Fireglass Web Isolation logs being forwarded through Email Security.cloud Data Feed API despite the service is disabled in the portal.

Email Security.cloud

Any URLs that were already re-written by Click-time will still go through the Click-time receiver and will show up in Email Security.cloud Data Feed API logs.

Because the service is now disabled, all those clicks will not have any policy applied and the end-user will be redirected to the origin site. This is expected behaviour, since the wrapped URLs are already in users' inboxes.