{"report_id":"dab84c5e-0d40-4b61-9ebd-476898869e77","version":6,"status":"done","tags":[],"date":"2025-11-07T10:31:22Z","url":{"schema":"http","addr":"helpdesck.xyz/","fqdn":"helpdesck.xyz","domain":"helpdesck.xyz","tld":"xyz"},"ip":{"addr":"198.252.106.192","port":0,"asn":20068,"as":"HAWKHOST","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"helpdesck.xyz/","fqdn":"helpdesck.xyz","domain":"helpdesck.xyz","tld":"xyz"},"title":"Helpdesck — Smart Customer Support Solutions","dom":{"size":2359,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"91d7ba27e6835c2f15c13e854cf69f91","sha1":"6fcf30836b91ed8c3a24bbad1a9aecf9c2d6c248","sha256":"c1ed488232ee38e606292386931b4f511541ed5bbe3c8c05ac64960b2cbb8ec3","sha512":"37eba6456586556616ddcf073a0d2de3b1b624f5399e9e1ec93cb2228928ebdaaafa03c6fe596e739c531574244274b30ab350fb2561f1d0917c40a655c5a6ad","ssdeep":"","tlshash":"4541873bd4f0241541c752613ad9fa16afe5c6172b09180134ac09985fd1f8edd9f19a","dom_hash":"domhash5210078218170d5bc02995fb0259c34c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"helpdesck.xyz/","fqdn":"helpdesck.xyz","domain":"helpdesck.xyz","tld":"xyz"},"ip":{"addr":"198.252.106.192","port":0,"asn":20068,"as":"HAWKHOST","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-12T10:31:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"helpdesck.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"helpdesck.xyz","ip":{"addr":"198.252.106.192","port":443,"asn":20068,"as":"HAWKHOST","country":"United States","country_code":"US"},"domain_registered":"2025-10-23","domain_rank":0,"first_seen":"2025-11-07T10:31:22.515226Z","last_seen":"2025-11-07T10:31:22.515226Z","alert_count":3,"request_count":3,"received_data":6112,"sent_data":1339,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"helpdesck.xyz/","fqdn":"helpdesck.xyz","domain":"helpdesck.xyz","tld":"xyz"},"ip":{"addr":"198.252.106.192","port":443,"asn":20068,"as":"HAWKHOST","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"09852d209912dc8688752ff68417ef83","sha1":"a9783ff46817918f9660454ccdae4981ea4e00ee","sha256":"e041c0e6269d68d73a81ccf206b33b1245f4e69a725056f4d9884e6b1c1d2080","sha512":"baf2ea51d62d149f962bf4a24ca9ee0ed9fd9790638a7b808d6e5b6cf2daa0cfd800d010383a556c369c1ae906f7d23e93374b5a5d181a2fa9b0b22af1d385a7","ssdeep":"","tlshash":"e2d02b5778b84cf01f9a677b7157c7415c2d00686d1550021d9c084c1110e432db7556","size":257,"data":"","first_seen":"2025-11-07T10:31:25.61269Z","last_seen":"2025-11-07T10:31:25.61269Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"helpdesck.xyz/favicon.ico","fqdn":"helpdesck.xyz","domain":"helpdesck.xyz","tld":"xyz"},"ip":{"addr":"198.252.106.192","port":443,"asn":20068,"as":"HAWKHOST","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://helpdesck.xyz/","date":"2025-11-07T10:31:01.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"helpdesck.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Oct 2025 12:57:16 GMT","end":"Wed, 21 Jan 2026 12:57:15 GMT"},"fingerprint":{"sha1":"35:C9:37:DD:2C:11:B0:77:72:DC:D6:73:3E:C6:DC:E3:AC:57:1D:72","sha256":"6B:7B:D3:5D:16:FA:0F:BB:C7:9D:DE:D0:03:20:60:28:37:A3:8B:0E:A0:C0:90:FB:4C:E7:92:98:01:5E:17:D1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: helpdesck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://helpdesck.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 796\r\ndate: Fri, 07 Nov 2025 10:31:01 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":796,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"265e51037981a14ed99a5fc8c5ec1b51","sha1":"d12ac588953298fdaf46dd5b4af8eb4cf6b06f0a","sha256":"c4b07931b3fc37bc80d56a367783e7fa7c04ced4befec7f57ed079c38c960400","sha512":"b18aa610811c5f9bc1dd829ad90a95568e81a41e1fd1472983dc00147f65045fd91fbc498b5263ce4f4c88b041be21f186ed2ce357d3bcf86c0429ca18991151","ssdeep":"","tlshash":"1101f12ac182a80fe0231070fa91e37451594212629b4f647b9ff676f6ce1ab56b22cc","first_seen":"2024-02-05T05:35:22Z","last_seen":"2026-06-09T14:51:10.192107Z","times_seen":46684,"resource_available":true,"data":null}},"time_used":166,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"helpdesck.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"helpdesck.xyz/","fqdn":"helpdesck.xyz","domain":"helpdesck.xyz","tld":"xyz"},"ip":{"addr":"198.252.106.192","port":443,"asn":20068,"as":"HAWKHOST","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-07T10:31:00.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"helpdesck.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Oct 2025 12:57:16 GMT","end":"Wed, 21 Jan 2026 12:57:15 GMT"},"fingerprint":{"sha1":"35:C9:37:DD:2C:11:B0:77:72:DC:D6:73:3E:C6:DC:E3:AC:57:1D:72","sha256":"6B:7B:D3:5D:16:FA:0F:BB:C7:9D:DE:D0:03:20:60:28:37:A3:8B:0E:A0:C0:90:FB:4C:E7:92:98:01:5E:17:D1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: helpdesck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 07 Nov 2025 10:27:41 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 917\r\ndate: Fri, 07 Nov 2025 10:31:00 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2436,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"39b043a0a3ec2e5db04fdf3375e2fa30","sha1":"8f66d2c002e8d68b87d654be25886bc234ded923","sha256":"4f0b288ce949c7e91c0b7d8bdbb583e99b7889f0c55bf7cce2d43d39807f9571","sha512":"b1c923d748f59e8b5068d64005f33a3e833ae4306670d35fc6ef39b0c73999bf1b9d0a439fe1e3a031e4240b0e33120366fe30a7adeaf4623b9905200222cf37","ssdeep":"","tlshash":"ef41853ba4d0281501b742b53a89eb6afea2c26717052d0130ec179b2ff2e4c8e9b1c5","first_seen":"2025-11-07T10:31:25.607687Z","last_seen":"2025-11-07T10:31:25.607687Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1278,"timings":{"blocked":560,"dns":238,"connect":157,"send":0,"wait":158,"receive":0,"ssl":162},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"helpdesck.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"helpdesck.xyz/style.css","fqdn":"helpdesck.xyz","domain":"helpdesck.xyz","tld":"xyz"},"ip":{"addr":"198.252.106.192","port":443,"asn":20068,"as":"HAWKHOST","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://helpdesck.xyz/","date":"2025-11-07T10:31:01.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"helpdesck.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Oct 2025 12:57:16 GMT","end":"Wed, 21 Jan 2026 12:57:15 GMT"},"fingerprint":{"sha1":"35:C9:37:DD:2C:11:B0:77:72:DC:D6:73:3E:C6:DC:E3:AC:57:1D:72","sha256":"6B:7B:D3:5D:16:FA:0F:BB:C7:9D:DE:D0:03:20:60:28:37:A3:8B:0E:A0:C0:90:FB:4C:E7:92:98:01:5E:17:D1"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: helpdesck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://helpdesck.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Fri, 14 Nov 2025 10:31:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 07 Nov 2025 10:29:39 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 569\r\ndate: Fri, 07 Nov 2025 10:31:01 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1726,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"6767fb4f371ae62bfbd347baf69b20df","sha1":"42bb4d62ce4cd91c85ff14024b80a34222bddfab","sha256":"56a5912e4ec18ff2eb5295af4d9f93d5e039ae121c3fb45d6aa926828aac9547","sha512":"0149dcef62d339fdd273dc4817a5ee583d4d0befd6cb26ffe6823fb9a0e79a924395f11c57f93b1dd38afe29ba6ad116dc07ff510bfda6fd0902cc0731fe846e","ssdeep":"","tlshash":"de31ef9d7b0c11055a33caa4bb62c791b7c54194c50a83be7ff22078b0ca2647af1f8c","first_seen":"2025-11-07T10:31:25.609909Z","last_seen":"2025-11-07T10:31:25.609909Z","times_seen":1,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"helpdesck.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}