https://okulbida.com/tags/route53/ Recent content in route53 on Oleksandr Kulbida Hugo -- gohugo.io Fri, 03 Apr 2026 00:00:00 +0200 https://okulbida.com/posts/guardduty-phishing-url-resolution-ssrf/ Fri, 03 Apr 2026 00:00:00 +0200 https://okulbida.com/posts/guardduty-phishing-url-resolution-ssrf/ Click to enlarge GuardDuty screams about a phishing domain. The node looks fine — no malware, no stolen creds. Often the real story is simpler: your app looked up a URL someone pasted in a message, and that hostname is on a threat list. The alert is still “true” (DNS to a bad name happened), but it is not a hacked cluster. The uncomfortable part: if you resolve or fetch any user URL with no checks, you also open the door to SSRF — for example a link to 169.