{"report_id":"6269132f-8fd8-47dc-bc35-35dadc9f3b6a","version":6,"status":"done","tags":[],"date":"2025-12-20T10:51:19Z","url":{"schema":"http","addr":"webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":0,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"final":{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"title":"Webmail Login","dom":{"size":37647,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11323)","md5":"80460eaf9ad45bc9a6b25c7793c96a02","sha1":"cac0a7f93f67df9d4e243aea697d8638805534eb","sha256":"17cb67ad57138840b3252d1c1973329e41d36a026c81f5afa30edd68b51a909b","sha512":"89a1f7972459ae7cca7280145676b5abedab461fd833e624bfa2dac5558a62b5fd64aa682eafb8ccea5393cded0cef63185b7e4c6b59c29c71007788dda9616d","ssdeep":"768:0eTZmXg82NEvhvzniqoofJ7kkIrTr5e6XJ:HTZmXZ2NEv1LRkkIrTr5e6XJ","tlshash":"38f22b2720a9006306da45d93c7f631939bae323890f8d48b47d87d49f92fcfe9a3559","dom_hash":"domhasha8e33c492a4fb2a815b03ecd2732dba1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":0,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-24T10:51:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"webmail.pantimedicalcenter.com","ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"domain_registered":"2025-12-03","domain_rank":0,"first_seen":"2025-12-13T15:27:58.417209Z","last_seen":"2025-12-13T15:27:58.417209Z","alert_count":21,"request_count":21,"received_data":424400,"sent_data":14352,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"f88baf75b8e07dd7ec741e96546bc4f7","sha1":"a74b22312f7ce6ea751190a32f188b305f2e71e3","sha256":"1e5f5c8697f7a5934a4e88d298805feb7272c5ae7b1a357b44ec0b5289b60a50","sha512":"00ef1cf29c2312349ee64ac5fba3b3d6dd8feb0de03b9eb2ecd255f7b42da14583678d4608abcf2a53013d4e8a5b0a82307f5b4702d7ff3477c727e2d3f74308","ssdeep":"","tlshash":"69a0124f30d22860044e387506079284703a4543040004045e084910fa7090344135c4","size":84,"data":"","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-04-04T00:38:08.307512Z","times_seen":5720,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"7e78dbef664fb9d071a3a4bb1261d460","sha1":"b26cede8826402c5f767d64f3bdbb5b0bed83f1f","sha256":"5fdf6d31f66f69e81cc423eadf107f083002284915bc2d886830cc93e7d45538","sha512":"a1e64c19ab15f24e63ea6904b52969687adb162838d559defe3f8217feb38713ef1faa92d36a435b81154893d44a8a07ffddc267ded90fa6df31bdd78f7e9e34","ssdeep":"384:Nzn3ZyFhqoD/ZHyXPJ7kkXYrHefyB+5yH+ycR3PydLbFobHa:NzniqoofJ7kkIrTr5e6r","tlshash":"89922abb212504754fda46662c7fa349347be2646c89dc4c6835c7449f10f8fe2b3ea6","size":20221,"data":"","first_seen":"2025-09-30T03:14:30.924823Z","last_seen":"2026-03-24T08:22:43.448444Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1739250472/unprotected/cpanel/images/icon-username.png","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1739250472/unprotected/cpanel/images/icon-username.png HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/cPanel_magic_revision_1758823910/unprotected/cpanel/style_v2_optimized.css\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 320\r\nlast-modified: Tue, 11 Feb 2025 05:07:52 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":320,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"07ff84f8c855e5fe9d510ff5c9a4b1e4","sha1":"11c262053e2b9be57d1dba7cb3d916ef041a0e50","sha256":"05ce0f813e6236158fa1d115faba62cd2041aab1878cac0960a0f45575cece1e","sha512":"4cee86a25e66e5a4ff1e8135e12d47ce697b86598a5e47d63777dc14536472944b64ca859fedee2c53b2830374cb4932efaf51d6e493e61cb8c9535680320580","ssdeep":"","tlshash":"89e07dd273a48da5e689087917961000783c075da3012bd91c09d1e61999edc22e25ab","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-04-03T23:47:56.229464Z","times_seen":9702,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1739250472/unprotected/cpanel/images/warning.png","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1739250472/unprotected/cpanel/images/warning.png HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/cPanel_magic_revision_1758823910/unprotected/cpanel/style_v2_optimized.css\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled; timezone=Etc/UTC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 1060\r\nlast-modified: Tue, 11 Feb 2025 05:07:52 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1060,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced","md5":"a64b8c7407bf94cc4448cb210bb882e7","sha1":"a526cf52b2c5b6c2d0409b886de4aa968000fcd8","sha256":"7ecb82019606d891c5197d2f8ba24ec323d9b10a089facc82d089ff1ec3d399b","sha512":"aeea5e9418c62ba9bb896db6ad89b2e8c13f174b10d3960c4d67878ba8c0fb3ce8524515716c120548876131d1f8192c36cb52e48cfd801f8f037a3abe65d179","ssdeep":"","tlshash":"261182ddb608c8baa94369b592fbf02168b9801e9847022c8948d8132f59a68e57235b","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-04-03T23:47:56.226983Z","times_seen":8373,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1739250472/unprotected/cpanel/images/notice-info.png","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1739250472/unprotected/cpanel/images/notice-info.png HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/cPanel_magic_revision_1758823910/unprotected/cpanel/style_v2_optimized.css\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled; timezone=Etc/UTC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 976\r\nlast-modified: Tue, 11 Feb 2025 05:07:52 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":976,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced","md5":"14146cf832470d9beca95a708a1d6f8d","sha1":"d4b506f92876baea69409f3a78c4718757a53b33","sha256":"95f8a142dd96c310afeb75329ef504f162ab3102a81fc07f20b268361990f526","sha512":"69f28ff8e02b199cc9d42ba75ec305dbfdf95c0477cbec88a4c09da21d126e1f8063d45415ee9701013ff0546be2203745620ee794f3ce5dc21be4c0a744da67","ssdeep":"","tlshash":"1d1198c2ab6dd0784a51e6350ce1b4f77bbb298e35690bbe380cf14935454051990af1","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-04-03T23:47:56.230993Z","times_seen":8415,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1739250472/unprotected/cpanel/images/notice-success.png","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1739250472/unprotected/cpanel/images/notice-success.png HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/cPanel_magic_revision_1758823910/unprotected/cpanel/style_v2_optimized.css\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled; timezone=Etc/UTC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 962\r\nlast-modified: Tue, 11 Feb 2025 05:07:52 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":962,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced","md5":"0a0ec2a6468d4d1aa3fc2baa70271ac8","sha1":"a31fb01790aca8dc1976450e4234cb6ccc328956","sha256":"cafbe3036533fe094931f5745f8cb9962a34409522e93d63ac8427acb9a02c79","sha512":"a07edcf33db65397902ddfa9fd32b1d12e8eb7fa5a05ef38a0c65c372cd51cb9a03fb2364a6f712fca70ab09a923c2a56eeeffb7bcff63bf772938821402dbd0","ssdeep":"","tlshash":"3a1154b9a0d6bd29dd0a48b2e8930041e555e9691160194ca845e1a3b3760aff76b542","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-04-03T23:47:56.224208Z","times_seen":8397,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T10:50:58.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 308 Permanent Redirect\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:58 GMT\r\ncontent-type: text/html; charset=\"utf-8\"\r\ncontent-length: 149\r\nlocation: /cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html\r\ncache-control: no-cache, no-store, must-revalidate, private\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"Permanent Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37625,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11323)","md5":"aa6691b8892956c549c3c5f53fa8642e","sha1":"c83842365ccdc6c51880723d95c005951e83a4ef","sha256":"f6499ad0803e59966a2d1a6697fe25b1238b7ba8e258f6e66ba5cd5e796e99b9","sha512":"86a3326e641860eb487dc967153d0f07e07da3fafce9c25f96d65107f2609d8882f214b7b87671e72ac810312a942f29d783941ba11dbbb424384af79ccd7e7b","ssdeep":"768:0nTZmXg8XNEvhvzniqoofJ7kkIrTr5e6Xq:eTZmXZXNEv1LRkkIrTr5e6Xq","tlshash":"68f22b2720a9006306c645d93c7f631939bae323990f8d48b47d87d49fa2fcfe9a3555","first_seen":"2025-12-20T10:51:22.779273Z","last_seen":"2025-12-20T10:51:22.779273Z","times_seen":1,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T10:50:58.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:58 GMT\r\ncontent-type: text/html; charset=\"utf-8\"\r\nvary: Accept-Encoding\r\ncache-control: no-cache, no-store, must-revalidate, private\r\npragma: no-cache\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nset-cookie: webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure\nwebmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; HttpOnly; path=/; port=443; secure\nroundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure\nroundcube_sessauth=expired; HttpOnly; domain=webmail.pantimedicalcenter.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure\nPPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure\nroundcube_cookies=enabled; HttpOnly; expires=Sun, 20-Dec-2026 10:50:58 GMT; path=/; port=443; secure\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37625,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11323)","md5":"aa6691b8892956c549c3c5f53fa8642e","sha1":"c83842365ccdc6c51880723d95c005951e83a4ef","sha256":"f6499ad0803e59966a2d1a6697fe25b1238b7ba8e258f6e66ba5cd5e796e99b9","sha512":"86a3326e641860eb487dc967153d0f07e07da3fafce9c25f96d65107f2609d8882f214b7b87671e72ac810312a942f29d783941ba11dbbb424384af79ccd7e7b","ssdeep":"768:0nTZmXg8XNEvhvzniqoofJ7kkIrTr5e6Xq:eTZmXZXNEv1LRkkIrTr5e6Xq","tlshash":"68f22b2720a9006306c645d93c7f631939bae323990f8d48b47d87d49fa2fcfe9a3555","first_seen":"2025-12-20T10:51:22.779273Z","last_seen":"2025-12-20T10:51:22.779273Z","times_seen":1,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/unprotected/cpanel/fonts/open_sans/open_sans.min.css","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /unprotected/cpanel/fonts/open_sans/open_sans.min.css HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 28 May 2025 16:26:09 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6358,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6358), with no line terminators","md5":"681f206ec7530e625c4c2eeb994fa75a","sha1":"99d8c3fa934370dcf591f96721b055977baa75c5","sha256":"519ad7b14bb62f000de602b6f85ac8d1ae791047121ce5321c24bb2c4acfd875","sha512":"5904836fc3ac85ea0251aa73cd3a3fc9efd48581ac25d2eb285eb4d0feaefdfa9bb9e697ed62567839bce0c9d595b8da75046d096476bd6d3ac134580db73e1f","ssdeep":"96:pyAAUWA9nUAoW08ABx0yAc2mAArYSAJreAI9mAk9vGAQqa:pFxx1LT0Dj0F7BAUlFJwBkNhQV","tlshash":"99d1a493cae899da85c79ec238da1471ed3d641a901181d3e368d2c8e9f334df169f1b","first_seen":"2025-10-31T07:24:54.307016Z","last_seen":"2026-04-03T16:27:24.79018Z","times_seen":654,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1739250472/unprotected/cpanel/images/icon-password.png","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1739250472/unprotected/cpanel/images/icon-password.png HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/cPanel_magic_revision_1758823910/unprotected/cpanel/style_v2_optimized.css\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 308 Permanent Redirect\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: text/html; charset=\"utf-8\"\r\ncontent-length: 128\r\nlocation: /unprotected/cpanel/images/icon-password.png\r\ncache-control: no-cache, no-store, must-revalidate, private\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"Permanent Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":450,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"7ac1cefcb7eab93c6d6981ecde6c1635","sha1":"1523f8cb80ab19108549d0b7db31a58b71c05d39","sha256":"a02998df88a6efb0baa526796b2b682ce9fdd6471ceb19170b326320f22f7053","sha512":"0005559a3edf6aa149f47c0d2c7c6c385257ac5168fd57951497cfa244b155eeff3955538db93fc40f6622b9b216f030b27ad73df53dbe8bcc9874148a383d3a","ssdeep":"","tlshash":"65f023d3fa981c3cdae91473933b1018b426284a4203273e055dc42612e8dd801251a5","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-04-03T23:47:56.229947Z","times_seen":9687,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1748449569/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1748449569/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/unprotected/cpanel/fonts/open_sans/open_sans.min.css\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 308 Permanent Redirect\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: text/html; charset=\"utf-8\"\r\ncontent-length: 150\r\nlocation: /unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff\r\ncache-control: no-cache, no-store, must-revalidate, private\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"Permanent Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22908,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 22908, version 1.0","md5":"697574b47bcfdd2c45e3e63c7380dd67","sha1":"4590722b795938e0b6ff1b99701d1abe37aeabef","sha256":"26b216fadb2ffcd542ca56c2d84f9918f62e40de89bf88b4211fffacd2a4ad83","sha512":"35badb8706e160840f38e8a0ed151f92f84d0e966f5f5dad5f42036b3c52b0f93c3fbdd4d3416bdec39a73bb27ce6f21e19700e4337ca37a18aadd771fd905cb","ssdeep":"384:IgXJsQmd1G0Ffzuohk3yJff9f2oVe4rOmtXTuXjv1BaLnYkimJl4:IEeGGfzu0yyJX9OoVe4rOp12nRi8l4","tlshash":"3ba2e098580d3d46e2d265ba23c64af09a60dd78f448f2df2ee5a4c071e9fd30af15a0","first_seen":"2023-04-06T15:25:07Z","last_seen":"2026-04-03T23:47:56.224853Z","times_seen":10020,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1748449569/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1748449569/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/unprotected/cpanel/fonts/open_sans/open_sans.min.css\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: application/font-woff\r\ncontent-length: 22432\r\nlast-modified: Wed, 28 May 2025 16:26:09 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22432,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 22432, version 1.0","md5":"2e90d5152ce92858b62ba053c7b9d2cb","sha1":"8cf65f42a2a8c349ccd6ab63b6cbd17c96fd665c","sha256":"a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7","sha512":"5f452b4ab3e3ff3a8225d092fbf7e147595b398742dec5abce787e54cef471c0bc29044e0e00142cc09af7ea1e2f6fbf6da5d5a8b476c86b71594ad68d30858a","ssdeep":"384:UiXG5Jd1G0Fr+9DY1NpS1pYQDO6kd5Tnd2rL6vhMB4liNPwFxDwlH:yJGGRNU/vDtU5TnG65T2ohwlH","tlshash":"68a2e068eb42fa27edb889773bb051fac154d928b570fbe3877a30d8108474fc460865","first_seen":"2023-04-06T15:25:07Z","last_seen":"2026-04-03T23:47:56.226375Z","times_seen":9280,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/unprotected/cpanel/images/notice-error.png","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /unprotected/cpanel/images/notice-error.png HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://webmail.pantimedicalcenter.com/cPanel_magic_revision_1758823910/unprotected/cpanel/style_v2_optimized.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled; timezone=Etc/UTC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 1026\r\nlast-modified: Tue, 11 Feb 2025 05:07:52 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1026,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced","md5":"a3265cc598ae28633c060889e790f80c","sha1":"57530d6996c8f36711ef05681474b8f63d4184b3","sha256":"bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd","sha512":"41c2a7085b287d3f3cf6afaaf7bba0c2c42eed1a28f4fbebf2a3e5628e41aaea2c929697de97b939df18221dcd83a477ce3c8b1cdbf499ab64a5fbcbd3689b3e","ssdeep":"","tlshash":"bb11a5c7f3d3e8e8c9846c77c062210cecba32826264869d8a091c82de86c487306d13","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-04-03T23:47:56.223513Z","times_seen":9595,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1748449569/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1748449569/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/unprotected/cpanel/fonts/open_sans/open_sans.min.css\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: application/font-woff\r\ncontent-length: 22660\r\nlast-modified: Wed, 28 May 2025 16:26:09 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22660,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 22660, version 1.0","md5":"79515ad0788973c533405f7012dfeccd","sha1":"5092881fad2caffdc6bf71bdab1ea547b73d3564","sha256":"22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40","sha512":"a0f8bc1917ff69550fb6e27671345acbbfdefb22423274c8876e0ba291feaca65240260e64b236ca76f10448b7a938fe27aeb388eba3a8462acd43d54b352346","ssdeep":"384:4ZnXPbd1G0FEDf+rm7QFcBUZvOZmFZDAbZjIBS1Z3BqH48AmgxQS1ZhY3uyJ+:4pGGPryhMv6mFOiBU40Xp1X4J+","tlshash":"e8a2d0dede0ae80aee99323263d77a4ecb0b1d3ae4319117f52c610933d35972ed0158","first_seen":"2023-04-06T15:25:07Z","last_seen":"2026-04-03T23:47:56.230481Z","times_seen":10633,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":55,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T10:50:56.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 308 Permanent Redirect\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:58 GMT\r\ncontent-type: text/html; charset=\"utf-8\"\r\ncontent-length: 149\r\nlocation: /cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html\r\ncache-control: no-cache, no-store, must-revalidate, private\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"Permanent Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37625,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11323)","md5":"aa6691b8892956c549c3c5f53fa8642e","sha1":"c83842365ccdc6c51880723d95c005951e83a4ef","sha256":"f6499ad0803e59966a2d1a6697fe25b1238b7ba8e258f6e66ba5cd5e796e99b9","sha512":"86a3326e641860eb487dc967153d0f07e07da3fafce9c25f96d65107f2609d8882f214b7b87671e72ac810312a942f29d783941ba11dbbb424384af79ccd7e7b","ssdeep":"768:0nTZmXg8XNEvhvzniqoofJ7kkIrTr5e6Xq:eTZmXZXNEv1LRkkIrTr5e6Xq","tlshash":"68f22b2720a9006306c645d93c7f631939bae323990f8d48b47d87d49fa2fcfe9a3555","first_seen":"2025-12-20T10:51:22.779273Z","last_seen":"2025-12-20T10:51:22.779273Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2820,"timings":{"blocked":1378,"dns":1270,"connect":48,"send":0,"wait":62,"receive":1,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T10:50:58.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 308 Permanent Redirect\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:58 GMT\r\ncontent-type: text/html; charset=\"utf-8\"\r\ncontent-length: 149\r\nlocation: /cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html\r\ncache-control: no-cache, no-store, must-revalidate, private\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"Permanent Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37625,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11323)","md5":"aa6691b8892956c549c3c5f53fa8642e","sha1":"c83842365ccdc6c51880723d95c005951e83a4ef","sha256":"f6499ad0803e59966a2d1a6697fe25b1238b7ba8e258f6e66ba5cd5e796e99b9","sha512":"86a3326e641860eb487dc967153d0f07e07da3fafce9c25f96d65107f2609d8882f214b7b87671e72ac810312a942f29d783941ba11dbbb424384af79ccd7e7b","ssdeep":"768:0nTZmXg8XNEvhvzniqoofJ7kkIrTr5e6Xq:eTZmXZXNEv1LRkkIrTr5e6Xq","tlshash":"68f22b2720a9006306c645d93c7f631939bae323990f8d48b47d87d49fa2fcfe9a3555","first_seen":"2025-12-20T10:51:22.779273Z","last_seen":"2025-12-20T10:51:22.779273Z","times_seen":1,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":62,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/unprotected/cpanel/fonts/open_sans/open_sans.min.css","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /unprotected/cpanel/fonts/open_sans/open_sans.min.css HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 308 Permanent Redirect\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: text/html; charset=\"utf-8\"\r\ncontent-length: 137\r\nlocation: /unprotected/cpanel/fonts/open_sans/open_sans.min.css\r\ncache-control: no-cache, no-store, must-revalidate, private\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"Permanent Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6358,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6358), with no line terminators","md5":"681f206ec7530e625c4c2eeb994fa75a","sha1":"99d8c3fa934370dcf591f96721b055977baa75c5","sha256":"519ad7b14bb62f000de602b6f85ac8d1ae791047121ce5321c24bb2c4acfd875","sha512":"5904836fc3ac85ea0251aa73cd3a3fc9efd48581ac25d2eb285eb4d0feaefdfa9bb9e697ed62567839bce0c9d595b8da75046d096476bd6d3ac134580db73e1f","ssdeep":"96:pyAAUWA9nUAoW08ABx0yAc2mAArYSAJreAI9mAk9vGAQqa:pFxx1LT0Dj0F7BAUlFJwBkNhQV","tlshash":"99d1a493cae899da85c79ec238da1471ed3d641a901181d3e368d2c8e9f334df169f1b","first_seen":"2025-10-31T07:24:54.307016Z","last_seen":"2026-04-03T16:27:24.79018Z","times_seen":654,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1739250472/unprotected/cpanel/images/notice-error.png","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.237Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1739250472/unprotected/cpanel/images/notice-error.png HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/cPanel_magic_revision_1758823910/unprotected/cpanel/style_v2_optimized.css\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 308 Permanent Redirect\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: text/html; charset=\"utf-8\"\r\ncontent-length: 127\r\nlocation: /unprotected/cpanel/images/notice-error.png\r\ncache-control: no-cache, no-store, must-revalidate, private\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"Permanent Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1026,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced","md5":"a3265cc598ae28633c060889e790f80c","sha1":"57530d6996c8f36711ef05681474b8f63d4184b3","sha256":"bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd","sha512":"41c2a7085b287d3f3cf6afaaf7bba0c2c42eed1a28f4fbebf2a3e5628e41aaea2c929697de97b939df18221dcd83a477ce3c8b1cdbf499ab64a5fbcbd3689b3e","ssdeep":"","tlshash":"bb11a5c7f3d3e8e8c9846c77c062210cecba32826264869d8a091c82de86c487306d13","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-04-03T23:47:56.223513Z","times_seen":9595,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/unprotected/cpanel/images/icon-password.png","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /unprotected/cpanel/images/icon-password.png HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://webmail.pantimedicalcenter.com/cPanel_magic_revision_1758823910/unprotected/cpanel/style_v2_optimized.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled; timezone=Etc/UTC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 450\r\nlast-modified: Tue, 11 Feb 2025 05:07:52 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":450,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"7ac1cefcb7eab93c6d6981ecde6c1635","sha1":"1523f8cb80ab19108549d0b7db31a58b71c05d39","sha256":"a02998df88a6efb0baa526796b2b682ce9fdd6471ceb19170b326320f22f7053","sha512":"0005559a3edf6aa149f47c0d2c7c6c385257ac5168fd57951497cfa244b155eeff3955538db93fc40f6622b9b216f030b27ad73df53dbe8bcc9874148a383d3a","ssdeep":"","tlshash":"65f023d3fa981c3cdae91473933b1018b426284a4203273e055dc42612e8dd801251a5","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-04-03T23:47:56.229947Z","times_seen":9687,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1460573724/unprotected/cpanel/images/webmail-logo.svg","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1460573724/unprotected/cpanel/images/webmail-logo.svg HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 13 Apr 2016 18:55:24 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5360,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bc0c956653325b9e694d4dd1dfb78020","sha1":"e1196e4db68ed573355ade966152a084581b40ec","sha256":"998cd48cdc0414f694d0a3a299dd2beb1134769d5666c7e5567e7d20b4174ef8","sha512":"7c283e8723f01f57c7258ea05aa5d7a72a886246ede76136f2d4dc489061d8400aa4b5f8e61f23f2388dd95fea7307faa2670af09b309fab6678de16e547ae4e","ssdeep":"96:adP/9O0DSiREkC9u8S0CKMEJPSeIWF/1BPHyg6tzzP2943Y8s/kTcUazSTTD9:gO02AlAu8/CKFdSe//zx6ZzP2Wot8TcM","tlshash":"d0b167f5d3b053f47ec34f6cd625a6d0f19bbdfd4aa0838091b48358a8c4ac9e948878","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-04-03T23:44:18.457773Z","times_seen":8489,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://webmail.pantimedicalcenter.com/unprotected/cpanel/fonts/open_sans/open_sans.min.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled; timezone=Etc/UTC\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: application/font-woff\r\ncontent-length: 22908\r\nlast-modified: Wed, 28 May 2025 16:26:09 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22908,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 22908, version 1.0","md5":"697574b47bcfdd2c45e3e63c7380dd67","sha1":"4590722b795938e0b6ff1b99701d1abe37aeabef","sha256":"26b216fadb2ffcd542ca56c2d84f9918f62e40de89bf88b4211fffacd2a4ad83","sha512":"35badb8706e160840f38e8a0ed151f92f84d0e966f5f5dad5f42036b3c52b0f93c3fbdd4d3416bdec39a73bb27ce6f21e19700e4337ca37a18aadd771fd905cb","ssdeep":"384:IgXJsQmd1G0Ffzuohk3yJff9f2oVe4rOmtXTuXjv1BaLnYkimJl4:IEeGGfzu0yyJX9OoVe4rOp12nRi8l4","tlshash":"3ba2e098580d3d46e2d265ba23c64af09a60dd78f448f2df2ee5a4c071e9fd30af15a0","first_seen":"2023-04-06T15:25:07Z","last_seen":"2026-04-03T23:47:56.224853Z","times_seen":10020,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1748449569/unprotected/cpanel/fonts/open_sans/open_sans.min.css","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1748449569/unprotected/cpanel/fonts/open_sans/open_sans.min.css HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 308 Permanent Redirect\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: text/html; charset=\"utf-8\"\r\ncontent-length: 137\r\nlocation: /unprotected/cpanel/fonts/open_sans/open_sans.min.css\r\ncache-control: no-cache, no-store, must-revalidate, private\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"Permanent Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6358,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6358), with no line terminators","md5":"681f206ec7530e625c4c2eeb994fa75a","sha1":"99d8c3fa934370dcf591f96721b055977baa75c5","sha256":"519ad7b14bb62f000de602b6f85ac8d1ae791047121ce5321c24bb2c4acfd875","sha512":"5904836fc3ac85ea0251aa73cd3a3fc9efd48581ac25d2eb285eb4d0feaefdfa9bb9e697ed62567839bce0c9d595b8da75046d096476bd6d3ac134580db73e1f","ssdeep":"96:pyAAUWA9nUAoW08ABx0yAc2mAArYSAJreAI9mAk9vGAQqa:pFxx1LT0Dj0F7BAUlFJwBkNhQV","tlshash":"99d1a493cae899da85c79ec238da1471ed3d641a901181d3e368d2c8e9f334df169f1b","first_seen":"2025-10-31T07:24:54.307016Z","last_seen":"2026-04-03T16:27:24.79018Z","times_seen":654,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"webmail.pantimedicalcenter.com/cPanel_magic_revision_1758823910/unprotected/cpanel/style_v2_optimized.css","fqdn":"webmail.pantimedicalcenter.com","domain":"pantimedicalcenter.com","tld":"com"},"ip":{"addr":"45.11.58.254","port":443,"asn":30860,"as":"Virtual Systems LLC","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html","date":"2025-12-20T10:50:59.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pantimedicalcenter.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 04:44:35 GMT","end":"Wed, 04 Mar 2026 04:44:34 GMT"},"fingerprint":{"sha1":"00:0A:C6:75:DF:E5:31:89:65:95:85:19:16:36:1C:97:3E:DF:FF:D0","sha256":"22:53:28:3C:90:0D:C8:3D:ED:0D:15:DF:26:3A:EF:49:E0:8A:90:98:73:76:86:54:D6:1B:BF:44:2C:8E:E9:BB"}}},"request":{"raw":"GET /cPanel_magic_revision_1758823910/unprotected/cpanel/style_v2_optimized.css HTTP/1.1\r\nHost: webmail.pantimedicalcenter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.pantimedicalcenter.com/cpsess6788696250/3rdparty/roundcube/skins/elastic/watermark.html\r\nCookie: webmailsession=%3abYg1Plnu26nIFqNq%2cd5e3d82120b297acd3fc69c4793f1d51; roundcube_cookies=enabled\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 10:50:59 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 25 Sep 2025 18:11:50 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Wed, 18 Feb 2026 10:50:59 GMT\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":144951,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (35968)","md5":"9f6f79eeb96469774b410ae2143bed74","sha1":"5327779a30c0e2627c6362b73ea8b77c46d32dd1","sha256":"b23eda7952d46012f85a56557a9d1d9b2600d515d5353c432ccf583bcfd5df21","sha512":"cd9f669a403028c8167833e853af86845ebacc3af8101fef764dad3814da8ce6969f49178476a8aa7b673e6085b63f2f9e3b0e973df641048c74fb3fda7f0105","ssdeep":"1536:TWmrmUmF0PxXE4YXJgndFTfy9lQ53xFixF+xFYWxFIuojS6HZB:TR/Px04YXGdFTyHQHYsNmZB","tlshash":"f1e31cb0d50c10d9b376c21fff81b2bca2b9f73ee5664d99f41e991c8ac16980191f68","first_seen":"2025-11-28T14:33:33.932695Z","last_seen":"2026-04-03T10:39:27.531465Z","times_seen":201,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"webmail.pantimedicalcenter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}