{"report_id":"c5f17a2b-0a11-402a-8b81-2a592f8888c6","version":0,"status":"done","tags":[],"date":"2026-06-11T00:44:56Z","url":{"schema":"http","addr":"ref1006kqztrm.enterprisepolicycenterassist.com","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"172.67.175.242","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"title":"Business Help Center","dom":{"size":95668,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (893)","md5":"0f0c10b9fe0374eca7f9897225e35c03","sha1":"290af246bde98faef479028ff2edab78bd5358b8","sha256":"a5d5fb45042bbeba50bd3b1213190aa17470678a1af6f51fb5b1350419c42db1","sha512":"ab3823cdac881b0b70002a6e826e169ae5d9b869edce402d5aa6242ce90c62722b6eab016e14b726001d680c4f05c3a184a5a37beb783f1768eb32bd18f10d6e","ssdeep":"1536:6jetm5L7isBhI+DlHsbU7k2theGfswTh3s8swTwswTdJZsk/PB7:6qtm5FEGMX1","tlshash":"7393c81a39ff052a665b507e3bdb5205373480036509de1c3abd83489fc2e999eb2bdd","dom_hash":"domhash5f79f08bbe5c72356c761fed3db2ba9c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ref1006kqztrm.enterprisepolicycenterassist.com","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"172.67.175.242","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-16T00:44:56Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-27","domain_rank":0,"first_seen":"2026-06-11T00:44:57.171384Z","last_seen":"2026-06-11T00:44:57.171384Z","alert_count":80,"request_count":20,"received_data":1514617,"sent_data":13806,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8f07e7b1ee1149ab776d4ba40dbc8ba5","sha1":"908cc619484c508eeacf5aefd1293fb86ed2215c","sha256":"bb11ab688cfbb87eb82465b367f089e89775a9b9d3602f99b852555d2a3adc95","sha512":"69baa96254f1337ea293debed65d071e8f53f6b2d62386273d1227c017d53aac65047c35a043f69ad7722d25556119931a29e284429a607e168aaccf02eb7f5f","ssdeep":"192:SUil0pBi2CcLvizDW4qBFOVIwbqbN8KWsr7em8xkls9a39G959nECRsP8+p1eLP/:xioBiJeUWtfemNdOklsY3g56zPaH","tlshash":"e342a70a267913274877233b9b232585fa3ed41b2553d81d3f2d83591fb1e244b9aeec","size":12953,"data":"","first_seen":"2026-06-10T13:16:29.106011Z","last_seen":"2026-06-11T01:00:36.786284Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"43bbc1b7fab4940f240b1d30f39e7cb6","sha1":"efeb7545957d7f618aebe68a3b079db59d863bf2","sha256":"ce283a84104d07ca166486d1eb6feba56cf4a7acb9bd72b507a348fb9fd8fa34","sha512":"ea0ee217b54235463b5ea77ebe3ed5a11c82bbe418fd1d5f0fca9e251fb9442ee2c0f03e598b9df787630d3303ab7fb8dbbca4a7c0b052b1ef3da0ec9eb2239b","ssdeep":"","tlshash":"4251f06d61a71c3152ab64e93bcf9344ba32a0537404980ab5be860c8ff2b995536fcd","size":2691,"data":"","first_seen":"2026-06-10T13:16:29.125035Z","last_seen":"2026-06-11T01:00:36.789118Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e3c6ac6a1ccfaaf154c11e9b9c8b16cd","sha1":"d541c74c8b24c992469b7fc8b047acbdf35b8a0a","sha256":"f30dd3ef44f3da2b67f2ca0c7ba4fe60f6a364cebef0287e8a8a63fdda766ede","sha512":"df016c46a9297c345d4d2739822b8e406c493879313fe06920c6f1596d243172e501942042f0c5ead3964750cffb3c3159a76cad408d75c4f5693b883d0d2f3a","ssdeep":"1536:X7isBhI+DlHsbU7k2theGfswTh3s8swTwswTdJZsk/PBg:JEGMXa","tlshash":"ef53821a39ff113a079b607e2bcb2109363184172904de583a6dc3459fd2ea59fb2bdd","size":61766,"data":"","first_seen":"2026-06-11T00:44:59.823974Z","last_seen":"2026-06-11T01:00:36.789728Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"faf8207924ede51d8f11ce6a44164df6","sha1":"d1865c1fee44a27234dea02e5491e775f285cf92","sha256":"ce3d5062e4448336062a6f8a88d9f8936b6022c61dc3327ac7d5d2b9a9501ff1","sha512":"ea6e32022fa8d688be1ba0f87e35be2d756eeab4dbee0a0eda02eb6761e16bc868cbf8f6b7e05c18f75f5d8909b24c85102ad3ad1e480d9b17d0f6e47bba80ac","ssdeep":"","tlshash":"eff0e10872b72035c5b3a4314d9f52d43bfa45473101ee8539bc70100f11e7943745ea","size":580,"data":"","first_seen":"2026-06-10T13:16:29.126877Z","last_seen":"2026-06-11T01:00:36.790287Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"log","text":"[LangManager] Fetching language API:https://ref1006kqztrm.enterprisepolicycenterassist.com/api/get_language.php","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","line_number":0,"column_number":0},{"level":"log","text":"Robot check element:map[actor:server1.conn0.watcher14.process7//obj24 class:HTMLDivElement contentDomReference:map[browsingContextId:3 id:0.9434440148602039] extensible:true frozen:false isError:false ownPropertyLength:0 preview:map[attributes:map[class:circle id:robotCheck] attributesLength:2 isConnected:true kind:DOMNode nodeName:div nodeType:1] sealed:false type:object]","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","line_number":0,"column_number":0},{"level":"log","text":"Captcha clicked!","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","line_number":0,"column_number":0},{"level":"log","text":"[LangManager] API response:map[actor:server1.conn0.watcher14.process7//obj31 class:Object extensible:true frozen:false isError:false ownPropertyLength:7 preview:map[kind:Object ownProperties:map[city:map[configurable:true enumerable:true value:Oslo writable:true] country:map[configurable:true enumerable:true value:Oslo, NO writable:true] country_code:map[configurable:true enumerable:true value:NO writable:true] ip:map[configurable:true enumerable:true value:195.64.118.152 writable:true] language:map[configurable:true enumerable:true value:en writable:true] source:map[configurable:true enumerable:true value:ip_geolocation writable:true] status:map[configurable:true enumerable:true value:success writable:true]] ownPropertiesLength:7] sealed:false type:object]","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","line_number":0,"column_number":0},{"level":"log","text":"[LangManager] Language:enSource:ip_geolocation","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","line_number":0,"column_number":0},{"level":"log","text":"[LangManager] Loading translation:https://ref1006kqztrm.enterprisepolicycenterassist.com/lang/en.json","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","line_number":0,"column_number":0},{"level":"log","text":"[LangManager] Loaded: English (en)","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","line_number":0,"column_number":0},{"level":"log","text":"[LangManager] Applying translations to1elements indocument| Lang:en","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","line_number":0,"column_number":0},{"level":"log","text":"[LangManager] MutationObserver started","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","line_number":0,"column_number":0},{"level":"log","text":"[LangManager] Applying translations to1elements indocument| Lang:en","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","line_number":0,"column_number":0},{"level":"log","text":"[LangManager] MutationObserver: translating6new elements","filename":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","line_number":0,"column_number":0}]},"http":[{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/lang-manager.js","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:31.536Z","timestamp":1781138671536,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/lang-manager.js HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:32 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 02 Jun 2026 08:41:24 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wR3UiiVt4oBMMdCTaNment6GliSW8UV1GG4pSl%2BNNM1VA77r%2FQi3djTL493J9ELylWC%2B7qe%2FBl1BUkrp5veYGFTDfRNW7Wby9o3ZxL4qde9xwBU9tdUGacEqRv3e5CiqbBIai97FSuwWdzqONJOSgmQH3L1WltTo%2BCvZnqrJ8YxD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type\r\ncontent-encoding: zstd\r\netag: W/\"3299-6534146aeb3ed\"\r\ncontent-type: text/javascript\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncf-ray: a09c96791badb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12953,"size_decoded":4397,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"8f07e7b1ee1149ab776d4ba40dbc8ba5","sha1":"908cc619484c508eeacf5aefd1293fb86ed2215c","sha256":"bb11ab688cfbb87eb82465b367f089e89775a9b9d3602f99b852555d2a3adc95","sha512":"69baa96254f1337ea293debed65d071e8f53f6b2d62386273d1227c017d53aac65047c35a043f69ad7722d25556119931a29e284429a607e168aaccf02eb7f5f","ssdeep":"192:SUil0pBi2CcLvizDW4qBFOVIwbqbN8KWsr7em8xkls9a39G959nECRsP8+p1eLP/:xioBiJeUWtfemNdOklsY3g56zPaH","tlshash":"e342a70a267913274877233b9b232585fa3ed41b2553d81d3f2d83591fb1e244b9aeec","first_seen":"2026-06-10T13:16:29.106011Z","last_seen":"2026-06-11T01:00:36.786284Z","times_seen":3,"resource_available":true,"data":null}},"time_used":733,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":733,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/8182940.png","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:32.320Z","timestamp":1781138672320,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/8182940.png HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:33 GMT\r\nserver: cloudflare\r\nlast-modified: Mon, 08 Jun 2026 21:37:23 GMT\r\netag: \"2e99-653c4d0dc191d\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MdBg2ma11HLQKKQF7nsDA3hvNWkvDRJ%2FrqoZri%2BdTZkegDYFip2cWpDdz%2Ff4ke6%2BrtRm%2BGn%2BuqHQOHHstQe3T46KErhHrL%2Fz60w7uRLNXN1aGhke3N9u0EDsACFmL%2BnrfDoUuXnd2vjoo0TzfKymrQkatkKlTfaibSpSvjORmCWd\"}]}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-length: 11929\r\ncf-ray: a09c967e0bbeb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11929,"size_decoded":12671,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"715f0aeef76775e747780fc822efa757","sha1":"72870a0271bc401fb4d59451d3555c86ed5a5b7c","sha256":"8370db1cdbdc34ee4a24e343c4b9660c903d5eb4709ddb1a41b373dd33e12ac3","sha512":"2074bfda0f5282e7f129ca05752f8fde58b25cfc1106297b189e3460e696cd121763b3007218c0c115c5ffd299dd254fd12157f54d4b67368b1e57c1615a6142","ssdeep":"192:O4muPSn02XpBa/3J5N5FqmRM5eXLXEHdJF7qZ3TYaBleKt4naiuuRt59iKrGIZ61:nK5BaDVqmg+MX7qZjnBlhFiX59iKfZKZ","tlshash":"f5329ebcd7bfdc6b2975211cdcb1b5d8614249fdc4706ec83168aa323da978809677d0","first_seen":"2026-06-10T13:16:29.109787Z","last_seen":"2026-06-11T01:00:36.784173Z","times_seen":3,"resource_available":false,"data":null}},"time_used":716,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":716,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/font/9c18eba18d4baf22-s.p.woff2","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:36.320Z","timestamp":1781138676320,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /font/9c18eba18d4baf22-s.p.woff2 HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:37 GMT\r\nserver: cloudflare\r\nlast-modified: Mon, 26 Jan 2026 05:56:40 GMT\r\netag: \"8fd0-649442bb2b600\"\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TBU1Wtt0meyr7nRB29GlCwPYo1P8pD%2Fn4X7JgGfwLj80FSkLCyfFl%2FtpMtXEzMNGvtiuyz4IIAmdwyvQcBzpL9NmD2r4o29Ztu7cQWp2HzCz7fh9FF%2BVfy4DeB3yM72zfHf0RsthjQA5C1lYChujwp2fQ5Tr%2Fi%2F2zCruhK83UyI4\"}]}\r\ncontent-type: font/woff2\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-length: 36816\r\ncf-ray: a09c96970c11b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36816,"size_decoded":37556,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 36816, version 1.0","md5":"adca4a2ea72db51191908ccc475ec06c","sha1":"5277886c8e3d7d6d20a7ff04f05a9f6c86741035","sha256":"d9075ef709afe117129ecac9de13564e4c2c1781a43c79d22c598600272c7669","sha512":"c688703f7ad7cf5fc4e5915924a517d11dd6e0ece7885b6ac2b7f5775ddc08aad530be5ecff43e0900b9040f1347045f7e71accdb047821357e0b628de863198","ssdeep":"768:1u3tPM+SbUiYj8TRnEUS9mxLI/tMI+sM/qhfw6OqwZUOd1:M3G+Sd3nE7mNI/tM5shOrZUOd1","tlshash":"5ef2f1228abd1968ffe60561d43c39c0e1f5eee0b5892ba1d0631f8d094be657a1c847","first_seen":"2025-06-11T09:19:37.42641Z","last_seen":"2026-06-11T02:21:23.691806Z","times_seen":773,"resource_available":false,"data":null}},"time_used":974,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":735,"receive":239,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/photo_4_2026-02-12_01-09-06.jpg","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:31.550Z","timestamp":1781138671550,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/photo_4_2026-02-12_01-09-06.jpg HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:32 GMT\r\nserver: cloudflare\r\nlast-modified: Wed, 11 Feb 2026 18:09:06 GMT\r\netag: \"8d30-64a90449a53d5\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=90GRbeGVUGC6mWFHHZAvUGFF7P9gpjlfnxSb6jlF57flDztQBz2J2swu3DMAgCWXcy%2BM1JRoF4v2LMQZOy1248U7ExRqypvj%2Fl3oIxoFr84qyq9YKEghs0SCDQORjmz4iix7gZUVJG1OlOjLZ1pj%2FSpDAwolRd6roXLVSPDa%2BUj4\"}]}\r\ncontent-type: image/jpeg\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncontent-length: 36144\r\ncf-ray: a09c96793bb1b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36144,"size_decoded":36886,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1280x560, components 3","md5":"dffca814e81431b1f562f6a2e9266647","sha1":"83635874012ae0bb81e4b4a465948f9a7663a714","sha256":"7a78f12d83f85ddda069751ed916e859f19e11e0b7fd5bac14eb50fe8c699499","sha512":"2b443a14e4ec6a1a2cfdff207a79851815dc5e7b1e055564375fc6f12aad31f224d2e06f19f4bea7721d78077c4bdc38809b4932c6d774d9079c678875df725e","ssdeep":"768:ZYPNrlEWLlIvGgeCXWS6xCUbVW7bTOkJXTU0nWdn9I8s0Beni+PnOpyPdZ:W15EWLlIvxeUACWQ73OkhTbkYJOQ","tlshash":"f8f2f16381610b86cdaff93dd1e8a3d696623cf3db09e5bf66815822ca4885dcb92540","first_seen":"2026-04-08T09:11:49.837331Z","last_seen":"2026-06-11T01:00:36.788391Z","times_seen":39,"resource_available":false,"data":null}},"time_used":744,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":744,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/logo.png","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:31.556Z","timestamp":1781138671556,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/logo.png HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:32 GMT\r\nserver: cloudflare\r\nlast-modified: Mon, 17 Nov 2025 19:32:52 GMT\r\netag: \"22ff9-643cf69d3097a\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BSIibMN4dAkpcusxl1wUWjVP6Iylb07QQtIuexfafPdudz27R0pblrnGCtUADaMqNeXI6dwNvvBM6TNdyNxOKN5Dv6%2FD64f4DiUES%2FbPqSJg%2BVIrOdKy9DGonscVgTfMiqhBaPpDnu%2B6K%2B9bt%2Fx%2Bk%2BUkvf7yNjmEfiZW1W1yULNO\"}]}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncontent-length: 143353\r\ncf-ray: a09c96793bb3b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":143353,"size_decoded":144104,"mime_type":"image/png","magic":"PNG image data, 1999 x 593, 8-bit/color RGBA, non-interlaced","md5":"593d3d0ff848673c74b0f38bbea23079","sha1":"0851c1a5278b09b01f3bf5602bf7fbbdc1f26d68","sha256":"9b5dd4a19e9835b8a0f4043c0bf3ed8e99022fc51f7428a0f662cd3f271ae915","sha512":"03a179ee167227f0d81583be6bfb63acfb0d9550edfd350a15fcc0a6dda6bb2e64f7c8cf8188fb613070de95086a88e7d3af8dab722ee4af6518c3fdb7c995f2","ssdeep":"3072:YGILGsZRAXFD/CQulSPSNUET/nzOwAOkjg3P:hsZ4p6QudZTrOBA3P","tlshash":"64e312b3464148bae998fbf861d30533d43fa3a780e08b5119d50c25f9a3caa95fdd27","first_seen":"2026-04-08T09:11:49.859714Z","last_seen":"2026-06-11T01:00:36.780211Z","times_seen":39,"resource_available":false,"data":null}},"time_used":712,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":706,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/api/get_language.php","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:32.287Z","timestamp":1781138672287,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /api/get_language.php HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:33 GMT\r\nserver: cloudflare\r\nx-powered-by: PHP/8.2.12\r\naccess-control-allow-origin: *\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GCBf%2Fo4raR9uunKWv9pq47rqwdoQfXZNfCyyd7FLMrc1LuCEIaD1SDKjlU7HZQSygbp1OttRs3MkO1ZgF8K0A8MPRpbMKStuZzhTJxCWTEHGbbNO2jmDq07v8X4ZE3KAacWEWtKQ8%2BwuydRLgFClhTz6Y9ogVg0oShVxdcNg4Nil\"}]}\r\ncontent-type: application/json\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\ncf-ray: a09c967dcbbab4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":139,"size_decoded":792,"mime_type":"application/json","magic":"JSON text data","md5":"9e1f6f9b30d85fd17212bc890e6e2f73","sha1":"9c520edf66df3790a797e6f01ae1af51cc5dd3df","sha256":"c9d189a35b430837b2449bafb31b01369679b0a21d79934a0c133e489a271253","sha512":"0e864c45892f36740d0536a7fa8be01d6fd76e279477acd2e9a0793028e54db22e6e470f2ed6376326cd06a7ff8796c1c84a8bbbad78e29ccc7f28cbcb9ae69d","ssdeep":"","tlshash":"79c02b1b00707d14ed6517442416e92930e612c5e3854c83c7ce632cce003ccb043060","first_seen":"2026-06-10T13:16:29.108672Z","last_seen":"2026-06-11T01:00:36.782729Z","times_seen":3,"resource_available":false,"data":null}},"time_used":748,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":748,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/8182940122.png","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:32.317Z","timestamp":1781138672317,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/8182940122.png HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:33 GMT\r\nserver: cloudflare\r\nlast-modified: Mon, 08 Jun 2026 21:37:23 GMT\r\netag: \"41cd0-653c4d0ddeeee\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fgN8xk9ESP1dWNI6gDQQVqcgVWTIzxB16%2F1aF1kqMyITunLXTak6ulAYXPTBW%2B4M%2F6q9IBQKDpkyj7WZ9JPQ%2FVz2hRLQdMIBPCB%2FT4bfTTISO%2Be2L1TOws0rwqUs%2FWP81kYMWFiCqrFu7geMiggcNzlUR1I5o3BsPrMRVVR6YMbu\"}]}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-length: 269520\r\ncf-ray: a09c967dfbbcb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":269520,"size_decoded":270262,"mime_type":"image/png","magic":"PNG image data, 960 x 960, 8-bit/color RGBA, non-interlaced","md5":"76e7091fe174245f9c5b7a7e8a6b86a8","sha1":"3e3c65f8a8835910a4409008ce39cdb7d5a95116","sha256":"c12bd2d00a4b6431afd956cfc59a6a8afb283e8c7a80c776cd565eafd7eff48f","sha512":"ed427e585ce13ed772d9b729e57ec325925183d79c4743c8cf11f1cd783b55d8b53704212cd2018373afe9933d1b93601432ded2ef4724642ada62f3888d42bf","ssdeep":"6144:K9/shoI/H4wK6hBOlIv9MVnRJ1TyHAzJcwrcLKTcvBhxL0:KRshHXxu0mvYgzJcCcLecvBhB0","tlshash":"8744235ed950d4f3fcfb033a2757cd31941284922ca45a298d4ec2be862bbed18503bb","first_seen":"2026-06-10T13:16:29.112684Z","last_seen":"2026-06-11T01:00:36.783588Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":705,"receive":904,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/login-form-v3.html","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:36.029Z","timestamp":1781138676029,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/login-form-v3.html HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:36 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 02 Jun 2026 08:41:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TjqZt827EAA%2BBDGu9PxN9MGDXFecYgfFBGy6mxCM1C57j2hcfmCcZIhL%2BuYMaEC4nQw9K0tVlT7mqgAIfVjX9KacJrdFCwKbj5KMMkh8TYw9aIcXf00hhdMeqcyyzUbXIjR4ulrXpEDmZb%2Fmi5Fe9WnV0kxBp%2FJSyMieFDY6ETrr\"}]}\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\ncontent-type: text/html; charset=UTF-8\r\ncf-ray: a09c96953bf9b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9790,"size_decoded":3843,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (316), with CRLF line terminators","md5":"bc506e4b4588f5c59e2cebc257ad84e8","sha1":"26bd774be981825aba6cb8a22a787108c5c0c42c","sha256":"3ce54d00413acf7a4bc5422b95fc37689854ba00c283e8a45fb68935fd8584b1","sha512":"66123386a5d9a0901f924fe2e274d901837d8804f46c88bfb91e2966c410dc29cacb93a9339af069f0e2e0a035bc606162f4bd1ec9450e42faa8f2e59bd629f6","ssdeep":"192:+38+dvnbfI2n9fofRcpYaMrjqbM9dH99W7ne6J3Zz5156VdzvdJ:FOxTV5CdzvdJ","tlshash":"9e12730594441a02b072c3b8fba7479aff784103d20241287ffca35a5fbba548666fed","first_seen":"2026-06-10T13:16:29.114545Z","last_seen":"2026-06-11T01:00:36.781381Z","times_seen":3,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/U45qBJmWVHU.webp","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:36.286Z","timestamp":1781138676286,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/U45qBJmWVHU.webp HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:37 GMT\r\nserver: cloudflare\r\nlast-modified: Sun, 31 May 2026 19:14:07 GMT\r\netag: \"2c4fc-65321e1c80e0e\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=k5r%2FJSKgQJ8uihJTQWSVVfO3iPXnr4c%2Bg8ZNVkC%2BUx%2BUYtx9xpMUfeA8Hh%2FPMWDX2%2BpGJFelT%2BeWzmyp3FxHOn0YRHZOSuYkmI8Q%2Bc28N85Mfb2Pttfjz%2BYkJcis2X%2FKBcEBIzskDVbJAUq4RFPHspCCObaTyk3in2VQ2%2FJNJdRE\"}]}\r\ncontent-type: image/webp\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncontent-length: 181500\r\ncf-ray: a09c9696cc0db4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":181500,"size_decoded":182258,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5f2298aefd3399d1fe0edec6ce26fa59","sha1":"2229ffc5e19703742292b7f6a3942dfd6aabc147","sha256":"141d76714aa87822291262f9ea967f67172cb5f8744fff844edb77bf19986cbe","sha512":"f18e1be7551c569e6a64beaa230d10110937d64ad61c7a3ab004ecab868a877264520f7af0b5c202cbcc477a0470809257255880f718826f7ebd294b0ef69059","ssdeep":"3072:jrQMBmaiTTvz/IS4jRm/DrZWiDEzow9BkwDlwBxUScc/hFaXmDENSMJJ1pSufqG3:jLBma04FUcSEzoOB/cxUSbstNFZ1qHh2","tlshash":"dc042383d32b1d15a39148b6eee707905f7421865fa01b8c241e2a90ecdbd63b7578ef","first_seen":"2026-02-01T20:49:54.671942Z","last_seen":"2026-06-11T12:08:31.586904Z","times_seen":2117,"resource_available":false,"data":null}},"time_used":732,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":729,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/photo_2_2026-02-12_01-09-06.jpg","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:31.543Z","timestamp":1781138671543,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/photo_2_2026-02-12_01-09-06.jpg HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:32 GMT\r\nserver: cloudflare\r\nlast-modified: Wed, 11 Feb 2026 18:09:06 GMT\r\netag: \"a4a6-64a90449a53d5\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oYVK1de%2FjbmuyGd1JHsQoHCpABDJAohIxl835DTuUaiFZkPvZN7yF7LOQTZTJZ%2BT4nlfKs9RPSGwVVdCSZOOjhqQXlEi3AHkjtrZIXAoKsSmhXP6HfRUORggFHEBQ7r7DPPePOD4MpgtMyc0gFJ%2FljvbYY6DWQlxZ1ir6Pryuqba\"}]}\r\ncontent-type: image/jpeg\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-length: 42150\r\ncf-ray: a09c96792bafb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42150,"size_decoded":42883,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1280x560, components 3","md5":"a059aed8e8811631e34e918b89e2254d","sha1":"2394ff6132ed8f914b4f86beab2de060bf54030f","sha256":"1df503ee25d598f6b8baa44c00db50cb9ae57a4519fca0b83d0e605ef9e4cc8f","sha512":"9efd68ce1610be127b027e45553cf5b9ef4a4b84383e20d87597cc5cf9178b721dfff2d4d62a614a9a38bde91e627897682fece9e203c0b86febab9b633124eb","ssdeep":"768:9FAouOlk/7bOSe1egpQt9tslN6hBBkcr5y/PemGW/6r+ru2ancEq8fg:l7q/POSWXpqtslaBqtXwWCaS2me8I","tlshash":"6d13f2c99a833d5de06975753fdb5b02da60fd5089a6af0e08833f2732dde096d2b142","first_seen":"2026-04-08T09:11:49.857765Z","last_seen":"2026-06-11T01:00:36.779677Z","times_seen":39,"resource_available":false,"data":null}},"time_used":983,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":742,"receive":241,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/photo_3_2026-02-12_01-09-06.jpg","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:31.548Z","timestamp":1781138671548,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/photo_3_2026-02-12_01-09-06.jpg HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:32 GMT\r\nserver: cloudflare\r\nlast-modified: Wed, 11 Feb 2026 18:09:06 GMT\r\netag: \"9a0b-64a90449a53d5\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BKH%2BYdX7OSie23hKn5cNHPGthgx3kN3irtY0tTcU30ZUI3YHRqekkbOfw2GYaXG2L72dDV3QkmS2Yt%2FaReR5lvYPjcfJD81%2BLZKF7beKPWCmabWZZjATIZlDWIbwOPIEet%2BTepQxZW%2Fsrziv1mf3R8%2FTb0%2B%2FQxrJ89JYMenzAlaX\"}]}\r\ncontent-type: image/jpeg\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncontent-length: 39435\r\ncf-ray: a09c96793bb0b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39435,"size_decoded":40187,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1280x560, components 3","md5":"c9dc97d2e01d7c6f084c6eb832394d8d","sha1":"4a16071bc94f58f2f95b86a5938b2ebcd7fd67ac","sha256":"3d94e6d78f27da9aeff8e046f81febdeec3735bdbea048fd77f5e3a67ce90131","sha512":"c52845214a99979c7bcf486e22da849e8e8f2df33c40489dc825ac4e29134e501c09800b03f427233e4553f99af11bff5d0ec5316a1c6573e375ebcc6412019b","ssdeep":"768:aGOo8tuiC/YatEHrMiZ4TuGSfLb5i+aiw26qLUqMfTdnsR0o:riC/Yatbu4TnSZGiw9qGfxo0o","tlshash":"b403f10eda7d9408eb6c90b636cf4a09f4bff4f032132a0c589b115828dba947f9971d","first_seen":"2026-04-08T09:11:49.865335Z","last_seen":"2026-06-11T01:00:36.786875Z","times_seen":39,"resource_available":false,"data":null}},"time_used":737,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":736,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/mb-logo.png","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:31.555Z","timestamp":1781138671555,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/mb-logo.png HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:32 GMT\r\nserver: cloudflare\r\nlast-modified: Mon, 17 Nov 2025 22:37:57 GMT\r\netag: \"3ea7-643d1ffb37537\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BIX5lGEQ%2FPanputhtJxwXZRsP%2BncgilWu4K5BmPGVM%2BkxGX22VL9aswkwraPLY4TFZIFTzd8bUGs7ihA6vj5m4o25W0ei7bqeW4OPkZy04O%2Fj2PUn81mBSgbCljFJG4GQTVBaeWYqRGxe6581J5mjhRrw3%2BJKazUskvdTP%2FmGlWX\"}]}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncontent-length: 16039\r\ncf-ray: a09c96793bb2b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16039,"size_decoded":16786,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"8c89ef8ab45d47ae9a954822532889f7","sha1":"f3ec45e63fff1ba1a6e0f721c0a8b269cca5c099","sha256":"4f7e3281a94d1db4d397040fcf20a21e6ae0c3119ae489b51c4de794985577bf","sha512":"e9df94e7037d13162b2b1582122a82cb71275be13aa0f2ab2711e9ea412e06c9e0a599d759f6f0eda42a1b31543279b9c78a01de2817b82336c07646bc984cd0","ssdeep":"384:SMMQ0rpZ0WhY3/hHmd0+62TWdvsqlWXJvSVc47rR:SMad7hYHKX/Tivsq4XJaV/N","tlshash":"4672d046a580c41b3375b732f4f2ae2994547b38122760022bfea667b1e7f4731e4f65","first_seen":"2023-10-15T14:22:15Z","last_seen":"2026-06-11T08:44:16.050543Z","times_seen":319,"resource_available":false,"data":null}},"time_used":733,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":733,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/icon1.png","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:32.831Z","timestamp":1781138672831,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/icon1.png HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:33 GMT\r\nserver: cloudflare\r\nlast-modified: Mon, 17 Nov 2025 22:37:57 GMT\r\netag: \"3ea7-643d1ffb37537\"\r\naccept-ranges: bytes\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WkcrSdk7XIHPRAd9UehCMaP736XUbVWnSxvaw7cJt%2FAIunnkzsidelEqLfCNUJcqx5%2BFR5wlm%2B7kb3ExXg3oBQw6kf%2Bt%2BiL3jKRRx23Dl9q5RDol0VV4c1R93A4qWPYl0aSy4s57GoMCmhRxRAbNk3elTTFXmkWuHapv2Us7c%2FK6\"}]}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncontent-length: 16039\r\ncf-ray: a09c96813bc2b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16039,"size_decoded":16787,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"8c89ef8ab45d47ae9a954822532889f7","sha1":"f3ec45e63fff1ba1a6e0f721c0a8b269cca5c099","sha256":"4f7e3281a94d1db4d397040fcf20a21e6ae0c3119ae489b51c4de794985577bf","sha512":"e9df94e7037d13162b2b1582122a82cb71275be13aa0f2ab2711e9ea412e06c9e0a599d759f6f0eda42a1b31543279b9c78a01de2817b82336c07646bc984cd0","ssdeep":"384:SMMQ0rpZ0WhY3/hHmd0+62TWdvsqlWXJvSVc47rR:SMad7hYHKX/Tivsq4XJaV/N","tlshash":"4672d046a580c41b3375b732f4f2ae2994547b38122760022bfea667b1e7f4731e4f65","first_seen":"2023-10-15T14:22:15Z","last_seen":"2026-06-11T08:44:16.050543Z","times_seen":319,"resource_available":false,"data":null}},"time_used":711,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":711,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/HpEiFYDux5j.webp","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:36.283Z","timestamp":1781138676283,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/HpEiFYDux5j.webp HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:36 GMT\r\nserver: cloudflare\r\nlast-modified: Sun, 31 May 2026 18:53:47 GMT\r\netag: \"2f40a-6532199195736\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZH%2FeQ11kCP4bMuKByP7lzLwSl9dqYEgQ%2Bc4F%2B4kXnPZ%2BsCznqKKLEjrGL36x3vpEUdKMux9qgJqd6aWN3pkU3BkBligS1N9fThxuY1gbQ%2BFtXcWB61ttB4meeN1R7Bo3RZUjZK%2F%2Bn4WH3XJRdBMVvGd12YuVKn5VwSMU18oYoUzx\"}]}\r\ncontent-type: image/webp\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncontent-length: 193546\r\ncf-ray: a09c9696cc0bb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":193546,"size_decoded":194296,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"14138bd70dd9dc9d5e59d2c9f94a2462","sha1":"8bfccfbdb378d0d019f6b15b7e8bd1d6b60ce850","sha256":"1eed452e2a650a014e75cade0f8faa5bac3a4eaffafb270b8ee73891c9af316e","sha512":"5e2d49f06413bd8239889b28cfcafec93360b029d266b0459843a3d0e41e7c81373d3cbe6692c18d47d12de9b304a6ca085e8235e27847b90e8ad3e8951f18a8","ssdeep":"3072:4fT2pZK6xAvvriIXKZ2CM+HGKv8daF595yTASgErg9Twy2V7WGQ2OS176:4fT8RxA1KZN9GKUdafLc9rgNp2dW52O4","tlshash":"b8141394f8f3eb13fd4db8f6688b188cb456d0611b3da86b4873fb5007e8667482615e","first_seen":"2026-01-31T13:07:42.73442Z","last_seen":"2026-06-11T11:52:44.473897Z","times_seen":2051,"resource_available":false,"data":null}},"time_used":717,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":714,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/83zWJdc6PJI.webp","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:36.284Z","timestamp":1781138676284,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/83zWJdc6PJI.webp HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:37 GMT\r\nserver: cloudflare\r\nlast-modified: Sun, 31 May 2026 19:14:23 GMT\r\netag: \"2b5e8-65321e2bd83a4\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DzYDLPUfiPFXZYvJNyChRfizFfcRJA1cy2cMdjGMk97tSB7hnQv6zvN2iPxs%2B7tVgsiq3gYXhZzaqJh4AtBYG4AIY8c%2Br7QAFZV2BlAQiYO3ltQjCKqXBdF90HAD6T%2B258GKP6ItrLzkzonNHHgbGg9OhCMjhxtn2%2B1O1kiG2dhT\"}]}\r\ncontent-type: image/webp\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncontent-length: 177640\r\ncf-ray: a09c9696cc0cb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":177640,"size_decoded":178384,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9d67bbbe36e2b132a361e8ab179c6de9","sha1":"6020669057705df2229e55abac2889347fc38097","sha256":"76b242e16492f563c762e8db9f30c462ae543dfa1292b137aab4d1cea1739adf","sha512":"55e7ff69c0b613adf4d1d53bac6fd2341aece74f52f9cc9eb32fbe2e1945c5fb8005313ecf4b1a18928023a26559babdca7d966b42a0abac5fbe191ace07ab06","ssdeep":"3072:6cFATRNgbS1gudxvklcPM6dMcJ8hmERFN3nDW5wiOIcKcmaCBme3DV3whPuY:6AAgm19dRklO39J8D33y5wXIcKcsVCPh","tlshash":"eb04121ae64fb639c5d67bf91ab8237e93e4888545c04fc43d8c162f6fbf5472682068","first_seen":"2026-03-04T19:47:53.377679Z","last_seen":"2026-06-11T12:06:46.185742Z","times_seen":2051,"resource_available":false,"data":null}},"time_used":724,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":722,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-11T00:44:29.791Z","timestamp":1781138669791,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 301 \r\ndate: Thu, 11 Jun 2026 00:44:30 GMT\r\nserver: cloudflare\r\nlocation: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\npriority: u=0,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y8Yv3X09PMmQ%2FWexT3HDoL%2B2PfVln%2FQ%2BzqQ%2BahzfBknMRPwbGSGPbAixdDMO56BThsLOxasB0W%2B%2FB%2FNMBQXJav2j5GMZ8nDcWGYqctrkYn5VYiaBGAq6gAxaophOWM0jEY8DxyVQCH8gc2OLs4y7SgSVu6R2bnP8GtxFC0r7y2JP\"}]}\r\ncontent-type: text/html; charset=iso-8859-1\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a09c966e6b92b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-11T11:58:56.262815Z","times_seen":16326789,"resource_available":true,"data":null}},"time_used":754,"timings":{"blocked":-1,"dns":18,"connect":13,"send":0,"wait":723,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-11T00:44:30.555Z","timestamp":1781138670555,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:31 GMT\r\nserver: cloudflare\r\nx-powered-by: PHP/8.2.12\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kTvxbr48mOyi3R7SkDzFO0SavlgJDkczf%2B9S7FpDu1%2BEFYhgtDNMCpoCDU9ZkG6KJlypYItyve59OoebX36E99N0L02o29WEH4l3JOOqOwinjwRSIVA0kmK2MUey3sTsU5TWAlC5T2olzfQ93pFjkEmETki610RD2XiqGecemUCj\"}]}\r\npriority: u=0,i\r\ncontent-type: text/html; charset=UTF-8\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\ncf-ray: a09c9672fb9eb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":86770,"size_decoded":19172,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (887)","md5":"76ce01060a9ca91a5821bec9e4b4cc65","sha1":"d14ad8824935f8627424ed9c41810db251eeeb2f","sha256":"d2591a891b8890c04926de21b8fbe461f1d6076113957982b5ca876556057d1b","sha512":"a70bca218f4c9a2290d9365ef1e081221e04acdacd206c3631de9f0cd3f6a46780ea0488d6879d336ebc092259c7a39285cdcb21d0a9349d207b063ac6299497","ssdeep":"1536:Rjet0R7isBhI+DlHsbU7k2theGfswTh3s8swTwswTdJZsk/PB/:Rqt0XEGMXZ","tlshash":"c483b71a39ff053a665b507e3bdb5209363480132508de1c7abd83489fc1e999eb2bdd","first_seen":"2026-06-11T00:44:59.819307Z","last_seen":"2026-06-11T01:00:36.781997Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":742,"receive":467,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/public/img/photo_1_2026-02-12_01-09-06.jpg","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:31.541Z","timestamp":1781138671541,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /public/img/photo_1_2026-02-12_01-09-06.jpg HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:32 GMT\r\nserver: cloudflare\r\nlast-modified: Wed, 11 Feb 2026 18:09:06 GMT\r\netag: \"9834-64a90449a509c\"\r\naccept-ranges: bytes\r\npriority: u=5,i\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NUwwEKkrAsJDBQY1US0ayqs%2F%2FeV4KGEOvQsNKrZn8v0obvdingNK7WVe%2BF0P9IVOXQn5XXCsFigA4P8vsy6vLfTNLaY6myAmU53DIQAS39rUSIk%2FUOP%2FQ2CvsvFdMAppeQ9VZLJLMPXtR0jkMZoGgzlf6bfj7uC2Ja0ELc4dxs80\"}]}\r\ncontent-type: image/jpeg\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\ncontent-length: 38964\r\ncf-ray: a09c96792baeb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38964,"size_decoded":39708,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1280x560, components 3","md5":"19c3e4de1fa989fe79eee17876b1b3c3","sha1":"19753f8416d9a48ced83ff9569dfe9005965e8c7","sha256":"959636c32991f10e8773fa2315a79b26759e1f6eb455868f3a631c3dcb9f8a67","sha512":"f08c784e378125406e63ec5fa4004faf27ea4e261e5d5894a3edc6de71fbf15b5105437a2d083ce2c0e80095413a39d4f4c20f2b26c2562581c689478d16172e","ssdeep":"768:dDhuBVLPVZa0fFPzaaI4xZrSjGrsCBuqRu8GQOf65MJ4+:dDMdNZFPKAZrSMzu4OyMJ4+","tlshash":"8603e141ca3e5677ecde163561ddc9b0f2227a0d97c00f0f31ae16caac7671b58da921","first_seen":"2026-04-08T09:11:49.852683Z","last_seen":"2026-06-11T01:00:36.779142Z","times_seen":39,"resource_available":false,"data":null}},"time_used":756,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":755,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/lang/en.json","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:33.046Z","timestamp":1781138673046,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /lang/en.json HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:33 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 02 Jun 2026 07:32:25 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0vbWS6EysxjeabCH12XwPpG7AGjyf8XXwY6z%2FnR1qQGs0v2M%2BqFDrJFLLHkxMCsQCe2V0Tw8ic%2Bt5lFwNchulGIWSERt9%2FR%2B6Ufsrg0gQw6EPuYZvn0IcEoIR8DLI4hysGzClJctDxruVqRm5xBZqLG5LU6KA%2B0TPFmDN2AWAMrD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncontent-encoding: zstd\r\netag: W/\"f16-653405007d8b5\"\r\ncontent-type: application/json\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a09c96828bc5b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3862,"size_decoded":1853,"mime_type":"application/json","magic":"JSON text data","md5":"6cf8035b13610607f199590a4ac672a8","sha1":"943cc3c014f4741131f21ea4855956bfa35a34e3","sha256":"c4fbfe9ee1e883d3d3cc84f7cf746cf8f260bc28c697683c6d2115a91c047af0","sha512":"6f09edbcb1c443713de25d7faab1749127ffbae4499657194aaa9d5e607f7b47b559c6c78f1189d1d8ea5ecc9e96a7aa466ce569b513336a9b89efe9bd5ed436","ssdeep":"","tlshash":"3c81b90bca920d6707f24121755659c2f1a6436f97422d1f38b1920d0ff2e7ae3d21c9","first_seen":"2026-06-10T13:16:29.113641Z","last_seen":"2026-06-11T01:00:36.780773Z","times_seen":3,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ref1006kqztrm.enterprisepolicycenterassist.com/font/ea4876dcb7fb6c98-s.p.woff2","fqdn":"ref1006kqztrm.enterprisepolicycenterassist.com","domain":"enterprisepolicycenterassist.com","tld":"com"},"ip":{"addr":"104.21.72.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb","date":"2026-06-11T00:44:36.322Z","timestamp":1781138676322,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enterprisepolicycenterassist.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 04:10:25 GMT","end":"Sun, 12 Jul 2026 04:10:24 GMT"},"fingerprint":{"sha1":"13:17:F2:CD:E8:B9:4E:C4:0A:25:29:94:65:9B:4B:77:98:1A:44:FE","sha256":"62:5C:20:4A:9F:C8:82:A1:70:DE:96:3A:DF:DC:D3:62:B7:CD:D5:3D:59:EF:93:C6:3C:59:52:D5:F8:19:4B:6C"}}},"request":{"raw":"GET /font/ea4876dcb7fb6c98-s.p.woff2 HTTP/1.1\r\nHost: ref1006kqztrm.enterprisepolicycenterassist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ref1006kqztrm.enterprisepolicycenterassist.com/public/index?ref=business-support-center-DASDFDSYUYEE43FJDSHFSDFsetting%25popup%3fclient_id=889943718806-ual26tplnot2ea8b7n5t4p77keo8eb\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 11 Jun 2026 00:44:37 GMT\r\nserver: cloudflare\r\nlast-modified: Mon, 26 Jan 2026 05:56:40 GMT\r\netag: \"2cbb4-649442bb2b600\"\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lxSHmL3Yr7AmeMo9ESFrMtrHjPnahTvwi29OUAHitV1QztamCrDqs%2FHcs6nBxqWSVwiGVfP7wXR5aP%2BpHlbBb2J879YkZWosUIArya3rlgFC24rA25BfummBd6iPGf2Iag09QgU67AACNAqsqEqJTrpPG9bz0ZYJbOXloR6KpS2F\"}]}\r\ncontent-type: font/woff2\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-length: 183220\r\ncf-ray: a09c96970c12b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":183220,"size_decoded":183956,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 183220, version 5.0","md5":"c0254118e3ebe12378022bfef999912f","sha1":"8ac9051c56091acd2b31036d8cd37bcf2f36aad7","sha256":"0dce730051c3b1526526743fc0079505bdf5454b79f6ec1c1fb2a7cb26350694","sha512":"2014dd6332c3b1e6e4691533e88e66651d227cc8091274beb7aead5766bee626d7332b90328b46c7a19a5874ce9d2db52436799af9ab1448e9aab7ae4139d636","ssdeep":"3072:f6pPcK94Pdr1Il6r0/2TDx3rIYZ5gX5GaShNqIXIzmp3YuYb8:fdK6Pxx0/2TDx3sYTgpGX5IzmpIud","tlshash":"a20412816bd0a4c5342cf6c5caaa33fc845955e4b2de4c4dba3abbc90670da7950ee43","first_seen":"2024-12-03T17:14:56.617992Z","last_seen":"2026-06-11T11:52:44.462298Z","times_seen":17681,"resource_available":false,"data":null}},"time_used":1426,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":721,"receive":705,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"ref1006kqztrm.enterprisepolicycenterassist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}