{"report_id":"0a80eab9-0d2a-4377-b418-e70a376f7563","version":6,"status":"done","tags":[],"date":"2025-10-06T23:52:22Z","url":{"schema":"http","addr":"email.awscloud.com/dc/sRhgdM26bquWWERQj_H99lCavgYp1xy4_-5c9n1WxRAg-Iit3iVTUYZUZlQmzz1BTdI04NvsSqvrTM6rSnQGNK7Z_G6-zH4bcFNO__1cW3sR2fHvWJSFYYkrGAE7OiAzdXU2HS6GzO0lk55r5-Y9ZF7Ba6jr8V1KdMwpV5cxzKqCQaEsK7VOSxzLV42p9AFb6CbB-MEO8yorV7vjG_C2Ht2cdOR-KQKNKCJ6PA1B1vL7GDdlL3pnuzikjHJdiPeFcYyzBg1fqJAjpU5IytnjRpjyj1yCEh6wmdh01rPwPn4pDvjL3OwZqfF2aHdDNsEeyhA1O4qKFpGB2lsOFIsCchr-OScyPodbNhqx3ulj0GQ=/MTEyLVRaTS03NjYAAAGdWN1Rwbsf4WXd3vHkLnnk54t_4F03Q7eHl3vUqH0GF-b0YLe0ykje2CMALQWO2EEhiQsBGFY=.","fqdn":"email.awscloud.com","domain":"awscloud.com","tld":"com"},"ip":{"addr":"104.17.71.206","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"email.awscloud.com/dc/sRhgdM26bquWWERQj_H99lCavgYp1xy4_-5c9n1WxRAg-Iit3iVTUYZUZlQmzz1BTdI04NvsSqvrTM6rSnQGNK7Z_G6-zH4bcFNO__1cW3sR2fHvWJSFYYkrGAE7OiAzdXU2HS6GzO0lk55r5-Y9ZF7Ba6jr8V1KdMwpV5cxzKqCQaEsK7VOSxzLV42p9AFb6CbB-MEO8yorV7vjG_C2Ht2cdOR-KQKNKCJ6PA1B1vL7GDdlL3pnuzikjHJdiPeFcYyzBg1fqJAjpU5IytnjRpjyj1yCEh6wmdh01rPwPn4pDvjL3OwZqfF2aHdDNsEeyhA1O4qKFpGB2lsOFIsCchr-OScyPodbNhqx3ulj0GQ=/MTEyLVRaTS03NjYAAAGdWN1Rwbsf4WXd3vHkLnnk54t_4F03Q7eHl3vUqH0GF-b0YLe0ykje2CMALQWO2EEhiQsBGFY=.","fqdn":"email.awscloud.com","domain":"awscloud.com","tld":"com"},"title":"404 - Page not found"},"submit":{"url":{"schema":"http","addr":"email.awscloud.com/dc/sRhgdM26bquWWERQj_H99lCavgYp1xy4_-5c9n1WxRAg-Iit3iVTUYZUZlQmzz1BTdI04NvsSqvrTM6rSnQGNK7Z_G6-zH4bcFNO__1cW3sR2fHvWJSFYYkrGAE7OiAzdXU2HS6GzO0lk55r5-Y9ZF7Ba6jr8V1KdMwpV5cxzKqCQaEsK7VOSxzLV42p9AFb6CbB-MEO8yorV7vjG_C2Ht2cdOR-KQKNKCJ6PA1B1vL7GDdlL3pnuzikjHJdiPeFcYyzBg1fqJAjpU5IytnjRpjyj1yCEh6wmdh01rPwPn4pDvjL3OwZqfF2aHdDNsEeyhA1O4qKFpGB2lsOFIsCchr-OScyPodbNhqx3ulj0GQ=/MTEyLVRaTS03NjYAAAGdWN1Rwbsf4WXd3vHkLnnk54t_4F03Q7eHl3vUqH0GF-b0YLe0ykje2CMALQWO2EEhiQsBGFY=.","fqdn":"email.awscloud.com","domain":"awscloud.com","tld":"com"},"ip":{"addr":"104.17.71.206","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-10T23:52:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-06","alert":"Sinkholed","trigger":"email.awscloud.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"email.awscloud.com","ip":{"addr":"104.17.73.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2008-09-18","domain_rank":1730189,"first_seen":"2017-01-30T17:37:24Z","last_seen":"2025-10-02T18:43:31.685125Z","alert_count":2,"request_count":2,"received_data":1818,"sent_data":1579,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"email.awscloud.com/dc/sRhgdM26bquWWERQj_H99lCavgYp1xy4_-5c9n1WxRAg-Iit3iVTUYZUZlQmzz1BTdI04NvsSqvrTM6rSnQGNK7Z_G6-zH4bcFNO__1cW3sR2fHvWJSFYYkrGAE7OiAzdXU2HS6GzO0lk55r5-Y9ZF7Ba6jr8V1KdMwpV5cxzKqCQaEsK7VOSxzLV42p9AFb6CbB-MEO8yorV7vjG_C2Ht2cdOR-KQKNKCJ6PA1B1vL7GDdlL3pnuzikjHJdiPeFcYyzBg1fqJAjpU5IytnjRpjyj1yCEh6wmdh01rPwPn4pDvjL3OwZqfF2aHdDNsEeyhA1O4qKFpGB2lsOFIsCchr-OScyPodbNhqx3ulj0GQ=/MTEyLVRaTS03NjYAAAGdWN1Rwbsf4WXd3vHkLnnk54t_4F03Q7eHl3vUqH0GF-b0YLe0ykje2CMALQWO2EEhiQsBGFY=.","fqdn":"email.awscloud.com","domain":"awscloud.com","tld":"com"},"ip":{"addr":"104.17.73.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"814b8e6d4d32c92f5ec80270279dc4f4","sha1":"ad337d2d41ba8714f45c8f80cfc9dea2d9b133b7","sha256":"27e63897ec9fc57778718cc7f4b8575121d26fbcd9bb66e075d7c2ba655924ca","sha512":"0933a561951979714f8d5d8fc9167dfafb063153e53d89b34413d6a7087aa60efcf387ebc159a2ff9ea2ea83107ee73975877a8f76a8f09cc35cc2bf3bedde37","ssdeep":"","tlshash":"559002902257665163051221512185509869c224e8662f75500f4900014040c4255a04","size":45,"data":"","first_seen":"2023-09-22T06:19:52Z","last_seen":"2026-05-07T15:19:55.968051Z","times_seen":1055,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"07c0a9eda5f240cb633ed5f75fa7bcb3","sha1":"ff0edd630f6d40e333af749733cf3ae1aec33e0e","sha256":"c2f5a45dfca9f05686d4e5016691263c405e8147445ed46d26157ee6fca34065","sha512":"df641e24d5053ac6b34afb3aa9fc4d4415f356a016c35080499fc6e0cacadf003ff8b467b87391c6f737e030f31487d3bc87c1bf6ef98fb2201d138f9bda5273","ssdeep":"","tlshash":"ac70008000c8088800cc0a20203000088022000080280abc3200000c202e8000c00eab","size":22,"data":"","first_seen":"2025-10-06T23:52:23.303502Z","last_seen":"2025-10-06T23:52:23.303502Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"email.awscloud.com/dc/sRhgdM26bquWWERQj_H99lCavgYp1xy4_-5c9n1WxRAg-Iit3iVTUYZUZlQmzz1BTdI04NvsSqvrTM6rSnQGNK7Z_G6-zH4bcFNO__1cW3sR2fHvWJSFYYkrGAE7OiAzdXU2HS6GzO0lk55r5-Y9ZF7Ba6jr8V1KdMwpV5cxzKqCQaEsK7VOSxzLV42p9AFb6CbB-MEO8yorV7vjG_C2Ht2cdOR-KQKNKCJ6PA1B1vL7GDdlL3pnuzikjHJdiPeFcYyzBg1fqJAjpU5IytnjRpjyj1yCEh6wmdh01rPwPn4pDvjL3OwZqfF2aHdDNsEeyhA1O4qKFpGB2lsOFIsCchr-OScyPodbNhqx3ulj0GQ=/MTEyLVRaTS03NjYAAAGdWN1Rwbsf4WXd3vHkLnnk54t_4F03Q7eHl3vUqH0GF-b0YLe0ykje2CMALQWO2EEhiQsBGFY=.","fqdn":"email.awscloud.com","domain":"awscloud.com","tld":"com"},"ip":{"addr":"104.17.73.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-06T23:51:59.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"email.awscloud.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Wed, 03 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:56:94:B1:B4:CD:E1:6A:36:E2:96:1F:DF:12:AA:B5:C6:EB:57:88","sha256":"BF:07:66:54:A3:02:6F:B3:42:A6:BC:34:59:92:9A:BA:9C:EA:2C:C5:96:76:A5:35:3B:6D:D0:87:8E:13:CF:B9"}}},"request":{"raw":"GET /dc/sRhgdM26bquWWERQj_H99lCavgYp1xy4_-5c9n1WxRAg-Iit3iVTUYZUZlQmzz1BTdI04NvsSqvrTM6rSnQGNK7Z_G6-zH4bcFNO__1cW3sR2fHvWJSFYYkrGAE7OiAzdXU2HS6GzO0lk55r5-Y9ZF7Ba6jr8V1KdMwpV5cxzKqCQaEsK7VOSxzLV42p9AFb6CbB-MEO8yorV7vjG_C2Ht2cdOR-KQKNKCJ6PA1B1vL7GDdlL3pnuzikjHJdiPeFcYyzBg1fqJAjpU5IytnjRpjyj1yCEh6wmdh01rPwPn4pDvjL3OwZqfF2aHdDNsEeyhA1O4qKFpGB2lsOFIsCchr-OScyPodbNhqx3ulj0GQ=/MTEyLVRaTS03NjYAAAGdWN1Rwbsf4WXd3vHkLnnk54t_4F03Q7eHl3vUqH0GF-b0YLe0ykje2CMALQWO2EEhiQsBGFY=. HTTP/1.1\r\nHost: email.awscloud.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Oct 2025 23:52:00 GMT\r\ncontent-type: text/html;charset=UTF-8\r\ncontent-encoding: gzip\r\nx-request-id: ebda3b490f8e98e0\r\ncache-control: private, no-cache, no-store, max-age=0\r\nreferrer-policy: strict-origin\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self'; img-src 'self';script-src 'self' 'sha256-J+Y4l+yfxXd4cYzH9LhXUSHSb7zZu2bgddfCumVZJMo=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self' 'sha256-OU0LTytxyR8kjQ+DRjRCDKhUAKEeH7rb0D5nBWOzRlQ='\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=sZovQlLIyLCTgcSTgkUOFLcUjTD7x.xvTNFlX_K3GZw-1759794720-1.0.1.1-OBcrwWHqWX22KSvd3ATnB4VfUCKBLsRCAOB2DuY1DOTM9UKMkrc7rQMOmMLBmEXg1qvOF_dQQ14mdHDo1LMaGtidmhRe76riB_v8INCLEo0; path=/; expires=Tue, 07-Oct-25 00:22:00 GMT; domain=.email.awscloud.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\ncf-ray: 98a911e75ed3b28a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":539,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (539), with no line terminators","md5":"673b9cdb679a0bbac7cce63908f7185e","sha1":"5ee0e2c134aa40e717d5041a22a86b824969ab8d","sha256":"56edc285313954f8dc540d7bcbf681062ca1902c29e7010fe9db9f8596497f6f","sha512":"04139cccf8a3e34cb6da8ed0ecbb48381eb331c0e8a6e8255f3ceefbdd4b16eba80cf899764ce2c9eea8f6ba38de324e06e39d144eff78f7da60dbd5e6ec6d79","ssdeep":"","tlshash":"55f0c06c2822510cf71335e372f1b36654998211dd97d8b9305fa560dbcec744723b99","first_seen":"2023-09-24T16:08:59Z","last_seen":"2026-05-07T15:19:55.9668Z","times_seen":883,"resource_available":true,"data":null}},"time_used":535,"timings":{"blocked":82,"dns":0,"connect":2,"send":0,"wait":372,"receive":0,"ssl":79},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-06","alert":"Sinkholed","trigger":"email.awscloud.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"email.awscloud.com/favicon.ico","fqdn":"email.awscloud.com","domain":"awscloud.com","tld":"com"},"ip":{"addr":"104.17.73.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://email.awscloud.com/dc/sRhgdM26bquWWERQj_H99lCavgYp1xy4_-5c9n1WxRAg-Iit3iVTUYZUZlQmzz1BTdI04NvsSqvrTM6rSnQGNK7Z_G6-zH4bcFNO__1cW3sR2fHvWJSFYYkrGAE7OiAzdXU2HS6GzO0lk55r5-Y9ZF7Ba6jr8V1KdMwpV5cxzKqCQaEsK7VOSxzLV42p9AFb6CbB-MEO8yorV7vjG_C2Ht2cdOR-KQKNKCJ6PA1B1vL7GDdlL3pnuzikjHJdiPeFcYyzBg1fqJAjpU5IytnjRpjyj1yCEh6wmdh01rPwPn4pDvjL3OwZqfF2aHdDNsEeyhA1O4qKFpGB2lsOFIsCchr-OScyPodbNhqx3ulj0GQ=/MTEyLVRaTS03NjYAAAGdWN1Rwbsf4WXd3vHkLnnk54t_4F03Q7eHl3vUqH0GF-b0YLe0ykje2CMALQWO2EEhiQsBGFY=.","date":"2025-10-06T23:52:00.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"email.awscloud.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Wed, 03 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:56:94:B1:B4:CD:E1:6A:36:E2:96:1F:DF:12:AA:B5:C6:EB:57:88","sha256":"BF:07:66:54:A3:02:6F:B3:42:A6:BC:34:59:92:9A:BA:9C:EA:2C:C5:96:76:A5:35:3B:6D:D0:87:8E:13:CF:B9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: email.awscloud.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://email.awscloud.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __cf_bm=sZovQlLIyLCTgcSTgkUOFLcUjTD7x.xvTNFlX_K3GZw-1759794720-1.0.1.1-OBcrwWHqWX22KSvd3ATnB4VfUCKBLsRCAOB2DuY1DOTM9UKMkrc7rQMOmMLBmEXg1qvOF_dQQ14mdHDo1LMaGtidmhRe76riB_v8INCLEo0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Oct 2025 23:52:00 GMT\r\ncf-ray: 98a911ea192bb28a-OSL\r\nx-request-id: 9e2fb17b56fdd559\r\nlast-modified: Mon, 06 Oct 2025 23:52:00 GMT\r\ncf-cache-status: EXPIRED\r\nexpires: Tue, 07 Oct 2025 03:52:00 GMT\r\ncache-control: public, max-age=14400\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T16:57:31.852553Z","times_seen":14796918,"resource_available":true,"data":null}},"time_used":364,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":364,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-06","alert":"Sinkholed","trigger":"email.awscloud.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}