Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/ProofpointPOD_message_CL.json

2987 строки
102 KiB
JSON
Исходник Ответственный История

[{
"metadata": {
"origin": {
"data": {
"agent": "m000001.ppops.net",
"version": "8.15.0.371",
"cid": "CID"
}
}
},
"connection": {
"tls": {
"inbound": {
"cipherBits": 256,
"version": "TLSv1.2",
"cipher": "ECDHE-RSA-AES256-GCM-SHA384"
}
},
"country": "us",
"helo": "nam12-bn8-obe.outbound.protection.outlook.com",
"ip": "40.107.237.57",
"resolveStatus": "ok",
"sid": "34h016jhkt",
"host": "mail-bn8nam12on2057.outbound.protection.outlook.com",
"protocol": "smtp:smtp"
},
"filter": {
"routeDirection": "inbound",
"actions": [{
"action": "continue",
"rule": "pass",
"module": "pdr",
"isFinal": true
}, {
"module": "spf",
"rule": "pass",
"action": "continue"
}, {
"action": "add-header",
"rule": "clean",
"module": "av"
}, {
"module": "av",
"rule": "clean",
"action": "continue"
}, {
"module": "dmarc",
"rule": "pass",
"action": "continue"
}, {
"module": "spam",
"action": "add-header",
"rule": "notspam"
}],
"isMsgEncrypted": false,
"disposition": "continue",
"verified": {
"rcpts": ["john.doe@company-group.com"],
"rcptsHashed": ["5addb48927b56dd56ccdfed819f20fc4@company-group.com"]
},
"isMsgReinjected": false,
"routes": ["Verified_Recipients", "default_inbound"],
"suborgs": {
"sender": "0",
"rcpts": ["0"]
},
"qid": "0A5Btdiw013198",
"startTime": "2020-11-05T12:59:24.904391+0100",
"quarantine": {
"folder": "",
"rule": ""
},
"durationSecs": 0.868299,
"msgSizeBytes": 75880,
"modules": {
"dkimv": [{
"selector": "selector1",
"domain": "email.teams.microsoft.com",
"result": "pass"
}],
"spf": {
"result": "pass",
"domain": "email.teams.microsoft.com"
},
"spam": {
"langs": ["en", "pt", "es"],
"scores": {
"classifiers": {
"malware": 0,
"mlxlog": 805,
"impostor": 0,
"mlx": 0,
"phish": 0,
"bulk": 0,
"spam": 0,
"adult": 0,
"suspect": 1,
"lowpriority": 0
},
"overall": 0,
"engine": 0
},
"charsets": ["UTF-8"],
"version": {
"definitions": "main-2011050082",
"engine": "8.12.0-2009150000"
}
},
"zerohour": {
"score": "unknown"
},
"pdr": {
"v2": {
"response": "pass"
}
},
"dmarc": {
"srvid": "ppops.net",
"filterdResult": "pass",
"authResults": [{
"emailIdentities": {
"smtp.mailfromHashed": "14709c93a006be0009946e2e08bb0186@email.teams.microsoft.com",
"smtp.mailfrom": "noreply@email.teams.microsoft.com"
},
"result": "pass",
"reason": "",
"method": "spf"
}, {
"reason": "",
"method": "dkim",
"propspec": {
"header.d": "email.teams.microsoft.com",
"header.s": "selector1"
},
"result": "pass"
}, {
"method": "dmarc",
"reason": "",
"emailIdentities": {
"header.from": "email.teams.microsoft.com"
},
"result": "pass"
}],
"alignment": [{
"results": [{
"result": "strict",
"identity": "email.teams.microsoft.com",
"method": "spf",
"identityOrg": "microsoft.com"
}, {
"identity": "email.teams.microsoft.com",
"result": "strict",
"method": "dkim",
"identityOrg": "microsoft.com"
}],
"fromDomain": "email.teams.microsoft.com"
}]
}
}
},
"ts": "2020-11-05T12:59:24.904391+0100",
"pps": {
"agent": "m000001.ppops.net",
"version": "8.15.0.371",
"cid": "CID"
},
"envelope": {
"fromHashed": "14709c93a006be0000046e2e08bb0186@email.teams.microsoft.com",
"from": "noreply@email.teams.microsoft.com",
"rcptsHashed": ["5a15b48000b00bb00ccdfed819f20fc4@company-group.com"],
"rcpts": ["John.Smith@company-group.com"]
},
"msg": {
"parsedAddresses": {
"toHashed": ["5a15b48000b00bb00ccdfed819f20fc4@company-group.com"],
"fromHashed": ["14709c93a006be0000046e2e08bb0186@email.teams.microsoft.com"],
"to": ["John.Smith@company-group.com"],
"from": ["noreply@email.teams.microsoft.com"]
},
"lang": "en",
"header": {
"to": ["John.Smith@company-group.com"],
"from": ["\"=?utf-8?B?Q29sbGluZ2UsIEFseXNvbiBpbiBUZWFtcw==?=\"\r\n <noreply@email.teams.microsoft.com>"],
"toHashed": ["5a15b48000b00bb00ccdfed819f20fc4@company-group.com"],
"return-path": ["noreply@email.teams.microsoft.com"],
"message-id": ["<00000000-0000-440c-ab1e-9b1056460000b1056460000@DM6NAM12FT004.eop-nam12.prod.protection.outlook.com>"],
"subject": ["=?utf-8?B?QWx5c29uIHNlbnQgYSBtZXNzYWdl?="],
"fromHashed": ["000fa000f61f701f03acb3451f4081cb@email.teams.microsoft.com"],
"return-pathHashed": ["14709c93a006be0000046e2e08bb0186@email.teams.microsoft.com"]
},
"sizeBytes": 74346,
"normalizedHeader": {
"return-pathHashed": ["14709c93a006be0000046e2e08bb0186@email.teams.microsoft.com"],
"fromHashed": ["5ef4f48ece7e646c9d217b63aa4dffed@email.teams.microsoft.com"],
"message-id": ["00000000-0000-440c-ab1e-9b1056460000b1056460000@DM6NAM12FT004.eop-nam12.prod.protection.outlook.com"],
"subject": ["John sent a message"],
"return-path": ["noreply@email.teams.microsoft.com"],
"toHashed": ["5a15b48000b00bb00ccdfed819f20fc4@company-group.com"],
"from": ["\"Doe, John in Teams\" <noreply@email.teams.microsoft.com>"],
"to": ["John.Smith@company-group.com"]
}
},
"msgParts": [{
"isVirtual": false,
"structureId": "0",
"labeledName": "text.html",
"labeledCharset": "utf-8",
"isCorrupted": false,
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"labeledMime": "text/html",
"detectedSizeBytes": 26569,
"urls": [{
"url": "https://urlshortener.teams.microsoft.com/AAA-4",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-16"
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-13"
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-11"
}, {
"url": "https://urlshortener.teams.microsoft.com/AAA-7-2",
"src": ["filter"]
}, {
"url": "http://go.microsoft.com/fwlink/p/?LinkID=000000",
"src": ["filter"]
}, {
"url": "https://urlshortener.teams.microsoft.com/AAA-7-14",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-12"
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-1"
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-15"
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-5"
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-6"
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-7"
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-3"
}, {
"url": "https://urlshortener.teams.microsoft.com/AAA-7-9",
"src": ["filter"]
}, {
"url": "https://urlshortener.teams.microsoft.com/AAA-7-0",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://urlshortener.teams.microsoft.com/AAA-7-10"
}, {
"url": "https://urlshortener.teams.microsoft.com/AAA-7-8",
"src": ["filter"]
}],
"isDeleted": false,
"isArchive": false,
"isTimedOut": false,
"md5": "00000000000e80154787da0fd8499ecb",
"disposition": "inline",
"sizeDecodedBytes": 26569,
"detectedExt": "HTML",
"detectedMime": "text/html",
"labeledExt": "html",
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"detectedName": "text.html",
"detectedCharset": "utf-8",
"metadata": {
"x-ua-compatible": "IE=edge",
"format-detection": "telephone=no",
"viewport": "width=device-width, initial-scale=1"
}
}, {
"detectedName": "image-jpeg.jpg",
"detectedCharset": "",
"metadata": {},
"detectedExt": "JPG",
"detectedMime": "image/jpeg",
"labeledExt": "",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isProtected": false,
"isDeleted": false,
"isArchive": false,
"isTimedOut": false,
"md5": "00000000000e80154787da0fd8499ecb",
"disposition": "attached",
"sizeDecodedBytes": 2133,
"isVirtual": false,
"labeledName": "image-jpeg",
"structureId": "0",
"labeledCharset": "",
"isCorrupted": false,
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"labeledMime": "image/jpeg",
"urls": [],
"detectedSizeBytes": 2133
}, {
"detectedCharset": "",
"metadata": {},
"detectedName": "image-png.png",
"labeledExt": "",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isProtected": false,
"detectedExt": "PNG",
"detectedMime": "image/png",
"disposition": "attached",
"sizeDecodedBytes": 1324,
"isDeleted": false,
"isArchive": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"isCorrupted": false,
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"labeledMime": "image/png",
"urls": [],
"detectedSizeBytes": 1324,
"isVirtual": false,
"structureId": "0",
"labeledName": "image-png",
"labeledCharset": ""
}, {
"detectedCharset": "",
"metadata": {},
"detectedName": "image-png.png",
"labeledExt": "",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isProtected": false,
"detectedExt": "PNG",
"detectedMime": "image/png",
"disposition": "attached",
"sizeDecodedBytes": 1225,
"isDeleted": false,
"isArchive": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"isCorrupted": false,
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"labeledMime": "image/png",
"urls": [],
"detectedSizeBytes": 1225,
"isVirtual": false,
"labeledName": "image-png",
"structureId": "0",
"labeledCharset": ""
}, {
"sizeDecodedBytes": 2607,
"disposition": "attached",
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"isArchive": false,
"isDeleted": false,
"detectedSizeBytes": 2607,
"urls": [],
"labeledMime": "image/png",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"isCorrupted": false,
"labeledCharset": "",
"labeledName": "image-png",
"structureId": "0",
"isVirtual": false,
"metadata": {},
"detectedCharset": "",
"detectedName": "image-png.png",
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"labeledExt": "",
"detectedMime": "image/png",
"detectedExt": "PNG"
}, {
"isArchive": false,
"isDeleted": false,
"isTimedOut": false,
"md5": "00000000000e80154787da0fd8499ecb",
"disposition": "attached",
"sizeDecodedBytes": 2161,
"isVirtual": false,
"labeledCharset": "",
"structureId": "0",
"labeledName": "image-png",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"isCorrupted": false,
"urls": [],
"detectedSizeBytes": 2161,
"labeledMime": "image/png",
"detectedName": "image-png.png",
"detectedCharset": "",
"metadata": {},
"detectedExt": "PNG",
"detectedMime": "image/png",
"labeledExt": "",
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n"
}, {
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"isCorrupted": false,
"urls": [],
"detectedSizeBytes": 4932,
"labeledMime": "image/png",
"isVirtual": false,
"labeledCharset": "",
"labeledName": "image-png",
"structureId": "0",
"disposition": "attached",
"sizeDecodedBytes": 4932,
"isArchive": false,
"isDeleted": false,
"isTimedOut": false,
"md5": "00000000000e80154787da0fd8499ecb",
"labeledExt": "",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isProtected": false,
"detectedExt": "PNG",
"detectedMime": "image/png",
"detectedCharset": "",
"metadata": {},
"detectedName": "image-png.png"
}, {
"metadata": {},
"detectedCharset": "",
"detectedName": "image-png.png",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isProtected": false,
"labeledExt": "",
"detectedMime": "image/png",
"detectedExt": "PNG",
"sizeDecodedBytes": 5653,
"disposition": "attached",
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"isArchive": false,
"isDeleted": false,
"urls": [],
"detectedSizeBytes": 5653,
"labeledMime": "image/png",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"isCorrupted": false,
"labeledCharset": "",
"labeledName": "image-png",
"structureId": "0",
"isVirtual": false
}, {
"detectedName": "image-png.png",
"metadata": {},
"detectedCharset": "",
"detectedMime": "image/png",
"detectedExt": "PNG",
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"labeledExt": "",
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"isDeleted": false,
"isArchive": false,
"sizeDecodedBytes": 1946,
"disposition": "attached",
"structureId": "0",
"labeledName": "image-png",
"labeledCharset": "",
"isVirtual": false,
"labeledMime": "image/png",
"urls": [],
"detectedSizeBytes": 1946,
"isCorrupted": false,
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n"
}],
"guid": "tR7iofdPnPrvLA2Dtgd8gymSDgXBWMtZ",
"event_type": "message"
}, {
"filter": {
"isMsgReinjected": false,
"routes": ["Microsoft_EOP", "Verified_Recipients", "default_inbound"],
"verified": {
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["0000000000841a6ba279d500bb52e500@company-group.com"]
},
"disposition": "continue",
"routeDirection": "inbound",
"actions": [{
"isFinal": true,
"module": "pdr",
"action": "continue",
"rule": "pass"
}, {
"module": "spf",
"action": "continue",
"rule": "pass"
}, {
"action": "add-header",
"rule": "clean",
"module": "av"
}, {
"rule": "clean",
"action": "continue",
"module": "av"
}, {
"module": "dmarc",
"rule": "norecord",
"action": "continue"
}, {
"action": "add-header",
"rule": "notspam",
"module": "spam"
}],
"isMsgEncrypted": false,
"modules": {
"spf": {
"domain": "domain.com",
"result": "pass"
},
"zerohour": {
"score": "unknown"
},
"spam": {
"version": {
"engine": "8.12.0-2009150000",
"definitions": "main-2011050082"
},
"scores": {
"engine": 0,
"classifiers": {
"mlxlog": 999,
"malware": 0,
"bulk": 0,
"phish": 0,
"impostor": 0,
"mlx": 0,
"spam": 0,
"suspect": 0,
"lowpriority": 0,
"adult": 0
},
"overall": 0
},
"langs": ["en", "pt", "de", "es", "jp", "dk", "nl", "ro"]
},
"pdr": {
"v2": {
"response": "pass"
}
},
"dmarc": {
"srvid": "ppops.net",
"filterdResult": "none",
"authResults": [{
"emailIdentities": {
"smtp.mailfrom": "sanitized@sanitized.com",
"smtp.mailfromHashed": "b77aa3aa8a1873776969790bee763492@domain.com"
},
"result": "pass",
"method": "spf",
"reason": ""
}, {
"propspec": {
"header.s": "selector2-domain-onmicrosoft-com",
"header.d": "domain.onmicrosoft.com"
},
"result": "pass",
"reason": "",
"method": "dkim"
}, {
"result": "none",
"reason": "",
"method": "dmarc"
}]
},
"dkimv": [{
"domain": "domain.onmicrosoft.com",
"selector": "selector2-domain-onmicrosoft-com",
"result": "pass"
}]
},
"msgSizeBytes": 37545,
"quarantine": {
"folder": "",
"rule": ""
},
"durationSecs": 0.681949,
"suborgs": {
"sender": "0",
"rcpts": ["0"]
},
"startTime": "2020-11-05T12:59:26.152788+0100",
"qid": "0A5Btdix013198"
},
"ts": "2020-11-05T12:59:26.152788+0100",
"envelope": {
"from": "sanitized@sanitized.com",
"rcptsHashed": ["0000000000841a6ba279d500bb52e500@company-group.com"],
"rcpts": ["sanitized@sanitized.com"],
"fromHashed": "b77aa3aa8a1873776969790bee763492@domain.com"
},
"pps": {
"agent": "m000001.ppops.net",
"version": "8.15.0.371",
"cid": "CID"
},
"metadata": {
"origin": {
"data": {
"agent": "m000001.ppops.net",
"version": "8.15.0.371",
"cid": "CID"
}
}
},
"connection": {
"host": "mail-am6eur05on2078.outbound.protection.outlook.com",
"sid": "34h016jhkw",
"resolveStatus": "ok",
"protocol": "smtp:smtp",
"helo": "eur05-am6-obe.outbound.protection.outlook.com",
"ip": "40.107.22.78",
"tls": {
"inbound": {
"cipher": "ECDHE-RSA-AES256-GCM-SHA384",
"version": "TLSv1.2",
"cipherBits": 256
}
},
"country": "us"
},
"msg": {
"lang": "de",
"parsedAddresses": {
"from": ["sanitized@sanitized.com"],
"to": ["sanitized@sanitized.com"],
"ccHashed": ["5b03add37b3e07f315b852b6aeb1f07b@testgroup.com"],
"cc": ["sanitized@sanitized.com"],
"fromHashed": ["b77aa3aa8a1873776969790bee763492@domain.com"],
"toHashed": ["0000000000841a6ba279d500bb52e500@company-group.com"]
},
"normalizedHeader": {
"message-id": ["00000000-4C10-4516-9E48-170F4D3704FC@domain.com"],
"subject": ["Re: WORKSHOP"],
"cc": ["\"Doe, John\" <sanitized@sanitized.com>"],
"fromHashed": ["4c1ab44a1d6874f1e663408b3aff112f@domain.com"],
"from": ["\"Smith, Jack\" <sanitized@sanitized.com>"],
"x-originating-ip": ["[99.90.244.90]"],
"ccHashed": ["950dcfd55960d796d4a65552f548d3bd@testgroup.com"],
"to": ["\"smith, alex\" <sanitized@sanitized.com>"],
"toHashed": ["2de9ce98bfc36a8d3a36c8b068a8d358@company-group.com"]
},
"header": {
"subject": ["Re: WORKSHOP \"MEMBERSHIP PLAN 2021\"_Handover"],
"message-id": ["<00000000-4C10-4516-9E48-170F4D3704FC@domain.com>"],
"fromHashed": ["4c1ab44a1d6874f1e663408b3aff112f@domain.com"],
"cc": ["\"Doe, John\" <sanitized@sanitized.com>"],
"from": ["\"Smith, Jack\" <sanitized@sanitized.com>"],
"x-originating-ip": ["[99.90.244.90]"],
"ccHashed": ["950dcfd55960d796d4a65552f548d3bd@testgroup.com"],
"to": ["\"smith, alex\" <sanitized@sanitized.com>"],
"toHashed": ["2de9ce98bfc36a8d3a36c8b068a8d358@company-group.com"]
},
"sizeBytes": 35521
},
"msgParts": [{
"detectedMime": "text/plain",
"detectedExt": "TXT",
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"labeledExt": "txt",
"detectedName": "text.txt",
"metadata": {},
"detectedCharset": "utf-8",
"labeledCharset": "utf-8",
"structureId": "0",
"labeledName": "text.txt",
"isVirtual": false,
"detectedSizeBytes": 4041,
"urls": [{
"url": "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain.com",
"src": ["filter"]
}, {
"url": "https://companygroup.sharepoint.com/:p:/r/sites/C",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_domain"
}, {
"url": "mailto:Jack.Smith@testgroup.com",
"src": ["filter"]
}, {
"url": "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.facebook.com_domain",
"src": ["filter"]
}],
"labeledMime": "text/plain",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"isCorrupted": false,
"isTimedOut": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isArchive": false,
"isDeleted": false,
"sizeDecodedBytes": 4041,
"disposition": "inline"
}, {
"detectedName": "text.html",
"detectedCharset": "utf-8",
"metadata": {
"generator": "Microsoft Word 15 (filtered medium)"
},
"detectedExt": "HTML",
"detectedMime": "text/html",
"labeledExt": "html",
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isArchive": false,
"isDeleted": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"disposition": "inline",
"sizeDecodedBytes": 17099,
"isVirtual": false,
"labeledCharset": "utf-8",
"structureId": "0",
"labeledName": "text.html",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"isCorrupted": false,
"detectedSizeBytes": 17099,
"urls": [{
"url": "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain.com_",
"src": ["filter"]
}, {
"url": "https://companygroup.sharepoint.com/:p:/r/sites/",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_domain"
}, {
"src": ["filter"],
"url": "mailto:Jack.Smith@testgroup.com"
}, {
"src": ["filter"],
"url": "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.facebook.com_domain"
}],
"labeledMime": "text/html"
}],
"guid": "8Am6m66K13SJae4GxxY-ZfWN8vRIadQc",
"event_type": "message"
}, {
"ts": "2020-11-05T12:59:26.305030+0100",
"pps": {
"agent": "m000001.ppops.net",
"version": "8.15.0.371",
"cid": "CID"
},
"envelope": {
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["bcb21ec683a922759afbec853c372aeb@company.com"],
"from": "msprvs1=18578lsffgka7=bounces-280047@bounce.smartsheet.com",
"fromHashed": "000000e808a16dffe994f730e82855f9@bounce.smartsheet.com"
},
"filter": {
"msgSizeBytes": 10173,
"modules": {
"dmarc": {
"authResults": [{
"emailIdentities": {
"smtp.mailfromHashed": "000000e808a16dffe994f730e82855f9@bounce.smartsheet.com",
"smtp.mailfrom": "msprvs1=18578lSffGkA7=bounces-280047@bounce.smartsheet.com"
},
"result": "pass",
"method": "spf",
"reason": ""
}, {
"propspec": {
"header.d": "app.smartsheet.com",
"header.s": "scph0620"
},
"result": "pass",
"method": "dkim",
"reason": ""
}, {
"result": "pass",
"emailIdentities": {
"header.from": "app.smartsheet.com"
},
"reason": "",
"method": "dmarc"
}],
"filterdResult": "pass",
"srvid": "ppops.net",
"alignment": [{
"results": [{
"identityOrg": "smartsheet.com",
"method": "spf",
"identity": "bounce.smartsheet.com",
"result": "relaxed"
}, {
"identityOrg": "smartsheet.com",
"method": "dkim",
"result": "strict",
"identity": "app.smartsheet.com"
}],
"fromDomain": "app.smartsheet.com"
}]
},
"pdr": {
"v2": {
"response": "pass"
}
},
"zerohour": {
"score": "unknown"
},
"spam": {
"scores": {
"engine": 0,
"overall": 0,
"classifiers": {
"spam": 0,
"lowpriority": 0,
"suspect": 25,
"adult": 0,
"malware": 0,
"mlxlog": 999,
"phish": 0,
"mlx": 0,
"impostor": 0,
"bulk": 0
}
},
"langs": ["en", "pt", "es"],
"version": {
"engine": "8.12.0-2009150000",
"definitions": "main-2011050082"
},
"charsets": ["UTF-8"]
},
"spf": {
"domain": "bounce.smartsheet.com",
"result": "pass"
},
"dkimv": [{
"result": "pass",
"selector": "scph0620",
"domain": "app.smartsheet.com"
}]
},
"suborgs": {
"rcpts": ["0"],
"sender": "0"
},
"qid": "0A5BtbKi013195",
"startTime": "2020-11-05T12:59:26.305030+0100",
"durationSecs": 0.411984,
"quarantine": {
"folder": "",
"rule": ""
},
"verified": {
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["00000ec683a922759afbec853c372aeb@company.com"]
},
"routes": ["Verified_Recipients", "default_inbound"],
"isMsgReinjected": false,
"actions": [{
"isFinal": true,
"module": "pdr",
"rule": "pass",
"action": "continue"
}, {
"action": "continue",
"rule": "pass",
"module": "spf"
}, {
"module": "av",
"rule": "clean",
"action": "add-header"
}, {
"rule": "clean",
"action": "continue",
"module": "av"
}, {
"rule": "pass",
"action": "continue",
"module": "dmarc"
}, {
"action": "add-header",
"rule": "notspam",
"module": "spam"
}],
"routeDirection": "inbound",
"isMsgEncrypted": false,
"disposition": "continue"
},
"connection": {
"country": "us",
"tls": {
"inbound": {
"cipherBits": 128,
"version": "TLSv1.2",
"cipher": "ECDHE-RSA-AES128-GCM-SHA256"
}
},
"ip": "147.253.215.36",
"helo": "mta-253-215-36.smartsheet.sparkpostmail.com",
"sid": "34h016jhkv",
"resolveStatus": "ok",
"host": "mta-253-215-36.smartsheet.sparkpostmail.com",
"protocol": "smtp:smtp"
},
"metadata": {
"origin": {
"data": {
"agent": "m000001.ppops.net",
"version": "8.15.0.371",
"cid": "CID"
}
}
},
"msgParts": [{
"detectedExt": "HTML",
"detectedMime": "text/html",
"labeledExt": "html",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isProtected": false,
"detectedName": "text.html",
"detectedCharset": "utf-8",
"metadata": {
"title": "SSUse23"
},
"isVirtual": false,
"labeledCharset": "UTF-8",
"structureId": "0",
"labeledName": "text.html",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"isCorrupted": false,
"urls": [{
"url": "https://app.smartsheet.com/b/home",
"src": ["filter"]
}, {
"url": "mailto:sanitized@sanitized.com",
"src": ["filter"]
}, {
"url": "https://app.smartsheet.com/b/mailtrack/",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://app.smartsheet.com/b/images/email/icon_smartsheet_sheet.png"
}, {
"src": ["filter"],
"url": "https://www.smartsheet.com/"
}, {
"url": "http://appanalytics.smartsheet.com/e4&c=SHARE_SHEET",
"src": ["filter"]
}, {
"url": "https://www.smartsheet.com/privacy/",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://app.smartsheet.com/b/home"
}, {
"src": ["filter"],
"url": "https://app.smartsheet.com/b/home"
}, {
"url": "http://appanalytics.smartsheet.com/",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "http://appanalytics.smartsheet.com"
}, {
"src": ["filter"],
"url": "https://www.smartsheet.com/files/UserAgreement.pdf"
}, {
"url": "https://www.smartsheet.com?mt=16",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://app.smartsheet.com/b/"
}, {
"url": "https://www.smartsheet.com/",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://aws.smartsheet.com/s"
}],
"detectedSizeBytes": 6407,
"labeledMime": "text/html",
"isArchive": false,
"isDeleted": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"disposition": "inline",
"sizeDecodedBytes": 6407
}],
"guid": "OstrlutXz_3qOrXSm0sltcKkjyppf8MS",
"msg": {
"header": {
"x-mailer": ["smartsheet-service-mail-v2"],
"toHashed": ["1fe968be56d7c600ae1b2b6b73cbd3b8@company.com"],
"to": ["\"Iggy.Pop\" <sanitized@sanitized.com>"],
"from": ["\"Nik Kin via Smartsheet\" <user@app.smartsheet.com>"],
"fromHashed": ["8c922a95a5f5c23cb0322ba48c45e910@app.smartsheet.com"],
"reply-to": ["\"Nik Kin\" <sanitized@sanitized.com>"],
"reply-toHashed": ["db42ae4f5f4da1e00a5c64798883e972@company.com"],
"message-id": ["<61.99.33930.C19E3AF5@af.mta1vrest.cc.prd.sparkpost>"],
"subject": ["SSUse23"]
},
"normalizedHeader": {
"from": ["\"Nik Kin via Smartsheet\" <user@app.smartsheet.com>"],
"to": ["\"Iggy.Pop\" <sanitized@sanitized.com>"],
"toHashed": ["1fe968be56d7c600ae1b2b6b73cbd3b8@company.com"],
"x-mailer": ["smartsheet-service-mail-v2"],
"message-id": ["61.99.33930.C19E3AF5@af.mta1vrest.cc.prd.sparkpost"],
"subject": ["SSUse23"],
"reply-toHashed": ["db42ae4f5f4da1e00a5c64798883e972@company.com"],
"reply-to": ["\"Nik Kin\" <sanitized@sanitized.com>"],
"fromHashed": ["8c922a95a5f5c23cb0322ba48c45e910@app.smartsheet.com"]
},
"sizeBytes": 7889,
"lang": "en",
"parsedAddresses": {
"toHashed": ["bcb21ec683a922759afbec853c372aeb@company.com"],
"fromHashed": ["ee11cbb19052e40b07aac0ca060c23ee@app.smartsheet.com"],
"from": ["user@app.smartsheet.com"],
"to": ["sanitized@sanitized.com"]
}
},
"event_type": "message"
}, {
"guid": "PVCFGY_Q0579kcpTT7JZMSxnU1CsWFzw",
"msgParts": [{
"detectedMime": "text/plain",
"detectedExt": "TXT",
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"labeledExt": "txt",
"detectedName": "text.txt",
"metadata": {},
"detectedCharset": "iso-8859-1",
"labeledCharset": "iso-8859-1",
"structureId": "0",
"labeledName": "text.txt",
"isVirtual": false,
"urls": [],
"detectedSizeBytes": 1,
"labeledMime": "text/plain",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"isCorrupted": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"isArchive": false,
"isDeleted": false,
"sizeDecodedBytes": 1,
"disposition": "inline"
}, {
"disposition": "inline",
"sizeDecodedBytes": 1099,
"isDeleted": false,
"isArchive": false,
"isTimedOut": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isCorrupted": false,
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"labeledMime": "text/html",
"detectedSizeBytes": 1099,
"urls": [],
"isVirtual": false,
"structureId": "0",
"labeledName": "text.html",
"labeledCharset": "iso-8859-1",
"detectedCharset": "iso-8859-1",
"metadata": {
"generator": "Microsoft Word 15 (filtered medium)"
},
"detectedName": "text.html",
"labeledExt": "html",
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"detectedExt": "HTML",
"detectedMime": "text/html"
}, {
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isProtected": false,
"labeledExt": "",
"detectedMime": "text/calendar",
"detectedExt": "ICS",
"metadata": {},
"detectedCharset": "utf-8",
"detectedName": "text-calendar.ics",
"detectedSizeBytes": 1350,
"urls": [],
"labeledMime": "text/calendar",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"isCorrupted": false,
"labeledCharset": "utf-8",
"labeledName": "text-calendar",
"structureId": "0",
"isVirtual": false,
"sizeDecodedBytes": 1350,
"disposition": "inline",
"isTimedOut": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isArchive": false,
"isDeleted": false
}],
"msg": {
"normalizedHeader": {
"message-id": ["PS2PR02MB34317A6F8C35D2C3D8FACCA9EAEE0@PS2PR02MB3431.apcprd02.prod.outlook.com"],
"from": ["Kin Nik <sanitized@sanitized.com>"],
"subject": ["Accepted: Follow Up"],
"x-originating-ip": ["[2405:201:d00f:7886:51b8:2820:9059:1c0c]"],
"to": ["\"Lara, Lara\" <sanitized@sanitized.com>"],
"toHashed": ["d0d1798e52185c08e2ff2e264e444e6c@company.com"],
"fromHashed": ["0d973e89539d0d8a26b8de0d6bd8751c@infotest.com"]
},
"header": {
"x-originating-ip": ["[2405:201:d00f:7886:51b8:2820:9059:1c0c]"],
"from": ["Kin Nik <sanitized@sanitized.com>"],
"message-id": ["<PS2PR02MB34317A6F8C35D2C3D8FACCA9EAEE0@PS2PR02MB3431.apcprd02.prod.outlook.com>"],
"subject": ["Accepted: Follow Up"],
"to": ["\"Lara, Lara\" <sanitized@sanitized.com>"],
"fromHashed": ["0d973e89539d0d8a26b8de0d6bd8751c@infotest.com"],
"toHashed": ["d0d1798e52185c08e2ff2e264e444e6c@company.com"]
},
"sizeBytes": 11293,
"lang": "und",
"parsedAddresses": {
"fromHashed": ["d1f57788de71c4105a92fdae568b2318@infotest.com"],
"toHashed": ["a9507a48e742eddedc7b82eaddc517a5@company.com"],
"to": ["sanitized@sanitized.com"],
"from": ["sanitized@sanitized.com"]
}
},
"pps": {
"cid": "CID",
"version": "8.15.0.371",
"agent": "m000001.ppops.net"
},
"envelope": {
"rcptsHashed": ["a9507a48e742eddedc7b82eaddc517a5@company.com"],
"rcpts": ["sanitized@sanitized.com"],
"from": "sanitized@sanitized.com",
"fromHashed": "d1f57788de71c4105a92fdae568b2318@infotest.com"
},
"ts": "2020-11-05T12:59:33.296634+0100",
"filter": {
"modules": {
"spf": {
"domain": "infotest.com",
"result": "pass"
},
"zerohour": {
"score": "unknown"
},
"spam": {
"scores": {
"engine": 0,
"classifiers": {
"malware": 0,
"mlxlog": 816,
"impostor": 0,
"mlx": 0,
"phish": 0,
"bulk": 0,
"spam": 0,
"adult": 0,
"lowpriority": 0,
"suspect": 0
},
"overall": 0
},
"langs": ["en", "pt", "es"],
"version": {
"definitions": "main-2011050082",
"engine": "8.12.0-2009150000"
}
},
"pdr": {
"v2": {
"response": "pass"
}
},
"dmarc": {
"authResults": [{
"reason": "",
"method": "spf",
"result": "pass",
"emailIdentities": {
"smtp.mailfrom": "sanitized@sanitized.com",
"smtp.mailfromHashed": "d1f57788de71c4105a92fdae568b2318@infotest.com"
}
}, {
"method": "dkim",
"reason": "",
"result": "pass",
"propspec": {
"header.s": "default",
"header.d": "infotest.com"
}
}, {
"result": "pass",
"propspec": {
"header.s": "selector2-infotesttechnologies-onmicrosoft-com",
"header.d": "infotesttechnologies.onmicrosoft.com"
},
"reason": "",
"method": "dkim"
}, {
"emailIdentities": {
"header.from": "infotest.com"
},
"result": "pass",
"reason": "",
"method": "dmarc"
}],
"filterdResult": "pass",
"srvid": "ppops.net",
"alignment": [{
"results": [{
"identityOrg": "infotest.com",
"method": "spf",
"identity": "infotest.com",
"result": "strict"
}, {
"result": "none",
"identity": "infotesttechnologies.onmicrosoft.com",
"method": "dkim",
"identityOrg": "onmicrosoft.com"
}, {
"identityOrg": "infotest.com",
"method": "dkim",
"identity": "infotest.com",
"result": "strict"
}],
"fromDomain": "infotest.com"
}]
},
"dkimv": [{
"domain": "infotest.com",
"selector": "default",
"result": "pass"
}, {
"domain": "infotesttechnologies.onmicrosoft.com",
"selector": "selector2-infotesttechnologies-onmicrosoft-com",
"result": "pass"
}]
},
"msgSizeBytes": 12866,
"quarantine": {
"rule": "",
"folder": ""
},
"durationSecs": 0.286825,
"suborgs": {
"rcpts": ["0"],
"sender": "0"
},
"startTime": "2020-11-05T12:59:33.296634+0100",
"qid": "0A5Btivm013253",
"isMsgReinjected": false,
"routes": ["Verified_Recipients", "default_inbound"],
"verified": {
"rcptsHashed": ["a9507a48e742eddedc7b82eaddc517a5@company.com"],
"rcpts": ["sanitized@sanitized.com"]
},
"disposition": "continue",
"routeDirection": "inbound",
"actions": [{
"action": "continue",
"rule": "pass",
"module": "pdr",
"isFinal": true
}, {
"rule": "pass",
"action": "continue",
"module": "spf"
}, {
"action": "add-header",
"rule": "clean",
"module": "av"
}, {
"rule": "clean",
"action": "continue",
"module": "av"
}, {
"module": "dmarc",
"action": "continue",
"rule": "pass"
}, {
"module": "spam",
"rule": "notspam",
"action": "add-header"
}],
"isMsgEncrypted": false
},
"connection": {
"host": "gate06.infotest.com",
"sid": "34h016jhm3",
"resolveStatus": "ok",
"protocol": "smtp:smtp",
"helo": "gate06.infotest.com",
"ip": "99.98.14.33",
"country": "in",
"tls": {
"inbound": {
"version": "TLSv1.2",
"cipherBits": 256,
"cipher": "ECDHE-RSA-AES256-GCM-SHA384"
}
}
},
"metadata": {
"origin": {
"data": {
"cid": "CID",
"version": "8.15.0.371",
"agent": "m000001.ppops.net"
}
}
},
"event_type": "message"
}, {
"metadata": {
"origin": {
"data": {
"cid": "CID",
"version": "8.15.0.371",
"agent": "m000001.ppops.net"
}
}
},
"connection": {
"protocol": "smtp:smtp",
"sid": "34h016jhm9",
"resolveStatus": "ok",
"host": "buyappr.net",
"country": "us",
"tls": {
"inbound": {
"cipher": "ECDHE-RSA-AES256-GCM-SHA384",
"cipherBits": 256,
"version": "TLSv1.2"
}
},
"ip": "99.109.103.12",
"helo": "buyappr.net"
},
"filter": {
"routeDirection": "inbound",
"actions": [{
"action": "continue",
"rule": "pass",
"module": "pdr",
"isFinal": true
}, {
"module": "spf",
"rule": "pass",
"action": "continue"
}, {
"rule": "clean",
"action": "add-header",
"module": "av"
}, {
"module": "av",
"rule": "clean",
"action": "continue"
}, {
"module": "dmarc",
"action": "continue",
"rule": "pass"
}, {
"module": "spam",
"action": "add-header",
"rule": "notspam"
}],
"isMsgEncrypted": false,
"disposition": "continue",
"verified": {
"rcptsHashed": ["9be25eb1d50d83f622e39d8915e67859@company-group.com"],
"rcpts": ["sanitized@sanitized.com"]
},
"routes": ["Verified_Recipients", "default_inbound"],
"isMsgReinjected": false,
"suborgs": {
"sender": "0",
"rcpts": ["0"]
},
"qid": "0A5BtZZN013179",
"startTime": "2020-11-05T12:59:37.287999+0100",
"quarantine": {
"rule": "",
"folder": ""
},
"durationSecs": 0.310815,
"msgSizeBytes": 43588,
"modules": {
"dkimv": [{
"domain": "buyappr.net",
"selector": "m1",
"result": "pass"
}],
"spf": {
"result": "pass",
"domain": "buyappr.net"
},
"zerohour": {
"score": "unknown"
},
"spam": {
"scores": {
"overall": 0,
"classifiers": {
"suspect": 2,
"lowpriority": 0,
"adult": 0,
"spam": 0,
"phish": 0,
"impostor": 0,
"mlx": 0,
"bulk": 0,
"malware": 0,
"mlxlog": 999
},
"engine": 0
},
"langs": ["en", "pt", "ru", "jp", "es"],
"version": {
"engine": "8.12.0-2009150000",
"definitions": "main-2011050082"
},
"charsets": ["UTF-8"]
},
"pdr": {
"v2": {
"response": "pass"
}
},
"dmarc": {
"alignment": [{
"fromDomain": "buyappr.net",
"results": [{
"identityOrg": "buyappr.net",
"method": "spf",
"identity": "buyappr.net",
"result": "strict"
}, {
"identityOrg": "buyappr.net",
"method": "dkim",
"identity": "buyappr.net",
"result": "strict"
}]
}],
"authResults": [{
"result": "pass",
"emailIdentities": {
"smtp.mailfromHashed": "c1c67f0c3e893ac04568c61f47765cd2@buyappr.net",
"smtp.mailfrom": "sanitized@sanitized.com"
},
"method": "spf",
"reason": ""
}, {
"method": "dkim",
"reason": "",
"result": "pass",
"propspec": {
"header.d": "buyappr.net",
"header.s": "m1"
}
}, {
"emailIdentities": {
"header.from": "buyappr.net"
},
"result": "pass",
"reason": "",
"method": "dmarc"
}],
"filterdResult": "pass",
"srvid": "ppops.net"
}
}
},
"ts": "2020-11-05T12:59:37.287999+0100",
"envelope": {
"fromHashed": "c1c67f0c3e893ac04568c61f47765cd2@buyappr.net",
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["9be25eb1d50d83f622e39d8915e67859@company-group.com"],
"from": "sanitized@sanitized.com"
},
"pps": {
"cid": "CID",
"version": "8.15.0.371",
"agent": "m000001.ppops.net"
},
"msg": {
"normalizedHeader": {
"to": ["Gina Gin <sanitized@sanitized.com>"],
"from": ["Email Approval <sanitized@sanitized.com>"],
"message-id": ["115551705.107928.JavaMail.svcprodeu@app254.eu1.buyappr.net"],
"subject": ["Action required"],
"fromHashed": ["82e23d5f82d55ac7f8d480e120f088e1@buyappr.net"],
"toHashed": ["a7f1d81af023052932d8f36966939c3f@company-group.com"]
},
"header": {
"toHashed": ["a7f1d81af023052932d8f36966939c3f@company-group.com"],
"fromHashed": ["82e23d5f82d55ac7f8d480e120f088e1@buyappr.net"],
"subject": ["=?UTF-8?Q?Action_required"],
"message-id": ["<115551705.107928.JavaMail.svcprodeu@app254.eu1.buyappr.net>"],
"from": ["Email Approval <sanitized@sanitized.com>"],
"to": ["Gina Gin <sanitized@sanitized.com>"]
},
"sizeBytes": 41738,
"lang": "en",
"parsedAddresses": {
"to": ["sanitized@sanitized.com"],
"from": ["sanitized@sanitized.com"],
"fromHashed": ["c1c67f0c3e893ac04568c61f47765cd2@buyappr.net"],
"toHashed": ["9be25eb1d50d83f622e39d8915e67859@company-group.com"]
}
},
"msgParts": [{
"isVirtual": false,
"labeledCharset": "UTF-8",
"labeledName": "text.txt",
"structureId": "0",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"isCorrupted": false,
"detectedSizeBytes": 4426,
"urls": [{
"url": "http://www.buyappr.net/solutions/buy/ariba-mobile",
"src": ["filter"]
}, {
"url": "http://company-child1.procurement-eu.buyappr.net/ad/",
"src": ["filter"]
}],
"labeledMime": "text/plain",
"isArchive": false,
"isDeleted": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"disposition": "inline",
"sizeDecodedBytes": 4426,
"detectedExt": "TXT",
"detectedMime": "text/plain",
"labeledExt": "txt",
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"detectedName": "text.txt",
"detectedCharset": "utf-8",
"metadata": {}
}, {
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"labeledExt": "html",
"detectedMime": "text/html",
"detectedExt": "HTML",
"metadata": {},
"detectedCharset": "utf-8",
"detectedName": "text.html",
"detectedSizeBytes": 35234,
"urls": [{
"src": ["filter"],
"url": "https://s1-eu.buyappr.net/Buyer/Main"
}, {
"url": "mailto:buyappr-child1@buyappr.net?subje",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://s1-eu.buyappr.net/Buyer/Main/ad/awres"
}, {
"src": ["filter"],
"url": "mailto:buyappr-child1@buyappr.net?subj"
}, {
"src": ["filter"],
"url": "http://company-child1.procurement-eu.buyappr.net/ad"
}],
"labeledMime": "text/html",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"isCorrupted": false,
"labeledCharset": "UTF-8",
"structureId": "0",
"labeledName": "text.html",
"isVirtual": false,
"sizeDecodedBytes": 35234,
"disposition": "inline",
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"isArchive": false,
"isDeleted": false
}],
"guid": "tjP8k7CB5k_Je31-PmHGdNgPcdwQRQH6",
"event_type": "message"
}, {
"msg": {
"parsedAddresses": {
"from": ["sanitized@sanitized.com"],
"to": ["sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com"],
"ccHashed": ["4160872c3e83b1399c3a2eb219ec0d07@infotest.com"],
"fromHashed": ["3e917f0fd05903ef251e45c4908574f5@infotest.com"],
"cc": ["sanitized@sanitized.com"],
"toHashed": ["11a705cf38245865f2406516dc6d9c81@testgroup.com", "56ecfafcfda7e12632394ecc3f82306a@infotest.com", "548d70cdd206ae289e618bf2d4712a76@company.com", "909901bc9be498cd941609564e94c780@infotest.com", "47dd26ed37c32bb6845f2c20fc3eaceb@testgroup.com"]
},
"lang": "en",
"header": {
"subject": ["PROD SERVER"],
"message-id": ["<1604577574012.773@infotest.com>"],
"fromHashed": ["e1ceb3b33045a54dc255656b2f3ac7d2@infotest.com"],
"cc": ["company_EPOCH <sanitized@sanitized.com>"],
"from": ["OpsSupport <sanitized@sanitized.com>"],
"x-originating-ip": ["[10.53.222.187]"],
"ccHashed": ["c418ce0b2962c7cc6982aaab526b9ddd@infotest.com"],
"to": ["sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com"],
"toHashed": ["e18ddec243aac345329b8034180501b5@infotest.com>, <Ed.Ed"]
},
"sizeBytes": 24944,
"normalizedHeader": {
"toHashed": ["e18ddec243aac345329b8034180501b5@infotest.com>, <Ed.Ed"],
"from": ["OpsSupport <sanitized@sanitized.com>"],
"x-originating-ip": ["[10.53.222.187]"],
"ccHashed": ["c418ce0b2962c7cc6982aaab526b9ddd@infotest.com"],
"to": ["sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com"],
"fromHashed": ["e1ceb3b33045a54dc255656b2f3ac7d2@infotest.com"],
"cc": ["company_EPOCH <sanitized@sanitized.com>"],
"message-id": ["1604577574012.773@infotest.com"],
"subject": ["PROD SERVER"]
}
},
"guid": "3sGFyfzkcUDSKF8W5y7GwIQMc4bPFZtF",
"msgParts": [{
"isVirtual": false,
"structureId": "0",
"labeledName": "text.txt",
"labeledCharset": "iso-8859-1",
"isCorrupted": false,
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"labeledMime": "text/plain",
"urls": [],
"detectedSizeBytes": 185,
"isDeleted": false,
"isArchive": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isTimedOut": false,
"disposition": "inline",
"sizeDecodedBytes": 185,
"detectedExt": "TXT",
"detectedMime": "text/plain",
"labeledExt": "txt",
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"detectedName": "text.txt",
"detectedCharset": "iso-8859-1",
"metadata": {}
}, {
"isProtected": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"labeledExt": "html",
"detectedMime": "text/html",
"detectedExt": "HTML",
"metadata": {},
"detectedCharset": "iso-8859-1",
"detectedName": "text.html",
"labeledMime": "text/html",
"detectedSizeBytes": 1413,
"urls": [],
"isCorrupted": false,
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"labeledName": "text.html",
"structureId": "0",
"labeledCharset": "iso-8859-1",
"isVirtual": false,
"sizeDecodedBytes": 1413,
"disposition": "inline",
"isTimedOut": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isDeleted": false,
"isArchive": false
}, {
"detectedMime": "image/png",
"detectedExt": "PNG",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isProtected": false,
"labeledExt": "png",
"detectedName": "process.png",
"metadata": {},
"detectedCharset": "",
"structureId": "0",
"labeledName": "process.png",
"labeledCharset": "",
"isVirtual": false,
"labeledMime": "image/png",
"urls": [],
"detectedSizeBytes": 14066,
"isCorrupted": false,
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"isTimedOut": false,
"md5": "00000000000e80154787da0fd8499ecb",
"isDeleted": false,
"isArchive": false,
"sizeDecodedBytes": 14066,
"disposition": "attached"
}],
"metadata": {
"origin": {
"data": {
"cid": "CID",
"version": "8.15.0.371",
"agent": "m000001.ppops.net"
}
}
},
"connection": {
"protocol": "smtp:smtp",
"resolveStatus": "ok",
"sid": "34h016jhmb",
"host": "gate03.infotest.com",
"tls": {
"inbound": {
"cipherBits": 256,
"version": "TLSv1.2",
"cipher": "ECDHE-RSA-AES256-GCM-SHA384"
}
},
"country": "in",
"helo": "gate03.infotest.com",
"ip": "99.98.10.31"
},
"filter": {
"suborgs": {
"rcpts": ["0"],
"sender": "0"
},
"qid": "0A5BtZZO013179",
"startTime": "2020-11-05T12:59:40.266283+0100",
"durationSecs": 0.234399,
"quarantine": {
"rule": "",
"folder": ""
},
"msgSizeBytes": 26401,
"modules": {
"dmarc": {
"srvid": "ppops.net",
"filterdResult": "pass",
"authResults": [{
"method": "spf",
"reason": "",
"emailIdentities": {
"smtp.mailfrom": "sanitized@sanitized.com",
"smtp.mailfromHashed": "3e917f0fd05903ef251e45c4908574f5@infotest.com"
},
"result": "pass"
}, {
"reason": "",
"method": "dkim",
"propspec": {
"header.d": "infotest.com",
"header.s": "default"
},
"result": "pass"
}, {
"result": "pass",
"emailIdentities": {
"header.from": "infotest.com"
},
"reason": "",
"method": "dmarc"
}],
"alignment": [{
"results": [{
"identityOrg": "infotest.com",
"method": "spf",
"identity": "infotest.com",
"result": "strict"
}, {
"result": "strict",
"identity": "infotest.com",
"identityOrg": "infotest.com",
"method": "dkim"
}],
"fromDomain": "infotest.com"
}]
},
"pdr": {
"v2": {
"response": "pass"
}
},
"spam": {
"version": {
"engine": "8.12.0-2009150000",
"definitions": "main-2011050082"
},
"scores": {
"classifiers": {
"suspect": 0,
"lowpriority": 0,
"adult": 0,
"spam": 0,
"bulk": 0,
"phish": 0,
"impostor": 0,
"mlx": 0,
"mlxlog": 637,
"malware": 0
},
"overall": 0,
"engine": 0
},
"langs": ["en", "pt"]
},
"zerohour": {
"score": "unknown"
},
"spf": {
"domain": "infotest.com",
"result": "pass"
},
"dkimv": [{
"selector": "default",
"domain": "infotest.com",
"result": "pass"
}]
},
"actions": [{
"module": "pdr",
"action": "continue",
"rule": "pass",
"isFinal": true
}, {
"action": "continue",
"rule": "pass",
"module": "spf"
}, {
"module": "av",
"rule": "clean",
"action": "add-header"
}, {
"module": "av",
"rule": "clean",
"action": "continue"
}, {
"module": "dmarc",
"action": "continue",
"rule": "pass"
}, {
"rule": "notspam",
"action": "add-header",
"module": "spam"
}],
"routeDirection": "inbound",
"isMsgEncrypted": false,
"disposition": "continue",
"verified": {
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["548d70cdd206ae289e618bf2d4712a76@company.com"]
},
"isMsgReinjected": false,
"routes": ["Verified_Recipients", "default_inbound"]
},
"envelope": {
"fromHashed": "3e917f0fd05903ef251e45c4908574f5@infotest.com",
"from": "sanitized@sanitized.com",
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["548d70cdd206ae289e618bf2d4712a76@company.com"]
},
"pps": {
"cid": "CID",
"version": "8.15.0.371",
"agent": "m000001.ppops.net"
},
"ts": "2020-11-05T12:59:40.266283+0100",
"event_type": "message"
}, {
"ts": "2020-11-05T12:59:08.838520+0100",
"connection": {
"sid": "34h0582h9q",
"helo": "pmta237-192.sailthru.com",
"ip": "192.64.237.192",
"protocol": "smtp:smtp",
"host": "pmta237-192.sailthru.com",
"resolveStatus": "ok",
"country": "us"
},
"msgParts": [{
"detectedName": "text.txt",
"detectedSizeBytes": 739,
"disposition": "inline",
"detectedCharset": "utf-8",
"labeledName": "text.txt",
"md5": "00000000000e80154787da0fd8499ecb",
"labeledCharset": "utf-8",
"detectedExt": "TXT",
"isArchive": false,
"isTimedOut": false,
"metadata": {},
"isCorrupted": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"detectedMime": "text/plain",
"isVirtual": false,
"sizeDecodedBytes": 739,
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"labeledExt": "txt",
"isProtected": false,
"structureId": "0",
"isDeleted": false,
"labeledMime": "text/plain",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"urls": [{
"src": ["filter"],
"url": "https://link.exexe.com/oc"
}, {
"url": "https://link.exexe.com/click",
"src": ["filter"]
}]
}, {
"detectedMime": "text/html",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isCorrupted": false,
"metadata": {
"twitter:title": "exexe PM",
"twitter:description": "afternoon take on the most important news of the day",
"format-detection": "email=no",
"twitter:card": "summary_large_image",
"x-ua-compatible": "chrome=1"
},
"isTimedOut": false,
"isArchive": false,
"detectedExt": "HTML",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"urls": [{
"src": ["filter"],
"url": "https://link.exexe.com/click/"
}, {
"src": ["filter"],
"url": "https://link.exexe.com/click/"
}, {
"url": "https://static.exexe.com/",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://static.exexe.com/"
}, {
"url": "https://link.exexe.com/click/",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://link.exexe.com/"
}, {
"url": "https://link.exexe.com/click/",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://link.exexe.com/"
}, {
"url": "https://link.exexe.com/click/220032",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://link.exexe.com/click/22003287.127"
}, {
"src": ["filter"],
"url": "https://static.exexe.com/fonts/"
}, {
"url": "mailto:?subject=From exexe: 8. Election chills",
"src": ["filter"]
}, {
"url": "https://link.exexe.com/click/22003",
"src": ["filter"]
}, {
"url": "https://link.exexe.com/click/",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://static.exexe.com/fonts/gorditamedium-webfont.woff"
}],
"labeledMime": "text/html",
"isDeleted": false,
"isProtected": false,
"structureId": "0",
"labeledExt": "html",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sizeDecodedBytes": 74879,
"isVirtual": false,
"labeledName": "text.html",
"detectedCharset": "utf-8",
"disposition": "inline",
"detectedSizeBytes": 74879,
"detectedName": "text.html",
"labeledCharset": "utf-8",
"md5": "00000000000e80154787da0fd8499ecb"
}],
"pps": {
"agent": "m0197116.ppops.net",
"version": "8.15.0.371",
"cid": "CID"
},
"metadata": {
"origin": {
"data": {
"agent": "m0197116.ppops.net",
"version": "8.15.0.371",
"cid": "CID"
}
}
},
"envelope": {
"fromHashed": "827bbb621e4eb6f362bba78dcbb62ac1@mailer.exexe.com",
"from": "delivery_20201105065907.22003287.12735@mailer.exexe.com",
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["12bbc381763ab1c3247735c1fa75fefd@test.com"]
},
"guid": "w7huvQoQARIuW9b76VulX06gmyraEype",
"msg": {
"parsedAddresses": {
"to": ["sanitized@sanitized.com"],
"fromHashed": ["18126e7bd3f84b3f3e4df094def5b7de@exexe.com"],
"from": ["sanitized@sanitized.com"],
"toHashed": ["12bbc381763ab1c3247735c1fa75fefd@test.com"]
},
"header": {
"toHashed": ["12bbc381763ab1c3247735c1fa75fefd@test.com"],
"message-id": ["<20201105065907.22003287.12735@sailthru.com>"],
"x-mailer": ["sailthru.com"],
"from": ["Mike Mike <sanitized@sanitized.com>"],
"fromHashed": ["f867e6da20bd4f1871b19f1010ada05c@exexe.com"],
"to": ["sanitized@sanitized.com"],
"subject": ["subject"]
},
"lang": "en",
"normalizedHeader": {
"subject": ["Axe winners"],
"to": ["sanitized@sanitized.com"],
"from": ["Mike Mike <sanitized@sanitized.com>"],
"fromHashed": ["f867e6da20bd4f1871b19f1010ada05c@exexe.com"],
"toHashed": ["12bbc381763ab1c3247735c1fa75fefd@test.com"],
"x-mailer": ["sailthru.com"],
"message-id": ["20201105065907.22003287.12735@sailthru.com"]
},
"sizeBytes": 83033
},
"filter": {
"actions": [{
"isFinal": true,
"action": "continue",
"rule": "pass",
"module": "pdr"
}, {
"module": "spf",
"rule": "pass",
"action": "continue"
}, {
"module": "av",
"action": "add-header",
"rule": "clean"
}, {
"rule": "clean",
"action": "continue",
"module": "av"
}, {
"module": "dmarc",
"action": "continue",
"rule": "pass"
}, {
"action": "add-header",
"rule": "safe",
"module": "spam"
}],
"routes": ["Verified_Recipients", "default_inbound"],
"suborgs": {
"rcpts": ["0"],
"sender": "0"
},
"disposition": "continue",
"durationSecs": 0.611946,
"qid": "0A5BrnlK014821",
"isMsgEncrypted": false,
"routeDirection": "inbound",
"isMsgReinjected": false,
"verified": {
"rcptsHashed": ["12bbc381763ab1c3247735c1fa75fefd@test.com"],
"rcpts": ["sanitized@sanitized.com"]
},
"msgSizeBytes": 85138,
"modules": {
"zerohour": {
"score": "unknown"
},
"pdr": {
"v2": {
"response": "pass"
}
},
"dkimv": [{
"domain": "exexe.com",
"result": "pass",
"selector": "sailthru"
}],
"spam": {
"scores": {
"classifiers": {
"phish": 0,
"suspect": 4,
"lowpriority": 99,
"mlx": 0,
"bulk": 99,
"mlxlog": 999,
"malware": 0,
"spam": 0,
"adult": 0,
"impostor": 0
},
"engine": 0,
"overall": 0
},
"safeBlockedListMatches": [{
"matchingField": {
"type": "msg.header.from",
"value": "sanitized@sanitized.com"
},
"listType": "safe",
"rule": "safe",
"list": {
"owner": "sanitized@sanitized.com",
"ownerType": "user",
"entry": "sanitized@sanitized.com"
},
"rcpts": ["sanitized@sanitized.com"]
}],
"charsets": ["UTF-8"],
"triggeredClassifier": "safe",
"version": {
"engine": "8.12.0-2009150000",
"definitions": "main-2011050082"
},
"langs": ["en", "pt", "es", "jp", "fr", "dk", "ro", "no"]
},
"dmarc": {
"records": [{
"record": "v=DMARC1; p=none; rua=mailto:sanitized@sanitized.com; ruf=mailto:sanitized@sanitized.com;",
"query": "_dmarc.exexe.com"
}],
"filterdResult": "pass",
"authResults": [{
"reason": "",
"emailIdentities": {
"smtp.mailfrom": "delivery_287.12735@mailer.exexe.com",
"smtp.mailfromHashed": "827bbb621e4eb6f362bba78dcbb62ac1@mailer.exexe.com"
},
"method": "spf",
"result": "pass"
}, {
"propspec": {
"header.s": "sailthru",
"header.d": "exexe.com"
},
"result": "pass",
"method": "dkim",
"reason": ""
}, {
"method": "dmarc",
"result": "pass",
"reason": "",
"emailIdentities": {
"header.from": "exexe.com"
}
}],
"alignment": [{
"results": [{
"identityOrg": "exexe.com",
"method": "spf",
"result": "relaxed",
"identity": "mailer.exexe.com"
}, {
"identityOrg": "exexe.com",
"method": "dkim",
"result": "strict",
"identity": "exexe.com"
}],
"fromDomain": "exexe.com"
}],
"srvid": "ppops.net"
},
"spf": {
"result": "pass",
"domain": "mailer.exexe.com"
}
},
"quarantine": {
"folder": "",
"rule": ""
},
"startTime": "2020-11-05T12:59:08.838520+0100"
},
"event_type": "message"
}, {
"connection": {
"protocol": "smtp:smtp",
"resolveStatus": "ok",
"host": "smtpbgsg2.qq.com",
"sid": "34h0582h9a",
"tls": {
"inbound": {
"version": "TLSv1.2",
"cipher": "ECDHE-RSA-AES256-GCM-SHA384",
"cipherBits": 256
}
},
"country": "us",
"helo": "smtpbgsg2.qq.com",
"ip": "99.254.200.128"
},
"ts": "2020-11-05T12:59:04.431600+0100",
"msgParts": [{
"urls": [],
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"labeledMime": "text/plain",
"isDeleted": false,
"structureId": "0",
"isProtected": false,
"labeledExt": "txt",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sizeDecodedBytes": 112860,
"isVirtual": false,
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"detectedMime": "text/plain",
"isCorrupted": false,
"metadata": {},
"isTimedOut": false,
"isArchive": false,
"detectedExt": "TXT",
"labeledCharset": "utf-8",
"md5": "00000000000e80154787da0fd8499ecb",
"labeledName": "text.txt",
"disposition": "inline",
"detectedCharset": "utf-8",
"detectedSizeBytes": 112860,
"detectedName": "text.txt"
}, {
"isCorrupted": false,
"detectedMime": "text/html",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"detectedExt": "TXT",
"isArchive": false,
"isTimedOut": false,
"metadata": {},
"labeledMime": "text/html",
"isDeleted": false,
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"urls": [{
"url": "https://exmail.qq.com/cgi-bin/setting_qrcode_card",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://exmail.qq.com/cgi-bin/setti"
}, {
"url": "mailto:sanitized@sanitized.com",
"src": ["filter"]
}],
"sizeDecodedBytes": 301172,
"isVirtual": false,
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"labeledExt": "html",
"structureId": "0",
"isProtected": false,
"disposition": "inline",
"detectedCharset": "utf-8",
"labeledName": "text.html",
"detectedName": "text.html",
"detectedSizeBytes": 301172,
"labeledCharset": "utf-8",
"md5": "00000000000e80154787da0fd8499ecb"
}, {
"labeledCharset": "utf-8",
"md5": "00000000000e80154787da0fd8499ecb",
"labeledName": "vendor.xlsx",
"disposition": "attached",
"detectedCharset": "",
"detectedSizeBytes": 365365,
"detectedName": "vendor.xlsx",
"urls": [],
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"isDeleted": false,
"labeledMime": "application/octet-stream",
"structureId": "0",
"isProtected": false,
"labeledExt": "xlsx",
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sizeDecodedBytes": 365365,
"isVirtual": false,
"detectedMime": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isCorrupted": false,
"metadata": {
"codepage": 65001,
"linksdirty": 0,
"appname": "Microsoft Excel",
"appversion": "16.0300",
"titlesofparts": "8.8\u51fa\u52e4;Day \u51fa\u52e4\u8ddf\u8e2a",
"hyperlinkschanged": 0,
"scalecrop": 0,
"security": 0,
"author": "Author",
"shareddoc": 0,
"headingpairs": "Worksheets;57",
"lastauthor": "Author"
},
"isTimedOut": false,
"isArchive": false,
"detectedExt": "XLSX"
}],
"pps": {
"cid": "CID",
"version": "8.15.0.371",
"agent": "m0197116.ppops.net"
},
"metadata": {
"origin": {
"data": {
"cid": "CID",
"version": "8.15.0.371",
"agent": "m0197116.ppops.net"
}
}
},
"filter": {
"routeDirection": "inbound",
"isMsgReinjected": false,
"verified": {
"rcptsHashed": ["ac89ba4cc75739f8ac258a27857492e8@testgroup.com"],
"rcpts": ["sanitized@sanitized.com"]
},
"msgSizeBytes": 1074732,
"modules": {
"zerohour": {
"score": "unknown"
},
"spam": {
"langs": ["en", "zh", "jp", "pt", "no", "es"],
"version": {
"engine": "8.12.0-2009150000",
"definitions": "main-2011050082"
},
"charsets": ["UTF-8"],
"scores": {
"classifiers": {
"malware": 0,
"spam": 0,
"adult": 0,
"impostor": 0,
"phish": 0,
"suspect": 0,
"bulk": 0,
"mlx": 0,
"lowpriority": 0,
"mlxlog": 999
},
"overall": 0,
"engine": 0
}
},
"spf": {
"result": "pass",
"domain": "mmm.net"
},
"dmarc": {
"srvid": "ppops.net",
"authResults": [{
"emailIdentities": {
"smtp.mailfromHashed": "05ecaedeeb3beda9c255ce02a7adc6ed@mmm.net",
"smtp.mailfrom": "sanitized@sanitized.com"
},
"reason": "",
"result": "pass",
"method": "spf"
}, {
"reason": "",
"result": "none",
"method": "dmarc"
}],
"filterdResult": "none"
},
"pdr": {
"v2": {
"response": "pass"
}
}
},
"quarantine": {
"rule": "",
"folder": ""
},
"startTime": "2020-11-05T12:59:04.431600+0100",
"actions": [{
"module": "pdr",
"action": "continue",
"rule": "pass",
"isFinal": true
}, {
"module": "spf",
"action": "continue",
"rule": "pass"
}, {
"module": "av",
"action": "add-header",
"rule": "clean"
}, {
"action": "continue",
"rule": "clean",
"module": "av"
}, {
"module": "dmarc",
"rule": "norecord",
"action": "continue"
}, {
"rule": "notspam",
"action": "add-header",
"module": "spam"
}],
"routes": ["Verified_Recipients", "default_inbound"],
"disposition": "continue",
"suborgs": {
"sender": "0",
"rcpts": ["0"]
},
"qid": "0A5BroXa014896",
"durationSecs": 2.755049,
"isMsgEncrypted": false
},
"envelope": {
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["ac89ba4cc75739f8ac258a27857492e8@testgroup.com"],
"from": "sanitized@sanitized.com",
"fromHashed": "05ecaedeeb3beda9c255ce02a7adc6ed@mmm.net"
},
"msg": {
"header": {
"toHashed": ["0de5ef08bee26a90cbb410ad01125688@mmm.net>, \"=?utf-8?B?5byg6ZSQ?=\" <ruizhang1"],
"from": ["\"=?utf-8?B?6Zia6ZOO?=\" <sanitized@sanitized.com>"],
"fromHashed": ["d1cfb6d1afcc97dcf52460d44932d835@mmm.net"],
"x-originating-ip": ["202.111.242.215"],
"message-id": ["<sanitized@sanitized.com>"],
"x-mailer": ["QQMail 2.x"],
"subject": ["=?ut8?B?6K+3?="],
"to": ["<sanitized@sanitized.com>"]
},
"parsedAddresses": {
"from": ["sanitized@sanitized.com"],
"fromHashed": ["05ecaedeeb3beda9c255ce02a7adc6ed@mmm.net"],
"to": ["sanitized@sanitized.com"],
"toHashed": ["bb20434d70c5d5edf77275b030161ae7@company.com"]
},
"lang": "und",
"normalizedHeader": {
"x-originating-ip": ["99.111.242.215"],
"message-id": ["sanitized@sanitized.com"],
"x-mailer": ["QQMail 2.x"],
"subject": ["Re:FW:7"],
"to": ["<sanitized@sanitized.com>"],
"toHashed": ["0004b7b07ede063f7fa018f2031620a0@mmm.net>"],
"fromHashed": ["00097fc0b7cd23829ba697b2e9bd6235@mmm.net"],
"from": ["<sanitized@sanitized.com>"]
},
"sizeBytes": 1073201
},
"guid": "sut7DUey1aNlxwCUX7gs_zX4T4BPJHSc",
"event_type": "message"
}, {
"metadata": {
"origin": {
"data": {
"version": "8.15.0.371",
"cid": "CID",
"agent": "m0197116.ppops.net"
}
}
},
"pps": {
"version": "8.15.0.371",
"cid": "CID",
"agent": "m0197116.ppops.net"
},
"msgParts": [{
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"sizeDecodedBytes": 450,
"isVirtual": false,
"isProtected": false,
"structureId": "0",
"labeledExt": "html",
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"urls": [{
"src": ["filter"],
"url": "https://refund2.com/dispute/detail.htm"
}],
"isDeleted": false,
"labeledMime": "text/html",
"isArchive": false,
"detectedExt": "TXT",
"metadata": {},
"isTimedOut": false,
"isCorrupted": false,
"detectedMime": "text/html",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"md5": "00000000000e80154787da0fd8499ecb",
"labeledCharset": "utf-8",
"detectedSizeBytes": 450,
"detectedName": "text.html",
"detectedCharset": "utf-8",
"disposition": "inline",
"labeledName": "text.html"
}],
"ts": "2020-11-05T12:59:10.685068+0100",
"connection": {
"protocol": "smtp:smtp",
"country": "cn",
"resolveStatus": "ok",
"host": "out209-221.dm.all.com",
"helo": "out209-221.dm.all.com",
"sid": "34h0582h9s",
"ip": "99.205.209.221"
},
"guid": "GsXivxd0DtnE0iezCwjx-frqXGaVn1Op",
"msg": {
"lang": "und",
"parsedAddresses": {
"toHashed": ["855f7e72e2f4c924b6547ffe932ab417@company.com"],
"from": ["service@mc.mail.com"],
"fromHashed": ["aaabf0d39951f3e6c3e8a7911df524c2@mc.mail.com"],
"to": ["sanitized@sanitized.com"]
},
"header": {
"fromHashed": ["abb44308fe91aab7f5a217f7b559436d@mc.mail.com"],
"from": ["=?utf-8?Q?= <service@mc.mail.com>"],
"subject": ["=?utf-8?B?5o2i6LSnSE55CG?="],
"to": ["sanitized@sanitized.com"],
"toHashed": ["855f7e72e2f4c924b6547ffe932ab417@company.com"],
"message-id": ["<2016323645.1176296.1604577549161@msg000.center.na61>"]
},
"sizeBytes": 1914,
"normalizedHeader": {
"message-id": ["2016323645.1176296.1604577549161@msg000.center.na61"],
"toHashed": ["855f7e72e2f4c924b6547ffe932ab417@company.com"],
"subject": ["\u6362\u8d27\u901a\u77e5\uff1a\u4e70\u5b406"],
"to": ["sanitized@sanitized.com"],
"from": ["<service@mc.mail.com>"],
"fromHashed": ["338798f259105d1dab5b78bc340ed99e@mc.mail.com"]
}
},
"envelope": {
"rcptsHashed": ["855f7e72e2f4c924b6547ffe932ab417@company.com"],
"rcpts": ["sanitized@sanitized.com"],
"from": "service@mc.mail.com",
"fromHashed": "aaabf0d39951f3e6c3e8a7911df524c2@mc.mail.com"
},
"filter": {
"modules": {
"pdr": {
"v2": {
"response": "pass"
}
},
"dkimv": [{
"result": "pass",
"selector": "s1024",
"domain": "com"
}],
"spam": {
"scores": {
"classifiers": {
"mlxlog": 540,
"lowpriority": 0,
"bulk": 0,
"mlx": 0,
"suspect": 0,
"phish": 0,
"adult": 0,
"impostor": 0,
"spam": 0,
"malware": 0
},
"engine": 0,
"overall": 0
},
"charsets": ["UTF-8"],
"version": {
"definitions": "main-2011050082",
"engine": "8.12.0-2009150000"
},
"langs": ["zh", "jp", "en"]
},
"spf": {
"domain": "mc.mail.com",
"result": "pass"
},
"dmarc": {
"srvid": "ppops.net",
"filterdResult": "pass",
"authResults": [{
"reason": "",
"emailIdentities": {
"smtp.mailfromHashed": "aaabf0d39951f3e6c3e8a7911df524c2@mc.mail.com",
"smtp.mailfrom": "service@mc.mail.com"
},
"result": "pass",
"method": "spf"
}, {
"result": "pass",
"method": "dkim",
"reason": "",
"propspec": {
"header.d": "com",
"header.s": "s1024"
}
}, {
"reason": "",
"emailIdentities": {
"header.from": "mc.mail.com"
},
"result": "pass",
"method": "dmarc"
}],
"alignment": [{
"fromDomain": "mc.mail.com",
"results": [{
"identity": "mc.mail.com",
"result": "strict",
"identityOrg": "com",
"method": "spf"
}, {
"identity": "com",
"identityOrg": "com",
"method": "dkim",
"result": "relaxed"
}]
}]
},
"zerohour": {
"score": "unknown"
}
},
"msgSizeBytes": 3467,
"quarantine": {
"folder": "",
"rule": ""
},
"verified": {
"rcptsHashed": ["855f7e72e2f4c924b6547ffe932ab417@company.com"],
"rcpts": ["sanitized@sanitized.com"]
},
"isMsgReinjected": false,
"routeDirection": "inbound",
"startTime": "2020-11-05T12:59:10.685068+0100",
"qid": "0A5BrjH8014336",
"durationSecs": 0.199705,
"suborgs": {
"sender": "0",
"rcpts": ["0"]
},
"routes": ["Verified_Recipients", "default_inbound"],
"disposition": "continue",
"actions": [{
"module": "pdr",
"rule": "pass",
"action": "continue",
"isFinal": true
}, {
"module": "spf",
"rule": "pass",
"action": "continue"
}, {
"action": "add-header",
"rule": "clean",
"module": "av"
}, {
"rule": "clean",
"action": "continue",
"module": "av"
}, {
"module": "dmarc",
"rule": "pass",
"action": "continue"
}, {
"rule": "notspam",
"action": "add-header",
"module": "spam"
}],
"isMsgEncrypted": false
},
"event_type": "message"
}, {
"pps": {
"cid": "CID",
"version": "8.15.0.371",
"agent": "m0197116.ppops.net"
},
"msgParts": [{
"labeledCharset": "utf-8",
"md5": "00000000000e80154787da0fd8499ecb",
"labeledName": "text.txt",
"disposition": "inline",
"detectedCharset": "utf-8",
"detectedName": "text.txt",
"detectedSizeBytes": 4909,
"labeledMime": "text/plain",
"isDeleted": false,
"urls": [{
"url": "https://prdt.iese.edu/emailPreference/e/epc/50",
"src": ["filter"]
}, {
"src": ["filter"],
"url": "https://prdt.iese.edu/e/501101/sales-manag"
}, {
"src": ["filter"],
"url": "https://prdt.iese.edu/preferencePa"
}, {
"src": ["filter"],
"url": "https://prdt.iese.edu/personal.inter"
}],
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"labeledExt": "txt",
"isProtected": false,
"structureId": "0",
"sizeDecodedBytes": 4909,
"isVirtual": false,
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"detectedMime": "text/plain",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"isCorrupted": false,
"isTimedOut": false,
"metadata": {},
"detectedExt": "TXT",
"isArchive": false
}, {
"labeledCharset": "utf-8",
"md5": "00000000000e80154787da0fd8499ecb",
"labeledName": "text.html",
"detectedCharset": "utf-8",
"disposition": "inline",
"detectedName": "text.html",
"detectedSizeBytes": 45313,
"labeledMime": "text/html",
"isDeleted": false,
"sha256": "0000000000b126f3f918f5f77e61cee48153c6b57c643c877fcc6003e8e33ded",
"urls": [{
"url": "https://prdt.iese.edu/emailPreferenc",
"src": ["filter"]
}, {
"url": "https://prdt.iese.edu/e/501101/pr",
"src": ["filter"]
}, {
"url": "https://oha000lu.emltrk.com/v2",
"src": ["filter"]
}],
"labeledExt": "html",
"isProtected": false,
"structureId": "0",
"sizeDecodedBytes": 45313,
"isVirtual": false,
"textExtracted": "00000EFSKDB4N2ZlNzA1MzU1MzMwKQ==\n",
"dataBase64": "0000000000000N2ZlNmU5jI3OGI4KQ==\n",
"detectedMime": "text/html",
"isCorrupted": false,
"isTimedOut": false,
"metadata": {
"viewport": "width=device-width,initial-scale=1",
"x-ua-compatible": "IE=edge"
},
"detectedExt": "HTML",
"isArchive": false
}],
"metadata": {
"origin": {
"data": {
"cid": "CID",
"version": "8.15.0.371",
"agent": "m0197116.ppops.net"
}
}
},
"connection": {
"helo": "fh220.mc.pd25.com",
"ip": "99.111.53.220",
"country": "us",
"sid": "34h0582h9t",
"tls": {
"inbound": {
"cipher": "ECDHE-RSA-AES256-GCM-SHA384",
"cipherBits": 256,
"version": "TLSv1.2"
}
},
"protocol": "smtp:smtp",
"resolveStatus": "ok",
"host": "fh220.mc.pd25.com"
},
"ts": "2020-11-05T12:59:11.694301+0100",
"filter": {
"routeDirection": "inbound",
"isMsgReinjected": false,
"verified": {
"rcptsHashed": ["ebd7460157a5a08bcf13135e9a14a8cd@company-group.com"],
"rcpts": ["juan@company-group.com"]
},
"modules": {
"zerohour": {
"score": "unknown"
},
"spf": {
"domain": "bounce.s10.mc.pd25.com",
"result": "pass"
},
"dmarc": {
"srvid": "ppops.net",
"filterdResult": "none",
"authResults": [{
"result": "pass",
"method": "spf",
"emailIdentities": {
"smtp.mailfrom": "bounce-5252_HTML-29@bounce.s10.mc.pd25.com",
"smtp.mailfromHashed": "b0c98439c30d549af3c88c4be730ed37@bounce.s10.mc.pd25.com"
},
"reason": ""
}, {
"propspec": {
"header.s": "200608",
"header.d": "global.edu"
},
"reason": "",
"result": "pass",
"method": "dkim"
}, {
"method": "dmarc",
"result": "none",
"reason": ""
}]
},
"dkimv": [{
"domain": "global.edu",
"result": "pass",
"selector": "200608"
}],
"spam": {
"triggeredClassifier": "safe",
"scores": {
"classifiers": {
"malware": 0,
"impostor": 0,
"adult": 0,
"spam": 0,
"suspect": 41,
"phish": 0,
"mlxlog": 999,
"lowpriority": 100,
"mlx": 0,
"bulk": 100
},
"overall": 0,
"engine": 0
},
"safeBlockedListMatches": [{
"rcpts": ["juan@company-group.com"],
"listType": "safe",
"list": {
"ownerType": "user",
"owner": "juan@company-group.com",
"entry": "sanitized@sanitized.com"
},
"rule": "safe",
"matchingField": {
"value": "sanitized@sanitized.com",
"type": "msg.header.from"
}
}],
"langs": ["en", "pt", "es", "ro", "fr"],
"version": {
"engine": "8.12.0-2009150000",
"definitions": "main-2011050082"
}
},
"pdr": {
"v2": {
"response": "pass"
}
}
},
"msgSizeBytes": 64437,
"quarantine": {
"rule": "",
"folder": ""
},
"startTime": "2020-11-05T12:59:11.694301+0100",
"actions": [{
"module": "pdr",
"rule": "pass",
"action": "continue",
"isFinal": true
}, {
"module": "spf",
"rule": "pass",
"action": "continue"
}, {
"module": "av",
"rule": "clean",
"action": "add-header"
}, {
"module": "av",
"rule": "clean",
"action": "continue"
}, {
"action": "continue",
"rule": "norecord",
"module": "dmarc"
}, {
"module": "spam",
"action": "add-header",
"rule": "safe"
}],
"routes": ["Verified_Recipients", "default_inbound"],
"suborgs": {
"rcpts": ["0"],
"sender": "0"
},
"disposition": "continue",
"qid": "0A5Brjhl014418",
"durationSecs": 0.39598,
"isMsgEncrypted": false
},
"msg": {
"header": {
"from": ["Programs <sanitized@sanitized.com>"],
"fromHashed": ["122fe4b290aafa15487849ae8386c4b1@global.edu"],
"toHashed": ["ebd7460157a5a08bcf13135e9a14a8cd@company-group.com"],
"subject": ["Global Program"],
"to": ["juan@company-group.com"],
"reply-toHashed": ["3a57238a52530dd77cbc7b7dc60c69f0@iese.edu"],
"reply-to": ["sanitized@sanitized.com"],
"message-id": ["<b24e998f-ec3b-468b-bc42-6ec860c75e22@dfw1s10mta49.xt.local>"]
},
"parsedAddresses": {
"toHashed": ["ebd7460157a5a08bcf13135e9a14a8cd@company-group.com"],
"from": ["sanitized@sanitized.com"],
"fromHashed": ["75cf98be3d7af2fb6f43e6353ea0afa5@global.edu"],
"to": ["juan@company-group.com"]
},
"lang": "fr",
"normalizedHeader": {
"fromHashed": ["122fe4b290aafa15487849ae8386c4b1@global.edu"],
"from": ["Programs <sanitized@sanitized.com>"],
"toHashed": ["ebd7460157a5a08bcf13135e9a14a8cd@company-group.com"],
"to": ["juan@company-group.com"],
"subject": ["Global Program"],
"reply-toHashed": ["3a57238a52530dd77cbc7b7dc60c69f0@iese.edu"],
"reply-to": ["sanitized@sanitized.com"],
"message-id": ["b24e998f-ec3b-468b-bc42-6ec860c75e22@dfw1s10mta49.xt.local"]
},
"sizeBytes": 62483
},
"guid": "4-r7jfypgJjlnITehgiPmxL4eWKxRQJP",
"envelope": {
"from": "bounce-5252_html@bounce.s10.mc.pd25.com",
"fromHashed": "b0c98439c30d549af3c88c4be730ed37@bounce.s10.mc.pd25.com",
"rcpts": ["juan@company-group.com"],
"rcptsHashed": ["ebd7460157a5a08bcf13135e9a14a8cd@company-group.com"]
},
"event_type": "message"
}]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку