002)(9686003)(52230400001)(58800400003)(19627405001)(126002)(486006)(89072002)(956004)(476003)(5000100001)(2351001)(18926415008)(5660300002)(62540400005)(236005)(76160400004);DIR:INB;SFP:;SCL:5;SRVR:VI1P195MB0336;H:NAM01-BY2-obe.outbound.protection.outlook.com;FPR:;SPF:Pass;LANG:en;PTR:mail-eopbgr810043.outbound.protection.outlook.com;A:1;MX:1;CAT:SPM;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "1" + }, + { + "key": "X-Crid", + "value": "b21dd69e-b015-0000-3322-fa9417f04ee7-8b53f41a-b8bc-4f9e-a1ef-07158721632c" + }, + { + "key": "X-Auto-Response-Suppress", + "value": "DR, OOF, AutoReply" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of sharepointonline.com designates 40.107.81.43 as permitted sender)\r\n receiver=protection.outlook.com;\n client-ip=40.107.81.43; helo=NAM01-BY2-obe.outbound.protection.outlook.com;" + }, + { + "key": "Authentication-Results-Original", + "value": "spf=fail (sender IP is 13.84.45.239) smtp.mailfrom=sharepointonline.com; securepractice.no; dkim=none (message\r\n not\n signed) header.d=none;practice.no; dmarc=fail action=oreject\n header.from=sharepointonline.com;" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 40.107.81.43) smtp.mailfrom=sharepointonline.com; practice.no; dkim=pass (signature\r\n was\n verified) header.d=sharepointonline.com;practice.no; dmarc=pass action=none\n header.from=sharepointonline.com;compauth=pass reason=100" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4524, + "assessed_at": "2022-01-14 09:40:20" + }, + { + "risk": 3, + "category": "targeted", + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:41:43" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "risk_changed", + "reported_at_s": "2022-01-14 09:40:23", + "id_d": 1700, + "message_id_s": "fe8a91f7-5e16-4cbd-8e25-40caf19c855c@BN3NAM01FT034.eop-nam01.prod.protection.outlook.com", + "size_bytes_d": 9330, + "subject_s": "Tonya Winders is inviting you to collaborate on Project Docs", + "from_email_s": "no-reply@sharepointonline.com", + "from_name_s": "Tonya Winders", + "reply_to_s": "", + "spam_score_d": 5, + "spf_s": "pass", + "originating_ip_s": "", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://allergyasth-my.sharepoint.com:443/:b:/g/personal/tonya_allergyasth_onmicrosoft_com/EcdFjA1AxcdCl9eu5tXptFEByNQ3G4RFAMYeBG6KFdJ9Sg?e=4%3afbae41f9a9e8486ca46f883141e7e283&at=9", + "text": "", + "hostname": "allergyasth-my.sharepoint.com" + }, + { + "url": "https://allergyasth-my.sharepoint.com:443/:b:/g/personal/tonya_allergyasth_onmicrosoft_com/EcdFjA1AxcdCl9eu5tXptFEByNQ3G4RFAMYeBG6KFdJ9Sg?e=4%3afbae41f9a9e8486ca46f883141e7e283&at=9", + "text": "Project Docs", + "hostname": "allergyasth-my.sharepoint.com" + }, + { + "url": "https://allergyasth-my.sharepoint.com:443/:b:/g/personal/tonya_allergyasth_onmicrosoft_com/EcdFjA1AxcdCl9eu5tXptFEByNQ3G4RFAMYeBG6KFdJ9Sg?e=4%3afbae41f9a9e8486ca46f883141e7e283&at=9", + "text": "Open", + "hostname": "allergyasth-my.sharepoint.com" + }, + { + "url": "https://southcentralusr-notifyp.svc.ms:443/api/v2/tracking/method/Click?mi=GvRTi7y4nk-h7wcVhyFjLA&ru=https%3a%2f%2fprivacy.microsoft.com%2fprivacystatement&tc=PrivacyStatement&cs=0e07659b2986c666099c66b21d33f3f7", + "text": "Privacy Statement.", + "hostname": "southcentralusr-notifyp.svc.ms" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [ + { + "filename": "7188e1f5-9736-40e7-a1af-c50eb15b53d5.png", + "extension": "png", + "content_type": "image/png", + "content_id": "4cfba6549ea50458edea3cef9c75570a@manage.mailrisk.local", + "is_inline": true, + "size_bytes": 1411, + "md5_hash": "0503c673eaed6cc4eaecfa89371cf649", + "sha1_hash": "b335c644dbebf5a2761a976c21284e66e97a34f9", + "sha256_hash": "67b8de1c6b8cb9db78681a3566c953560663be849fb62a1960fa94410b40d5cd", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1700/attachments/1279/export" + }, + { + "filename": "8e4bfe4f-e5ec-43dd-84b8-3446420c104c.png", + "extension": "png", + "content_type": "image/png", + "content_id": "1e950f2ed8f2c213eb63296db7483fe3@manage.mailrisk.local", + "is_inline": true, + "size_bytes": 620, + "md5_hash": "6811830e193d140545686069d050ef87", + "sha1_hash": "f56e2459f01283fc26d26151ce776fcafb80a787", + "sha256_hash": "75ee8a0bc3c8019d91ddd0fcff20e31432abbbf73860dbbf0f72d2e2ae22f9d6", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1700/attachments/1280/export" + }, + { + "filename": "986a9605-965e-4dce-9375-06f0a12fae4f.png", + "extension": "png", + "content_type": "image/png", + "content_id": "df77e90b34a476e4090f63078d32de91@manage.mailrisk.local", + "is_inline": true, + "size_bytes": 3874, + "md5_hash": "b1c4bbb231476c1e7b852ec6f534cbea", + "sha1_hash": "b31c48d130bf080d86ec514050f21505219daea6", + "sha256_hash": "3ef1178b721170ff34bb9c0dc785910cfd18f065d1a7880cc5ef59db9ed20df9", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1700/attachments/1281/export" + } + ], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": true, + "feedback_provided_b": false, + "Category": "targeted", + "risk_d": 3, + "risk_source_s": "super", + "sent_at_s": "2019-08-02 13:29:56", + "assessed_at_s": "2022-01-14 09:41:44", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "no-reply@sharepointonline.com" + }, + { + "key": "Received", + "value": "from VI1P195MB0336.EURP195.PROD.OUTLOOK.COM (2603:10a6:3:8c::13) by HE1P195MB0266.EURP195.PROD.OUTLOOK.COM with HTTPS via\n HE1PR0202CA0003.EURPRD02.PROD.OUTLOOK.COM; Wed, 24 Apr 2019 14:10:12 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharepointonline.com; s=selector1;\n h=From:Date:Subject:Message-ID:Content-Type:MIME -Version:X-MS-Exchange-SenderADCheck;\n bh=3ev2h/n82KvxXWq33VHjE6uhUHPNGQAluFabJnLogpA=;\n b=d1OTnszXaSrBq+9ygN517gQD/L/hGJbFrYhC6vTXaeCQJNfEJ6SBnvd/lxKV/YIi2q6rl2nmEKdQbY1Rr42StoGwJlZjFsAdL48mm6GAH+aqSuM7vmRQcEABfEb0UOrVTj+3NskySRCMV2WgDStQ4V6haBlpAOiJ6cfOf3zA3VyZMIejihWuoDikJxmD8MyaGbkzNeEg+FpfU7935stmlMDWcYW/95+jVDwNg3kRuKbhAvWE9saBWH735f6tImejAkuNEesxL17rR4zGC2YZpseMsAwLDgku1BNCxz/1JZwZ1L9/cS1L3rwfY1VsFXBYlkrb89H5UB8O/R8K9sFR2Q==" + }, + { + "key": "Sender", + "value": "Tonya Winders " + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Fri, 02 Aug 2019 13:29:56 +0000" + }, + { + "key": "Subject", + "value": "Tonya Winders is inviting you to collaborate on Project Docs" + }, + { + "key": "From", + "value": "Tonya Winders " + }, + { + "key": "To", + "value": "" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564752596_47ed3bda9ba74af09e69bf440cda938c_=_\"" + }, + { + "key": "X-Usid", + "value": "16d47877-de2b-40b4-82f9-05ce9cf64161" + }, + { + "key": "X-Tnid", + "value": "7e983821-bf7c-4200-9a98-ef64c9ded5a5" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "BN3NAM01HT102:|VI1P195MB0336:" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "9e329092-a943-4881-d3a9-08d6c8be8df7" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "1b7af996-ca98-47a1-d92e-08d6c8be8f91" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:02.6772593" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "DB3EUR04FT016.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "BN3NAM01HT102" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersPromoted", + "value": "DB3EUR04FT016.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "2" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.1813.000" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "5" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "1b7af996-ca98-47a1-d92e-08d6c8be8f91" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "24 Apr 2019 14:10:09.7545 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "2:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "DB3EUR04FT016.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp", + "value": "TenantId=2396b2c2-187d-4b86-8827-064ef261b437;Ip=[13.84.45.239];Helo=[[10.0.0.5]]" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "24 Apr 2019 14:10:09.3952 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "1b7af996-ca98-47a1-d92e-08d6c8be8f91" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(5600141)(711020)(4605104)(4710095)(4711036)(4534185)(4627221)(201703031133081)(8559020)(8990200)(2017052603328)(49563074);SRVR:BN3NAM01HT102;" + }, + { + "key": "X-Microsoft-Antispam-PRVS", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "V3Kx1GO31/it+f6wdPx1Ak25n9Ma+avfDPW7Ym3O5OJVBBsKJzjoZVq//ofxjM+VveFNkiImvME7dr4wyh70EEgk5mux47xoOAr2Q6m5f9h5Ki2Y4ddK+gWHcy13ysPuCgN+FvledXtsqGmDNPsJ99NqRPV9E3kW1BeQI5mHT9uGzGMkHsAedoiWiKEPiMACHHhY2YpX/qdTL2Bvd15wlJ+4FdAMq7GEcmsffjiyLVGiHc+nuTd91rfat8EUlj6Pd6VQIREHY2MFpm7HmIfqS2h7xgjvgWeoEb6/c23j2FJF6bOQHk2aq6x2oGyHzptFxI4jczGsjWYUJHD9lhAJSARQLPYF13qcZsJQ/0zszgH9fKoFg0KIIDWiHnHy7F1Z3r1+lGCenniIbzrMHFK7dRmShVlY7+L/FK9rrqfbPOU=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "7KA+eaZ3ZmLBvf7FslOHU5VXWeZb84IKdJj7vnzoK7VSgfxDE+7zhGWBQyZ5 H/24BZBhOocp/h1RbfW1q6ODYRFUnCrxQD/DFV5ehmHYm/0lJNcoISHJK4Rh \r\n 5d/EI/FaiBmhkpZakKHK4BwmStvENZJz6varhg21Eq64O8daPDYlV4lcDo06 \r\n 528EXY28tzs8TjTGtrY7zSV6sxoam4N6X4qUJ6fJBxvahygrDqIQ1VaZ8jEN \r\n 4YRnqRDvoRGcAnI13V9cg3V6dC/+R5qCbdB2bzhuAPrfip2yMh0wvYkKiFYm \r\n 9V8x6nc0qgRZ0eYtr9pWZrtaNfQ75g2Ryqa1FmpdMRejT6Re9G3oQxDYDGZK \r\n oF1f9gafzqnIso909NFnA8rkRBH5DdpDXLUbOXnyCT0z6MZHre0oTEmAMcHG \r\n SsffmPR0dGXa9rncWAoVOwrKEWlxNo2NkqkeDPWKUBFRXDkihMCl9/7Z1+lV \r\n 8rCaJbqRAYwaYw0bjPLjKdaWgfzwHhDjvNe3lNanoK9ZrnJypg+guBz/vb4z \r\n 3l6WOdK/wCiT0HIZGAcMCdi25wNTbRL2FXLAtACHsKI2xOQVTr4c/qxqygDd \r\n rtkfgQ4hBdu8zBDc4De81UR0GoZ3YHegfDeA1EX1JOj/pGIAZK8c6fDZepbY \r\n GlMxixvR5nE9zvymfhAcWwtatuBDsj7pLoQ5iDlACjRo48R97GOAAOWgmj7E \r\n DxM3UOYjX+TKhyU8mIzN7YQS6fOrZ5sWIculyR0PqSiQdmLp1Gxwtnyln8Kb \r\n Kfo94QLWHesDYRzor5V79YhP6zTFtMYzvRDac5U8nUQEEhLl/W+SlAbQPjPy \r\n jz19xDS4i06TfzYAxScivYmRs3hDjZl0yt9CujLnw8sFrpgs1bs+xkLJ/Er1 \r\n WhGYh9YWCmKOcfPHo37XsrSLz0SCCfvP6LfmgGZ7OtfBr3hQeiGcv8GJ8DQF \r\n S4QFtTdxOUvpnQOBGDZtuSrjNp0FCR1sQ5GN+/s7OxMNrE6JQWhWY0LXphCH \r\n PHwB+dKaQd1TR8X8gnONI3idWvRi0f0gXeDjbtdiXbCnVFy9Y02Go4FidUUG \r\n YtPUzrI5h2ORBZCuX/NDmgIudjHptyOmb8nUGYvS9xaZtAusBGQHw2/QG6Oq \r\n Ly/CGq2weUiWFj4zRsuZD9Tmn/HMhvE0BkM7A0rac0iQDdrSRbypiZL33lcW \r\n Tto5hy39qJRVpJ5yoJ+ZEjcyx08UpUNZyeHj8e9pi5OzHJwdgCnTynGB5XLM \r\n cZ9SUxxUxu+oZIsvd1r+dDgF/D6I0mADxmW6tX1AcQOqqNsh/wvFjqScWe1v \r\n ol1h+csp4LOXSNab0OrSWWxuLOCV41okD+zXJqiStIcjKQ==" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "dwl:1;ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160513016)(750119)(520011016)(520008050)(702028)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600141)(710020)(711020)(4605104)(4709054)(49563074)(1401320)(8001031)(1421009)(1422010)(1402095)(71702078);SRVR:VI1P195MB0336;" + }, + { + "key": "X-Forefront-PRVS", + "value": "00179089FD" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "CIP:13.84.45.239;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10009020)(6049001)(396003)(376002)(346002)(39860400002)(136003)(2980300002)(1110001)(339900001)(199004)(189003)(76236002)(2351001)(89072002)(316002)(236005)(74316002)(19627405001)(31696002)(6486002)(6392003)(5660300002)(18926415008)(733005)(66926002)(105606002)(7846003)(66576008)(476003)(52230400001)(31686004)(81156014)(4186021)(16586007)(86362001)(25786009)(70206006)(2906002)(16576012)(5000100001)(77096007)(33964004)(606006)(36736006)(55885007)(5024004)(356004)(498600001)(70586007)(68736007)(14444005)(8896004)(861006)(84326002)(85426001)(53936002)(97736004)(26005)(6306002)(486006)(81166006)(54556002)(54896002)(9686003)(8676002)(126002)(6916009)(336012)(8936002)(956004)(44636010)(562774006);DIR:OUT;SFP:1101;SCL:1;SRVR:BN3NAM01HT102;H:[10.0.0.5];FPR:;SPF:Fail;LANG:en;PTR:InfoDomainNonexistent;A:1;MX:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:40.107.81.43;IPV:NLI;CTRY:US;EFV:NLI;SFV:SPM;SFS:(2980300002)(609006)(199004)(189003)(74316002)(8676002)(66926002)(6862004)(25786009)(7636002)(55885007)(1096003)(26005)(36736006)(36906005)(33964004)(86362001)(31696002)(246002)(77096007)(16576012)(8636004)(84326002)(7846003)(54556002)(5024004)(14444005)(16003)(16586007)(76236002)(31686004)(6392003)(8896004)(6306002)(54896002)(733005)(6436002)(606006)(6486002)(336012)(106002)(9686003)(52230400001)(58800400003)(19627405001)(126002)(486006)(89072002)(956004)(476003)(5000100001)(2351001)(18926415008)(5660300002)(62540400005)(236005)(76160400004);DIR:INB;SFP:;SCL:5;SRVR:VI1P195MB0336;H:NAM01-BY2-obe.outbound.protection.outlook.com;FPR:;SPF:Pass;LANG:en;PTR:mail-eopbgr810043.outbound.protection.outlook.com;A:1;MX:1;CAT:SPM;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "1" + }, + { + "key": "X-Crid", + "value": "b21dd69e-b015-0000-3322-fa9417f04ee7-8b53f41a-b8bc-4f9e-a1ef-07158721632c" + }, + { + "key": "X-Auto-Response-Suppress", + "value": "DR, OOF, AutoReply" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of sharepointonline.com designates 40.107.81.43 as permitted sender)\r\n receiver=protection.outlook.com;\n client-ip=40.107.81.43; helo=NAM01-BY2-obe.outbound.protection.outlook.com;" + }, + { + "key": "Authentication-Results-Original", + "value": "spf=fail (sender IP is 13.84.45.239) smtp.mailfrom=sharepointonline.com; securepractice.no; dkim=none (message\r\n not\n signed) header.d=none;practice.no; dmarc=fail action=oreject\n header.from=sharepointonline.com;" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 40.107.81.43) smtp.mailfrom=sharepointonline.com; practice.no; dkim=pass (signature\r\n was\n verified) header.d=sharepointonline.com;practice.no; dmarc=pass action=none\n header.from=sharepointonline.com;compauth=pass reason=100" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4524, + "assessed_at": "2022-01-14 09:40:20" + }, + { + "risk": 3, + "category": "targeted", + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:41:43" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "contents_received", + "reported_at_s": "", + "id_d": 1699, + "message_id_s": "60b60fd4-b009-4529-923a-1e9bd1f0c733@DB3EUR04FT052.eop-eur04.prod.protection.outlook.com", + "size_bytes_d": 0, + "subject_s": "message notification", + "from_email_s": "19047875348@dansitur.com", + "from_name_s": "+17458708563", + "reply_to_s": "", + "spam_score_d": 1, + "spf_s": "pass", + "originating_ip_s": "94.158.244.59", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://proindcons.com/", + "text": "", + "hostname": "proindcons.com" + }, + { + "url": "https://outlook.com/", + "text": "organizations", + "hostname": "outlook.com" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [ + { + "filename": "oyo.png", + "extension": "png", + "content_type": "image/png", + "content_id": "015522113@01052019-2880", + "is_inline": true, + "size_bytes": 856, + "md5_hash": "33be61230abcfb2330474ae08b30908c", + "sha1_hash": "200344b8497af8212562cc408c3b047951ca8323", + "sha256_hash": "3da58244a41fd5810fa36b99514f189450946d6094c19f2da20246851911ca73", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1699/attachments/1278/export" + } + ], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "", + "risk_d": 1, + "risk_source_s": "super", + "sent_at_s": "2019-05-01 17:19:54", + "assessed_at_s": "2022-01-14 09:41:19", + "content_status_s": "received", + "headers_s": [ + { + "key": "Received", + "value": "from VI1P195MB0335.EURP195.PROD.OUTLOOK.COM (2603:10a6:3:f8::28) by HE1P195MB0266.EURP195.PROD.OUTLOOK.COM with HTTPS via\r\n HE1PR05CA0180.EURPRD05.PROD.OUTLOOK.COM; Wed, 1 May 2019 17:20:08 +0000" + }, + { + "key": "Received", + "value": "from AM6P195CA0096.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:86::37) by VI1P195MB0335.EURP195.PROD.OUTLOOK.COM (2603:10a6:802:68::20) with\r\n Microsoft SMTP Server (version=TLS1_2,\r\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.15; Wed, 1 May\r\n 2019 17:20:06 +0000" + }, + { + "key": "Received", + "value": "from DB3EUR04FT052.eop-eur04.prod.protection.outlook.com (2a01:111:f400:7e0c::206) by AM6P195CA0096.outlook.office365.com\r\n (2603:10a6:209:86::37) with Microsoft SMTP Server (version=TLS1_2,\r\n cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1856.10 via Frontend\r\n Transport; Wed, 1 May 2019 17:20:06 +0000" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 54.39.250.240) smtp.mailfrom=dansitur.com; practice.no; dkim=pass (signature was verified)\r\n header.d=dansitur.com;practice.no; dmarc=pass action=none\r\n header.from=dansitur.com;compauth=pass reason=100" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of dansitur.com designates 54.39.250.240 as permitted sender) receiver=protection.outlook.com;\r\n client-ip=54.39.250.240; helo=mta16.dansitur.com;" + }, + { + "key": "Received", + "value": "from mta16.dansitur.com (54.39.250.240) by DB3EUR04FT052.mail.protection.outlook.com (10.152.24.131) with Microsoft SMTP\r\n Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id\r\n 15.20.1835.13 via Frontend Transport; Wed, 1 May 2019 17:20:05 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha1; c=relaxed/relaxed; s=1555594867.dansitur; d=dansitur.com; h=From:Subject:To:Content-Type:MIME-Version:Date; i=19047875348@dansitur.com;\r\n bh=5DFFu4d4UQSz8bmlgHTBh4T41yQ=;\r\n b=e6kSPLzHYAURNCcX5mK7ebVG4g6heexrjKf66dKWdpAQD0q689Ko25upqz/zhZe8dZSx66yOiIaa\r\n fMhfiQi+7+uJU57fDfjLSRq3tipiGN4hauVK9XtP1SmqDqjI7DkO5joHJlznRpCi/Hyp9VV2JsaB\r\n RGGtzsTb9XHzEVn4Tr8=" + }, + { + "key": "Received", + "value": "from dbase4mediagroup.com (94.158.244.59) by mta16.dansitur.com for ; Wed, 1 May 2019 13:19:54 -0400 (envelope-from <19047875348@dansitur.com>)" + }, + { + "key": "From", + "value": "\"+17458708563\" <19047875348@dansitur.com>" + }, + { + "key": "Subject", + "value": "message notification" + }, + { + "key": "To", + "value": "secure@practice.no" + }, + { + "key": "Content-Type", + "value": "text/plain" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Date", + "value": "Wed, 1 May 2019 17:19:54 -0700" + }, + { + "key": "Message-ID", + "value": "<60b60fd4-b009-4529-923a-1e9bd1f0c733@DB3EUR04FT052.eop-eur04.prod.protection.outlook.com>" + }, + { + "key": "Return-Path", + "value": "19047875348@dansitur.com" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "01 May 2019 17:20:06.2699 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "2:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "b47e6573-07e7-4a30-583a-08d6ce594150" + }, + { + "key": "X-EOPAttributedMessage", + "value": "0" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79:0" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:54.39.250.240;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(2980300002)(189003)(199004)(33964004)(620700002)(8676002)(34003)(58800400003)(956004)(71190400001)(476003)(486006)(126002)(336012)(3480700005)(36906005)(356004)(1096003)(606006)(74316002)(84326002)(34206002)(426003)(6692004)(54556002)(61000400013)(236005)(5660300002)(246002)(9686003)(6306002)(33026002)(15395715005)(44144004)(733005)(7116003)(22186003)(2361001)(7596002)(31696002)(16586007)(86362001)(7636002)(15650500001)(26005)(31686004)(221733001)(2351001)(106002)(71816002)(2160300002)(81782002);DIR:INB;SFP:;SCL:1;SRVR:VI1P195MB0335;H:mta16.dansitur.com;FPR:;SPF:Pass;LANG:en;PTR:mta16.dansitur.com;MX:1;A:1;" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "DB3EUR04FT052.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "b47e6573-07e7-4a30-583a-08d6ce594150" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600141)(711020)(4605104)(4709054)(49563074)(1401320)(8001031)(1421009)(1402095)(71702078);SRVR:VI1P195MB0335;" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "VI1P195MB0335:" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "2" + }, + { + "key": "X-MS-Oob-TLC-OOBClassifiers", + "value": "OLM:1148;" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "1" + }, + { + "key": "X-Auto-Response-Suppress", + "value": "DR, OOF, AutoReply" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "01 May 2019 17:20:05.9586 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "b47e6573-07e7-4a30-583a-08d6ce594150" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "VI1P195MB0335" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:02.3112462" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.1835.000" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160514016)(750119)(520011016)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "FMUCa61GTn6Z6SzLOSq62fx4dU6p87Wyh6kMmOkmtfGqr08MrIINL9F5vFUWS5B/KfB65sIUWIq2c7pYN5ez9sbcs91h0z6DkfK5x3mJRcRqhyzIHgMTdjLoHM73yFJ6Iv6x1yOfcXxVipaKCjCt7HDnRFAYyW8407RgpGAyosGActRYEj3OhOAfNW8Wsm+L36eMNiPBDf5mtHtdMw0bZNheIX8D5cAVWk5NtrUxKp4f9I0FoIg5ZxUkJL2idlcKswTyPdDIdifZtZ9yWQEkg3Bu0jGJED6jAiyUg1ZkwKIfcfLTVAtNqhSIX3dG/qQc734BwsfyBqUngoFvrECeerRpP7Y+Pqkk1SbQqllFLmeyatDOtYP4rje3ap5xSxMcB+8FrFackzvtXSOroeDnv08b0cku0GKg9XFqVzhhXLrBHI3n9qABQ2nGqfkCdAkbFns4vH6ThXqLws5Lr8QcLyqr8L2A9uDePWxsTPjFshKKreM7j9uTSK0yzgB1sEmWExpCggYB/Cb8WgKatTzAEWBhGUOIXLgBkUGepTY9VTs9E7WKgdE8+j2yg7pIfrRE8IjpQorpxEWq9qq5cAIC9FTBVXJZuB1r70NhizD4UYdOz2nP2hR15FFLHzy4X6i7shNsAmmM9/t/P3Vs5a9GWdcor2rAfXHHgy4BOc8GnI0il782ta24zj1UcnBv/WTCeMXeDlrcyt4GqYDTG1CuZrecEY7/xMVvUhPk0kdeJMmwm2OpXvj9TFxUO0LtzzES1ypxXeyc1MWC+8zVi9/t1s5ZtBHu5f+HbhXumEvL3V+2DkMehPOVF7l6bn8h8MrmWlE51B369FRyRbpdZZbRWa2hh/gqKMHKxeX2CZQrMHArIhmUUo92drDDO8dTgLGd8IYPgKs76DmO3qLXbtV/cqqyTeEZCO7sJ24wwF8lku7CGJn6YiuKP8yqX1JrbOuH" + }, + { + "key": "X-Microsoft-Antispam-ZAP-Message-Info", + "value": "Y7APQ61S/e2O5qE1GntPkXMQw0ERLqbRB8K1tjrAYbwc0X5KIjd7Mh6OG2ht5hdqaQKBz3yhkCZ2Y6TJStQvaVwNO9PiIOt4ghNybaA7Jmu3rHpyFps1Qyli9akwzraeQRKHAbcqK5k9FnfteZhBSqzZMh/fp/ss13H9KPNrIpgmLrN3QoEs9mAxDXLON6zYKrg7HP/gV0Q+4iGsGd9cf78b9xfkF1BMIx5A4ZdY4sHOSviG2ZnQA6B7CwHEGLJuwsWQ3FSHdmDuDqDlRC1yqUBaB6jH4Mz8KnlOBTz/+yKZfSBTwdNXdm/AqpkYcBOIHxGbCSsJLxSHBFQJrihU8A==" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4523, + "assessed_at": "2022-01-14 09:40:03" + }, + { + "risk": 1, + "category": null, + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:41:17" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "risk_changed", + "reported_at_s": "", + "id_d": 1699, + "message_id_s": "60b60fd4-b009-4529-923a-1e9bd1f0c733@DB3EUR04FT052.eop-eur04.prod.protection.outlook.com", + "size_bytes_d": 0, + "subject_s": "message notification", + "from_email_s": "19047875348@dansitur.com", + "from_name_s": "+17458708563", + "reply_to_s": "", + "spam_score_d": 1, + "spf_s": "pass", + "originating_ip_s": "94.158.244.59", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://proindcons.com/", + "text": "", + "hostname": "proindcons.com" + }, + { + "url": "https://outlook.com/", + "text": "organizations", + "hostname": "outlook.com" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [ + { + "filename": "oyo.png", + "extension": "png", + "content_type": "image/png", + "content_id": "015522113@01052019-2880", + "is_inline": true, + "size_bytes": 856, + "md5_hash": "33be61230abcfb2330474ae08b30908c", + "sha1_hash": "200344b8497af8212562cc408c3b047951ca8323", + "sha256_hash": "3da58244a41fd5810fa36b99514f189450946d6094c19f2da20246851911ca73", + "last_modified_at": null, + "download_screenshot": null, + "download_file": "https://api.test.mailrisk.net/v1/emails/1699/attachments/1278/export" + } + ], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "", + "risk_d": 1, + "risk_source_s": "super", + "sent_at_s": "2019-05-01 17:19:54", + "assessed_at_s": "2022-01-14 09:41:19", + "content_status_s": "received", + "headers_s": [ + { + "key": "Received", + "value": "from VI1P195MB0335.EURP195.PROD.OUTLOOK.COM (2603:10a6:3:f8::28) by HE1P195MB0266.EURP195.PROD.OUTLOOK.COM with HTTPS via\r\n HE1PR05CA0180.EURPRD05.PROD.OUTLOOK.COM; Wed, 1 May 2019 17:20:08 +0000" + }, + { + "key": "Received", + "value": "from AM6P195CA0096.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:86::37) by VI1P195MB0335.EURP195.PROD.OUTLOOK.COM (2603:10a6:802:68::20) with\r\n Microsoft SMTP Server (version=TLS1_2,\r\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.15; Wed, 1 May\r\n 2019 17:20:06 +0000" + }, + { + "key": "Received", + "value": "from DB3EUR04FT052.eop-eur04.prod.protection.outlook.com (2a01:111:f400:7e0c::206) by AM6P195CA0096.outlook.office365.com\r\n (2603:10a6:209:86::37) with Microsoft SMTP Server (version=TLS1_2,\r\n cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1856.10 via Frontend\r\n Transport; Wed, 1 May 2019 17:20:06 +0000" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 54.39.250.240) smtp.mailfrom=dansitur.com; practice.no; dkim=pass (signature was verified)\r\n header.d=dansitur.com;practice.no; dmarc=pass action=none\r\n header.from=dansitur.com;compauth=pass reason=100" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of dansitur.com designates 54.39.250.240 as permitted sender) receiver=protection.outlook.com;\r\n client-ip=54.39.250.240; helo=mta16.dansitur.com;" + }, + { + "key": "Received", + "value": "from mta16.dansitur.com (54.39.250.240) by DB3EUR04FT052.mail.protection.outlook.com (10.152.24.131) with Microsoft SMTP\r\n Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id\r\n 15.20.1835.13 via Frontend Transport; Wed, 1 May 2019 17:20:05 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha1; c=relaxed/relaxed; s=1555594867.dansitur; d=dansitur.com; h=From:Subject:To:Content-Type:MIME-Version:Date; i=19047875348@dansitur.com;\r\n bh=5DFFu4d4UQSz8bmlgHTBh4T41yQ=;\r\n b=e6kSPLzHYAURNCcX5mK7ebVG4g6heexrjKf66dKWdpAQD0q689Ko25upqz/zhZe8dZSx66yOiIaa\r\n fMhfiQi+7+uJU57fDfjLSRq3tipiGN4hauVK9XtP1SmqDqjI7DkO5joHJlznRpCi/Hyp9VV2JsaB\r\n RGGtzsTb9XHzEVn4Tr8=" + }, + { + "key": "Received", + "value": "from dbase4mediagroup.com (94.158.244.59) by mta16.dansitur.com for ; Wed, 1 May 2019 13:19:54 -0400 (envelope-from <19047875348@dansitur.com>)" + }, + { + "key": "From", + "value": "\"+17458708563\" <19047875348@dansitur.com>" + }, + { + "key": "Subject", + "value": "message notification" + }, + { + "key": "To", + "value": "secure@practice.no" + }, + { + "key": "Content-Type", + "value": "text/plain" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Date", + "value": "Wed, 1 May 2019 17:19:54 -0700" + }, + { + "key": "Message-ID", + "value": "<60b60fd4-b009-4529-923a-1e9bd1f0c733@DB3EUR04FT052.eop-eur04.prod.protection.outlook.com>" + }, + { + "key": "Return-Path", + "value": "19047875348@dansitur.com" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "01 May 2019 17:20:06.2699 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "2:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "b47e6573-07e7-4a30-583a-08d6ce594150" + }, + { + "key": "X-EOPAttributedMessage", + "value": "0" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79:0" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:54.39.250.240;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(2980300002)(189003)(199004)(33964004)(620700002)(8676002)(34003)(58800400003)(956004)(71190400001)(476003)(486006)(126002)(336012)(3480700005)(36906005)(356004)(1096003)(606006)(74316002)(84326002)(34206002)(426003)(6692004)(54556002)(61000400013)(236005)(5660300002)(246002)(9686003)(6306002)(33026002)(15395715005)(44144004)(733005)(7116003)(22186003)(2361001)(7596002)(31696002)(16586007)(86362001)(7636002)(15650500001)(26005)(31686004)(221733001)(2351001)(106002)(71816002)(2160300002)(81782002);DIR:INB;SFP:;SCL:1;SRVR:VI1P195MB0335;H:mta16.dansitur.com;FPR:;SPF:Pass;LANG:en;PTR:mta16.dansitur.com;MX:1;A:1;" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "DB3EUR04FT052.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "b47e6573-07e7-4a30-583a-08d6ce594150" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600141)(711020)(4605104)(4709054)(49563074)(1401320)(8001031)(1421009)(1402095)(71702078);SRVR:VI1P195MB0335;" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "VI1P195MB0335:" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "2" + }, + { + "key": "X-MS-Oob-TLC-OOBClassifiers", + "value": "OLM:1148;" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "1" + }, + { + "key": "X-Auto-Response-Suppress", + "value": "DR, OOF, AutoReply" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "01 May 2019 17:20:05.9586 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "b47e6573-07e7-4a30-583a-08d6ce594150" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "VI1P195MB0335" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:02.3112462" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.1835.000" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160514016)(750119)(520011016)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "FMUCa61GTn6Z6SzLOSq62fx4dU6p87Wyh6kMmOkmtfGqr08MrIINL9F5vFUWS5B/KfB65sIUWIq2c7pYN5ez9sbcs91h0z6DkfK5x3mJRcRqhyzIHgMTdjLoHM73yFJ6Iv6x1yOfcXxVipaKCjCt7HDnRFAYyW8407RgpGAyosGActRYEj3OhOAfNW8Wsm+L36eMNiPBDf5mtHtdMw0bZNheIX8D5cAVWk5NtrUxKp4f9I0FoIg5ZxUkJL2idlcKswTyPdDIdifZtZ9yWQEkg3Bu0jGJED6jAiyUg1ZkwKIfcfLTVAtNqhSIX3dG/qQc734BwsfyBqUngoFvrECeerRpP7Y+Pqkk1SbQqllFLmeyatDOtYP4rje3ap5xSxMcB+8FrFackzvtXSOroeDnv08b0cku0GKg9XFqVzhhXLrBHI3n9qABQ2nGqfkCdAkbFns4vH6ThXqLws5Lr8QcLyqr8L2A9uDePWxsTPjFshKKreM7j9uTSK0yzgB1sEmWExpCggYB/Cb8WgKatTzAEWBhGUOIXLgBkUGepTY9VTs9E7WKgdE8+j2yg7pIfrRE8IjpQorpxEWq9qq5cAIC9FTBVXJZuB1r70NhizD4UYdOz2nP2hR15FFLHzy4X6i7shNsAmmM9/t/P3Vs5a9GWdcor2rAfXHHgy4BOc8GnI0il782ta24zj1UcnBv/WTCeMXeDlrcyt4GqYDTG1CuZrecEY7/xMVvUhPk0kdeJMmwm2OpXvj9TFxUO0LtzzES1ypxXeyc1MWC+8zVi9/t1s5ZtBHu5f+HbhXumEvL3V+2DkMehPOVF7l6bn8h8MrmWlE51B369FRyRbpdZZbRWa2hh/gqKMHKxeX2CZQrMHArIhmUUo92drDDO8dTgLGd8IYPgKs76DmO3qLXbtV/cqqyTeEZCO7sJ24wwF8lku7CGJn6YiuKP8yqX1JrbOuH" + }, + { + "key": "X-Microsoft-Antispam-ZAP-Message-Info", + "value": "Y7APQ61S/e2O5qE1GntPkXMQw0ERLqbRB8K1tjrAYbwc0X5KIjd7Mh6OG2ht5hdqaQKBz3yhkCZ2Y6TJStQvaVwNO9PiIOt4ghNybaA7Jmu3rHpyFps1Qyli9akwzraeQRKHAbcqK5k9FnfteZhBSqzZMh/fp/ss13H9KPNrIpgmLrN3QoEs9mAxDXLON6zYKrg7HP/gV0Q+4iGsGd9cf78b9xfkF1BMIx5A4ZdY4sHOSviG2ZnQA6B7CwHEGLJuwsWQ3FSHdmDuDqDlRC1yqUBaB6jH4Mz8KnlOBTz/+yKZfSBTwdNXdm/AqpkYcBOIHxGbCSsJLxSHBFQJrihU8A==" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4523, + "assessed_at": "2022-01-14 09:40:03" + }, + { + "risk": 1, + "category": null, + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:41:17" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "risk_changed", + "reported_at_s": "", + "id_d": 1697, + "message_id_s": "b6898566c8c1c59a4636c73d32526e55@klikdapur.com", + "size_bytes_d": 0, + "subject_s": "Få dine penger (89.486,73 NOK) utbetalt i dag via Vipps", + "from_email_s": "michiel@klikdapur.com", + "from_name_s": "Vipps", + "reply_to_s": "michiel@klikdapur.com", + "spam_score_d": 0, + "spf_s": "", + "originating_ip_s": "127.0.0.1", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "http://klikdapur.com/link.php?M=11685831&N=187&L=89&F=H", + "text": "", + "hostname": "klikdapur.com" + }, + { + "url": "http://klikdapur.com/link.php?M=11685831&N=187&L=89&F=H", + "text": "(89.486,73 NOK)", + "hostname": "klikdapur.com" + }, + { + "url": "http://klikdapur.com/link.php?M=11685831&N=187&L=89&F=H", + "text": "her", + "hostname": "klikdapur.com" + }, + { + "url": "http://klikdapur.com/link.php?M=11685831&N=187&L=89&F=H", + "text": "Gjennomfør registreringen her", + "hostname": "klikdapur.com" + }, + { + "url": "http://klikdapur.com/unsubscribe.php?M=11685831&C=daf96092199dd146f3ddb15f4a504f57&L=20&N=187", + "text": "her", + "hostname": "klikdapur.com" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "scam", + "risk_d": 2, + "risk_source_s": "super", + "sent_at_s": "2019-08-02 13:41:20", + "assessed_at_s": "2022-01-14 09:41:07", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "cornelia@klikdapur.com" + }, + { + "key": "Received", + "value": "from EXGW001 (localhost [127.0.0.1]) \tby EXGW001 (8.14.4/8.14.4/Debian-2ubuntu2.1) with Microsoft SMTP\n Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id\n 15.1.1713.5\n via Mailbox Transport; Fri, 21 Jun 2019 15:30:19 +0200" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=klikdapur.com; \ts=key; t=1561116852;\n \tbh=nIjZkO5mLVAOZu5BmNQZkzesMEouiSpPTQPT2aqu9Mw=;\n \th=To:Subject:Date:From:Reply-To:List-Unsubscribe ;\n \tb=Q+zV0dOs+lM3sD/SmYS4H41N2zQ+efFaf10ZYZ7448M+onwp/2FMzHaIOt \r\n bfkXANT\n \t KXIe5tVXAKJod9OpW/lJKym8SJrfZxykyL+/5/KZ3gqb7QpF+1H9NVoENPjS \r\n B/ro7h\n \t JXMRbWZJWGIbTQsM3ncWIDA4uka1PReR55bu1uBw=" + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Fri, 02 Aug 2019 13:41:20 +0000" + }, + { + "key": "Subject", + "value": "Få dine penger (89.486,73 NOK) utbetalt i dag via Vipps" + }, + { + "key": "From", + "value": "Vipps " + }, + { + "key": "Reply-To", + "value": "michiel@klikdapur.com" + }, + { + "key": "To", + "value": "demo@mailrisk.com" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564753280_072d4d542b75a88ab6a653cf006741b9_=_\"" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:00.4591333" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.01.1713.001" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "50cbb89a-a3ab-4a94-a5c3-08d6f64c9a9b" + }, + { + "key": "X-MS-Exchange-Organization-AVStamp-Enterprise", + "value": "1.0" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "taco-exc02-vm.prd.tasp.tikt.no" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-Mailer-SID", + "value": "187" + }, + { + "key": "X-Mailer-Sent-By", + "value": "1" + }, + { + "key": "X-Mailer-RecptId", + "value": "1685831" + }, + { + "key": "X-Mailer-LID", + "value": "20" + }, + { + "key": "X-C2ProcessedOrg", + "value": "db89f42a-9e17-46f5-bb28-ef43d3cfb3a8" + }, + { + "key": "List-Unsubscribe", + "value": "" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4521, + "assessed_at": "2022-01-14 09:39:22" + }, + { + "risk": 2, + "category": "scam", + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:41:06" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "risk_changed", + "reported_at_s": "", + "id_d": 1696, + "message_id_s": "VI1PR05MB3374D0CF6ED4E5BA44DCEC6D86F30@VI1PR05MB3374.eurprd05.prod.outlook.com", + "size_bytes_d": 654, + "subject_s": "shared document", + "from_email_s": "Goldberg.Sue@osman.ru", + "from_name_s": "Sue Goldberg", + "reply_to_s": "", + "spam_score_d": 1, + "spf_s": "none", + "originating_ip_s": "82.102.27.50", + "_links_count_hard_d": "", + "links_s": [], + "_attachments_count_hard_d": "", + "attachments_s": [ + { + "filename": "Agreement-July 2019- Dully Signed.pdf", + "extension": "pdf", + "content_type": "application/pdf", + "content_id": null, + "is_inline": false, + "size_bytes": 34359, + "md5_hash": "cc48d0dcbf07ef8fe4ff89b82a2b5382", + "sha1_hash": "d5b85cca3914c8df90298adefe659a09a8afcd2a", + "sha256_hash": "6f4b28caeb4c13f66afafb4f5226c31711bb32c19a4640ff1969e2e57d204da0", + "last_modified_at": null, + "download_screenshot": "https://api.test.mailrisk.net/v1/emails/1696/attachments/1277/screenshot", + "download_file": "https://api.test.mailrisk.net/v1/emails/1696/attachments/1277/export" + } + ], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "malware", + "risk_d": 3, + "risk_source_s": "super", + "sent_at_s": "2019-08-03 09:03:54", + "assessed_at_s": "2022-01-14 09:40:54", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "goldberg.jane@osman.com.tr" + }, + { + "key": "Received", + "value": "from AM6PR0302MB3464.eurprd03.prod.outlook.com (2603:10a6:20b:2e::41) by\r\n AM6PR0302MB3464.eurprd03.prod.outlook.com\n with HTTPS via AM6PR05CA0028.EURPRD05.PROD.OUTLOOK.COM; Thu, 11 Jul 2019\r\n 10:36:12 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=os man.onmicrosoft.com;\n s=selector2-osman-onmicrosoft-com; \r\n h=From:Date:Subject:Message-ID:Content-Type:MIME \r\n -Version:X-MS-Exchange-SenderADCheck; \r\n bh=l4iTf2KEj5ly/peGv+IAp2hZ8/15dhvBYSIe6+l4Teg=; \r\n b=lB30GF7aBhQ4GV2vsBtXwdeQkwy8f+SSLrrlLYFyAMY2kMwhn8oN2DmzHnDwiiJl4VvqTrrLo2RU5ANDJBLtZ7O4D+EPOVt0QxJWGz0JAzQf0AHcaUuonjnelBCH8Qsi7nPPVOGe5/Pxki3SUhcFUT0Yh841XV81qKt8ehBfHZo=" + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Sat, 03 Aug 2019 09:03:54 +0000" + }, + { + "key": "Subject", + "value": "shared document" + }, + { + "key": "From", + "value": "Sue Goldberg " + }, + { + "key": "To", + "value": "Undisclosed recipients:;" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/mixed; boundary=\"_=_swift_1564823034_e3be558b0e8759e5b584c66d7d6ced38_=_\"" + }, + { + "key": "x-originating-ip", + "value": "[82.102.27.50]" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "VI1PR05MB3135:|AM6PR0302MB3464:" + }, + { + "key": "x-ms-publictraffictype", + "value": "Email" + }, + { + "key": "x-ms-oob-tlc-oobclassifiers", + "value": "OLM:1728;OLM:1728;" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "039334de-5c7a-4ac0-b49b-08d705eb4eee" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "ad343d30-769d-48ce-f6fe-08d705eb9724" + }, + { + "key": "X-MS-Has-Attach", + "value": "yes" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:01.5074883" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "AM5EUR03FT025.eop-EUR03.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "VI1PR05MB3135" + }, + { + "key": "x-ms-exchange-senderadcheck", + "value": "1" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "2" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.2052.002" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "1" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "ad343d30-769d-48ce-f6fe-08d705eb9724" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "11 Jul 2019 10:36:10.7450 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "1:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "AM5EUR03FT025.eop-EUR03.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "11 Jul 2019 10:36:10.6929 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "ad343d30-769d-48ce-f6fe-08d705eb9724" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "1b7083a4-0e92-4065-87fc-eb5482b64854" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020);SRVR:VI1PR05MB3135;" + }, + { + "key": "x-microsoft-antispam-prvs", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "60TsBh700jDzNZ+mrxm1VG3LOhw34YoN9fSDP6GTyt62XioqqKY7Ac6ubDcdav39v0lR5EuCCU4lw+UXVou65k+x5bi25mwmuUw7iyHiBX07VrvHdoSPiqCDlZEdRi8Iy1TglpdlHilwlNoYR1UEWdQPgDdMlMGdTF+p5bqSbiQqXPWBXryLLVJzMZGPE/5oILrzHPxUyS8gar0FUBBd2V/M1rlRQaRaAWdXgfPzLO5KNIraBW2TjbsonWbfG71EZ8WJcMUwnw06WgJos2wvrgUM/SNOZd+F0u7+wiGv/oE11Lri2GYRpl65WVD5yfh5tc5PFPddBF46DrU1+8lWODYQzZHEqjifBVsL8b45NSXZdg+vzbLqWmgx5Mealwei+ef8Vp0XHP092B6RkV6ZtP/C25yzGbZ0W+8g6GJ+P7Q=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "9WiDo+452qMuyh979R+Fc2K1zkYrzwgcnuoXf2foNDC7DfXk3AT/7mfdF2m+ WrFQZPhEOjTt2ZwQY0FLjrEDUnsIgyXBNS5zCcXC0fgiVYIzghrNXHkjGdx3\r\n \n /AKTNyfZjKuTCAGgn22VH2U2cLlEG3ga/h5/L0fResBW+OjqKNdSAbozdayE\r\n \n PfbTtebSJ9yMU0Glawt92AyPgCmyDsUUOKnKRQ0NElq0V62+6K1RRWL8bld6\r\n \n uWevxv4AKHtx1Wiizp9LLTfYegjxxLzVdVXfHa7u++PcYZs4R5k9pHYsohlQ\r\n \n o36vnVVSMKdfo3E1WTxbnBUver1nn3zOuO/uWBsUuytxqhWYbMc+vc/q6qCY\r\n \n YyFVKf+iMOV20nkIbapqrH09AxDNYFb7pnkfeqvG+U1gcal1rYbUP6BD244z\r\n \n w5JbjLsxntt6HeasRqOjgeaSAhNCnadglxOFHKIlIBbPEcC4HwKbC0RHsqeP\r\n \n voGVcOcafP0jxOAxte/WhQsk4nzsHEzPaLbIOoPkvVXxgcGz+IiiNFjfhply\r\n \n p5/vb1yq1G0UHvLI2WDPNcCsJgQzBJv0Rg1YgSt5M+73oL9zyjz3qfw4tiK0\r\n \n V5qbyGm2i68WFU7jXDA0UN3o67cdli6C//CLRvoDBiQbXWHC36621QGi+xV4\r\n \n buj2/ybhFEZuXtsj1c36ElIIx9yr2yZFvyebFPZWpcEfdF00QLqSCDRL/yl9\r\n \n IK3GeUXMii7Y8PqOozdwgkrg4IpGac4Y4PvsuzEvDhIPCd2IKyxgS25k/tCW\r\n \n UEnmZ07+p572DWCC+CaLuAfIeZY5USLf4QE3mYsXxBBcwhT3evAdEzi9nsTS\r\n \n auvHHLPL576VgMceHLmEnH9bG0GsmHhsFR2XACD88Cu0p0DtVggTbiVpJug8\r\n \n nvSY5tJfKDJbL8CDK/7B8FfZXqpygDPDWt/7a6Sxnnw+eyQPVkQlR6I5naUj\r\n \n DK+5U0s1GmegRU22uVrLMoEhqdRRGmLKc3MaRTeylLg=" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160514016)(750119)(520011016)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600148)(710020)(711020)(4605104)(4709080)(1420029)(8001031)(1414054)(49563074)(71702078)(7193020);SRVR:AM6PR0302MB3464;" + }, + { + "key": "x-ld-processed", + "value": "d79555d1-8adb-46ea-af6c-b6b2a24e4fe7,ExtAddr" + }, + { + "key": "x-forefront-prvs", + "value": "0095BCF226" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "SFV:NSPM;SFS:(10019020)(4636009)(346002)(136003)(396003)(39860400002)(376002)(366004)(189003)(199004)(53936002)(66576008)(71190400001)(76116006)(478600001)(99286004)(55016002)(606006)(66446008)(7366002)(66556008)(7116003)(86362001)(7406005)(733005)(6506007)(74316002)(65706003)(54896002)(66476007)(64756008)(6306002)(71200400001)(6436002)(7696005)(102836004)(7276002)(5660300002)(109986005)(9686003)(88732003)(3480700005)(76576003)(7336002)(14454004)(52536014)(316002)(26005)(7736002)(25786009)(17550700004)(7416002)(66066001)(68736007)(81156014)(8936002)(1671002)(66946007)(861006)(236005)(99936001)(2906002)(6116002)(54556002)(6606003)(558084003)(19627405001)(256004)(486006)(476003)(81166006)(89122003)(881003)(186003)(3846002)(8676002)(221733001)(33656002)(16040700028);DIR:OUT;SFP:1501;SCL:1;SRVR:VI1PR05MB3135;H:VI1PR05MB3374.eurprd05.prod.outlook.com;FPR:;SPF:None;LANG:nb;PTR:InfoNoRecords;MX:1;A:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:194.37.255.150;IPV:NLI;CTRY:DE;EFV:NLI;SFV:NSPM;SFS:(2980300002)(199004)(189003)(246002)(52536014)(496002)(3480700005)(486006)(74316002)(568964002)(2476003)(7116003)(3846002)(7736002)(7636002)(58800400005)(881003)(19627405001)(1671002)(22186003)(5000100001)(25786009)(99286004)(28085005)(45080400002)(6116002)(8636004)(356004)(8676002)(476003)(3672435006)(71190400001)(21480400003)(86362001)(7596002)(126002)(14454004)(606006)(66066001)(336012)(106002)(7696005)(26005)(15843345004)(1096003)(16586007)(63106013)(6506007)(5024004)(15974865002)(55016002)(63266004)(221733001)(54556002)(733005)(236005)(33656002)(102836004)(54896002)(99936001)(5660300002)(109986005)(15003)(61614004)(6306002)(36386004)(9686003)(127190200001);DIR:INB;SFP:;SCL:1;SRVR:AM6PR0302MB3464;H:mxout150.expurgate.net;FPR:;SPF:Pass;LANG:nb;PTR:mxout150.expurgate.net;A:1;MX:1;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "1b7083a4-0e92-4065-87fc-eb5482b64854:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "0" + }, + { + "key": "Thread-Topic", + "value": "shared document" + }, + { + "key": "Thread-Index", + "value": "AQHVN9Lbt4EwsKBq9EetIwzIPJgAsQ==" + }, + { + "key": "Received-SPF", + "value": "None (protection.outlook.com: osman.ru does not designate permitted sender hosts)" + }, + { + "key": "Content-Language", + "value": "nb-NO" + }, + { + "key": "Authentication-Results", + "value": "spf=none (sender IP is 91.185.204.65) osma n.ru\n smtp.mailfrom=osman.ru; mailrisk.com; dkim=fail (no key for\n signature) header.d=osman.ru;mailrisk.com; dmar c=none\n action=none header.from=osman.ru; dkim=fail (no key\n for signature) head er.d=osman.ru;" + }, + { + "key": "Accept-Language", + "value": "nb-NO, en-US" + } + ], + "assessments_s": [ + { + "risk": 2, + "category": null, + "confidence": 0.5, + "source": "heuristics", + "source_id": 4520, + "assessed_at": "2022-01-14 09:39:09" + }, + { + "risk": 3, + "category": "malware", + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:40:53" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "risk_changed", + "reported_at_s": "", + "id_d": 1695, + "message_id_s": "BY5PR16MB3094176126368BE03515A83EB9C80@BY5PR16MB3094.namprd16.prod.outlook.com", + "size_bytes_d": 0, + "subject_s": "Document Received 7/18/2019 6:44 AM", + "from_email_s": "Jose.Porras@la-panthers.org", + "from_name_s": "Jose Porras", + "reply_to_s": "karl.schubert90@mail.ru ", + "spam_score_d": 1, + "spf_s": "pass", + "originating_ip_s": "40.126.2.50", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "https://1drv.ms/xs/s!AoyI6FpgdXonhGpLWO9LIVGlWTj8", + "text": "", + "hostname": "1drv.ms" + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "suspicious", + "risk_d": 2, + "risk_source_s": "super", + "sent_at_s": "2019-08-03 05:52:32", + "assessed_at_s": "2022-01-14 09:40:45", + "content_status_s": "received", + "headers_s": [ + { + "key": "Return-Path", + "value": "Jose.Porras@la-panthers.org" + }, + { + "key": "Received", + "value": "from VI1P192MB0077.EURP192.PROD.OUTLOOK.COM (2603:10a6:3:bc::22) by HE1P192MB0076.EURP192.PROD.OUTLOOK.COM with HTTPS via \r\n HE1P190CA0012.EURP190.PROD.OUTLOOK.COM; Thu, 18 Jul 2019 13:45:27 +0000" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=la panthers.onmicrosoft.com;\n s=selector1-lapanthers-onmicrosoft-com; \r\n h=From:Date:Subject:Message-ID:Content-Type:MIME \r\n -Version:X-MS-Exchange-SenderADCheck; \r\n bh=7Z0nSF1uRjl3lG5QFO1Ke7ikKpIpPLHF+1qOea5CJDU=; \r\n b=uemSEmiXghVAt7/Y04KjwAu2GcVQ+H62M+NoPLlZ7QaRmqVLF6yeuqlFZIkTX28JqfnZ/B8wmpuUwFWmyGuHdlqSzJwaqfOFvHZWDR/o5U93zPlIOzGG82FFkzFE4xP0oBPl4xdxxwtCY7Owsg1lpMOZ44+ya1UPDKgxzyfGPWQ=" + }, + { + "key": "Message-ID", + "value": "" + }, + { + "key": "Date", + "value": "Sat, 03 Aug 2019 05:52:32 +0000" + }, + { + "key": "Subject", + "value": "Document Received 7/18/2019 6:44 AM" + }, + { + "key": "From", + "value": "Jose Porras " + }, + { + "key": "Reply-To", + "value": "\"karl.schubert90@mail.ru\" " + }, + { + "key": "To", + "value": "\"demo@mailrisk.com\" " + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1564811552_b09ccc2647f8efe28af2a365bd908438_=_\"" + }, + { + "key": "x-originating-ip", + "value": "[40.126.2.50]" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "BY5PR16MB3620:|BY5PR16MB3620:|VI1P192MB0077:" + }, + { + "key": "x-ms-publictraffictype", + "value": "Email" + }, + { + "key": "x-ms-oob-tlc-oobclassifiers", + "value": "OLM:134;OLM:134;" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id-Prvs", + "value": "6a71bb86-26d0-461e-434a-08d70b862e0f" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "95d293ac-528f-4cc8-c44a-08d70b862fa0" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:02.8161166" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStripped", + "value": "HE1EUR01FT044.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "BY5PR16MB3620" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersPromoted", + "value": "HE1EUR01FT044.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "x-ms-exchange-senderadcheck", + "value": "1" + }, + { + "key": "X-MS-Exchange-Safelinks-Url-KeyVer", + "value": "1" + }, + { + "key": "X-MS-Exchange-PUrlCount", + "value": "1" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.2073.000" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "1" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "95d293ac-528f-4cc8-c44a-08d70b862fa0" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "18 Jul 2019 13:45:24.8802 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "1:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "HE1EUR01FT044.eop-EUR01.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "18 Jul 2019 13:45:24.2010 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "95d293ac-528f-4cc8-c44a-08d70b862fa0" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-MS-Exchange-ATPSafeLinks-Stat", + "value": "0" + }, + { + "key": "X-MS-Exchange-AtpMessageProperties", + "value": "SA|SL" + }, + { + "key": "X-Microsoft-Antispam-Untrusted", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7025125)(7027125)(7023125)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);SRVR:BY5PR16MB3620;" + }, + { + "key": "x-microsoft-antispam-prvs", + "value": "" + }, + { + "key": "X-Microsoft-Antispam-Message-Info-Original", + "value": "mxQOwF1Q5Vt0ASYpxARA+MvnVvelZXz6adzgbxisWNCcBj9Z7ePv7GKJRtq40tIdVFsc1WlCTTwA6zibVOEJc2AKmNdRkzDbw09mKirGZCnSM0c7EiIKOLm6hbLp0fZWgekgok5io1/uToVZF0tZjXPferyG+0ZtGEdEzg2P60pLgsYxmSYL0lE8kfpMUim0u2u0RjLNB2Jdgk4Psbw3zxUtNk8/9KcAnTNIL/7GfV/KdKrOKfB4Bl8ZuzoJqiiH0o6vUsJ88Vwc7jjDPJicpeJ3XHICrhDw/RlOU+srJt13NxklUvItYlTSLvSrG7SAGJAoBOxIpb5zcUNopvTsuz502GS0BgjkQB6HrPmsG8WYryhI818ziiUizaIUQcbsBWlsNZDVAxxFGHiaoHJHTrvab+e6Hxieh2H9UEw5gvg=" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "2idCpenykI3D6g+HB7ibtB2VdP30s6RRJYLsq1QRPhAtf/10JyH37tM2QSKX 7DrtUDL6hQV0rvs90SpJjWR3mGJakunZ5m7i5EEa0dQg193OJ1u0EcAYyBO+\r\n \n lPZknfs8h13sONJ1Il6eLXCO8cQqeVn8WEsOiNJDsyShmCN8uGER337Cvmtq\r\n \n gl4ubULm9O1pUU8xCpsPWXK07znNIZWwaPzlSWnC7WLJlFls4fbRga+TkY41\r\n \n QXycdWIUO6RpV4KruYYnwBcx7N3EugLWBswdGHSsCKtB3YhbmmhyeRt60yVD\r\n \n LBizfVWWfVKynTyp1nrTfB7XPHketzP3jxfk/RLrqAT9oNaYL0vkWPUBLyur\r\n \n jxd46BkmfSUewHh66SCK7CP1Ko8bXSJmxi9ruw1HvZ66T5LN0ayim9qev9As\r\n \n rGftwMdw1ZfSDYiU9uZG/FAELTaYWvwl4vXr4MFehNHWWkqGYq7x6PW+Q2c5\r\n \n RF9puPEmOTGbGk8KnYz1XPT+TFPobnxAuD19DnbP21fH1QXioao+vvr/hd8N\r\n \n 946U/J+4n8kAvRilOdd8VwzSUuNwnFcsyvpoBFeb0JgfRL2PhHJovMZJKQWN\r\n \n cfdWaxu0DBnXkmQ3PLVUL9dFUW/w6UsFvQTDnqCtJ2lwS9dVOYmea0unt8FZ\r\n \n XFGgO6639UZzOLR1ZGiB2r9hS+v0fRfOx2tYipRPdKBqLkg1iYW5aTqsAzkH\r\n \n EvqbJkLWiyWWejqoW6n2qvp6E5BsYgxauxTvvk3/7Irtpa9K0o74hXHT+lbR\r\n \n BqbF6BXMDeiKW2GzeX00gnWvdbDOJgL6oIu2023LuL4QUreZUIelLbbOmA3F\r\n \n sLqpK/HgW8rHfGIvKiPIiZVU4u3IjQojEiz+vWIgi2qCKPEI29Vw8RA41sDq\r\n \n eIcLrt76leoUPnGJDw8F34WSwynpAfMLzP+HI0N4cYB0Lzht4Pbh1kZDRNlG\r\n \n jxjU+XznScrkDI7d8EhDp0IHq7AfRfpU7o5jrqV005SiFuBDAmf6QfN6wz9h\r\n \n ynS/t2iBhXSzb5wQqNwSVV701g==" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160514016)(750119)(520011016)(944506303)(944626516);" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600148)(710020)(711020)(4605104)(4709080)(1420029)(8001031)(1414054)(1124261)(71702078)(7193020);SRVR:VI1P192MB0077;" + }, + { + "key": "x-forefront-prvs", + "value": "01026E1310" + }, + { + "key": "X-Forefront-Antispam-Report-Untrusted", + "value": "SFV:NSPM;SFS:(10009020)(39850400004)(376002)(136003)(366004)(346002)(396003)(23433003)(189003)(199004)(66476007)(66806009)(76116006)(66946007)(91956017)(5660300002)(102836004)(26005)(476003)(86362001)(6506007)(53936002)(6916009)(6666004)(7696005)(71200400001)(71190400001)(256004)(68736007)(486006)(66556008)(99286004)(186003)(8796002)(1730700003)(74316002)(64756008)(2501003)(52536014)(66446008)(8936002)(316002)(786003)(45080400002)(14454004)(2860700004)(2351001)(81156014)(81166006)(508600001)(43066004)(33656002)(3846002)(55016002)(38605005)(71646002)(236005)(558084003)(606006)(6116002)(7736002)(25786009)(54896002)(66066001)(6436002)(1250700005)(8676002)(2906002)(9686003)(6306002)(5640700003)(48046002);DIR:OUT;SFP:1101;SCL:1;SRVR:BY5PR16MB3620;H:BY5PR16MB3094.namprd16.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:40.107.76.47;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10001)(4636009)(2980300002)(189003)(199004)(23433003)(8156004)(8796002)(6916009)(5000100001)(2160300002)(3846002)(2501003)(1096003)(1730700003)(6116002)(26005)(8636004)(486006)(48046002)(476003)(14454004)(58800400005)(102836004)(2351001)(5660300002)(66806009)(5640700003)(8676002)(126002)(61614004)(606006)(6436002)(356004)(6666004)(336012)(71190400001)(38605005)(52536014)(86362001)(45080400002)(54896002)(6506007)(106002)(1250700005)(9686003)(25786009)(564344004)(33656002)(99286004)(43066004)(16003)(55016002)(36906005)(66066001)(71646002)(74316002)(7696005)(236005)(33964004)(16586007)(246002)(7636002)(7736002)(2860700004)(6306002);DIR:INB;SFP:;SCL:1;SRVR:VI1P192MB0077;H:NAM02-CY1-obe.outbound.protection.outlook.com;FPR:;SPF:Pass;LANG:en;PTR:mail-eopbgr760047.outbound.protection.outlook.com;MX:1;A:1;" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "8d47db94-4b60-455c-9da3-8afe586d5916:0" + }, + { + "key": "X-EOPAttributedMessage", + "value": "0" + }, + { + "key": "Thread-Topic", + "value": "Document Received 7/18/2019 6:44 AM" + }, + { + "key": "Thread-Index", + "value": "AQHVPW7617zE4gE1fEufepy3P+kxLg==" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of la-panthers.org designates 40.107.76.47 as permitted sender)\n receiver=protection.outlook.com; client-ip=40.107.76.47; \r\n helo=NAM02-CY1-obe.outbound.protection.outlook.com;" + }, + { + "key": "Content-Language", + "value": "en-US" + }, + { + "key": "Authentication-Results-Original", + "value": "spf=none (sender IP is ) smtp.mailfrom=Jose.Porras@la-panthers.org;" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 40.107.76.47) smtp.mailfrom=la-panthers.org; mailrisk.com; dkim=pass\r\n (signature\n was verified) header.d=lapanthers.onmicrosoft.com;mailrisk .com; dmarc=bestguesspass\r\n action=none header.from=la-panthers.org;compauth=pass reason=109" + }, + { + "key": "ARC-Seal", + "value": "i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=XPFfcmI0holVNZjhUaAK1DrBwr2ZBkkeRdtJUBLqO5gIx6USdDDesUcP58a/9LxQGDGoVO91f2aGzNZtFz+pWIzvgoPI6811nTwudg71HS79FLv+rxWqWumeOyehXPWmtNZpIh+8RHVanramrQihm90USO3A/mFN2mOpHjvPSe16F8pBXdu1e+4HhyZoN1VJ3mHur0W1xeI/1ABV6mKfkEjZr33P3JmKYGrsXEfp2B77kbCGpqcAfRL2G/ItU0/hoRFfYiaovIlX/j0OPwFlABXDSD0FvKVmyWFkXit5yTh5Lz98GCsomtUe/AuNXiehX2bMkRQyIeL/60uaRkZIzg==" + }, + { + "key": "ARC-Message-Signature", + "value": "i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME \r\n -Version:X-MS-Exchange-SenderADCheck; \r\n bh=7Z0nSF1uRjl3lG5QFO1Ke7ikKpIpPLHF+1qOea5CJDU=; \r\n b=MO8RPqyOba7LLYPQF9Pche5yFL8yQYJwKxOr97SQLE438rusE4vxDrLlqCQzTOROChQDFcqhavAzMjUztVPSOtLHtpqJJOEDBK82BH+efGR3I7h7X6UflwlIpGqA/HWXBMp08Fi7c4LTbTrG9RwyWy2QOeRI7SidBOkq9bR2pK/lWkY0Yh7sZwJ3BLXaKg0HhBrn/ezRw8BUj7e4OL9eJXlgWkDji1VZwUYMllKGWqbh8crjxp9NoL4dNC8vJHzNFDDiSIq0TqFPDmM+ZnulXWuRJlZS+BgkI33nvuMHFJK8hsQmPolB5vCZ+F5ZYG0xEDOR9vAmT8I5lhkgnr4Vrw==" + }, + { + "key": "ARC-Authentication-Results", + "value": "i=2; mx.microsoft.com 1;spf=pass (sender ip is 40.107.76.47) smtp.rcpttodomain=mailrisk.com \r\n smtp.mailfrom=la-panthers.org;dmarc=bestguesspass action=none \r\n header.from=la-panthers.org;dkim=pass (signature was verified) \r\n header.d=lapanthers.onmicrosoft.com;arc=pass (0 oda=1 ltdi=1 \r\n spf=[1,1,smtp.mailfrom=la-panthers.org] dkim=[1,1,header.d=la-panthers.org] \r\n dmarc=[1,1,header.from=la-panthers.org])" + }, + { + "key": "Accept-Language", + "value": "en-US" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4519, + "assessed_at": "2022-01-14 09:38:51" + }, + { + "risk": 2, + "category": "suspicious", + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:40:44" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + }, + { + "TenantId": "a507b3da-6b78-4ed6-a1c8-6e3d77ac22ca", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated [UTC]": "1/14/2022, 9:42:06.150 AM", + "Computer": "", + "RawData": "", + "event_type_s": "risk_changed", + "reported_at_s": "", + "id_d": 1694, + "message_id_s": "1641920649.safelinks.protection61ddb88947f9f@telecomservic.es", + "size_bytes_d": 0, + "subject_s": "Secure Practice AS message for {{FIRSTNAME}}", + "from_email_s": "safelinks.protection@telecomservic.es", + "from_name_s": "Safelinks protection", + "reply_to_s": "", + "spam_score_d": -1, + "spf_s": "pass", + "originating_ip_s": "207.154.247.120", + "_links_count_hard_d": "", + "links_s": [ + { + "url": "mailto:{{EMAIL}}", + "text": "{{EMAIL}}", + "hostname": null + } + ], + "_attachments_count_hard_d": "", + "attachments_s": [], + "reporter_domain_s": "mailrisk.com", + "company_id_d": 2, + "feedback_requested_b": false, + "feedback_provided_b": false, + "Category": "", + "risk_d": 3, + "risk_source_s": "super", + "sent_at_s": "2022-01-11 17:04:09", + "assessed_at_s": "2022-01-14 09:40:33", + "content_status_s": "received", + "headers_s": [ + { + "key": "Received", + "value": "from SV0P279MB0481.NORP279.PROD.OUTLOOK.COM (2603:10a6:f10:19::13) by SVAP279MB0478.NORP279.PROD.OUTLOOK.COM with HTTPS; Tue, 11 Jan 2022\r\n 17:04:14 +0000" + }, + { + "key": "Received", + "value": "from AS8PR05CA0001.eurprd05.prod.outlook.com (2603:10a6:20b:311::6) by SV0P279MB0481.NORP279.PROD.OUTLOOK.COM (2603:10a6:f10:19::13) with\r\n Microsoft SMTP Server (version=TLS1_2,\r\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4888.9; Tue, 11 Jan\r\n 2022 17:04:13 +0000" + }, + { + "key": "Received", + "value": "from VI1EUR04FT050.eop-eur04.prod.protection.outlook.com (2603:10a6:20b:311:cafe::46) by AS8PR05CA0001.outlook.office365.com\r\n (2603:10a6:20b:311::6) with Microsoft SMTP Server (version=TLS1_2,\r\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4888.9 via Frontend\r\n Transport; Tue, 11 Jan 2022 17:04:13 +0000" + }, + { + "key": "Authentication-Results", + "value": "spf=pass (sender IP is 207.154.247.120) smtp.mailfrom=telecomservic.es; dkim=pass (signature was verified)\r\n header.d=smtp.sendfiend.com;dmarc=permerror action=none\r\n header.from=telecomservic.es;compauth=pass reason=105" + }, + { + "key": "Received-SPF", + "value": "Pass (protection.outlook.com: domain of telecomservic.es designates 207.154.247.120 as permitted sender)\r\n receiver=protection.outlook.com; client-ip=207.154.247.120;\r\n helo=smtp.sendfiend.com;" + }, + { + "key": "Received", + "value": "from smtp.sendfiend.com (207.154.247.120) by VI1EUR04FT050.mail.protection.outlook.com (10.152.29.113) with Microsoft SMTP\r\n Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id\r\n 15.20.4867.7 via Frontend Transport; Tue, 11 Jan 2022 17:04:13 +0000" + }, + { + "key": "Message-ID", + "value": "<1641920649.safelinks.protection61ddb88947f9f@telecomservic.es>" + }, + { + "key": "DKIM-Signature", + "value": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=smtp.sendfiend.com; \ts=selector1; t=1641920652;\r\n \tbh=mJGoGh3rHvuq/4haP8rrf3KHyxoRJkZ/b73prEedcTw=;\r\n \th=Date:Subject:From:To:From;\r\n \tb=o8oBpilb7Gz3tcPDKP2nj83bTp3pi6sYL9wi0wGkzjVE2I8g7jt+ljfo+VS9ICikp\r\n \t VtoZTz4opCZJc/ptAabG/ofoeRfinf/6Ql12f6JpQ2PlE2p+1+jVTVUoeuBnf7Txtg\r\n \t 27xjJu4iy1rqgwh7JHO0oKia6nhabc3qpUqA83bZm3+Prn6zQKFCwszlNhcsbBzweM\r\n \t 2fysJlC8+qYl9WsvcS2ztCX76/ZTlPfbxNX1qAsUxR6uz0y03D6vCIWYa+1AvdTYa2\r\n \t jasfrllrpQ1QfO3StDyOUqM41FlOxmHHwVDk34RZ9kHBDGfZsw0+fXF1wwbMYi5mNB\r\n \t +8IpXZh0kouLA==" + }, + { + "key": "Date", + "value": "Tue, 11 Jan 2022 17:04:09 +0000" + }, + { + "key": "Subject", + "value": "Secure Practice AS message for MailRisk" + }, + { + "key": "From", + "value": "Safelinks protection " + }, + { + "key": "To", + "value": "demo@mailrisk.com" + }, + { + "key": "MIME-Version", + "value": "1.0" + }, + { + "key": "Content-Type", + "value": "multipart/alternative; boundary=\"_=_swift_1641920649_0f856b366b9a69aa3f59a5baf218a3e0_=_\"" + }, + { + "key": "X-SP-Tenant", + "value": "bf3b580dbae9e7857b3182dc36434cab2f6e4771" + }, + { + "key": "X-SIMULATED-PHISHING", + "value": "THIS IS ONLY A SIMULATION" + }, + { + "key": "X-SECURITY-INFO", + "value": "https://securepractice.co/.well-known/security.txt" + }, + { + "key": "X-Key", + "value": "wru0ReoUd0uOUM8TpbuE228rpcryVGz9" + }, + { + "key": "X-Identifier", + "value": "DL9dJh4LMj0OgeDmgDuYz2uaor0mctYK" + }, + { + "key": "Return-Path", + "value": "safelinks.protection@telecomservic.es" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTime", + "value": "11 Jan 2022 17:04:13.1185 (UTC)" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationStartTimeReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationInterval", + "value": "1:00:00:00.0000000" + }, + { + "key": "X-MS-Exchange-Organization-ExpirationIntervalReason", + "value": "OriginalSubmit" + }, + { + "key": "X-MS-Exchange-Organization-Network-Message-Id", + "value": "13b52626-ff94-4669-7a33-08d9d524647e" + }, + { + "key": "X-EOPAttributedMessage", + "value": "0" + }, + { + "key": "X-EOPTenantAttributedMessage", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79:0" + }, + { + "key": "X-MS-Exchange-Organization-MessageDirectionality", + "value": "Incoming" + }, + { + "key": "X-MS-PublicTrafficType", + "value": "Email" + }, + { + "key": "X-MS-Exchange-Organization-AuthSource", + "value": "VI1EUR04FT050.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-Organization-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Office365-Filtering-Correlation-Id", + "value": "13b52626-ff94-4669-7a33-08d9d524647e" + }, + { + "key": "X-MS-TrafficTypeDiagnostic", + "value": "SV0P279MB0481:EE_" + }, + { + "key": "X-MS-Exchange-Organization-SCL", + "value": "-1" + }, + { + "key": "X-MS-Exchange-Organization-BypassClutter", + "value": "true" + }, + { + "key": "X-MS-Oob-TLC-OOBClassifiers", + "value": "OLM:6108;" + }, + { + "key": "X-Microsoft-Antispam", + "value": "BCL:0;" + }, + { + "key": "X-Forefront-Antispam-Report", + "value": "CIP:207.154.247.120;CTRY:DE;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:NSPM;H:smtp.sendfiend.com;PTR:smtp.sendfiend.com;CAT:NONE;SFS:;DIR:INB;" + }, + { + "key": "X-MS-Exchange-CrossTenant-OriginalArrivalTime", + "value": "11 Jan 2022 17:04:13.0404 (UTC)" + }, + { + "key": "X-MS-Exchange-CrossTenant-Network-Message-Id", + "value": "13b52626-ff94-4669-7a33-08d9d524647e" + }, + { + "key": "X-MS-Exchange-CrossTenant-Id", + "value": "738b5784-45bc-4d74-8eca-c543f6203d79" + }, + { + "key": "X-MS-Exchange-CrossTenant-AuthSource", + "value": "VI1EUR04FT050.eop-eur04.prod.protection.outlook.com" + }, + { + "key": "X-MS-Exchange-CrossTenant-AuthAs", + "value": "Anonymous" + }, + { + "key": "X-MS-Exchange-CrossTenant-FromEntityHeader", + "value": "Internet" + }, + { + "key": "X-MS-Exchange-Transport-CrossTenantHeadersStamped", + "value": "SV0P279MB0481" + }, + { + "key": "X-MS-Exchange-Transport-EndToEndLatency", + "value": "00:00:01.4661025" + }, + { + "key": "X-MS-Exchange-Processed-By-BccFoldering", + "value": "15.20.4867.012" + }, + { + "key": "X-Microsoft-Antispam-Mailbox-Delivery", + "value": "ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506458)(944626604)(920097)(930097);" + }, + { + "key": "X-Microsoft-Antispam-Message-Info", + "value": "N1AYO5109++efM1k8Mj/X41NiFA3iPPdBAypvWTgKETyARG9kccUEfnhJrQn oDoc+EmgDFJRUlSiYEA12xoS9E4e1y6GreEndNbxdUnIVO0gz6WPCtVjhvkC VY+lxGiymHsBGXrMQCsQst42nwByPPXu5y/oobw97ycqYslnIlY8zDrZf0io L1JEywz6+GXZAxtjW41E5d0OdeC9ilJ3ttkruuxDabYTTsAdtlOOIhzMcQu6 0eqjk7ORO9M+mzY8xJtvKjXFtWkBvGKshUEqjpT/FRFnMM+aHaKJU4cQeRY5 o2TvZq9RDUXqHkPllOkak4FkZtl/0F2uJ0CqAahGwMYmIs+RgTr6cGPcchRi HFCY9yS0/+9oYRdmhtD3Deo8nAXvad0xKYDnprflLJi+d5eERJOylqmb4J1B LhskXCEzvja7kBf9Wh6SJrq4KppsR86aIfO5Y2y2IQPKX1YJB75eSgbfVUX+ HTfBho+XLptWKa7vqk2+V87FF2yHkoNXaQjwBXNiQwYPWpMhABChsdRgorqr t9tSuSyT5+ORwj24V1FK/LUo/3O28U+hiCh4lvhGxFf6GeRqpPhdj8R0IxCX CnW1qV1+8lcBUDYvu3WlmFJPW6YvSkEBBGdVLSvr/+a8T4KvIarmVxjqCYW4 wHKzbwM4xFKU4zL5fJcu0leRF2/D1/29kuB6DyhbgsTX5NuLnxbs2GGllfUi ZGOeVdIawRHgiSnBMp77DFQL958zvqULAp9Od9/Y479foIKvn0xf5SjZMHs0 E7IbOHkj8RiX3+DV6M7XoT9LCw0L9ThsD9a5myntRzWMgyv8LgSdRw6yQnxQ Lk/jSiU1K6Yb35gDaRysUZYOGIkEZA2hZ1PUG/o28QnZRgqQUhGBM+QXXtRg c3CsDu/c80Cdce56GJtUoWkcCI3Aoug5tLP6I+su6X+nH4bTJvA6mTs/+lmz 3z3HhOku4Px8RTSAQqDpvkD4RmWvHX3aqgQ8CSx16VS7VGT84UcLi362cD44 PKzXo5p8XjfWZJMur6iwFGws0RKZyOig1PFesWC5cFlPJiLEdbtX7LxPv0ru ZpJLzTth+HA0mBfdCvqjsDFINJN6lxYzCiIbPppUgP9jhIRUXChl+moAIiAz kYQLS1Cvu3TpvKQkdcYhtxpptgy/fIKbxzaevGmCcj5//haboVHzBpCW2scO /Uv2ph1gyJjZ16A5BqLYesw/0LFWPt9tVD3UjYBVsW56Ld+lkyJvr0D5sEzs tEA08p7ABVOTavbVkGwrOuPtj5qYBVtZZT7Tdxbx+1xhm83dtGlBlSp1Si7g D+dem8uRZ5r0E+nF0fD+xB3Td/Fm1eai+uo+/g8oZDbHcieODMMZFbQzqFbh Ie+WtlklsndTjro/Gs+kOx8FIQ7JVq2XGVOZKgFEm2BSXu+vzK6u7+GfUByK IphTx6gllmkvKjywQHSC7d0GIrzoFxx7SfXEqywEbYb5NOskhvMYAFaX8zsp tkyecLRYHXrKIYbm1unRLOld6L/lL9aNkUPwgy1SwwyQ3FtJ8bU629goFJy1 jcmk6Ie78Fciok799SneKOxqNOjTAIHZ+Y/f2MoI8YGunFBxO+I0BdNrsU4A S3Az2be63hk/atwkl/WxQtV/9MdYkZPO4BLViKF3muX9JC/AtMtF3qE1bHpH C5qxviSObfWuTDRBr0vTp9gsTC1xu8v4EEzK4zsVAUAaNysWDzuUfF1FTnFc APMAgI2jhUoLkOxj8gzp2o6flKmnkk2IDW+66lXouIOUq8Vd2dHSksCyBCYm W+bRQJ/dTFleaR/XUaJQOHlbfTzfzMocQIGQKMfj1UwTpXuEhwuY86DXasoq AFF8OaWtvDTIxdOHxcviRJvzGPJ9H7IGoXOYu3v4IK5Fla1K+CBSfXxLsf5b irTe0XQy20vP5svixpUbVZOaoiNet0IvxzyyAKxuCVEfqIuNxeoXHlH+YtNW MjKhLZEUmxuDji50XqOJah0KCE4+1K4km6tAWgu+wwJxI7zi0LhuL/0Wmmt7 uoqVeQDPj1BtngEAAljGxMWeDhSO5y8O3S5elcBv59T4jvEy8rTn2RFa0xCU WSOG0aKOyoyqTCdOhM8V5b+qG823pi0LWULITw/SCDChvP4eZjQZLdYvXXsA uA9BRwVCQBt6GROEgZaPQuv025ztWs6UTN77GRajGlIqOfsDTrbD1uXpRhk =" + } + ], + "assessments_s": [ + { + "risk": null, + "category": null, + "confidence": 0.1, + "source": "heuristics", + "source_id": 4518, + "assessed_at": "2022-01-14 09:38:07" + }, + { + "risk": 3, + "category": null, + "confidence": 1, + "source": "super", + "source_id": 139, + "assessed_at": "2022-01-14 09:40:32" + } + ], + "reported_risk_d": "", + "Type": "MailRiskEmails_CL", + "_ResourceId": "" + } +] \ No newline at end of file From d159aa203a4ecf64f2abe052690ff4997dddd3ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingebrigt=20Nyg=C3=A5rd?= Date: Thu, 16 Jun 2022 11:34:21 +0200 Subject: [PATCH 2/7] Move DataConnector json to Solutions folder --- .../MailRisk/Data Connectors}/SecurePractice_MailRisk.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {DataConnectors => Solutions/MailRisk/Data Connectors}/SecurePractice_MailRisk.json (100%) diff --git a/DataConnectors/SecurePractice_MailRisk.json b/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json similarity index 100% rename from DataConnectors/SecurePractice_MailRisk.json rename to Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json From ac8993fd4225bf064858697db05a61dc6410f685 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingebrigt=20Nyg=C3=A5rd?= Date: Thu, 16 Jun 2022 13:27:33 +0200 Subject: [PATCH 3/7] Add custom logs table schema for MailRiskEmails_CL --- .../CustomTables/MailRiskEmails_CL.json | 161 ++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/MailRiskEmails_CL.json diff --git a/.script/tests/KqlvalidationsTests/CustomTables/MailRiskEmails_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/MailRiskEmails_CL.json new file mode 100644 index 0000000000..2cb90f9b40 --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/MailRiskEmails_CL.json @@ -0,0 +1,161 @@ +{ + "Name":"MailRiskEmail_CL", + "Properties":[ + { + "Name":"TenantId", + "Type":"String" + }, + { + "Name":"SourceSystem", + "Type":"String" + }, + { + "Name":"MG", + "Type":"String" + }, + { + "Name":"ManagementGroupName", + "Type":"String" + }, + { + "Name":"ManagementGroupName", + "Type":"String" + }, + { + "Name":"TimeGenerated [UTC]", + "Type":"DateTime" + }, + { + "Name":"Computer", + "Type":"String" + }, + { + "Name":"RawData", + "Type":"String" + }, + { + "Name":"event_type_s", + "Type":"String" + }, + { + "Name":"reported_at_s", + "Type":"String" + }, + { + "Name":"id_d", + "Type":"Double" + }, + { + "Name":"message_id_s", + "Type":"String" + }, + { + "Name":"size_bytes_d", + "Type":"Double" + }, + { + "Name":"subject_s", + "Type":"String" + }, + { + "Name":"from_email_s", + "Type":"String" + }, + { + "Name":"from_name_s", + "Type":"String" + }, + { + "Name":"reply_to_s", + "Type":"String" + }, + { + "Name":"spam_score_d", + "Type":"Double" + }, + { + "Name":"spf_s", + "Type":"String" + }, + { + "Name":"originating_ip_s", + "Type":"String" + }, + { + "Name":"_links_count_hard_d", + "Type":"Double" + }, + { + "Name":"links_s", + "Type":"Dynamic" + }, + { + "Name":"_attachments_count_hard_d", + "Type":"Double" + }, + { + "Name":"attachments_s", + "Type":"Dynamic" + }, + { + "Name":"reporter_domain_s", + "Type":"String" + }, + { + "Name":"company_id_d", + "Type":"Double" + }, + { + "Name":"feedback_requested_b", + "Type":"Boolean" + }, + { + "Name":"feedback_provided_b", + "Type":"Boolean" + }, + { + "Name":"Category", + "Type":"String" + }, + { + "Name":"risk_d", + "Type":"Double" + }, + { + "Name":"risk_source_s", + "Type":"String" + }, + { + "Name":"sent_at_s", + "Type":"String" + }, + { + "Name":"assessed_at_s", + "Type":"String" + }, + { + "Name":"content_status_s", + "Type":"String" + }, + { + "Name":"headers_s", + "Type":"Dynamic" + }, + { + "Name":"assessments_s", + "Type":"Dynamic" + }, + { + "Name":"reported_risk_d", + "Type":"Double" + }, + { + "Name":"Type", + "Type":"String" + }, + { + "Name":"_ResourceId", + "Type":"String" + } + ] +} \ No newline at end of file From 6e037a183b272e1e61b0d4fd380baf83be7a3b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingebrigt=20Nyg=C3=A5rd?= Date: Fri, 17 Jun 2022 12:08:49 +0200 Subject: [PATCH 4/7] Sanitize emails in sample data --- Sample Data/Custom/MailRiskEmails_CL.json | 352 +++++++++++----------- 1 file changed, 176 insertions(+), 176 deletions(-) diff --git a/Sample Data/Custom/MailRiskEmails_CL.json b/Sample Data/Custom/MailRiskEmails_CL.json index b1c091341d..cd6aa81dd5 100644 --- a/Sample Data/Custom/MailRiskEmails_CL.json +++ b/Sample Data/Custom/MailRiskEmails_CL.json @@ -10,10 +10,10 @@ "event_type_s": "email_reported", "reported_at_s": "2022-01-14 09:39:36", "id_d": 1698, - "message_id_s": "0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "FW: Action Required: Update your payment information now", - "from_email_s": "invoice.i1Xt@office.onmicrosoft.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "ITMicrosoft", "reply_to_s": "", "spam_score_d": 5, @@ -82,7 +82,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "SpCl@lyceedespiau.fr" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -94,7 +94,7 @@ }, { "key": "Message-ID", - "value": "<0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com>" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -106,11 +106,11 @@ }, { "key": "From", - "value": "ITMicrosoft " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -258,7 +258,7 @@ }, { "key": "X-Microsoft-Antispam-PRVS", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -390,10 +390,10 @@ "event_type_s": "contents_received", "reported_at_s": "2022-01-14 09:39:36", "id_d": 1698, - "message_id_s": "0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "FW: Action Required: Update your payment information now", - "from_email_s": "invoice.i1Xt@office.onmicrosoft.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "ITMicrosoft", "reply_to_s": "", "spam_score_d": 5, @@ -462,7 +462,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "SpCl@lyceedespiau.fr" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -474,7 +474,7 @@ }, { "key": "Message-ID", - "value": "<0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com>" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -486,11 +486,11 @@ }, { "key": "From", - "value": "ITMicrosoft " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -638,7 +638,7 @@ }, { "key": "X-Microsoft-Antispam-PRVS", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -770,10 +770,10 @@ "event_type_s": "risk_changed", "reported_at_s": "2022-01-14 09:39:36", "id_d": 1698, - "message_id_s": "0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "FW: Action Required: Update your payment information now", - "from_email_s": "invoice.i1Xt@office.onmicrosoft.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "ITMicrosoft", "reply_to_s": "", "spam_score_d": 5, @@ -842,7 +842,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "SpCl@lyceedespiau.fr" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -854,7 +854,7 @@ }, { "key": "Message-ID", - "value": "<0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com>" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -866,11 +866,11 @@ }, { "key": "From", - "value": "ITMicrosoft " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -1018,7 +1018,7 @@ }, { "key": "X-Microsoft-Antispam-PRVS", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -1150,10 +1150,10 @@ "event_type_s": "risk_changed", "reported_at_s": "2022-01-14 09:39:36", "id_d": 1698, - "message_id_s": "0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "FW: Action Required: Update your payment information now", - "from_email_s": "invoice.i1Xt@office.onmicrosoft.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "ITMicrosoft", "reply_to_s": "", "spam_score_d": 5, @@ -1222,7 +1222,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "SpCl@lyceedespiau.fr" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -1234,7 +1234,7 @@ }, { "key": "Message-ID", - "value": "<0c3df853-f279-4e29-8de6-c1e5a5169a36@HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com>" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -1246,11 +1246,11 @@ }, { "key": "From", - "value": "ITMicrosoft " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -1398,7 +1398,7 @@ }, { "key": "X-Microsoft-Antispam-PRVS", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -1530,12 +1530,12 @@ "event_type_s": "contents_received", "reported_at_s": "", "id_d": 1697, - "message_id_s": "b6898566c8c1c59a4636c73d32526e55@klikdapur.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "Få dine penger (89.486,73 NOK) utbetalt i dag via Vipps", - "from_email_s": "michiel@klikdapur.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Vipps", - "reply_to_s": "michiel@klikdapur.com", + "reply_to_s": "sanitized@sanitized.com", "spam_score_d": 0, "spf_s": "", "originating_ip_s": "127.0.0.1", @@ -1582,7 +1582,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "cornelia@klikdapur.com" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -1594,7 +1594,7 @@ }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -1606,15 +1606,15 @@ }, { "key": "From", - "value": "Vipps " + "value": "sanitized@sanitized.com" }, { "key": "Reply-To", - "value": "michiel@klikdapur.com" + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "demo@mailrisk.com" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -1698,10 +1698,10 @@ "event_type_s": "contents_received", "reported_at_s": "", "id_d": 1696, - "message_id_s": "VI1PR05MB3374D0CF6ED4E5BA44DCEC6D86F30@VI1PR05MB3374.eurprd05.prod.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 654, "subject_s": "shared document", - "from_email_s": "Goldberg.Sue@osman.ru", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Sue Goldberg", "reply_to_s": "", "spam_score_d": 1, @@ -1739,7 +1739,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "goldberg.jane@osman.com.tr" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -1751,7 +1751,7 @@ }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -1763,7 +1763,7 @@ }, { "key": "From", - "value": "Sue Goldberg " + "value": "sanitized@sanitized.com" }, { "key": "To", @@ -1887,7 +1887,7 @@ }, { "key": "x-microsoft-antispam-prvs", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -1979,12 +1979,12 @@ "event_type_s": "contents_received", "reported_at_s": "", "id_d": 1695, - "message_id_s": "BY5PR16MB3094176126368BE03515A83EB9C80@BY5PR16MB3094.namprd16.prod.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "Document Received 7/18/2019 6:44 AM", - "from_email_s": "Jose.Porras@la-panthers.org", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Jose Porras", - "reply_to_s": "karl.schubert90@mail.ru ", + "reply_to_s": "sanitized@sanitized.com", "spam_score_d": 1, "spf_s": "pass", "originating_ip_s": "40.126.2.50", @@ -2011,7 +2011,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "Jose.Porras@la-panthers.org" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -2023,7 +2023,7 @@ }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -2035,15 +2035,15 @@ }, { "key": "From", - "value": "Jose Porras " + "value": "sanitized@sanitized.com" }, { "key": "Reply-To", - "value": "\"karl.schubert90@mail.ru\" " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "\"demo@mailrisk.com\" " + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -2175,7 +2175,7 @@ }, { "key": "x-microsoft-antispam-prvs", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -2231,7 +2231,7 @@ }, { "key": "Authentication-Results-Original", - "value": "spf=none (sender IP is ) smtp.mailfrom=Jose.Porras@la-panthers.org;" + "value": "spf=none (sender IP is ) smtp.mailfrom=sanitized@sanitized.com;" }, { "key": "Authentication-Results", @@ -2279,10 +2279,10 @@ "event_type_s": "contents_received", "reported_at_s": "", "id_d": 1694, - "message_id_s": "1641920649.safelinks.protection61ddb88947f9f@telecomservic.es", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "Secure Practice AS message for {{FIRSTNAME}}", - "from_email_s": "safelinks.protection@telecomservic.es", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Safelinks protection", "reply_to_s": "", "spam_score_d": -1, @@ -2335,7 +2335,7 @@ }, { "key": "Message-ID", - "value": "<1641920649.safelinks.protection61ddb88947f9f@telecomservic.es>" + "value": "sanitized@sanitized.com" }, { "key": "DKIM-Signature", @@ -2351,11 +2351,11 @@ }, { "key": "From", - "value": "Safelinks protection " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "demo@mailrisk.com" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -2387,7 +2387,7 @@ }, { "key": "Return-Path", - "value": "safelinks.protection@telecomservic.es" + "value": "sanitized@sanitized.com" }, { "key": "X-MS-Exchange-Organization-ExpirationStartTime", @@ -2531,10 +2531,10 @@ "event_type_s": "contents_received", "reported_at_s": "2022-01-14 09:41:16", "id_d": 1703, - "message_id_s": "trinity-3570feb1-4561-4b03-a0de-74934e27a322-1504288206404@3c-app-mailcom-bs14", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "Vi hjelper deg gjerne", - "from_email_s": "dionexvdyh@gmx.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Hayley Loughrey", "reply_to_s": "", "spam_score_d": 1, @@ -2563,7 +2563,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "SRS0=sbZ62=AC=gmx.com=demo@securepractice.no" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -2571,7 +2571,7 @@ }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -2583,11 +2583,11 @@ }, { "key": "From", - "value": "Hayley Loughrey " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -2691,7 +2691,7 @@ }, { "key": "X-Ham-Report", - "value": "Spam detection software, running on the system \"cpanel25.proisp.no\", has NOT identified this incoming email as spam. The\r\n original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n root\\@localhost for details.\n\n Content preview: Elkj??p ??nsker ?? takke deg for din lojalitet og informere\n deg om v??rt 2017 bel??nningsprogram. iPhone 8 er nesten her! Er du\r\n spent?\n Et lite antall personer fra Norge har blitt valgt for ?? teste og beholde\n en ny iPhone 8. [...] \n\n Content analysis details: (-1.2 points, 5.0 required)\n\n pts rule name description\n ---- ---------------------- --------------------------------------------------\n 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was\r\n blocked.\nSee\n \r\n http://wiki.apache.org/spamassassin/DnsBlocklists#dn sbl-block\n for more information.\n [URIs: bit.ly]\n -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)\n [212.227.15.15 listed in wl.mailspike.net]\n -0.0 SPF_PASS SPF: sender matches SPF record\n 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\r\n provider\n (dionexvdyh[at]gmx.com)\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts\n 0.0 HTML_MESSAGE BODY: HTML included in message\n -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders" + "value": "Spam detection software, running on the system \"cpanel25.proisp.no\", has NOT identified this incoming email as spam. The\r\n original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n root\\localhost for details.\n\n Content preview: Elkj??p ??nsker ?? takke deg for din lojalitet og informere\n deg om v??rt 2017 bel??nningsprogram. iPhone 8 er nesten her! Er du\r\n spent?\n Et lite antall personer fra Norge har blitt valgt for ?? teste og beholde\n en ny iPhone 8. [...] \n\n Content analysis details: (-1.2 points, 5.0 required)\n\n pts rule name description\n ---- ---------------------- --------------------------------------------------\n 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was\r\n blocked.\nSee\n \r\n http://wiki.apache.org/spamassassin/DnsBlocklists#dn sbl-block\n for more information.\n [URIs: bit.ly]\n -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)\n [212.227.15.15 listed in wl.mailspike.net]\n -0.0 SPF_PASS SPF: sender matches SPF record\n 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\r\n provider\n (dionexvdyh[at]gmx.com)\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts\n 0.0 HTML_MESSAGE BODY: HTML included in message\n -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders" }, { "key": "X-Forefront-Antispam-Report", @@ -2775,10 +2775,10 @@ "event_type_s": "email_reported", "reported_at_s": "2022-01-14 09:41:16", "id_d": 1703, - "message_id_s": "trinity-3570feb1-4561-4b03-a0de-74934e27a322-1504288206404@3c-app-mailcom-bs14", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "Vi hjelper deg gjerne", - "from_email_s": "dionexvdyh@gmx.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Hayley Loughrey", "reply_to_s": "", "spam_score_d": 1, @@ -2807,7 +2807,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "SRS0=sbZ62=AC=gmx.com=demo@securepractice.no" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -2815,7 +2815,7 @@ }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -2827,11 +2827,11 @@ }, { "key": "From", - "value": "Hayley Loughrey " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -2935,7 +2935,7 @@ }, { "key": "X-Ham-Report", - "value": "Spam detection software, running on the system \"cpanel25.proisp.no\", has NOT identified this incoming email as spam. The\r\n original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n root\\@localhost for details.\n\n Content preview: Elkj??p ??nsker ?? takke deg for din lojalitet og informere\n deg om v??rt 2017 bel??nningsprogram. iPhone 8 er nesten her! Er du\r\n spent?\n Et lite antall personer fra Norge har blitt valgt for ?? teste og beholde\n en ny iPhone 8. [...] \n\n Content analysis details: (-1.2 points, 5.0 required)\n\n pts rule name description\n ---- ---------------------- --------------------------------------------------\n 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was\r\n blocked.\nSee\n \r\n http://wiki.apache.org/spamassassin/DnsBlocklists#dn sbl-block\n for more information.\n [URIs: bit.ly]\n -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)\n [212.227.15.15 listed in wl.mailspike.net]\n -0.0 SPF_PASS SPF: sender matches SPF record\n 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\r\n provider\n (dionexvdyh[at]gmx.com)\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts\n 0.0 HTML_MESSAGE BODY: HTML included in message\n -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders" + "value": "Spam detection software, running on the system \"cpanel25.proisp.no\", has NOT identified this incoming email as spam. The\r\n original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n root\\localhost for details.\n\n Content preview: Elkj??p ??nsker ?? takke deg for din lojalitet og informere\n deg om v??rt 2017 bel??nningsprogram. iPhone 8 er nesten her! Er du\r\n spent?\n Et lite antall personer fra Norge har blitt valgt for ?? teste og beholde\n en ny iPhone 8. [...] \n\n Content analysis details: (-1.2 points, 5.0 required)\n\n pts rule name description\n ---- ---------------------- --------------------------------------------------\n 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was\r\n blocked.\nSee\n \r\n http://wiki.apache.org/spamassassin/DnsBlocklists#dn sbl-block\n for more information.\n [URIs: bit.ly]\n -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)\n [212.227.15.15 listed in wl.mailspike.net]\n -0.0 SPF_PASS SPF: sender matches SPF record\n 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\r\n provider\n (dionexvdyh[at]gmx.com)\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts\n 0.0 HTML_MESSAGE BODY: HTML included in message\n -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders" }, { "key": "X-Forefront-Antispam-Report", @@ -3019,12 +3019,12 @@ "event_type_s": "contents_received", "reported_at_s": "", "id_d": 1702, - "message_id_s": "1522727703.09864785@mail.softcom.net", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "You've got a new document", - "from_email_s": "noreply@alerts-drpbox.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Ɗropbox", - "reply_to_s": "limallen412@gmail.com ", + "reply_to_s": "sanitized@sanitized.com", "spam_score_d": 1, "spf_s": "", "originating_ip_s": "", @@ -3055,7 +3055,7 @@ }, { "key": "Message-ID", - "value": "<1522727703.09864785@mail.softcom.net>" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -3067,15 +3067,15 @@ }, { "key": "From", - "value": "Ɗropbox " + "value": "sanitized@sanitized.com" }, { "key": "Reply-To", - "value": "\"limallen412@gmail.com\" " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "\"contacts@alerts-drpbox.com\" " + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -3151,10 +3151,10 @@ "event_type_s": "contents_received", "reported_at_s": "2022-01-14 09:40:40", "id_d": 1701, - "message_id_s": "201812131102.wBDB2o2L010536@TOKLINUX001", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "Apple-ID-en din ble brukt til å logge på iCloud med en nettleser", - "from_email_s": "git@replay.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Apple", "reply_to_s": "", "spam_score_d": 0, @@ -3198,15 +3198,15 @@ "headers_s": [ { "key": "Return-Path", - "value": "git@replay.com" + "value": "sanitized@sanitized.com" }, { "key": "Received", - "value": "from TOKLINUX001 (localhost [127.0.0.1]) \tby TOKLINUX001 (8.14.4/8.14.4/Debian-2ubuntu2.1) with SMTP id\n wBDB2o2L010536\n \tfor ; Thu, 13 Dec 2018 20:02:51 +0900" + "value": "from TOKLINUX001 (localhost [127.0.0.1]) \tby TOKLINUX001 (8.14.4/8.14.4/Debian-2ubuntu2.1) with SMTP id\n wBDB2o2L010536\n \tfor sanitized@sanitized.com; Thu, 13 Dec 2018 20:02:51 +0900" }, { "key": "Message-ID", - "value": "<201812131102.wBDB2o2L010536@TOKLINUX001>" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -3218,11 +3218,11 @@ }, { "key": "From", - "value": "Apple " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -3258,7 +3258,7 @@ }, { "key": "Authentication-Results", - "value": "mailrisk.com; \tspf=none smtp.mailfrom=git@replay.com" + "value": "mailrisk.com; \tspf=none smtp.mailfrom=sanitized@sanitized.com" } ], "assessments_s": [ @@ -3302,10 +3302,10 @@ "event_type_s": "risk_changed", "reported_at_s": "2022-01-14 09:40:40", "id_d": 1701, - "message_id_s": "201812131102.wBDB2o2L010536@TOKLINUX001", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "Apple-ID-en din ble brukt til å logge på iCloud med en nettleser", - "from_email_s": "git@replay.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Apple", "reply_to_s": "", "spam_score_d": 0, @@ -3349,15 +3349,15 @@ "headers_s": [ { "key": "Return-Path", - "value": "git@replay.com" + "value": "sanitized@sanitized.com" }, { "key": "Received", - "value": "from TOKLINUX001 (localhost [127.0.0.1]) \tby TOKLINUX001 (8.14.4/8.14.4/Debian-2ubuntu2.1) with SMTP id\n wBDB2o2L010536\n \tfor ; Thu, 13 Dec 2018 20:02:51 +0900" + "value": "from TOKLINUX001 (localhost [127.0.0.1]) \tby TOKLINUX001 (8.14.4/8.14.4/Debian-2ubuntu2.1) with SMTP id\n wBDB2o2L010536\n \tfor ; Thu, 13 Dec 2018 20:02:51 +0900" }, { "key": "Message-ID", - "value": "<201812131102.wBDB2o2L010536@TOKLINUX001>" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -3369,11 +3369,11 @@ }, { "key": "From", - "value": "Apple " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -3409,7 +3409,7 @@ }, { "key": "Authentication-Results", - "value": "mailrisk.com; \tspf=none smtp.mailfrom=git@replay.com" + "value": "mailrisk.com; \tspf=none smtp.mailfrom=sanitized@sanitized.com" } ], "assessments_s": [ @@ -3453,10 +3453,10 @@ "event_type_s": "feedback_requested", "reported_at_s": "2022-01-14 09:40:23", "id_d": 1700, - "message_id_s": "fe8a91f7-5e16-4cbd-8e25-40caf19c855c@BN3NAM01FT034.eop-nam01.prod.protection.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 9330, "subject_s": "Tonya Winders is inviting you to collaborate on Project Docs", - "from_email_s": "no-reply@sharepointonline.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Tonya Winders", "reply_to_s": "", "spam_score_d": 5, @@ -3491,7 +3491,7 @@ "filename": "7188e1f5-9736-40e7-a1af-c50eb15b53d5.png", "extension": "png", "content_type": "image/png", - "content_id": "4cfba6549ea50458edea3cef9c75570a@manage.mailrisk.local", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 1411, "md5_hash": "0503c673eaed6cc4eaecfa89371cf649", @@ -3505,7 +3505,7 @@ "filename": "8e4bfe4f-e5ec-43dd-84b8-3446420c104c.png", "extension": "png", "content_type": "image/png", - "content_id": "1e950f2ed8f2c213eb63296db7483fe3@manage.mailrisk.local", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 620, "md5_hash": "6811830e193d140545686069d050ef87", @@ -3519,7 +3519,7 @@ "filename": "986a9605-965e-4dce-9375-06f0a12fae4f.png", "extension": "png", "content_type": "image/png", - "content_id": "df77e90b34a476e4090f63078d32de91@manage.mailrisk.local", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 3874, "md5_hash": "b1c4bbb231476c1e7b852ec6f534cbea", @@ -3543,7 +3543,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "no-reply@sharepointonline.com" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -3555,11 +3555,11 @@ }, { "key": "Sender", - "value": "Tonya Winders " + "value": "sanitized@sanitized.com" }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -3571,11 +3571,11 @@ }, { "key": "From", - "value": "Tonya Winders " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -3695,7 +3695,7 @@ }, { "key": "X-Microsoft-Antispam-PRVS", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -3787,10 +3787,10 @@ "event_type_s": "contents_received", "reported_at_s": "2022-01-14 09:40:23", "id_d": 1700, - "message_id_s": "fe8a91f7-5e16-4cbd-8e25-40caf19c855c@BN3NAM01FT034.eop-nam01.prod.protection.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 9330, "subject_s": "Tonya Winders is inviting you to collaborate on Project Docs", - "from_email_s": "no-reply@sharepointonline.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Tonya Winders", "reply_to_s": "", "spam_score_d": 5, @@ -3825,7 +3825,7 @@ "filename": "7188e1f5-9736-40e7-a1af-c50eb15b53d5.png", "extension": "png", "content_type": "image/png", - "content_id": "4cfba6549ea50458edea3cef9c75570a@manage.mailrisk.local", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 1411, "md5_hash": "0503c673eaed6cc4eaecfa89371cf649", @@ -3839,7 +3839,7 @@ "filename": "8e4bfe4f-e5ec-43dd-84b8-3446420c104c.png", "extension": "png", "content_type": "image/png", - "content_id": "1e950f2ed8f2c213eb63296db7483fe3@manage.mailrisk.local", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 620, "md5_hash": "6811830e193d140545686069d050ef87", @@ -3853,7 +3853,7 @@ "filename": "986a9605-965e-4dce-9375-06f0a12fae4f.png", "extension": "png", "content_type": "image/png", - "content_id": "df77e90b34a476e4090f63078d32de91@manage.mailrisk.local", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 3874, "md5_hash": "b1c4bbb231476c1e7b852ec6f534cbea", @@ -3877,7 +3877,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "no-reply@sharepointonline.com" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -3889,11 +3889,11 @@ }, { "key": "Sender", - "value": "Tonya Winders " + "value": "sanitized@sanitized.com" }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -3905,11 +3905,11 @@ }, { "key": "From", - "value": "Tonya Winders " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -4029,7 +4029,7 @@ }, { "key": "X-Microsoft-Antispam-PRVS", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -4121,10 +4121,10 @@ "event_type_s": "risk_changed", "reported_at_s": "2022-01-14 09:40:23", "id_d": 1700, - "message_id_s": "fe8a91f7-5e16-4cbd-8e25-40caf19c855c@BN3NAM01FT034.eop-nam01.prod.protection.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 9330, "subject_s": "Tonya Winders is inviting you to collaborate on Project Docs", - "from_email_s": "no-reply@sharepointonline.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Tonya Winders", "reply_to_s": "", "spam_score_d": 5, @@ -4159,7 +4159,7 @@ "filename": "7188e1f5-9736-40e7-a1af-c50eb15b53d5.png", "extension": "png", "content_type": "image/png", - "content_id": "4cfba6549ea50458edea3cef9c75570a@manage.mailrisk.local", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 1411, "md5_hash": "0503c673eaed6cc4eaecfa89371cf649", @@ -4173,7 +4173,7 @@ "filename": "8e4bfe4f-e5ec-43dd-84b8-3446420c104c.png", "extension": "png", "content_type": "image/png", - "content_id": "1e950f2ed8f2c213eb63296db7483fe3@manage.mailrisk.local", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 620, "md5_hash": "6811830e193d140545686069d050ef87", @@ -4187,7 +4187,7 @@ "filename": "986a9605-965e-4dce-9375-06f0a12fae4f.png", "extension": "png", "content_type": "image/png", - "content_id": "df77e90b34a476e4090f63078d32de91@manage.mailrisk.local", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 3874, "md5_hash": "b1c4bbb231476c1e7b852ec6f534cbea", @@ -4211,7 +4211,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "no-reply@sharepointonline.com" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -4223,11 +4223,11 @@ }, { "key": "Sender", - "value": "Tonya Winders " + "value": "sanitized@sanitized.com" }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -4239,11 +4239,11 @@ }, { "key": "From", - "value": "Tonya Winders " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -4363,7 +4363,7 @@ }, { "key": "X-Microsoft-Antispam-PRVS", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -4455,10 +4455,10 @@ "event_type_s": "contents_received", "reported_at_s": "", "id_d": 1699, - "message_id_s": "60b60fd4-b009-4529-923a-1e9bd1f0c733@DB3EUR04FT052.eop-eur04.prod.protection.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "message notification", - "from_email_s": "19047875348@dansitur.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "+17458708563", "reply_to_s": "", "spam_score_d": 1, @@ -4483,7 +4483,7 @@ "filename": "oyo.png", "extension": "png", "content_type": "image/png", - "content_id": "015522113@01052019-2880", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 856, "md5_hash": "33be61230abcfb2330474ae08b30908c", @@ -4531,15 +4531,15 @@ }, { "key": "DKIM-Signature", - "value": "v=1; a=rsa-sha1; c=relaxed/relaxed; s=1555594867.dansitur; d=dansitur.com; h=From:Subject:To:Content-Type:MIME-Version:Date; i=19047875348@dansitur.com;\r\n bh=5DFFu4d4UQSz8bmlgHTBh4T41yQ=;\r\n b=e6kSPLzHYAURNCcX5mK7ebVG4g6heexrjKf66dKWdpAQD0q689Ko25upqz/zhZe8dZSx66yOiIaa\r\n fMhfiQi+7+uJU57fDfjLSRq3tipiGN4hauVK9XtP1SmqDqjI7DkO5joHJlznRpCi/Hyp9VV2JsaB\r\n RGGtzsTb9XHzEVn4Tr8=" + "value": "v=1; a=rsa-sha1; c=relaxed/relaxed; s=1555594867.dansitur; d=dansitur.com; h=From:Subject:To:Content-Type:MIME-Version:Date; i=sanitized@sanitized.com;\r\n bh=5DFFu4d4UQSz8bmlgHTBh4T41yQ=;\r\n b=e6kSPLzHYAURNCcX5mK7ebVG4g6heexrjKf66dKWdpAQD0q689Ko25upqz/zhZe8dZSx66yOiIaa\r\n fMhfiQi+7+uJU57fDfjLSRq3tipiGN4hauVK9XtP1SmqDqjI7DkO5joHJlznRpCi/Hyp9VV2JsaB\r\n RGGtzsTb9XHzEVn4Tr8=" }, { "key": "Received", - "value": "from dbase4mediagroup.com (94.158.244.59) by mta16.dansitur.com for ; Wed, 1 May 2019 13:19:54 -0400 (envelope-from <19047875348@dansitur.com>)" + "value": "from dbase4mediagroup.com (94.158.244.59) by mta16.dansitur.com for sanitized@sanitized.com; Wed, 1 May 2019 13:19:54 -0400 (envelope-from sanitized@sanitized.com)" }, { "key": "From", - "value": "\"+17458708563\" <19047875348@dansitur.com>" + "value": "sanitized@sanitized.com" }, { "key": "Subject", @@ -4547,7 +4547,7 @@ }, { "key": "To", - "value": "secure@practice.no" + "value": "sanitized@sanitized.com" }, { "key": "Content-Type", @@ -4563,11 +4563,11 @@ }, { "key": "Message-ID", - "value": "<60b60fd4-b009-4529-923a-1e9bd1f0c733@DB3EUR04FT052.eop-eur04.prod.protection.outlook.com>" + "value": "sanitized@sanitized.com" }, { "key": "Return-Path", - "value": "19047875348@dansitur.com" + "value": "sanitized@sanitized.com" }, { "key": "X-MS-Exchange-Organization-ExpirationStartTime", @@ -4719,10 +4719,10 @@ "event_type_s": "risk_changed", "reported_at_s": "", "id_d": 1699, - "message_id_s": "60b60fd4-b009-4529-923a-1e9bd1f0c733@DB3EUR04FT052.eop-eur04.prod.protection.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "message notification", - "from_email_s": "19047875348@dansitur.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "+17458708563", "reply_to_s": "", "spam_score_d": 1, @@ -4747,7 +4747,7 @@ "filename": "oyo.png", "extension": "png", "content_type": "image/png", - "content_id": "015522113@01052019-2880", + "content_id": "sanitized@sanitized.com", "is_inline": true, "size_bytes": 856, "md5_hash": "33be61230abcfb2330474ae08b30908c", @@ -4795,15 +4795,15 @@ }, { "key": "DKIM-Signature", - "value": "v=1; a=rsa-sha1; c=relaxed/relaxed; s=1555594867.dansitur; d=dansitur.com; h=From:Subject:To:Content-Type:MIME-Version:Date; i=19047875348@dansitur.com;\r\n bh=5DFFu4d4UQSz8bmlgHTBh4T41yQ=;\r\n b=e6kSPLzHYAURNCcX5mK7ebVG4g6heexrjKf66dKWdpAQD0q689Ko25upqz/zhZe8dZSx66yOiIaa\r\n fMhfiQi+7+uJU57fDfjLSRq3tipiGN4hauVK9XtP1SmqDqjI7DkO5joHJlznRpCi/Hyp9VV2JsaB\r\n RGGtzsTb9XHzEVn4Tr8=" + "value": "v=1; a=rsa-sha1; c=relaxed/relaxed; s=1555594867.dansitur; d=dansitur.com; h=From:Subject:To:Content-Type:MIME-Version:Date; i=sanitized@sanitized.com;\r\n bh=5DFFu4d4UQSz8bmlgHTBh4T41yQ=;\r\n b=e6kSPLzHYAURNCcX5mK7ebVG4g6heexrjKf66dKWdpAQD0q689Ko25upqz/zhZe8dZSx66yOiIaa\r\n fMhfiQi+7+uJU57fDfjLSRq3tipiGN4hauVK9XtP1SmqDqjI7DkO5joHJlznRpCi/Hyp9VV2JsaB\r\n RGGtzsTb9XHzEVn4Tr8=" }, { "key": "Received", - "value": "from dbase4mediagroup.com (94.158.244.59) by mta16.dansitur.com for ; Wed, 1 May 2019 13:19:54 -0400 (envelope-from <19047875348@dansitur.com>)" + "value": "from dbase4mediagroup.com (94.158.244.59) by mta16.dansitur.com for ; Wed, 1 May 2019 13:19:54 -0400 (envelope-from )" }, { "key": "From", - "value": "\"+17458708563\" <19047875348@dansitur.com>" + "value": "sanitized@sanitized.com" }, { "key": "Subject", @@ -4811,7 +4811,7 @@ }, { "key": "To", - "value": "secure@practice.no" + "value": "sanitized@sanitized.com" }, { "key": "Content-Type", @@ -4827,11 +4827,11 @@ }, { "key": "Message-ID", - "value": "<60b60fd4-b009-4529-923a-1e9bd1f0c733@DB3EUR04FT052.eop-eur04.prod.protection.outlook.com>" + "value": "sanitized@sanitized.com" }, { "key": "Return-Path", - "value": "19047875348@dansitur.com" + "value": "sanitized@sanitized.com" }, { "key": "X-MS-Exchange-Organization-ExpirationStartTime", @@ -4983,12 +4983,12 @@ "event_type_s": "risk_changed", "reported_at_s": "", "id_d": 1697, - "message_id_s": "b6898566c8c1c59a4636c73d32526e55@klikdapur.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "Få dine penger (89.486,73 NOK) utbetalt i dag via Vipps", - "from_email_s": "michiel@klikdapur.com", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Vipps", - "reply_to_s": "michiel@klikdapur.com", + "reply_to_s": "sanitized@sanitized.com", "spam_score_d": 0, "spf_s": "", "originating_ip_s": "127.0.0.1", @@ -5035,7 +5035,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "cornelia@klikdapur.com" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -5047,7 +5047,7 @@ }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -5059,15 +5059,15 @@ }, { "key": "From", - "value": "Vipps " + "value": "sanitized@sanitized.com" }, { "key": "Reply-To", - "value": "michiel@klikdapur.com" + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "demo@mailrisk.com" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -5159,10 +5159,10 @@ "event_type_s": "risk_changed", "reported_at_s": "", "id_d": 1696, - "message_id_s": "VI1PR05MB3374D0CF6ED4E5BA44DCEC6D86F30@VI1PR05MB3374.eurprd05.prod.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 654, "subject_s": "shared document", - "from_email_s": "Goldberg.Sue@osman.ru", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Sue Goldberg", "reply_to_s": "", "spam_score_d": 1, @@ -5200,7 +5200,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "goldberg.jane@osman.com.tr" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -5212,7 +5212,7 @@ }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -5224,7 +5224,7 @@ }, { "key": "From", - "value": "Sue Goldberg " + "value": "sanitized@sanitized.com" }, { "key": "To", @@ -5348,7 +5348,7 @@ }, { "key": "x-microsoft-antispam-prvs", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -5448,12 +5448,12 @@ "event_type_s": "risk_changed", "reported_at_s": "", "id_d": 1695, - "message_id_s": "BY5PR16MB3094176126368BE03515A83EB9C80@BY5PR16MB3094.namprd16.prod.outlook.com", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "Document Received 7/18/2019 6:44 AM", - "from_email_s": "Jose.Porras@la-panthers.org", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Jose Porras", - "reply_to_s": "karl.schubert90@mail.ru ", + "reply_to_s": "sanitized@sanitized.com", "spam_score_d": 1, "spf_s": "pass", "originating_ip_s": "40.126.2.50", @@ -5480,7 +5480,7 @@ "headers_s": [ { "key": "Return-Path", - "value": "Jose.Porras@la-panthers.org" + "value": "sanitized@sanitized.com" }, { "key": "Received", @@ -5492,7 +5492,7 @@ }, { "key": "Message-ID", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "Date", @@ -5504,15 +5504,15 @@ }, { "key": "From", - "value": "Jose Porras " + "value": "sanitized@sanitized.com" }, { "key": "Reply-To", - "value": "\"karl.schubert90@mail.ru\" " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "\"demo@mailrisk.com\" " + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -5644,7 +5644,7 @@ }, { "key": "x-microsoft-antispam-prvs", - "value": "" + "value": "sanitized@sanitized.com" }, { "key": "X-Microsoft-Antispam-Message-Info-Original", @@ -5700,7 +5700,7 @@ }, { "key": "Authentication-Results-Original", - "value": "spf=none (sender IP is ) smtp.mailfrom=Jose.Porras@la-panthers.org;" + "value": "spf=none (sender IP is ) smtp.mailfrom=sanitized@sanitized.com;" }, { "key": "Authentication-Results", @@ -5756,10 +5756,10 @@ "event_type_s": "risk_changed", "reported_at_s": "", "id_d": 1694, - "message_id_s": "1641920649.safelinks.protection61ddb88947f9f@telecomservic.es", + "message_id_s": "sanitized@sanitized.com", "size_bytes_d": 0, "subject_s": "Secure Practice AS message for {{FIRSTNAME}}", - "from_email_s": "safelinks.protection@telecomservic.es", + "from_email_s": "sanitized@sanitized.com", "from_name_s": "Safelinks protection", "reply_to_s": "", "spam_score_d": -1, @@ -5812,7 +5812,7 @@ }, { "key": "Message-ID", - "value": "<1641920649.safelinks.protection61ddb88947f9f@telecomservic.es>" + "value": "sanitized@sanitized.com" }, { "key": "DKIM-Signature", @@ -5828,11 +5828,11 @@ }, { "key": "From", - "value": "Safelinks protection " + "value": "sanitized@sanitized.com" }, { "key": "To", - "value": "demo@mailrisk.com" + "value": "sanitized@sanitized.com" }, { "key": "MIME-Version", @@ -5864,7 +5864,7 @@ }, { "key": "Return-Path", - "value": "safelinks.protection@telecomservic.es" + "value": "sanitized@sanitized.com" }, { "key": "X-MS-Exchange-Organization-ExpirationStartTime", From 9f2b0d1683ab677c58f20d9f4d3d3b80c50212e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingebrigt=20Nyg=C3=A5rd?= Date: Fri, 17 Jun 2022 13:12:24 +0200 Subject: [PATCH 5/7] Add Microsoft.Web/sites permissions to custom permissions in data connector json --- .../MailRisk/Data Connectors/SecurePractice_MailRisk.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json b/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json index 5167b4b929..0569166c3b 100644 --- a/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json +++ b/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json @@ -70,6 +70,10 @@ } ], "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, { "name": "API credentials", "description": "Your Secure Practice API key pair is also needed, which are created in the [settings in the admin portal](https://manage.securepractice.co/settings/security). If you have lost your API secret, you can generate a new key pair (WARNING: Any other integrations using the old key pair will stop working)." From 291915a99a9d9c970dac1e8d7acf7e03d84492e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingebrigt=20Nyg=C3=A5rd?= Date: Fri, 17 Jun 2022 13:54:28 +0200 Subject: [PATCH 6/7] Add missing text to dataconnector json --- Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json b/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json index 0569166c3b..e1055ed343 100644 --- a/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json +++ b/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json @@ -50,7 +50,7 @@ "resourceProvider": [ { "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "read and write permissions are required.", + "permissionsDisplayText": "read and write permissions on the workspace are required.", "providerDisplayName": "Workspace", "scope": "Workspace", "requiredPermissions": { From beeb703b003d189d95b5af4d6beafd1635a61040 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingebrigt=20Nyg=C3=A5rd?= Date: Mon, 20 Jun 2022 13:01:08 +0200 Subject: [PATCH 7/7] Rename Azure Sentinel to Microsoft Sentinel and update version number to correct format. --- .../MailRisk/Data Connectors/SecurePractice_MailRisk.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json b/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json index e1055ed343..6c9c9cc208 100644 --- a/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json +++ b/Solutions/MailRisk/Data Connectors/SecurePractice_MailRisk.json @@ -2,7 +2,7 @@ "id": "SecurePractice_MailRisk", "title": "MailRisk by Secure Practice", "publisher": "Secure Practice", - "descriptionMarkdown": "Data connector to push emails from MailRisk into Azure Sentinel Log Analytics.", + "descriptionMarkdown": "Data connector to push emails from MailRisk into Microsoft Sentinel Log Analytics.", "graphQueries": [ { "metricName": "Total emails received", @@ -83,7 +83,7 @@ "instructionSteps": [ { "title": "", - "description": ">**NOTE:** This connector uses Azure Functions to connect to the Secure Practice API to push logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + "description": ">**NOTE:** This connector uses Azure Functions to connect to the Secure Practice API to push logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." }, { "title": "", @@ -120,7 +120,7 @@ ], "metadata": { "id": "c9c97ce4-2093-466c-846e-49be58a39197", - "version": "0.1", + "version": "1.0.0", "kind": "dataConnector", "source": { "kind": "sourceRepository",