{"report_id":"ec0ebe81-6e5f-4d5a-8e73-410b285e51ed","version":6,"status":"done","tags":["microsoft","phishing"],"date":"2026-04-22T10:57:58Z","url":{"schema":"https","addr":"gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","fqdn":"gohelpdesk.co.uk","domain":"gohelpdesk.co.uk","tld":"co.uk"},"ip":{"addr":"98.91.9.77","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","fqdn":"gohelpdesk.co.uk","domain":"gohelpdesk.co.uk","tld":"co.uk"},"title":"Sign in to your account","dom":{"size":12395,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (12392), with no line terminators","md5":"d99f89adf29bc5af4a9cca7d1b093960","sha1":"2c2de3a828dfc030a27cbfbda6a5cb3afdd1f295","sha256":"f0981a1e02918b27252c49685d594d41f25547518f2069d44be3ff6ba9af245c","sha512":"dd0526791220a857b7e8f71e2fd6bb68d132c4945b12eadc7669e5bbe2dde7db8f0cc18a230773e4d661027e9bff658666be658a7d44cc54db5653e6e7ddaac6","ssdeep":"192:ghWjK3pt1X3IOIiKAaGrQeK/IfiPovO9V/x0//+/Hv6rM:+3pt1X3IOIBGseF6We/","tlshash":"86426432da91840b7112c568fbd07e993f198341d7070a64f2fc7276ebcaca45da23ad","dom_hash":"domhashb7605fb08b6b15eea95c2d4fffefb794","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","fqdn":"gohelpdesk.co.uk","domain":"gohelpdesk.co.uk","tld":"co.uk"},"ip":{"addr":"98.91.9.77","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-27T10:57:58Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"gohelpdesk.co.uk","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"innermail.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"assets.eu.usecure.io","ip":{"addr":"108.157.214.33","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2020-04-17","domain_rank":0,"first_seen":"2026-02-06T02:42:06.767642Z","last_seen":"2026-04-21T10:06:14.085817Z","alert_count":0,"request_count":2,"received_data":266578,"sent_data":893,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"gohelpdesk.co.uk","ip":{"addr":"98.91.9.77","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2017-03-23","domain_rank":3206875,"first_seen":"2019-07-05T11:03:53Z","last_seen":"2026-04-07T18:47:20.99298Z","alert_count":20,"request_count":4,"received_data":403183,"sent_data":2749,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-19T22:20:23.925162Z","alert_count":0,"request_count":2,"received_data":15355,"sent_data":830,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"innermail.co.uk","ip":{"addr":"98.91.9.77","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2017-03-23","domain_rank":1837354,"first_seen":"2017-07-17T10:42:17Z","last_seen":"2026-04-18T13:06:10.311134Z","alert_count":2,"request_count":2,"received_data":3224,"sent_data":825,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-19T22:16:46.237507Z","alert_count":0,"request_count":1,"received_data":49154,"sent_data":557,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"gohelpdesk.co.uk/js/usecure.bundle.js?v=e77f8784-eb61-486b-8e6b-6bd04cb5dd1d","fqdn":"gohelpdesk.co.uk","domain":"gohelpdesk.co.uk","tld":"co.uk"},"ip":{"addr":"98.91.9.77","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c5581628cbf05a2d840ba1b2c8223d9","sha1":"e10516f716f12c19c74f7fadd02b5697c68af389","sha256":"8c00468b5f9d238e57de32cdf67002414c951176caaa586389beff848f18d1b2","sha512":"691442078683f36034c66a1dec14a97bed0daafc2fe00337eaec10df30a92dbfae90bfe1503fd014d55b9442c0152061bc60914981f5d3f6e289db9c27e658df","ssdeep":"6144:9NgcHBzUdNBG9bWyfnyxDfREtGPjzUlZV:zDhzYG3rGPvgZV","tlshash":"8284c88cbad2f0f547e265e4802f590af13b1b68740e94d0eaa6d5c5a87898f4037f7d","size":383982,"data":"","first_seen":"2026-02-25T12:54:01.960767Z","last_seen":"2026-04-22T10:58:01.221105Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"assets.eu.usecure.io/wysiwyg1622122990749-Screenshot+-+2021-05-27T214154.332.png","fqdn":"assets.eu.usecure.io","domain":"usecure.io","tld":"io"},"ip":{"addr":"108.157.214.33","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","date":"2026-04-22T10:57:37.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.eu.usecure.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Wed, 03 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"57:E3:43:F5:9F:35:E7:29:C2:F9:2F:F6:77:B1:F6:B6:25:E1:00:31","sha256":"43:B8:6F:62:2B:C8:49:BC:32:CB:1C:FD:83:9D:1A:3C:CF:33:F9:76:4E:69:87:51:F3:90:0F:97:A2:25:53:01"}}},"request":{"raw":"GET /wysiwyg1622122990749-Screenshot+-+2021-05-27T214154.332.png HTTP/1.1\r\nHost: assets.eu.usecure.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: image/png\r\ncontent-length: 254484\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nlast-modified: Tue, 27 Jan 2026 12:35:10 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Tue, 21 Apr 2026 17:26:11 GMT\r\netag: \"fc4caf38bcb0f6c5953a8e0f30ceef7e\"\r\nvary: Accept-Encoding, Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 59202edf772149f3e7805f2a4994d252.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=604800\r\nage: 63087\r\nx-amz-cf-id: T3C7jU-INY1Qgt74fyiUn_yYW3wIcKbnZ3LHXmW1qoCPxsyES8VcjA==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":254484,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1437 x 753, 8-bit/color RGBA, non-interlaced","md5":"fc4caf38bcb0f6c5953a8e0f30ceef7e","sha1":"db67d033bb229465489b87769545c3a74aa8a6bb","sha256":"0c9eb93305dde95ad822f58b7176d355935fc1bf55aaefc4dd3fcbecab3705c1","sha512":"d2b8b5a6bb7b81acc567ffa1c5b77cb6ce66fe20da4aa42d133b911d7d2085e0f3c70e6750616d9b800538e0d16d43ec94cd8884d325f997863ea79f133ab288","ssdeep":"6144:ibFA5Yp/PGXvlFuUmVjuRCv5zinu3oJa39//Af:jYPMlFuU2ukvFiZ6/4f","tlshash":"50441237d6e934b86334099d5d50cb382e4f67b935252aebfac404e384fc4486ee562e","first_seen":"2025-02-11T16:50:34.091034Z","last_seen":"2026-04-22T10:58:01.218378Z","times_seen":99,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gohelpdesk.co.uk/favicon.ico","fqdn":"gohelpdesk.co.uk","domain":"gohelpdesk.co.uk","tld":"co.uk"},"ip":{"addr":"98.91.9.77","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","date":"2026-04-22T10:57:37.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1nfoclient.fr","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 17 Apr 2026 09:00:29 GMT","end":"Thu, 16 Jul 2026 09:00:28 GMT"},"fingerprint":{"sha1":"3B:4F:27:2C:1B:D4:C3:46:A7:C7:64:95:64:54:04:70:AA:69:2B:53","sha256":"92:E5:82:94:64:F5:6D:4E:CC:8C:2F:AA:6F:2B:41:EA:CD:95:26:E7:D8:44:7C:4F:04:5D:98:F9:85:A1:97:D3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gohelpdesk.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: AWSALB=KdESDRAXAPgiDI8DdbDJdDsKP4RTwlI+6HhMUS7Jx7UHkNkQIC83slcOrfV3T+svfWvjQUPcVo/ufdMZa55fj6px5OSjRxLgFDJbrlIp4r1yb4y0Pydf7RONZjyT; AWSALBCORS=KdESDRAXAPgiDI8DdbDJdDsKP4RTwlI+6HhMUS7Jx7UHkNkQIC83slcOrfV3T+svfWvjQUPcVo/ufdMZa55fj6px5OSjRxLgFDJbrlIp4r1yb4y0Pydf7RONZjyT\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.3\r\nDate: Wed, 22 Apr 2026 10:57:37 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 189\r\nConnection: keep-alive\r\nETag: W/\"bd-q+ifm/t1a737L1NUIOELtWJetOI\"\r\nSet-Cookie: AWSALB=O8cp0pxmCRy5WsfJQzHaXFA5R7MkpACjfoPXqxT6sj/rjUOvi49CjZ5NNvxnSxtdXPtZrDAUmsi0f9Nv0GvT1ENIA1foAYQMcj8Josg2wMQGhBxFy9L0EsA6i/s9; Expires=Wed, 29 Apr 2026 10:57:37 GMT; Path=/\nAWSALBCORS=O8cp0pxmCRy5WsfJQzHaXFA5R7MkpACjfoPXqxT6sj/rjUOvi49CjZ5NNvxnSxtdXPtZrDAUmsi0f9Nv0GvT1ENIA1foAYQMcj8Josg2wMQGhBxFy9L0EsA6i/s9; Expires=Wed, 29 Apr 2026 10:57:37 GMT; Path=/; SameSite=None\r\nContent-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https://*.amazonaws.com https://*.usecure.io https://*.user-training.com;font-src 'self' data: https:;connect-src 'self';frame-src 'self';frame-ancestors 'self' https://*.usecure.io https://*.user-training.com;media-src 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: same-origin\r\nOrigin-Agent-Cluster: ?1\r\nReferrer-Policy: no-referrer\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nX-DNS-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 0\r\nAccess-Control-Allow-Origin: *\r\nVia: 1.1 833bfcdc90c384a3f1c685c9bb760d08.cloudfront.net (CloudFront)\r\nAlt-Svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":189,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"c9f6f82c0b1e2d6eb40294f876eac55e","sha1":"abe89f9bfb756bbdfb2f535420e10bb5625eb4e2","sha256":"9dcc361cf979ea9471e1076ab30724c665229614d2d7432dfe9127c8b6d3a443","sha512":"c9ad3aa05ef29513c47732c46f626674f9b55d9b3b8bd8ce2699b17e4ab02d07a2549505024e1031feb286d92ac4affbdbf8fad07a4b849757c0a62efb535b93","ssdeep":"","tlshash":"1bc080efd187728fd41324e03dc311d1594c03a7b4b645f43d807859e11417dcac659d","first_seen":"2023-04-07T07:54:01Z","last_seen":"2026-04-22T10:58:01.218976Z","times_seen":463,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":173,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"gohelpdesk.co.uk","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Source+Sans+Pro","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","date":"2026-04-22T10:57:37.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css?family=Source+Sans+Pro HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 22 Apr 2026 10:57:37 GMT\r\ndate: Wed, 22 Apr 2026 10:57:37 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2415,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"937c0f60d71292a5a8d1cbdbc6c80621","sha1":"3a15491027d6ba63d9720887c07b9677aa405a16","sha256":"109ce15b2cae910659d99ca36afcbdc552669aac69736f67af8d552e0e292117","sha512":"9c7c3bb34a0cc0ed674bc891e4007e5068c50658f104157ef46ba909230b2eb8901d2436240d7785417347ffc021dcf5786b55d3e6253aab323fd28e33a54beb","ssdeep":"","tlshash":"53419ef3401ea84897a31cca23de3e369e4f65106186d17adffd085cec75c2a5264b1d","first_seen":"2025-09-11T21:22:52.791197Z","last_seen":"2026-04-22T10:58:01.219511Z","times_seen":2045,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"innermail.co.uk/css-fonts/ExpertSansBold.css","fqdn":"innermail.co.uk","domain":"innermail.co.uk","tld":"co.uk"},"ip":{"addr":"98.91.9.77","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","date":"2026-04-22T10:57:36.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1nfoclient.fr","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 17 Apr 2026 09:00:29 GMT","end":"Thu, 16 Jul 2026 09:00:28 GMT"},"fingerprint":{"sha1":"3B:4F:27:2C:1B:D4:C3:46:A7:C7:64:95:64:54:04:70:AA:69:2B:53","sha256":"92:E5:82:94:64:F5:6D:4E:CC:8C:2F:AA:6F:2B:41:EA:CD:95:26:E7:D8:44:7C:4F:04:5D:98:F9:85:A1:97:D3"}}},"request":{"raw":"GET /css-fonts/ExpertSansBold.css HTTP/1.1\r\nHost: innermail.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.3\r\nDate: Wed, 22 Apr 2026 10:57:37 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 189\r\nConnection: keep-alive\r\nETag: W/\"bd-q+ifm/t1a737L1NUIOELtWJetOI\"\r\nSet-Cookie: AWSALB=HJ7nW7HrxSkzp6Rhrq9uZ1Jvk0jGQcUioe2Hl33PqRyKnmS2+2IelSO/mROODFPN3ZEGG9RzqaWonrFl1ar6N7Plb64u0rdlZ0Dg9NPxz9QIj8WKNZGFd0qgkMrP; Expires=Wed, 29 Apr 2026 10:57:37 GMT; Path=/\nAWSALBCORS=HJ7nW7HrxSkzp6Rhrq9uZ1Jvk0jGQcUioe2Hl33PqRyKnmS2+2IelSO/mROODFPN3ZEGG9RzqaWonrFl1ar6N7Plb64u0rdlZ0Dg9NPxz9QIj8WKNZGFd0qgkMrP; Expires=Wed, 29 Apr 2026 10:57:37 GMT; Path=/; SameSite=None\r\nContent-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https://*.amazonaws.com https://*.usecure.io https://*.user-training.com;font-src 'self' data: https:;connect-src 'self';frame-src 'self';frame-ancestors 'self' https://*.usecure.io https://*.user-training.com;media-src 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: same-origin\r\nOrigin-Agent-Cluster: ?1\r\nReferrer-Policy: no-referrer\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nX-DNS-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 0\r\nAccess-Control-Allow-Origin: *\r\nVia: 1.1 2d59a8826002727f8e5a0462a1e5ee16.cloudfront.net (CloudFront)\r\nAlt-Svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T14:09:24.839882Z","times_seen":14063300,"resource_available":true,"data":null}},"time_used":679,"timings":{"blocked":215,"dns":20,"connect":93,"send":0,"wait":244,"receive":0,"ssl":103},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"innermail.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Open+Sans:400,700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","date":"2026-04-22T10:57:36.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css?family=Open+Sans:400,700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 22 Apr 2026 10:57:37 GMT\r\ndate: Wed, 22 Apr 2026 10:57:37 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11588,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"28e0e3d1db179a6b0b454a6a42a382b7","sha1":"637e0ca2efa06fb7bcdadb1ed0cade98aa6f6c08","sha256":"f1251b5aa44c40639d940adcbebe2d7d88573dfac9a2ba63d71ca06ea67bbad9","sha512":"bfe57657f404dacdef4e7bed130a8a739fcc007f9f6d6a9a81d57f10a25776048b664cf58ddc935c6dcecd6fb7ac373b74b03367ae91be7e9ce4badf853fbd3a","ssdeep":"192:wCAAN21/rqbnbqGIwV4Razq4CZZE2s6rqmnbqGIwV4YfzvY:TjXqY4nU8qY4Z","tlshash":"bc322ba00017185067431de623de7e34ee0fa2657044d0766bfd8b9beedad6963b431d","first_seen":"2025-09-17T00:46:50.629094Z","last_seen":"2026-04-22T13:09:48.719295Z","times_seen":8115,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":93,"dns":1,"connect":7,"send":0,"wait":21,"receive":0,"ssl":89},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gohelpdesk.co.uk/js/usecure.bundle.js?v=e77f8784-eb61-486b-8e6b-6bd04cb5dd1d","fqdn":"gohelpdesk.co.uk","domain":"gohelpdesk.co.uk","tld":"co.uk"},"ip":{"addr":"98.91.9.77","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","date":"2026-04-22T10:57:36.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1nfoclient.fr","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 17 Apr 2026 09:00:29 GMT","end":"Thu, 16 Jul 2026 09:00:28 GMT"},"fingerprint":{"sha1":"3B:4F:27:2C:1B:D4:C3:46:A7:C7:64:95:64:54:04:70:AA:69:2B:53","sha256":"92:E5:82:94:64:F5:6D:4E:CC:8C:2F:AA:6F:2B:41:EA:CD:95:26:E7:D8:44:7C:4F:04:5D:98:F9:85:A1:97:D3"}}},"request":{"raw":"GET /js/usecure.bundle.js?v=e77f8784-eb61-486b-8e6b-6bd04cb5dd1d HTTP/1.1\r\nHost: gohelpdesk.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: AWSALB=PEeMt6xTacgobk3470t6sEvRL1SfG9pviYPD8uy4NKbLDSmecgcdGWUzQXjA9PV7kQ69U4Q2S5gpex+HJdDcRuSX5908TWoBiGYEauyJtVnzdaqE2PT8rowNAfDV; AWSALBCORS=PEeMt6xTacgobk3470t6sEvRL1SfG9pviYPD8uy4NKbLDSmecgcdGWUzQXjA9PV7kQ69U4Q2S5gpex+HJdDcRuSX5908TWoBiGYEauyJtVnzdaqE2PT8rowNAfDV\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Wed, 22 Apr 2026 10:57:37 GMT\r\nContent-Type: text/javascript; charset=utf-8\r\nContent-Length: 383982\r\nConnection: keep-alive\r\nEtag: W/\"5dbee-19cf6f7f820\"\r\nContent-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https://*.amazonaws.com https://*.usecure.io https://*.user-training.com;font-src 'self' data: https:;connect-src 'self';frame-src 'self';frame-ancestors 'self' https://*.usecure.io https://*.user-training.com;media-src 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: same-origin\r\nOrigin-Agent-Cluster: ?1\r\nReferrer-Policy: no-referrer\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nX-Dns-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-Xss-Protection: 0\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Mon, 16 Mar 2026 14:06:12 GMT\r\nVia: 1.1 5f9259b1a46bdc5506b0216adf148540.cloudfront.net (CloudFront)\r\nAlt-Svc: h3=\":443\"; ma=86400\r\nSet-Cookie: AWSALB=KdESDRAXAPgiDI8DdbDJdDsKP4RTwlI+6HhMUS7Jx7UHkNkQIC83slcOrfV3T+svfWvjQUPcVo/ufdMZa55fj6px5OSjRxLgFDJbrlIp4r1yb4y0Pydf7RONZjyT; Expires=Wed, 29 Apr 2026 10:57:36 GMT; Path=/; Secure\nAWSALBCORS=KdESDRAXAPgiDI8DdbDJdDsKP4RTwlI+6HhMUS7Jx7UHkNkQIC83slcOrfV3T+svfWvjQUPcVo/ufdMZa55fj6px5OSjRxLgFDJbrlIp4r1yb4y0Pydf7RONZjyT; Expires=Wed, 29 Apr 2026 10:57:36 GMT; Path=/; SameSite=None; Secure\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":383982,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65464)","md5":"9c5581628cbf05a2d840ba1b2c8223d9","sha1":"e10516f716f12c19c74f7fadd02b5697c68af389","sha256":"8c00468b5f9d238e57de32cdf67002414c951176caaa586389beff848f18d1b2","sha512":"691442078683f36034c66a1dec14a97bed0daafc2fe00337eaec10df30a92dbfae90bfe1503fd014d55b9442c0152061bc60914981f5d3f6e289db9c27e658df","ssdeep":"6144:9NgcHBzUdNBG9bWyfnyxDfREtGPjzUlZV:zDhzYG3rGPvgZV","tlshash":"8284c88cbad2f0f547e265e4802f590af13b1b68740e94d0eaa6d5c5a87898f4037f7d","first_seen":"2026-02-25T12:54:01.960767Z","last_seen":"2026-04-22T10:58:01.221105Z","times_seen":56,"resource_available":true,"data":null}},"time_used":730,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":463,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"gohelpdesk.co.uk","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","date":"2026-04-22T10:57:37.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gohelpdesk.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 21 Apr 2026 13:37:25 GMT\r\nexpires: Wed, 21 Apr 2027 13:37:25 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nage: 76812\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-04-22T14:11:50.146114Z","times_seen":218621,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":116,"dns":1,"connect":20,"send":0,"wait":22,"receive":29,"ssl":91},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gohelpdesk.co.uk/record-simulation-event?rg=eu","fqdn":"gohelpdesk.co.uk","domain":"gohelpdesk.co.uk","tld":"co.uk"},"ip":{"addr":"98.91.9.77","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","date":"2026-04-22T10:57:38.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1nfoclient.fr","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 17 Apr 2026 09:00:29 GMT","end":"Thu, 16 Jul 2026 09:00:28 GMT"},"fingerprint":{"sha1":"3B:4F:27:2C:1B:D4:C3:46:A7:C7:64:95:64:54:04:70:AA:69:2B:53","sha256":"92:E5:82:94:64:F5:6D:4E:CC:8C:2F:AA:6F:2B:41:EA:CD:95:26:E7:D8:44:7C:4F:04:5D:98:F9:85:A1:97:D3"}}},"request":{"raw":"POST /record-simulation-event?rg=eu HTTP/1.1\r\nHost: gohelpdesk.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 11518\r\nOrigin: https://gohelpdesk.co.uk\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: AWSALB=O8cp0pxmCRy5WsfJQzHaXFA5R7MkpACjfoPXqxT6sj/rjUOvi49CjZ5NNvxnSxtdXPtZrDAUmsi0f9Nv0GvT1ENIA1foAYQMcj8Josg2wMQGhBxFy9L0EsA6i/s9; AWSALBCORS=KdESDRAXAPgiDI8DdbDJdDsKP4RTwlI+6HhMUS7Jx7UHkNkQIC83slcOrfV3T+svfWvjQUPcVo/ufdMZa55fj6px5OSjRxLgFDJbrlIp4r1yb4y0Pydf7RONZjyT\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":11518,"data":"eventType=visit\u0026region=eu\u0026simulationResultId=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026fingerprint=eyJkYXRhIjp7InBsdWdpbnMiOlsiUERGIFZpZXdlcjo6UG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0OjppbnRlcm5hbC1wZGYtdmlld2VyOjpfX2FwcGxpY2F0aW9uL3BkZn5wZGZ%2BUG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0LHRleHQvcGRmfnBkZn5Qb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQiLCJDaHJvbWUgUERGIFZpZXdlcjo6UG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0OjppbnRlcm5hbC1wZGYtdmlld2VyOjpfX2FwcGxpY2F0aW9uL3BkZn5wZGZ%2BUG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0LHRleHQvcGRmfnBkZn5Qb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQiLCJDaHJvbWl1bSBQREYgVmlld2VyOjpQb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQ6OmludGVybmFsLXBkZi12aWV3ZXI6Ol9fYXBwbGljYXRpb24vcGRmfnBkZn5Qb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQsdGV4dC9wZGZ%2BcGRmflBvcnRhYmxlIERvY3VtZW50IEZvcm1hdCIsIk1pY3Jvc29mdCBFZGdlIFBERiBWaWV3ZXI6OlBvcnRhYmxlIERvY3VtZW50IEZvcm1hdDo6aW50ZXJuYWwtcGRmLXZpZXdlcjo6X19hcHBsaWNhdGlvbi9wZGZ%2BcGRmflBvcnRhYmxlIERvY3VtZW50IEZvcm1hdCx0ZXh0L3BkZn5wZGZ%2BUG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0IiwiV2ViS2l0IGJ1aWx0LWluIFBERjo6UG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0OjppbnRlcm5hbC1wZGYtdmlld2VyOjpfX2FwcGxpY2F0aW9uL3BkZn5wZGZ%2BUG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0LHRleHQvcGRmfnBkZn5Qb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQiXSwibWltZVR5cGVzIjpbIlBvcnRhYmxlIERvY3VtZW50IEZvcm1hdH5%2BYXBwbGljYXRpb24vcGRmfn5wZGYiLCJQb3J0YWJsZSBEb2N1bWVudCBGb3JtYXR%2BfnRleHQvcGRmfn5wZGYiXSwidXNlckFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjAiLCJwbGF0Zm9ybSI6IldpbjMyIiwibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXSwic2NyZWVuIjp7IndJbm5lckhlaWdodCI6MTAyNCwid091dGVySGVpZ2h0IjoxMDI0LCJ3T3V0ZXJXaWR0aCI6MTI4MCwid0lubmVyV2lkdGgiOjEyODAsIndTY3JlZW5YIjowLCJ3UGFnZVhPZmZzZXQiOjAsIndQYWdlWU9mZnNldCI6MCwiY1dpZHRoIjoxMjgwLCJjSGVpZ2h0IjoxMDI0LCJzV2lkdGgiOjEyODAsInNIZWlnaHQiOjEwMjQsInNBdmFpbFdpZHRoIjoxMjgwLCJzQXZhaWxIZWlnaHQiOjEwMjQsInNDb2xvckRlcHRoIjoyNCwic1BpeGVsRGVwdGgiOjI0LCJ3RGV2aWNlUGl4ZWxSYXRpbyI6MX0sInRvdWNoU2NyZWVuIjpbMCxmYWxzZSxmYWxzZV0sInZpZGVvQ2FyZCI6WyJNZXNhIiwibGx2bXBpcGUiXSwibXVsdGltZWRpYURldmljZXMiOnsic3BlYWtlcnMiOjAsIm1pY3JvcyI6MCwid2ViY2FtcyI6MH0sInByb2R1Y3RTdWIiOiIyMDEwMDEwMSIsIm5hdmlnYXRvclByb3RvdHlwZSI6WyJ2aWJyYXRlfn5%2BZnVuY3Rpb24gdmlicmF0ZSgpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwiamF2YUVuYWJsZWR%2Bfn5mdW5jdGlvbiBqYXZhRW5hYmxlZCgpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwiZ2V0R2FtZXBhZHN%2Bfn5mdW5jdGlvbiBnZXRHYW1lcGFkcygpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwicmVxdWVzdE1JRElBY2Nlc3N%2Bfn5mdW5jdGlvbiByZXF1ZXN0TUlESUFjY2VzcygpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwibW96R2V0VXNlck1lZGlhfn5%2BZnVuY3Rpb24gbW96R2V0VXNlck1lZGlhKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJzZW5kQmVhY29ufn5%2BZnVuY3Rpb24gc2VuZEJlYWNvbigpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwicmVxdWVzdE1lZGlhS2V5U3lzdGVtQWNjZXNzfn5%2BZnVuY3Rpb24gcmVxdWVzdE1lZGlhS2V5U3lzdGVtQWNjZXNzKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJnZXRBdXRvcGxheVBvbGljeX5%2BfmZ1bmN0aW9uIGdldEF1dG9wbGF5UG9saWN5KCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJyZWdpc3RlclByb3RvY29sSGFuZGxlcn5%2BfmZ1bmN0aW9uIHJlZ2lzdGVyUHJvdG9jb2xIYW5kbGVyKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJ0YWludEVuYWJsZWR%2Bfn5mdW5jdGlvbiB0YWludEVuYWJsZWQoKSB7XG4gICAgW25hdGl2ZSBjb2RlXVxufSIsInBlcm1pc3Npb25zfn5%2BZnVuY3Rpb24gcGVybWlzc2lvbnMoKSB7XG4gICAgW25hdGl2ZSBjb2RlXVxufSIsIm1pbWVUeXBlc35%2BfmZ1bmN0aW9uIG1pbWVUeXBlcygpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwicGx1Z2luc35%2BfmZ1bmN0aW9uIHBsdWdpbnMoKSB7XG4gICAgW25hdGl2ZSBjb2RlXVxufSIsInBkZlZpZXdlckVuYWJsZWR%2Bfn5mdW5jdGlvbiBwZGZWaWV3ZXJFbmFibGVkKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJkb05vdFRyYWNrfn5%2BZnVuY3Rpb24gZG9Ob3RUcmFjaygpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwibWF4VG91Y2hQb2ludHN%2Bfn5mdW5jdGlvbiBtYXhUb3VjaFBvaW50cygpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwibWVkaWFDYXBhYmlsaXRpZXN%2Bfn5mdW5jdGlvbiBtZWRpYUNhcGFiaWxpdGllcygpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59Iiwib3NjcHV%2Bfn5mdW5jdGlvbiBvc2NwdSgpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwidmVuZG9yfn5%2BZnVuY3Rpb24gdmVuZG9yKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJ2ZW5kb3JTdWJ%2Bfn5mdW5jdGlvbiB2ZW5kb3JTdWIoKSB7XG4gICAgW25hdGl2ZSBjb2RlXVxufSIsInByb2R1Y3RTdWJ%2Bfn5mdW5jdGlvbiBwcm9kdWN0U3ViKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJjb29raWVFbmFibGVkfn5%2BZnVuY3Rpb24gY29va2llRW5hYmxlZCgpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwiYnVpbGRJRH5%2BfmZ1bmN0aW9uIGJ1aWxkSUQoKSB7XG4gICAgW25hdGl2ZSBjb2RlXVxufSIsIm1lZGlhRGV2aWNlc35%2BfmZ1bmN0aW9uIG1lZGlhRGV2aWNlcygpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwiY3JlZGVudGlhbHN%2Bfn5mdW5jdGlvbiBjcmVkZW50aWFscygpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwiY2xpcGJvYXJkfn5%2BZnVuY3Rpb24gY2xpcGJvYXJkKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJtZWRpYVNlc3Npb25%2Bfn5mdW5jdGlvbiBtZWRpYVNlc3Npb24oKSB7XG4gICAgW25hdGl2ZSBjb2RlXVxufSIsIndlYmRyaXZlcn5%2BfmZ1bmN0aW9uIHdlYmRyaXZlcigpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwiaGFyZHdhcmVDb25jdXJyZW5jeX5%2BfmZ1bmN0aW9uIGhhcmR3YXJlQ29uY3VycmVuY3koKSB7XG4gICAgW25hdGl2ZSBjb2RlXVxufSIsImFwcENvZGVOYW1lfn5%2BZnVuY3Rpb24gYXBwQ29kZU5hbWUoKSB7XG4gICAgW25hdGl2ZSBjb2RlXVxufSIsImFwcE5hbWV%2Bfn5mdW5jdGlvbiBhcHBOYW1lKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJhcHBWZXJzaW9ufn5%2BZnVuY3Rpb24gYXBwVmVyc2lvbigpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwicGxhdGZvcm1%2Bfn5mdW5jdGlvbiBwbGF0Zm9ybSgpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwidXNlckFnZW50fn5%2BZnVuY3Rpb24gdXNlckFnZW50KCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJwcm9kdWN0fn5%2BZnVuY3Rpb24gcHJvZHVjdCgpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwibGFuZ3VhZ2V%2Bfn5mdW5jdGlvbiBsYW5ndWFnZSgpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwibGFuZ3VhZ2Vzfn5%2BZnVuY3Rpb24gbGFuZ3VhZ2VzKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJsb2Nrc35%2BfmZ1bmN0aW9uIGxvY2tzKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJvbkxpbmV%2Bfn5mdW5jdGlvbiBvbkxpbmUoKSB7XG4gICAgW25hdGl2ZSBjb2RlXVxufSIsInN0b3JhZ2V%2Bfn5mdW5jdGlvbiBzdG9yYWdlKCkge1xuICAgIFtuYXRpdmUgY29kZV1cbn0iLCJjb25zdHJ1Y3Rvcn5%2BfmZ1bmN0aW9uIE5hdmlnYXRvcigpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59IiwidG9TdHJpbmd%2Bfn4iLCJ0b0xvY2FsZVN0cmluZ35%2BfiIsInZhbHVlT2Z%2Bfn4iLCJoYXNPd25Qcm9wZXJ0eX5%2BfiIsImlzUHJvdG90eXBlT2Z%2Bfn4iLCJwcm9wZXJ0eUlzRW51bWVyYWJsZX5%2BfiIsIl9fZGVmaW5lR2V0dGVyX19%2Bfn4iLCJfX2RlZmluZVNldHRlcl9ffn5%2BIiwiX19sb29rdXBHZXR0ZXJfX35%2BfiIsIl9fbG9va3VwU2V0dGVyX19%2Bfn4iLCJfX3Byb3RvX19%2Bfn4iLCJjb25zdHJ1Y3Rvcn5%2BfmZ1bmN0aW9uIE5hdmlnYXRvcigpIHtcbiAgICBbbmF0aXZlIGNvZGVdXG59Il0sImV0c2wiOjM3LCJzY3JlZW5EZXNjIjoiZnVuY3Rpb24gd2lkdGgoKSB7XG4gICAgW25hdGl2ZSBjb2RlXVxufSIsInBoYW50b21KUyI6W2ZhbHNlLGZhbHNlLGZhbHNlXSwibmlnaHRtYXJlSlMiOmZhbHNlLCJzZWxlbml1bSI6W2ZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlLGZhbHNlXSwid2ViRHJpdmVyIjp0cnVlLCJ3ZWJEcml2ZXJWYWx1ZSI6ZmFsc2UsImVycm9yc0dlbmVyYXRlZCI6WyJhemVhemUgaXMgbm90IGRlZmluZWQiLCJodHRwczovL2dvaGVscGRlc2suY28udWsvanMvdXNlY3VyZS5idW5kbGUuanM%2Fdj1lNzdmODc4NC1lYjYxLTQ4NmItOGU2Yi02YmQwNGNiNWRkMWQiLDIsbnVsbCxudWxsLDQ1NTk5LG51bGwsIkFuIGludmFsaWQgb3IgaWxsZWdhbCBzdHJpbmcgd2FzIHNwZWNpZmllZCJdLCJyZXNPdmVyZmxvdyI6eyJkZXB0aCI6MjQ4ODYsImVycm9yTWVzc2FnZSI6InRvbyBtdWNoIHJlY3Vyc2lvbiIsImVycm9yTmFtZSI6IkludGVybmFsRXJyb3IiLCJlcnJvclN0YWNrbGVuZ3RoIjoxMjE2MH0sImFjY2VsZXJvbWV0ZXJVc2VkIjpmYWxzZSwic2NyZWVuTWVkaWFRdWVyeSI6dHJ1ZSwiaGFzQ2hyb21lIjpmYWxzZSwiZGV0YWlsQ2hyb21lIjoidW5rbm93biIsInBlcm1pc3Npb25zIjp7InN0YXRlIjoicHJvbXB0IiwicGVybWlzc2lvbiI6ImRlbmllZCJ9LCJpZnJhbWVDaHJvbWUiOiJ1bmRlZmluZWQiLCJkZWJ1Z1Rvb2wiOmZhbHNlLCJiYXR0ZXJ5IjpmYWxzZSwiZGV2aWNlTWVtb3J5IjowLCJ0cENhbnZhcyI6eyIwIjowLCIxIjowLCIyIjowLCIzIjowfSwic2VxdWVudHVtIjpmYWxzZSwiYXVkaW9Db2RlY3MiOnsib2dnIjoicHJvYmFibHkiLCJtcDMiOiJtYXliZSIsIndhdiI6InByb2JhYmx5IiwibTRhIjoibWF5YmUiLCJhYWMiOiJtYXliZSJ9LCJ2aWRlb0NvZGVjcyI6eyJvZ2ciOiJwcm9iYWJseSIsImgyNjQiOiJwcm9iYWJseSIsIndlYm0iOiJwcm9iYWJseSJ9fSwicmVzdWx0cyI6eyJQSEFOVE9NX1VBIjp7Im5hbWUiOiJQSEFOVE9NX1VBIiwiY29uc2lzdGVudCI6MywiZGF0YSI6eyJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMzQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMzQuMCJ9fSwiUEhBTlRPTV9QUk9QRVJUSUVTIjp7Im5hbWUiOiJQSEFOVE9NX1BST1BFUlRJRVMiLCJjb25zaXN0ZW50IjozLCJkYXRhIjp7ImF0dHJpYnV0ZXNGb3VuZCI6W2ZhbHNlLGZhbHNlLGZhbHNlXX19LCJQSEFOVE9NX0VUU0wiOnsibmFtZSI6IlBIQU5UT01fRVRTTCIsImNvbnNpc3RlbnQiOjMsImRhdGEiOnsiZXRzbCI6Mzd9fSwiUEhBTlRPTV9MQU5HVUFHRSI6eyJuYW1lIjoiUEhBTlRPTV9MQU5HVUFHRSIsImNvbnNpc3RlbnQiOjMsImRhdGEiOnsibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXX19LCJQSEFOVE9NX1dFQlNPQ0tFVCI6eyJuYW1lIjoiUEhBTlRPTV9XRUJTT0NLRVQiLCJjb25zaXN0ZW50IjozLCJkYXRhIjp7ImVycm9yIjoiQW4gaW52YWxpZCBvciBpbGxlZ2FsIHN0cmluZyB3YXMgc3BlY2lmaWVkIn19LCJNUV9TQ1JFRU4iOnsibmFtZSI6Ik1RX1NDUkVFTiIsImNvbnNpc3RlbnQiOjMsImRhdGEiOnt9fSwiUEhBTlRPTV9PVkVSRkxPVyI6eyJuYW1lIjoiUEhBTlRPTV9PVkVSRkxPVyIsImNvbnNpc3RlbnQiOjMsImRhdGEiOnsiZGVwdGgiOjI0ODg2LCJlcnJvck1lc3NhZ2UiOiJ0b28gbXVjaCByZWN1cnNpb24iLCJlcnJvck5hbWUiOiJJbnRlcm5hbEVycm9yIiwiZXJyb3JTdGFja2xlbmd0aCI6MTIxNjB9fSwiUEhBTlRPTV9XSU5ET1dfSEVJR0hUIjp7Im5hbWUiOiJQSEFOVE9NX1dJTkRPV19IRUlHSFQiLCJjb25zaXN0ZW50IjozLCJkYXRhIjp7IndJbm5lckhlaWdodCI6MTAyNCwid091dGVySGVpZ2h0IjoxMDI0LCJ3T3V0ZXJXaWR0aCI6MTI4MCwid0lubmVyV2lkdGgiOjEyODAsIndTY3JlZW5YIjowLCJ3UGFnZVhPZmZzZXQiOjAsIndQYWdlWU9mZnNldCI6MCwiY1dpZHRoIjoxMjgwLCJjSGVpZ2h0IjoxMDI0LCJzV2lkdGgiOjEyODAsInNIZWlnaHQiOjEwMjQsInNBdmFpbFdpZHRoIjoxMjgwLCJzQXZhaWxIZWlnaHQiOjEwMjQsInNDb2xvckRlcHRoIjoyNCwic1BpeGVsRGVwdGgiOjI0LCJ3RGV2aWNlUGl4ZWxSYXRpbyI6MX19LCJIRUFEQ0hSX1VBIjp7Im5hbWUiOiJIRUFEQ0hSX1VBIiwiY29uc2lzdGVudCI6MywiZGF0YSI6eyJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMzQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMzQuMCJ9fSwiV0VCRFJJVkVSIjp7Im5hbWUiOiJXRUJEUklWRVIiLCJjb25zaXN0ZW50IjozLCJkYXRhIjp7fX0sIkhFQURDSFJfQ0hST01FX09CSiI6eyJuYW1lIjoiSEVBRENIUl9DSFJPTUVfT0JKIiwiY29uc2lzdGVudCI6MywiZGF0YSI6e319LCJIRUFEQ0hSX1BFUk1JU1NJT05TIjp7Im5hbWUiOiJIRUFEQ0hSX1BFUk1JU1NJT05TIiwiY29uc2lzdGVudCI6MSwiZGF0YSI6e319LCJIRUFEQ0hSX1BMVUdJTlMiOnsibmFtZSI6IkhFQURDSFJfUExVR0lOUyIsImNvbnNpc3RlbnQiOjMsImRhdGEiOnsicGx1Z2lucyI6WyJQREYgVmlld2VyOjpQb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQ6OmludGVybmFsLXBkZi12aWV3ZXI6Ol9fYXBwbGljYXRpb24vcGRmfnBkZn5Qb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQsdGV4dC9wZGZ%2BcGRmflBvcnRhYmxlIERvY3VtZW50IEZvcm1hdCIsIkNocm9tZSBQREYgVmlld2VyOjpQb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQ6OmludGVybmFsLXBkZi12aWV3ZXI6Ol9fYXBwbGljYXRpb24vcGRmfnBkZn5Qb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQsdGV4dC9wZGZ%2BcGRmflBvcnRhYmxlIERvY3VtZW50IEZvcm1hdCIsIkNocm9taXVtIFBERiBWaWV3ZXI6OlBvcnRhYmxlIERvY3VtZW50IEZvcm1hdDo6aW50ZXJuYWwtcGRmLXZpZXdlcjo6X19hcHBsaWNhdGlvbi9wZGZ%2BcGRmflBvcnRhYmxlIERvY3VtZW50IEZvcm1hdCx0ZXh0L3BkZn5wZGZ%2BUG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0IiwiTWljcm9zb2Z0IEVkZ2UgUERGIFZpZXdlcjo6UG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0OjppbnRlcm5hbC1wZGYtdmlld2VyOjpfX2FwcGxpY2F0aW9uL3BkZn5wZGZ%2BUG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0LHRleHQvcGRmfnBkZn5Qb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQiLCJXZWJLaXQgYnVpbHQtaW4gUERGOjpQb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQ6OmludGVybmFsLXBkZi12aWV3ZXI6Ol9fYXBwbGljYXRpb24vcGRmfnBkZn5Qb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQsdGV4dC9wZGZ%2BcGRmflBvcnRhYmxlIERvY3VtZW50IEZvcm1hdCJdfX0sIkhFQURDSFJfSUZSQU1FIjp7Im5hbWUiOiJIRUFEQ0hSX0lGUkFNRSIsImNvbnNpc3RlbnQiOjMsImRhdGEiOnt9fSwiQ0hSX0RFQlVHX1RPT0xTIjp7Im5hbWUiOiJDSFJfREVCVUdfVE9PTFMiLCJjb25zaXN0ZW50IjozLCJkYXRhIjp7fX0sIlNFTEVOSVVNX0RSSVZFUiI6eyJuYW1lIjoiU0VMRU5JVU1fRFJJVkVSIiwiY29uc2lzdGVudCI6MywiZGF0YSI6eyJhdHRyaWJ1dGVzRm91bmQiOltmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZV19fSwiQ0hSX0JBVFRFUlkiOnsibmFtZSI6IkNIUl9CQVRURVJZIiwiY29uc2lzdGVudCI6MywiZGF0YSI6e319LCJDSFJfTUVNT1JZIjp7Im5hbWUiOiJDSFJfTUVNT1JZIiwiY29uc2lzdGVudCI6MywiZGF0YSI6e319LCJUUkFOU1BBUkVOVF9QSVhFTCI6eyJuYW1lIjoiVFJBTlNQQVJFTlRfUElYRUwiLCJjb25zaXN0ZW50IjozLCJkYXRhIjp7IjAiOjAsIjEiOjAsIjIiOjAsIjMiOjB9fSwiU0VRVUVOVFVNIjp7Im5hbWUiOiJTRVFVRU5UVU0iLCJjb25zaXN0ZW50IjozLCJkYXRhIjp7fX0sIlZJREVPX0NPREVDUyI6eyJuYW1lIjoiVklERU9fQ09ERUNTIiwiY29uc2lzdGVudCI6MywiZGF0YSI6eyJoMjY0IjoicHJvYmFibHkifX19fQ%3D%3D"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Wed, 22 Apr 2026 10:57:38 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 124\r\nConnection: keep-alive\r\nEtag: W/\"7c-OO7ZxOsCYFZsK6hWcjXI9iP4jWw\"\r\nContent-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https://*.amazonaws.com https://*.usecure.io https://*.user-training.com;font-src 'self' data: https:;connect-src 'self';frame-src 'self';frame-ancestors 'self' https://*.usecure.io https://*.user-training.com;media-src 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: same-origin\r\nOrigin-Agent-Cluster: ?1\r\nReferrer-Policy: no-referrer\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nX-Dns-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-Xss-Protection: 0\r\nAccess-Control-Allow-Origin: *\r\nVia: 1.1 90af3db4c3266e9548f9c3f3de9c43ba.cloudfront.net (CloudFront)\r\nAlt-Svc: h3=\":443\"; ma=86400\r\nSet-Cookie: AWSALB=weNZBqtpmIq4SsCbffk4dkFnmQdM+TNALxAb8gbKF7Q5s69/K7PMtZCPubNlqf5J9If9bqRXmnb9O6PSjnwaXCDbho1W2PAf8fUrpHDR1A6yTTbmJ54tzF9+8xIi; Expires=Wed, 29 Apr 2026 10:57:38 GMT; Path=/; Secure\nAWSALBCORS=weNZBqtpmIq4SsCbffk4dkFnmQdM+TNALxAb8gbKF7Q5s69/K7PMtZCPubNlqf5J9If9bqRXmnb9O6PSjnwaXCDbho1W2PAf8fUrpHDR1A6yTTbmJ54tzF9+8xIi; Expires=Wed, 29 Apr 2026 10:57:38 GMT; Path=/; SameSite=None; Secure\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]}],"data":{"size":124,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a1647c1fdd2fde6fa929b84463e9476d","sha1":"38eed9c4eb0260566c2ba8567235c8f623f88d6c","sha256":"87702f54172208f2d577a98b4f688de3cdf2e8aed6665b1b4f2bafd23b7c203d","sha512":"85f0d340887438835496e37ac085aed132b1f3efb69958d48f14278d590207c1609e240d188e6918d26c70bc757c8c209bd9e49c2ccc6a8e10f5daf66f2e7f77","ssdeep":"","tlshash":"62b09276c7f2acf352140290da00acc22f4c3822da400812af4ad74404c2b3bfdf4c09","first_seen":"2026-04-22T10:58:01.222102Z","last_seen":"2026-04-22T10:58:01.222102Z","times_seen":1,"resource_available":false,"data":null}},"time_used":412,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":412,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"gohelpdesk.co.uk","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","fqdn":"gohelpdesk.co.uk","domain":"gohelpdesk.co.uk","tld":"co.uk"},"ip":{"addr":"98.91.9.77","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T10:57:36.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1nfoclient.fr","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 17 Apr 2026 09:00:29 GMT","end":"Thu, 16 Jul 2026 09:00:28 GMT"},"fingerprint":{"sha1":"3B:4F:27:2C:1B:D4:C3:46:A7:C7:64:95:64:54:04:70:AA:69:2B:53","sha256":"92:E5:82:94:64:F5:6D:4E:CC:8C:2F:AA:6F:2B:41:EA:CD:95:26:E7:D8:44:7C:4F:04:5D:98:F9:85:A1:97:D3"}}},"request":{"raw":"GET /?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu HTTP/1.1\r\nHost: gohelpdesk.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Wed, 22 Apr 2026 10:57:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 12304\r\nConnection: keep-alive\r\nEtag: W/\"3010-Re/6VXaZbSuwY19rQdSGgYvSVL8\"\r\nContent-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https://*.amazonaws.com https://*.usecure.io https://*.user-training.com;font-src 'self' data: https:;connect-src 'self';frame-src 'self';frame-ancestors 'self' https://*.usecure.io https://*.user-training.com;media-src 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: same-origin\r\nOrigin-Agent-Cluster: ?1\r\nReferrer-Policy: no-referrer\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nX-Dns-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-Xss-Protection: 0\r\nAccess-Control-Allow-Origin: *\r\nVia: 1.1 2510b8fd8f66d8d997f4df0d6c348a18.cloudfront.net (CloudFront)\r\nAlt-Svc: h3=\":443\"; ma=86400\r\nSet-Cookie: AWSALB=PEeMt6xTacgobk3470t6sEvRL1SfG9pviYPD8uy4NKbLDSmecgcdGWUzQXjA9PV7kQ69U4Q2S5gpex+HJdDcRuSX5908TWoBiGYEauyJtVnzdaqE2PT8rowNAfDV; Expires=Wed, 29 Apr 2026 10:57:36 GMT; Path=/; Secure\nAWSALBCORS=PEeMt6xTacgobk3470t6sEvRL1SfG9pviYPD8uy4NKbLDSmecgcdGWUzQXjA9PV7kQ69U4Q2S5gpex+HJdDcRuSX5908TWoBiGYEauyJtVnzdaqE2PT8rowNAfDV; Expires=Wed, 29 Apr 2026 10:57:36 GMT; Path=/; SameSite=None; Secure\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]}],"data":{"size":12304,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (12301), with no line terminators","md5":"108c9fb42b46d7b149b2624a6cd4db7a","sha1":"45effa5576996d2bb0635f6b41d486818bd254bf","sha256":"2ce9f185b2522a90c2c9bd3300253b6113fd5948639da05968d35ee09a80b817","sha512":"c7fcf7d3b548d11d2b1fa5dce7fce5546d265f2921596152cd2163d7c17651aa8ca9a837759c9f09b0821cbb72cd93972fa6565c0fca2a232563a21c6f25661e","ssdeep":"192:8hWjK3pt1X3IOIiNAaGrQeK/IriPovO9V/x0//+/Hv6rM:q3pt1X3IOIgGseF6We/","tlshash":"e0425432da91810b7112c568fbd07e993f198341d7070a64f2fc7276ebcaca45da23ad","first_seen":"2026-04-22T10:58:01.223005Z","last_seen":"2026-04-22T10:58:01.223005Z","times_seen":1,"resource_available":true,"data":null}},"time_used":809,"timings":{"blocked":247,"dns":7,"connect":94,"send":0,"wait":309,"receive":0,"ssl":150},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gohelpdesk.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"gohelpdesk.co.uk","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"innermail.co.uk/css-fonts/ExpertSansRegular.css","fqdn":"innermail.co.uk","domain":"innermail.co.uk","tld":"co.uk"},"ip":{"addr":"98.91.9.77","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","date":"2026-04-22T10:57:36.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1nfoclient.fr","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 17 Apr 2026 09:00:29 GMT","end":"Thu, 16 Jul 2026 09:00:28 GMT"},"fingerprint":{"sha1":"3B:4F:27:2C:1B:D4:C3:46:A7:C7:64:95:64:54:04:70:AA:69:2B:53","sha256":"92:E5:82:94:64:F5:6D:4E:CC:8C:2F:AA:6F:2B:41:EA:CD:95:26:E7:D8:44:7C:4F:04:5D:98:F9:85:A1:97:D3"}}},"request":{"raw":"GET /css-fonts/ExpertSansRegular.css HTTP/1.1\r\nHost: innermail.co.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.3\r\nDate: Wed, 22 Apr 2026 10:57:37 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 189\r\nConnection: keep-alive\r\nETag: W/\"bd-q+ifm/t1a737L1NUIOELtWJetOI\"\r\nSet-Cookie: AWSALB=nMGfYVGHEUYCfRGcT03q6pd3uf+1HmyxSZPYK2h4ZU4BFDNmXgvtta1/x7lZz8uw0CluJCuOYN4cHncBJ5Uuntxu8ng6KPekmtr2Emu9NGbOL4zjCFiyqJCc4c6j; Expires=Wed, 29 Apr 2026 10:57:37 GMT; Path=/\nAWSALBCORS=nMGfYVGHEUYCfRGcT03q6pd3uf+1HmyxSZPYK2h4ZU4BFDNmXgvtta1/x7lZz8uw0CluJCuOYN4cHncBJ5Uuntxu8ng6KPekmtr2Emu9NGbOL4zjCFiyqJCc4c6j; Expires=Wed, 29 Apr 2026 10:57:37 GMT; Path=/; SameSite=None\r\nContent-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https://*.amazonaws.com https://*.usecure.io https://*.user-training.com;font-src 'self' data: https:;connect-src 'self';frame-src 'self';frame-ancestors 'self' https://*.usecure.io https://*.user-training.com;media-src 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: same-origin\r\nOrigin-Agent-Cluster: ?1\r\nReferrer-Policy: no-referrer\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nX-DNS-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 0\r\nAccess-Control-Allow-Origin: *\r\nVia: 1.1 cde53a9386dedbc7ff8ff090f5adfe28.cloudfront.net (CloudFront)\r\nAlt-Svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T14:09:24.839882Z","times_seen":14063300,"resource_available":true,"data":null}},"time_used":688,"timings":{"blocked":218,"dns":21,"connect":97,"send":0,"wait":243,"receive":0,"ssl":104},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"innermail.co.uk","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"assets.eu.usecure.io/wysiwyg1756691268191-Screenshot+%2837%29.png","fqdn":"assets.eu.usecure.io","domain":"usecure.io","tld":"io"},"ip":{"addr":"108.157.214.33","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gohelpdesk.co.uk/?r=8e20ff2e-1e13-49bb-a041-0d8d1efe5f05\u0026rg=eu","date":"2026-04-22T10:57:36.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.eu.usecure.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Wed, 03 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"57:E3:43:F5:9F:35:E7:29:C2:F9:2F:F6:77:B1:F6:B6:25:E1:00:31","sha256":"43:B8:6F:62:2B:C8:49:BC:32:CB:1C:FD:83:9D:1A:3C:CF:33:F9:76:4E:69:87:51:F3:90:0F:97:A2:25:53:01"}}},"request":{"raw":"GET /wysiwyg1756691268191-Screenshot+%2837%29.png HTTP/1.1\r\nHost: assets.eu.usecure.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 10791\r\nlast-modified: Tue, 27 Jan 2026 12:42:36 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 22 Apr 2026 06:35:46 GMT\r\netag: \"2d1f4ad72a5acf321455595efeafffd4\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b34d5d8e5954d0b7b46d5f0eb534c166.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: ZFSkEpyFXmhKtm7IjZosiRJm6sGOkzviCg0kKandQm8rXq29qijzpA==\r\nage: 15712\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncache-control: max-age=604800\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10791,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 363 x 90, 8-bit/color RGBA, non-interlaced","md5":"2d1f4ad72a5acf321455595efeafffd4","sha1":"be0dca5db1add4d9588650b19e818cd17a96e12d","sha256":"d9fa4088c85a7698706f173eed19f4dbad8669a8a762c80f8490bd96b7268da4","sha512":"407c2291399bc593b340a611b7cc42ed46cc69431988337e6c7e913abb83afda8b103ccd78e34dc07e99adb843ea29f59358211877342df562b47dc07254a7ed","ssdeep":"192:vkX7miTyRZAil0W6eZV7+vDunyGM+nYSHfGc47WFAn2ffS9x8/Ps6l3o:vkXqibiSW6eZobutqxRvn23S9x8s6Jo","tlshash":"8622aebbce8c9ec3a11b1080622361076a7ad3f0e5b252e789ee7e9c5c4dd4141a1f4c","first_seen":"2025-12-16T10:00:58.371813Z","last_seen":"2026-04-22T10:58:01.223903Z","times_seen":95,"resource_available":false,"data":null}},"time_used":842,"timings":{"blocked":411,"dns":14,"connect":8,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}