{"report_id":"277de328-e7d9-48d6-82a9-8c87f50b0edf","version":6,"status":"done","tags":[],"date":"2025-11-13T14:41:53Z","url":{"schema":"http","addr":"americanexpress.bzcpd.cn","fqdn":"americanexpress.bzcpd.cn","domain":"bzcpd.cn","tld":"cn"},"ip":{"addr":"104.21.25.142","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"americanexpress.bzcpd.cn/","fqdn":"americanexpress.bzcpd.cn","domain":"bzcpd.cn","tld":"cn"},"title":"【重要】メンテナンスのお知らせ｜VJAグループ Vpass","dom":{"size":4926,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"4c23d573f986f40ce7e02a89e03e495d","sha1":"38758c253c453bc5d9aef4c654b9fdf4966f43ee","sha256":"de38a6a404019b1577a852e68cbea67111c0a4dca331cb8ed573175e962d16f0","sha512":"c9815adcad500c65213902bd1fa5e46ee68022f0e231deb4d86030a2af392b5c9927bded00b1f5649760222d57766537f40296975e6049ce8d80ff87f6b656fb","ssdeep":"96:XPhjIz/ohLBSOzIj8rXmhUVnvtMEye4XnN7zij:X5jIz/odo0TawM5e4XnNPi","tlshash":"c1a1939b27b71062bca3d1a827db538922019813e84bdc2976cce7044fe26a8d5975ed","dom_hash":"domhash4bc0a9c7faae083d01f0a52985a5b6dd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"americanexpress.bzcpd.cn","fqdn":"americanexpress.bzcpd.cn","domain":"bzcpd.cn","tld":"cn"},"ip":{"addr":"104.21.25.142","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-18T14:41:53Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-13","alert":"Phishing Block","trigger":"americanexpress.bzcpd.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"americanexpress.bzcpd.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"americanexpress.bzcpd.cn","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-20","domain_rank":0,"first_seen":"2025-11-13T14:41:53.745433Z","last_seen":"2025-11-13T14:41:53.745433Z","alert_count":4,"request_count":2,"received_data":6402,"sent_data":948,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"americanexpress.bzcpd.cn/","fqdn":"americanexpress.bzcpd.cn","domain":"bzcpd.cn","tld":"cn"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"588c86f21cbe2910ff5dbf1824140605","sha1":"bb7ea9806bccc742b9dd9ff6267e0c4a77669cb5","sha256":"f9d97166d551d87bb37082e5eed83dde8f8579ae5ade369060a798104e3d1386","sha512":"4f6fab6305888525580158f684818f9cce0e8a57b8a65ee10728a764a526152f4fd9bfc316eb34c1c6366743f925b2dc89207a2f5a65d71686fe6727a4ebef8e","ssdeep":"","tlshash":"8131f09733ba00a06997d1e69747976c21225063b8cfd29db74cfe001fd2a58d1bb8db","size":1739,"data":"","first_seen":"2025-10-31T16:05:41.693689Z","last_seen":"2025-11-16T13:04:41.228021Z","times_seen":82,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"americanexpress.bzcpd.cn/","fqdn":"americanexpress.bzcpd.cn","domain":"bzcpd.cn","tld":"cn"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-13T14:41:31.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bzcpd.cn","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 07:10:35 GMT","end":"Mon, 09 Feb 2026 08:09:23 GMT"},"fingerprint":{"sha1":"B5:EB:D3:2F:44:F6:85:83:6D:22:08:50:28:48:CD:B4:2E:EA:44:17","sha256":"67:5E:5B:86:B9:F8:76:0B:F7:71:12:02:9A:7E:97:B4:85:DE:6A:04:7D:B4:96:5D:2F:DB:55:5E:05:FD:CB:4B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: americanexpress.bzcpd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 13 Nov 2025 14:41:32 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 31 Oct 2025 11:41:31 GMT\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EZCMmRh%2FpqcR5uxtfbcYczj6FMy6wVofgvu6ErcW8JxTv1wx8Zu7A%2FAJUUjSyitaxAgG%2BJYxW%2F1RNI2ZgDc%2BigmbrwtUbnxtMVnIQFsU7Ao6B8keN3j%2FlQ%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 99df07cc3c9ab1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4869,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"8148b64cb3d174a57928734d685f7edb","sha1":"78d7c333102ee5c8684455168f5a0ce1d840e356","sha256":"6cd662616aaf94a7631f6562e9789584c9242f48e5f4162d072ce83fa2de4b5a","sha512":"82a9c57cecbdc38ccfc2afeaa18d46e065ffa725366c1d7f385efed3125887fc944181bfbb8d12c3110b7a20cc5a4705a4cbcef677465074b5e87ec018f2cb36","ssdeep":"96:rdPhjIz/ohLBSOzIj8rXm3FUVnvtMEye4XnN7ziH:x5jIz/odo0TOwM5e4XnNPK","tlshash":"f9a1a59a27b71062bce3d19827db538922019813e88bcd2976ccf6044fe26acd4971fd","first_seen":"2025-10-31T16:05:41.690155Z","last_seen":"2025-11-16T13:04:41.223168Z","times_seen":83,"resource_available":false,"data":null}},"time_used":644,"timings":{"blocked":41,"dns":22,"connect":1,"send":0,"wait":562,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-13","alert":"Phishing Block","trigger":"americanexpress.bzcpd.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"americanexpress.bzcpd.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"americanexpress.bzcpd.cn/favicon.ico","fqdn":"americanexpress.bzcpd.cn","domain":"bzcpd.cn","tld":"cn"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://americanexpress.bzcpd.cn/","date":"2025-11-13T14:41:32.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bzcpd.cn","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 07:10:35 GMT","end":"Mon, 09 Feb 2026 08:09:23 GMT"},"fingerprint":{"sha1":"B5:EB:D3:2F:44:F6:85:83:6D:22:08:50:28:48:CD:B4:2E:EA:44:17","sha256":"67:5E:5B:86:B9:F8:76:0B:F7:71:12:02:9A:7E:97:B4:85:DE:6A:04:7D:B4:96:5D:2F:DB:55:5E:05:FD:CB:4B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: americanexpress.bzcpd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://americanexpress.bzcpd.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Thu, 13 Nov 2025 14:41:33 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vZfI7J5mLL9FDW7VavZfn5OHGMG6w6%2BmDLiT%2F6Im7A0LEOC4WC9%2F3GO%2B8OiU3pv7Y8C0GrMG8L9x9sNWd%2F0Bs3e4915eXT9xPsF8e77NPgZgIZU%2BMxAgTw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 99df07d27a6f1ae6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":270,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"1ac5cac7f426d16daad8ffdc2df2ae2c","sha1":"c64abb7d9d6351272ac7df0d818b65371276a5de","sha256":"3703acfef3075a27bd8928c2260f4b0a4665c34ce289a0a19e242c589d4fdd81","sha512":"ee27100d668c28e62518cb1b37c2121ca5b3f80420cdc3d5935095719de751594c7f975020cd5b94eb1c3531c527e1bd8d84d34829558214f86e3258338f4fcd","ssdeep":"","tlshash":"42d02bad904323970812155039c121c2234812fa643945f87d85d4d7665857ecd9e18d","first_seen":"2025-11-13T14:41:55.130088Z","last_seen":"2025-11-13T14:41:55.130088Z","times_seen":1,"resource_available":false,"data":null}},"time_used":588,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":587,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-13","alert":"Phishing Block","trigger":"americanexpress.bzcpd.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"americanexpress.bzcpd.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}