{"report_id":"605cd610-2ed2-4043-9b49-6b7f1fa129cf","version":6,"status":"done","tags":["pdf"],"date":"2025-11-18T06:15:11Z","url":{"schema":"http","addr":"url4967.syw.io/ls/click?upn=u001.mseskB5F5UYiEGcF5-2B7daZi8CaIsQab1gjdF4SqBWlLaDz6yPJ1kNpiGpyZ2TL0XGNqM-2BCRO6NqbDFeVDyFMmDVuZX4XvtTXD3LMnIQmxLLnvPbUFCS9K5TCfE-2BAfpfI5a5rBThOr8BWXgYEk2b1mXDiRLoYLZ0lGpW4xjzSEHfqhhXO305sdT3iRwoJfy-2B6CXdi2ppZ22Nck5WRg0WlN0SccyPlZWMd3US3LVJSc4vc6qUE-2FdHoQ08jvROqYlxdkI-2FngjYEVfYRRKpjEzAawF1ay-2FQhz1KwxZBeACY4ymf2W2ArfEHOs9tzb2bWhtDon-2FmbztQGDiRp-2BkOWiRFnUDj2KfhWIYYPUes5ZygIR5SERndma9KppDFtvFrloudeUNVBRcsJ7LMc27EVfmo-2Brk-2BTUDWlLPyn4rkCA89cnej0IVLrRxIAOUUjHoJN-2FQ3wo6OMVxwNsReSFJiv8gcpu-2FD2dHyiDrMBLNFeacWlYjRB1bXNylzZHAyRg5VUZA3VgAHrjmBvJ70QvO3LuWw18A-3D-3Dzq4B_BzBG9r9ACZu3kY1kCesOqlniHSf7sWv-2F0HJ2vna2Jp8I2BrW-2B4i3WGp4ZffTsSYgPAlpnC0U5Bi-2Bdx8birQzMm985L4v6OAGGYz-2FYp3T5ZEDYaTqupJmo9yFUbVBeMTXbUcFaZ8ZfufMLuVP8zBYem9rPtyDuIU3U4nFEl6rcmRpucUoiYPKLU3PnuFE5ClFbSj9CkcCv-2FrKnj8-2BQjOca9PDIoumBCp9t0A5Dfpfyz4-3D","fqdn":"url4967.syw.io","domain":"syw.io","tld":"io"},"ip":{"addr":"104.21.52.129","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"www.opm.gov/forms/pdf_fill/sf182.pdf","fqdn":"www.opm.gov","domain":"opm.gov","tld":"gov"},"title":"Authorization, Agreement, and Certification of Training Form - sf182.pdf","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"url4967.syw.io/ls/click?upn=u001.mseskB5F5UYiEGcF5-2B7daZi8CaIsQab1gjdF4SqBWlLaDz6yPJ1kNpiGpyZ2TL0XGNqM-2BCRO6NqbDFeVDyFMmDVuZX4XvtTXD3LMnIQmxLLnvPbUFCS9K5TCfE-2BAfpfI5a5rBThOr8BWXgYEk2b1mXDiRLoYLZ0lGpW4xjzSEHfqhhXO305sdT3iRwoJfy-2B6CXdi2ppZ22Nck5WRg0WlN0SccyPlZWMd3US3LVJSc4vc6qUE-2FdHoQ08jvROqYlxdkI-2FngjYEVfYRRKpjEzAawF1ay-2FQhz1KwxZBeACY4ymf2W2ArfEHOs9tzb2bWhtDon-2FmbztQGDiRp-2BkOWiRFnUDj2KfhWIYYPUes5ZygIR5SERndma9KppDFtvFrloudeUNVBRcsJ7LMc27EVfmo-2Brk-2BTUDWlLPyn4rkCA89cnej0IVLrRxIAOUUjHoJN-2FQ3wo6OMVxwNsReSFJiv8gcpu-2FD2dHyiDrMBLNFeacWlYjRB1bXNylzZHAyRg5VUZA3VgAHrjmBvJ70QvO3LuWw18A-3D-3Dzq4B_BzBG9r9ACZu3kY1kCesOqlniHSf7sWv-2F0HJ2vna2Jp8I2BrW-2B4i3WGp4ZffTsSYgPAlpnC0U5Bi-2Bdx8birQzMm985L4v6OAGGYz-2FYp3T5ZEDYaTqupJmo9yFUbVBeMTXbUcFaZ8ZfufMLuVP8zBYem9rPtyDuIU3U4nFEl6rcmRpucUoiYPKLU3PnuFE5ClFbSj9CkcCv-2FrKnj8-2BQjOca9PDIoumBCp9t0A5Dfpfyz4-3D","fqdn":"url4967.syw.io","domain":"syw.io","tld":"io"},"ip":{"addr":"104.21.52.129","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-23T06:15:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"annarfineartacademy.ca","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"annarfineartacademy.ca","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"url4967.syw.io","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-04-08","domain_rank":0,"first_seen":"2025-11-17T21:21:39.750161Z","last_seen":"2025-11-17T21:21:39.750161Z","alert_count":0,"request_count":1,"received_data":270555,"sent_data":1322,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"shared.outlook.inky.com","ip":{"addr":"35.169.221.225","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"1996-08-29","domain_rank":598276,"first_seen":"2018-08-30T16:10:55Z","last_seen":"2025-11-12T07:25:49.700808Z","alert_count":0,"request_count":1,"received_data":270308,"sent_data":846,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]}]},{"fqdn":"annarfineartacademy.ca","ip":{"addr":"108.181.197.24","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"domain_registered":"2022-11-03","domain_rank":0,"first_seen":"2025-11-17T21:21:39.74833Z","last_seen":"2025-11-17T21:21:39.74833Z","alert_count":4,"request_count":2,"received_data":539746,"sent_data":989,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"www.opm.gov","ip":{"addr":"23.44.36.2","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"unknown","domain_rank":234990,"first_seen":"2012-05-30T14:03:29Z","last_seen":"2025-11-15T03:50:11.43208Z","alert_count":0,"request_count":2,"received_data":272092,"sent_data":932,"comment":"","tags":null,"fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"30957a186e6ac241f20a70630b421615","sha1":"fe72a5c0217557f1b596f63e023d80c1b2814052","sha256":"c47495016b15e1abecb568c066acbc2cdb8e1530784e41124276aca5f5c16e73","sha512":"5df57b0ccb9ad124586874316b2efb3d578b5ea0db16714c1a262c95ebefb51f4b43a57b0e8bf2203549520e57195ea293c8caa345c241fddfe56e65f1d155c4","magic":"PDF document, version 1.7 (zip deflate encoded)","size":269604,"url":{"schema":"https","addr":"www.opm.gov/forms/pdf_fill/sf182.pdf","fqdn":"www.opm.gov","domain":"opm.gov","tld":"gov"},"ip":{"addr":"23.44.36.2","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":[{"url":{"schema":"https","addr":"www.opm.gov/forms/pdf_fill/sf182.pdf","fqdn":"www.opm.gov","domain":"opm.gov","tld":"gov"},"ip":{"addr":"23.44.36.2","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"md5":"30957a186e6ac241f20a70630b421615","sha1":"fe72a5c0217557f1b596f63e023d80c1b2814052","sha256":"c47495016b15e1abecb568c066acbc2cdb8e1530784e41124276aca5f5c16e73","sha512":"5df57b0ccb9ad124586874316b2efb3d578b5ea0db16714c1a262c95ebefb51f4b43a57b0e8bf2203549520e57195ea293c8caa345c241fddfe56e65f1d155c4","magic":"PDF document, version 1.7 (zip deflate encoded)","size":269604,"meta":{"version":"1.7","author":"U.S. Office of Personnel Management","title":"Authorization, Agreement, and Certification of Training Form","subject":"Standard Form 182; Revised March 2020; All previous editions not usable.","producer":"Microsoft® Word for Office 365","creator":"Microsoft® Word for Office 365","page_count":9},"extracted_urls":null,"alerts":{"urlquery":null,"analyzer":null}}],"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"annarfineartacademy.ca/rss/","fqdn":"annarfineartacademy.ca","domain":"annarfineartacademy.ca","tld":"ca"},"ip":{"addr":"108.181.197.24","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-18T06:14:54.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.annarfineartacademy.ca","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Sep 2025 03:09:13 GMT","end":"Fri, 26 Dec 2025 03:09:12 GMT"},"fingerprint":{"sha1":"47:A3:53:82:37:05:B3:72:39:84:73:A4:D3:5B:6E:40:0C:A9:7E:43","sha256":"2A:2A:94:D9:8B:48:0D:1F:A7:F2:30:FD:9A:CE:CD:A2:7F:3C:4D:B3:AF:7F:ED:41:C4:46:85:34:E9:8C:83:20"}}},"request":{"raw":"GET /rss/ HTTP/1.1\r\nHost: annarfineartacademy.ca\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Tue, 18 Nov 2025 06:14:54 GMT\r\nServer: Apache\r\nCache-Control: no-store\r\nLocation: https://www.opm.gov/forms/pdf_fill/sf182.pdf\r\nContent-Length: 0\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":269604,"size_decoded":0,"mime_type":"application/pdf","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-24T17:07:59.023654Z","times_seen":15665480,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"annarfineartacademy.ca","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"annarfineartacademy.ca","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.opm.gov/forms/pdf_fill/sf182.pdf","fqdn":"www.opm.gov","domain":"opm.gov","tld":"gov"},"ip":{"addr":"23.44.36.2","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-18T06:14:54.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.opm.gov","organization":"Office of Personnel Management"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Thu, 19 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CA:E4:EA:92:1E:12:25:98:9E:23:C9:D8:7C:F7:39:03:1D:FE:CF:9B","sha256":"F6:7F:6D:20:56:B2:0B:17:E8:6B:A6:8E:92:BB:02:DA:B5:E3:CE:D8:B3:AC:FE:20:DC:1D:E9:9C:C6:FA:AF:F7"}}},"request":{"raw":"GET /forms/pdf_fill/sf182.pdf HTTP/1.1\r\nHost: www.opm.gov\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/pdf\r\nContent-Length: 269604\r\nAccess-Control-Expose-Headers: Request-Context\r\nRequest-Context: appId=cid-v1:7fefc9f6-3088-4872-bcf7-6c3fdd6536a8\r\nContent-Disposition: inline; filename=sf182.pdf\r\nx-azure-ref: 20251117T091413Z-15bb7ddf58c65fh6hC1EWRwtdg0000000sr0000000001bvd\r\nAccept-Ranges: bytes\r\nCache-Control: private, max-age=529158\r\nDate: Tue, 18 Nov 2025 06:14:55 GMT\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: www.opm.gov\r\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload\r\nx-frame-options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":269604,"size_decoded":0,"mime_type":"application/pdf","magic":"PDF document, version 1.7 (zip deflate encoded)","md5":"30957a186e6ac241f20a70630b421615","sha1":"fe72a5c0217557f1b596f63e023d80c1b2814052","sha256":"c47495016b15e1abecb568c066acbc2cdb8e1530784e41124276aca5f5c16e73","sha512":"5df57b0ccb9ad124586874316b2efb3d578b5ea0db16714c1a262c95ebefb51f4b43a57b0e8bf2203549520e57195ea293c8caa345c241fddfe56e65f1d155c4","ssdeep":"6144:flwsBPuGkdxIr1CmcX01BPXEHlC92iePsLFtYaZMtwKA5:Gstud6JCf2P0Hli7eP4rYamg5","tlshash":"4f44f1a8938becdc50b14994b70c4667c28fd6e76ed8241f7a4c45d28782fc798ab3d1","first_seen":"2025-11-17T21:21:45.528341Z","last_seen":"2025-11-26T21:51:45.286364Z","times_seen":15,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":155,"dns":143,"connect":1,"send":0,"wait":11,"receive":9,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.opm.gov/favicon.ico","fqdn":"www.opm.gov","domain":"opm.gov","tld":"gov"},"ip":{"addr":"23.44.36.2","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"resource://pdf.js/web/viewer.html","date":"2025-11-18T06:14:55.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.opm.gov","organization":"Office of Personnel Management"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 29 Aug 2025 00:00:00 GMT","end":"Thu, 19 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CA:E4:EA:92:1E:12:25:98:9E:23:C9:D8:7C:F7:39:03:1D:FE:CF:9B","sha256":"F6:7F:6D:20:56:B2:0B:17:E8:6B:A6:8E:92:BB:02:DA:B5:E3:CE:D8:B3:AC:FE:20:DC:1D:E9:9C:C6:FA:AF:F7"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.opm.gov\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.opm.gov/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Type: image/x-icon\r\nETag: \"355914f783ed6c7e592eedf0c438de3b:1436181638\"\r\nLast-Modified: Mon, 06 Jul 2015 11:20:38 GMT\r\nContent-Length: 1406\r\nCache-Control: max-age=604800\r\nDate: Tue, 18 Nov 2025 06:14:55 GMT\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: www.opm.gov\r\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload\r\nx-frame-options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"355914f783ed6c7e592eedf0c438de3b","sha1":"46027bc44c0ec1178b24aaf77fcb6ac8885989e5","sha256":"cfd966c2097ab728370c8e66b884b27a1b30aac65183fc761596d8bb7dbc6332","sha512":"49d2f7aba012089913ebccc64af1ae4e08ae9a3f0d2d002f68865a7b47f3cbd83dc087a0ec7c8484b4c32929d8d0a915988777ea3d3d1d558934a529fe5b584c","ssdeep":"","tlshash":"b321f8532b288abffcdb963cc298213002c9e00a9020a730a14600cacc450b7bef9b24","first_seen":"2023-12-22T18:30:53Z","last_seen":"2026-05-12T20:12:33.942326Z","times_seen":45,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"url4967.syw.io/ls/click?upn=u001.mseskB5F5UYiEGcF5-2B7daZi8CaIsQab1gjdF4SqBWlLaDz6yPJ1kNpiGpyZ2TL0XGNqM-2BCRO6NqbDFeVDyFMmDVuZX4XvtTXD3LMnIQmxLLnvPbUFCS9K5TCfE-2BAfpfI5a5rBThOr8BWXgYEk2b1mXDiRLoYLZ0lGpW4xjzSEHfqhhXO305sdT3iRwoJfy-2B6CXdi2ppZ22Nck5WRg0WlN0SccyPlZWMd3US3LVJSc4vc6qUE-2FdHoQ08jvROqYlxdkI-2FngjYEVfYRRKpjEzAawF1ay-2FQhz1KwxZBeACY4ymf2W2ArfEHOs9tzb2bWhtDon-2FmbztQGDiRp-2BkOWiRFnUDj2KfhWIYYPUes5ZygIR5SERndma9KppDFtvFrloudeUNVBRcsJ7LMc27EVfmo-2Brk-2BTUDWlLPyn4rkCA89cnej0IVLrRxIAOUUjHoJN-2FQ3wo6OMVxwNsReSFJiv8gcpu-2FD2dHyiDrMBLNFeacWlYjRB1bXNylzZHAyRg5VUZA3VgAHrjmBvJ70QvO3LuWw18A-3D-3Dzq4B_BzBG9r9ACZu3kY1kCesOqlniHSf7sWv-2F0HJ2vna2Jp8I2BrW-2B4i3WGp4ZffTsSYgPAlpnC0U5Bi-2Bdx8birQzMm985L4v6OAGGYz-2FYp3T5ZEDYaTqupJmo9yFUbVBeMTXbUcFaZ8ZfufMLuVP8zBYem9rPtyDuIU3U4nFEl6rcmRpucUoiYPKLU3PnuFE5ClFbSj9CkcCv-2FrKnj8-2BQjOca9PDIoumBCp9t0A5Dfpfyz4-3D","fqdn":"url4967.syw.io","domain":"syw.io","tld":"io"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-18T06:14:49.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"syw.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 07 Oct 2025 17:48:16 GMT","end":"Mon, 05 Jan 2026 18:46:51 GMT"},"fingerprint":{"sha1":"B9:E4:31:09:C4:41:36:70:13:AC:A0:2D:7E:69:C3:F9:F2:11:79:60","sha256":"F0:CE:29:A6:F7:54:97:C8:89:6D:09:E6:53:B8:52:B6:EB:06:B8:D0:60:9C:42:4B:5C:96:3C:24:E3:94:A8:52"}}},"request":{"raw":"GET /ls/click?upn=u001.mseskB5F5UYiEGcF5-2B7daZi8CaIsQab1gjdF4SqBWlLaDz6yPJ1kNpiGpyZ2TL0XGNqM-2BCRO6NqbDFeVDyFMmDVuZX4XvtTXD3LMnIQmxLLnvPbUFCS9K5TCfE-2BAfpfI5a5rBThOr8BWXgYEk2b1mXDiRLoYLZ0lGpW4xjzSEHfqhhXO305sdT3iRwoJfy-2B6CXdi2ppZ22Nck5WRg0WlN0SccyPlZWMd3US3LVJSc4vc6qUE-2FdHoQ08jvROqYlxdkI-2FngjYEVfYRRKpjEzAawF1ay-2FQhz1KwxZBeACY4ymf2W2ArfEHOs9tzb2bWhtDon-2FmbztQGDiRp-2BkOWiRFnUDj2KfhWIYYPUes5ZygIR5SERndma9KppDFtvFrloudeUNVBRcsJ7LMc27EVfmo-2Brk-2BTUDWlLPyn4rkCA89cnej0IVLrRxIAOUUjHoJN-2FQ3wo6OMVxwNsReSFJiv8gcpu-2FD2dHyiDrMBLNFeacWlYjRB1bXNylzZHAyRg5VUZA3VgAHrjmBvJ70QvO3LuWw18A-3D-3Dzq4B_BzBG9r9ACZu3kY1kCesOqlniHSf7sWv-2F0HJ2vna2Jp8I2BrW-2B4i3WGp4ZffTsSYgPAlpnC0U5Bi-2Bdx8birQzMm985L4v6OAGGYz-2FYp3T5ZEDYaTqupJmo9yFUbVBeMTXbUcFaZ8ZfufMLuVP8zBYem9rPtyDuIU3U4nFEl6rcmRpucUoiYPKLU3PnuFE5ClFbSj9CkcCv-2FrKnj8-2BQjOca9PDIoumBCp9t0A5Dfpfyz4-3D HTTP/1.1\r\nHost: url4967.syw.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Tue, 18 Nov 2025 06:14:49 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://shared.outlook.inky.com/link?domain=annarfineartacademy.ca\u0026t=h.eJxdj0EOhCAUQ69iWE8ERBFceZUvftSIaADjmMncfWQ727avTT_kDI50BZlTOmJHKXgPwS4eISQwMOJ2lwZoiJG8CrLmqMe0h8mmSlZCS_0gE7rFQ-9gOh8awaX7CV17WEuzb1QNjCGouhk0CpCgbDW0iqNWWkvLaspbKWrWNkyVkgvFtMxjmMfA4Rv8iKE_4m1mv1-5Mttjtv_FlM_w7w-QTUN0.MEQCIC0tf_BU5ogRUt1II_oIozsxc-MmCF5oQK2uReoo0KsQAiAKe2gBn3oYhIoi_YIji5saZb7n3tyYVHHWEve2ITgF6A\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-robots-tag: noindex, nofollow\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DZMZ7CfsGDqL8fYvTrDTq%2BDEmsjk048QFoAwmBguFWERdriBxoIvMzGAlTG1%2BzBr2hxqBRHwkLo8cuvS15kNh3%2FBPIi7H05sYEX9og%3D%3D\"}]}\r\ncf-ray: 9a05546cfc3d0afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":269604,"size_decoded":0,"mime_type":"application/pdf","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-24T17:07:59.023654Z","times_seen":15665480,"resource_available":true,"data":null}},"time_used":275,"timings":{"blocked":37,"dns":17,"connect":1,"send":0,"wait":201,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shared.outlook.inky.com/link?domain=annarfineartacademy.ca\u0026t=h.eJxdj0EOhCAUQ69iWE8ERBFceZUvftSIaADjmMncfWQ727avTT_kDI50BZlTOmJHKXgPwS4eISQwMOJ2lwZoiJG8CrLmqMe0h8mmSlZCS_0gE7rFQ-9gOh8awaX7CV17WEuzb1QNjCGouhk0CpCgbDW0iqNWWkvLaspbKWrWNkyVkgvFtMxjmMfA4Rv8iKE_4m1mv1-5Mttjtv_FlM_w7w-QTUN0.MEQCIC0tf_BU5ogRUt1II_oIozsxc-MmCF5oQK2uReoo0KsQAiAKe2gBn3oYhIoi_YIji5saZb7n3tyYVHHWEve2ITgF6A","fqdn":"shared.outlook.inky.com","domain":"inky.com","tld":"com"},"ip":{"addr":"35.169.221.225","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-18T06:14:49.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shared.outlook.inky.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Thu, 20 Feb 2025 00:00:00 GMT","end":"Sun, 22 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:4E:54:3C:68:13:B8:F1:4D:71:9D:35:99:FA:65:42:2A:05:F4:93","sha256":"B7:8C:B6:80:61:70:10:1F:FB:CD:AA:A0:AB:72:1D:68:7E:E3:42:F9:62:16:B5:8C:7B:39:2B:B0:14:38:9B:FB"}}},"request":{"raw":"GET /link?domain=annarfineartacademy.ca\u0026t=h.eJxdj0EOhCAUQ69iWE8ERBFceZUvftSIaADjmMncfWQ727avTT_kDI50BZlTOmJHKXgPwS4eISQwMOJ2lwZoiJG8CrLmqMe0h8mmSlZCS_0gE7rFQ-9gOh8awaX7CV17WEuzb1QNjCGouhk0CpCgbDW0iqNWWkvLaspbKWrWNkyVkgvFtMxjmMfA4Rv8iKE_4m1mv1-5Mttjtv_FlM_w7w-QTUN0.MEQCIC0tf_BU5ogRUt1II_oIozsxc-MmCF5oQK2uReoo0KsQAiAKe2gBn3oYhIoi_YIji5saZb7n3tyYVHHWEve2ITgF6A HTTP/1.1\r\nHost: shared.outlook.inky.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 303 See Other\r\ndate: Tue, 18 Nov 2025 06:14:51 GMT\r\ncontent-type: text/html\r\nlocation: https://annarfineartacademy.ca/rss\r\nset-cookie: AWSALB=0fMWLXLH6e+i3S5xAjOeYnfWOqS7Pwu+rm8q4UM0KldSspjX37XfVWUFnRPa6Yr3ZH08AxGzpuzbsl4XuB5IdrxGfeBzdRm6x60ot4tiLWJC5+e8hJS6Fm656XHT; Expires=Tue, 25 Nov 2025 06:14:49 GMT; Path=/\nAWSALBCORS=0fMWLXLH6e+i3S5xAjOeYnfWOqS7Pwu+rm8q4UM0KldSspjX37XfVWUFnRPa6Yr3ZH08AxGzpuzbsl4XuB5IdrxGfeBzdRm6x60ot4tiLWJC5+e8hJS6Fm656XHT; Expires=Tue, 25 Nov 2025 06:14:49 GMT; Path=/; SameSite=None; Secure\r\nx-frame-options: deny\r\nstrict-transport-security: max-age=31536000; includeSubDomains;\r\nx-xss-protection: 1; mode=block\r\nx-robots-tag: noindex, nofollow\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"303","status_text":"See Other","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]}],"data":{"size":269604,"size_decoded":0,"mime_type":"application/pdf","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-24T17:07:59.023654Z","times_seen":15665480,"resource_available":true,"data":null}},"time_used":2902,"timings":{"blocked":556,"dns":121,"connect":92,"send":0,"wait":1790,"receive":0,"ssl":340},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"annarfineartacademy.ca/rss","fqdn":"annarfineartacademy.ca","domain":"annarfineartacademy.ca","tld":"ca"},"ip":{"addr":"108.181.197.24","port":443,"asn":40676,"as":"AS40676","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-18T06:14:51.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.annarfineartacademy.ca","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Sep 2025 03:09:13 GMT","end":"Fri, 26 Dec 2025 03:09:12 GMT"},"fingerprint":{"sha1":"47:A3:53:82:37:05:B3:72:39:84:73:A4:D3:5B:6E:40:0C:A9:7E:43","sha256":"2A:2A:94:D9:8B:48:0D:1F:A7:F2:30:FD:9A:CE:CD:A2:7F:3C:4D:B3:AF:7F:ED:41:C4:46:85:34:E9:8C:83:20"}}},"request":{"raw":"GET /rss HTTP/1.1\r\nHost: annarfineartacademy.ca\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Tue, 18 Nov 2025 06:14:54 GMT\r\nServer: Apache\r\nLocation: https://annarfineartacademy.ca/rss/\r\nContent-Length: 243\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":269604,"size_decoded":0,"mime_type":"application/pdf","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-24T17:07:59.023654Z","times_seen":15665480,"resource_available":true,"data":null}},"time_used":5886,"timings":{"blocked":2875,"dns":27,"connect":130,"send":0,"wait":136,"receive":0,"ssl":2715},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"annarfineartacademy.ca","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"annarfineartacademy.ca","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}