{"report_id":"9f71a3e0-0510-48e3-904a-aa3fad6c0c46","version":0,"status":"done","tags":[],"date":"2026-06-22T10:22:04Z","url":{"schema":"http","addr":"remote.dentistwestallis.com","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":0,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"remote.dentistwestallis.com/","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"title":"365英国上市(集团)有限公司-Official website","dom":{"size":580,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"1e8e18dd79e0e98f33bb553e860a4231","sha1":"d1bb835ab09ec0aaaeb009f4139d766ddf67ba44","sha256":"14ab2cb19d22df8ede40ace7e6640be7560f12547fd9b9a45a9b7a5e473a336d","sha512":"b503fe3595f918626d04cfa2015ba52bb2a8170a5a924edad85389a20187e63e0d8a0cef3091b2e1a42b51627a279965d6fd36f514e38a58757d16214252676c","ssdeep":"","tlshash":"8bf026d31c50142e97128b6868f1f00cc69cfd74b9558c85d4c534cd4cd1bc8cc53ca8","dom_hash":"domhashfe3e21167e94d2062052822ce29262f3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"remote.dentistwestallis.com","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":0,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-27T10:22:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.gassensor.com.cn","ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"domain_registered":"2003-05-28","domain_rank":0,"first_seen":"2025-11-27T07:59:38.799588Z","last_seen":"2026-06-22T01:23:00.478387Z","alert_count":0,"request_count":50,"received_data":2593623,"sent_data":30256,"comment":"","tags":null,"fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}]},{"fqdn":"fcl.xueyuxingfeng.com","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2021-06-17","domain_rank":0,"first_seen":"2021-06-17T13:30:21Z","last_seen":"2026-06-19T23:21:21.706303Z","alert_count":2,"request_count":1,"received_data":0,"sent_data":486,"comment":"","tags":null,"fingerprints":null},{"fqdn":"remote.dentistwestallis.com","ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"domain_registered":"2025-10-03","domain_rank":0,"first_seen":"2026-06-22T01:39:02.852867Z","last_seen":"2026-06-22T01:39:02.852868Z","alert_count":204,"request_count":68,"received_data":980573,"sent_data":32052,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"FancyBox","description":"FancyBox is a tool for displaying images, html content and multi-media in a Mac-style 'lightbox' that floats overtop of web page.","website":"https://fancyapps.com/fancybox","common_platform_enumeration":"","icon":"FancyBox.svg","categories":["JavaScript libraries"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WOW","description":"Reveal CSS animation as you scroll down a page.","website":"https://www.delac.io/WOW","common_platform_enumeration":"","icon":"","categories":["JavaScript frameworks","Web frameworks","JavaScript graphics"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"remote.dentistwestallis.com/jquery.min.js","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"84dbd62ab21f9a080a3c75007194d6f4","sha1":"c5e7a0dcb98e094964d941fd44af99c097255501","sha256":"2ba1b5b707262ff63d5557ef29c82e3c5fb59728b65d95b56ad14382f367877b","sha512":"e86349b8322b0e3317d56bdfe0ef17de495872e979b11bf4bf9857983299905753be82bfea15028e6dfcb00ce5273725e074061d3fc0714c11310a5755b0536e","ssdeep":"","tlshash":"ed01fbd887c4d85f6ecc5d53ea14deca62b2812b97d971838328fe8c05a9152c85c489","size":738,"data":"","first_seen":"2023-03-07T12:08:36Z","last_seen":"2026-06-23T13:14:15.728607Z","times_seen":292,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/css/css_whir.css","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.700Z","timestamp":1782123701700,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/css/css_whir.css HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:41 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":239178,"size_decoded":44382,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text","md5":"e98e1193fce935e97e8506488aad6098","sha1":"27e328bcad87294abfb7b92cba725e6a91814486","sha256":"6177d17151ae550a1ddb759bd553193bbb09b05dbe5a2df142b739619d6eea3a","sha512":"3fc09a9abc74105ce24b44b0077514f755f7ce1b97d0667fe6a57c6fdce59853de1f94d32ed2f63e19bd582ef0b4724fcc90048008743a194c0159aa6b88abc7","ssdeep":"6144:ZWfLPTCff0uriz6t2KgIxfQjxJUiC9OSBN8zpEtNMdwQzngTX:ZWfLPTCfnkIxfQjx2OSBN8zpEtNMdwQq","tlshash":"0034838797b31a89b81ba4786fb99751321c8043a24ecdb87f9c7258cf4d1a445b3fc9","first_seen":"2026-06-22T01:23:05.610834Z","last_seen":"2026-06-22T21:03:54.815636Z","times_seen":6,"resource_available":false,"data":null}},"time_used":521,"timings":{"blocked":-1,"dns":0,"connect":129,"send":0,"wait":165,"receive":263,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/09/20250901090822525.jpg?5b6u5L+h5Zu+54mHXzIwMjUwOTAxMDkwNjExXzkzOF8yMDUuanBn","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.777Z","timestamp":1782123701777,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/09/20250901090822525.jpg?5b6u5L+h5Zu+54mHXzIwMjUwOTAxMDkwNjExXzkzOF8yMDUuanBn HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/09/20250901090822525.jpg?5b6u5L+h5Zu+54mHXzIwMjUwOTAxMDkwNjExXzkzOF8yMDUuanBn\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/09/20240904163831506.png?5bCPMjAyNDA1MjgxMTQyNTI0NTkucG5n","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.800Z","timestamp":1782123702800,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/09/20240904163831506.png?5bCPMjAyNDA1MjgxMTQyNTI0NTkucG5n HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Wed, 04 Sep 2024 08:38:31 GMT\r\naccept-ranges: bytes\r\netag: \"612479d2a5feda1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 33525\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":33525,"size_decoded":33818,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"3ce56b3483c41ce9f9407f950360d474","sha1":"7cb5d742445c9cafb3ee4858677622b1ce5952bd","sha256":"e7f47688702f37045e2859d39bb100f6154e097f904a07193730ca70ee2ab859","sha512":"f9fcd26d39833fd8307caca2e6ac162eb60f0805e65bf6d97e34f7f1d34608a632160c1f6ac44e8e9d25d924e6feaa60034e7348121a7251796e7eb08cbf6aad","ssdeep":"768:JZwh+IX1mgETUr/Hq1/vWAhwk5hnayi5vwmliHAV:JZmHlm4Hq1HTh5hn7Tho","tlshash":"4ee2e19d95bc8ffd2906a3c9f4f631955a379980871370d8cea806928d3467cdc8d9c6","first_seen":"2025-08-23T05:07:23.488878Z","last_seen":"2026-06-22T21:03:54.843083Z","times_seen":7,"resource_available":false,"data":null}},"time_used":3785,"timings":{"blocked":2849,"dns":0,"connect":0,"send":0,"wait":917,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/10/20241031155306912.jpg?5b6u5L+h5Zu+54mHXzIwMjQxMDMxMTU1MjAwLmpwZw==","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.781Z","timestamp":1782123701781,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/10/20241031155306912.jpg?5b6u5L+h5Zu+54mHXzIwMjQxMDMxMTU1MjAwLmpwZw== HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/10/20241031155306912.jpg?5b6u5L+h5Zu+54mHXzIwMjQxMDMxMTU1MjAwLmpwZw==\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/08/20240820151043224.jpg?5Zub5pa55YWJ55S16aaW6aG16KeG6aKR5Zu+54mHLmpwZw==","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.836Z","timestamp":1782123701836,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/08/20240820151043224.jpg?5Zub5pa55YWJ55S16aaW6aG16KeG6aKR5Zu+54mHLmpwZw== HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/08/20240820151043224.jpg?5Zub5pa55YWJ55S16aaW6aG16KeG6aKR5Zu+54mHLmpwZw==\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1285,"timings":{"blocked":1122,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/08/20240820151043224.jpg?5Zub5pa55YWJ55S16aaW6aG16KeG6aKR5Zu+54mHLmpwZw==","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.135Z","timestamp":1782123703135,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/08/20240820151043224.jpg?5Zub5pa55YWJ55S16aaW6aG16KeG6aKR5Zu+54mHLmpwZw== HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 20 Aug 2024 07:10:43 GMT\r\naccept-ranges: bytes\r\netag: \"e8de2212d0f2da1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 277122\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":277122,"size_decoded":277417,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 686x385, components 3","md5":"0a3061d71d8c8edffaeef85ed8a749b6","sha1":"73250502369681f103f0262200d9d23cd7cece83","sha256":"1f359d92f2d921d2689cc2ca69ce2fa92d59332a8b7af20667a2da81836131f7","sha512":"e4611fc9ffc585ada9775c85502702a8bcf4956e5471553f2e2ce363395bcd2f2d7cfa4c75626bf32f0f20a368316842073e1cbaaac573f2f80a8d74a87a3f23","ssdeep":"6144:pujeF9hg8PTrmEvkPlzY0QdK/s7+WiwGu0n:pujOTriEMdzrtwG/n","tlshash":"9c4413b3179b07bdefde8ab4bdc3c9d0f0261e1402869246b26f4e18db896e5199d503","first_seen":"2025-08-23T05:07:23.565409Z","last_seen":"2026-06-22T10:22:08.239323Z","times_seen":5,"resource_available":false,"data":null}},"time_used":15688,"timings":{"blocked":2516,"dns":0,"connect":0,"send":0,"wait":3288,"receive":9884,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/cn/images/weixin2023.png","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.439Z","timestamp":1782123703439,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /cn/images/weixin2023.png HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Tue, 09 May 2023 02:40:52 GMT\r\naccept-ranges: bytes\r\netag: \"052adab1f82d91:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 4183\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":4183,"size_decoded":4474,"mime_type":"image/png","magic":"PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced","md5":"6036593fcb2ca0ab65dd3d1f24a8d0dd","sha1":"fbda064c93b705696f3657ff0511349c7c5b6409","sha256":"6005c2c03c61fb5534db20f7a87c1e673a1c2a3edc78206a49f5dda2b97c8634","sha512":"3fb25f7543b27fa6ae44bb5e33e08793905dcb853a88b60c2f77af6502040b0ae11eb7d9a998871900d98ba2df2f36b239af676750ee49f00466e2bed3443ebd","ssdeep":"96:gvyWDtvYQtHfxKc7OnseTDLfZJDiKO5JRFxyfnM7wbb:mXBYCp0nsAXXWJ1Mn","tlshash":"7c815d7b52cf990cea81578271047468cdbe4d1c3a554d7aa0b2deb5994271402cce73","first_seen":"2025-08-23T05:07:23.567291Z","last_seen":"2026-06-22T21:03:54.829613Z","times_seen":7,"resource_available":false,"data":null}},"time_used":7584,"timings":{"blocked":2213,"dns":0,"connect":0,"send":0,"wait":5371,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/scripts/jquery.SuperSlide.2.1.1.js","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.717Z","timestamp":1782123701717,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/scripts/jquery.SuperSlide.2.1.1.js HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":11410,"size_decoded":4187,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10856)","md5":"44869319738d0650cddc070e18d13f42","sha1":"e62e05ddd4aa992b96eda3eae56e0efc55e6ed89","sha256":"cfd2165ef0abe80e64e3289b6034ac88a07c3c25df29666472c51a49e5528ba5","sha512":"82073a1c9d9a9f05a1f3c2ef4800ea7def572d874be932cec97fd8f741625ba740c98568f9ea54e05a755ead8f40cc46d4fba74168c522fbb8d2bc9793487001","ssdeep":"192:5XK3b1H+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2HE:5a4nqflKFgEWulE8REcS3j/CkR1Xh3","tlshash":"6932c65fb66635ce4597b3f1107f940d222b5965fc8a8ca0b17482c0adb9a1c243bfed","first_seen":"2026-06-22T01:23:05.589907Z","last_seen":"2026-06-22T21:03:54.854018Z","times_seen":6,"resource_available":false,"data":null}},"time_used":427,"timings":{"blocked":263,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/09/20240929173749662.jpg?5Ya35aqSYmFubmVyLmpwZw==","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.782Z","timestamp":1782123701782,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/09/20240929173749662.jpg?5Ya35aqSYmFubmVyLmpwZw== HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/09/20240929173749662.jpg?5Ya35aqSYmFubmVyLmpwZw==\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2022/06/20220609150340047.png?5ZG85rCU5pyrRVRDTzLkvKDmhJ/lmagucG5n","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.827Z","timestamp":1782123701827,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2022/06/20220609150340047.png?5ZG85rCU5pyrRVRDTzLkvKDmhJ/lmagucG5n HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2022/06/20220609150340047.png?5ZG85rCU5pyrRVRDTzLkvKDmhJ/lmagucG5n\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1101,"timings":{"blocked":939,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2020/12/20201230140352264.png?5rG96L2m5LqM5rCn5YyW56Kz5Lyg5oSf5Zmo5oC75oiQQUNEUy0xMDAx","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.804Z","timestamp":1782123702804,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2020/12/20201230140352264.png?5rG96L2m5LqM5rCn5YyW56Kz5Lyg5oSf5Zmo5oC75oiQQUNEUy0xMDAx HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Thu, 31 Oct 2024 06:47:08 GMT\r\naccept-ranges: bytes\r\netag: \"0be56b4602bdb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 32465\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":32465,"size_decoded":32757,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"75136ce63247495b17b49d0a7c283af6","sha1":"f7723d3e63ebf30f89e3e9b3d40c52e9c305bbba","sha256":"25ae1b12ca70fc644cd92cfab4e1c13d1bda20e55c5e749d62b8c3573435df3d","sha512":"507fbed71d6248cda26b4b89618ff9fdcf9520ae8967377a56faf50e6f718641a7eeb7332778094b855f65c6ccb850cf5e9e4450e87cd03142340647f77b7446","ssdeep":"768:CEc2sX+7iLt6OIeC/n6q3gBoHjPOtV1V9GqDM6EW:C0suuLt6OIeCy5ODPOLR5DMnW","tlshash":"2de2d02086542737a6997c83af678023457e3cf3e690d89669cdaa4940172efc88f7d5","first_seen":"2025-08-23T05:07:23.621448Z","last_seen":"2026-06-22T21:03:54.849155Z","times_seen":7,"resource_available":false,"data":null}},"time_used":3994,"timings":{"blocked":2846,"dns":0,"connect":0,"send":0,"wait":1146,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/ghs.png","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.843Z","timestamp":1782123701843,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /ghs.png HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/ghs.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1443,"timings":{"blocked":1269,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2023/10/20231017104646989.png?5oi355SoLeWwjy5wbmc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.106Z","timestamp":1782123703106,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2023/10/20231017104646989.png?5oi355SoLeWwjy5wbmc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Mon, 25 Nov 2024 08:07:06 GMT\r\naccept-ranges: bytes\r\netag: \"0317f4113fdb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 41224\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":41224,"size_decoded":41515,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"b3749968a557049f5604b9fc2576e88a","sha1":"b46a6b61537a30cf7796c4fe147cfc63287c19a3","sha256":"defd626ad02d1f3db1a5982da6a542b801bb7af7590bddc29503fae761a52750","sha512":"805e9c662fcf881f79f8804f560756a971a08921182ec6f9fac2326ffbd2485c3bb5e3fce310ee49d1148aa271ff858aa46d08d5f166e217c9a71a49f95e8f84","ssdeep":"768:1Lu2NxynMptSHkLWugBcTPjLX2PON6xCxHqpTcGjVu4SuPh1Y1kJ0K:1Lu2NtAkr2caWNuCxHqpI8vZ0K","tlshash":"f503e00a5864dc1c9b48f88976fd5c0abbb70fc094d19408dffee6861b945adce0d2e6","first_seen":"2025-08-23T05:07:23.548568Z","last_seen":"2026-06-22T21:03:54.83716Z","times_seen":7,"resource_available":false,"data":null}},"time_used":4155,"timings":{"blocked":2545,"dns":0,"connect":0,"send":0,"wait":1381,"receive":229,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/images/weixin2023.png","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.767Z","timestamp":1782123701767,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/images/weixin2023.png HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/cn/images/weixin2023.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1632,"timings":{"blocked":1470,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2020/11/20201124170824099.png?bG9nbzMwMC5wbmc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.734Z","timestamp":1782123701734,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2020/11/20201124170824099.png?bG9nbzMwMC5wbmc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2020/11/20201124170824099.png?bG9nbzMwMC5wbmc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1552,"timings":{"blocked":1380,"dns":0,"connect":0,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2023/10/20231017104646989.png?5oi355SoLeWwjy5wbmc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.834Z","timestamp":1782123701834,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2023/10/20231017104646989.png?5oi355SoLeWwjy5wbmc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2023/10/20231017104646989.png?5oi355SoLeWwjy5wbmc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1255,"timings":{"blocked":1099,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/05/20250522174149244.png?5bel5LiaLnBuZw==","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.632Z","timestamp":1782123702632,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2025/05/20250522174149244.png?5bel5LiaLnBuZw== HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/cn/images/tousu2023.png","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.508Z","timestamp":1782123703508,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /cn/images/tousu2023.png HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Tue, 09 May 2023 02:41:00 GMT\r\naccept-ranges: bytes\r\netag: \"0672b01f82d91:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 4037\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":4037,"size_decoded":4327,"mime_type":"image/png","magic":"PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced","md5":"eec81004d8e937cb4eb558b47a10d0d1","sha1":"b162758292d5d3994720189673d142ba5cc4552d","sha256":"dd560c3ee27e129024b424d4e94baecffa47b94d03bde71c966c42201adb336e","sha512":"90dbe6f8450b9e83a170298cc2e7e372193001a30c6f4f22b775af58e4cb4af1e4cec88a91a72dc96ebac4f35858ac562ab8fa5a015015c389f9d3627af35f48","ssdeep":"","tlshash":"26818d7b01e79a0c15914b2bf260b55d8df8ce502d8a853eb8a2d3ba8f0034c07dda63","first_seen":"2025-08-23T05:07:23.513415Z","last_seen":"2026-06-22T21:03:54.841567Z","times_seen":7,"resource_available":false,"data":null}},"time_used":7499,"timings":{"blocked":2128,"dns":0,"connect":0,"send":0,"wait":5371,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/07/20250723173751259.jpg?5b6u5L+h5Zu+54mHXzIwMjUtMDctMjNfMTczNzMzXzQyMy5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.812Z","timestamp":1782123703812,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/07/20250723173751259.jpg?5b6u5L+h5Zu+54mHXzIwMjUtMDctMjNfMTczNzMzXzQyMy5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 23 Jul 2025 09:37:51 GMT\r\naccept-ranges: bytes\r\netag: \"87f14375b5fbdb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 328678\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/scripts/jquery.flexslider-min.js","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.715Z","timestamp":1782123701715,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/scripts/jquery.flexslider-min.js HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":22334,"size_decoded":7465,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (22239)","md5":"713a5d55fb669e19047d11696c912724","sha1":"be1225831828975aec69f791de6cf118994c05ef","sha256":"8b2c3d7393c0c588c830ba08b65816fd313fc7e0095948423aaa45205196f6bf","sha512":"1380bacfb776c2954306086ac97ed4804562de4bfdc778dd1ae4f36b7952705474ad720aa136511780c5bf49430fd5ab83750519bb7164e39ce80ba6169f8b96","ssdeep":"384:XYpIHQFgbJEB3b7DH9O1EB/KK5PYSBNB14GZFNYYwUbhVj:oFgbJEB3b7wy5PVNhFuNEp","tlshash":"9da26116b3903a71dfe7265e3f0fc5055ab39681e406c83c3d7c420d2aa55897f27aea","first_seen":"2023-03-07T01:16:48Z","last_seen":"2026-06-23T21:24:57.984511Z","times_seen":969,"resource_available":true,"data":null}},"time_used":420,"timings":{"blocked":258,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/09/20240904112020740.jpg?My5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.780Z","timestamp":1782123701780,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/09/20240904112020740.jpg?My5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/09/20240904112020740.jpg?My5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1824,"timings":{"blocked":1667,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/05/20250522174149244.png?5bel5LiaLnBuZw==","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.798Z","timestamp":1782123701798,"http_version":"HTTP/1.1","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2025/05/20250522174149244.png?5bel5LiaLnBuZw== HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/05/20250522174149244.png?5bel5LiaLnBuZw==\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/06/20250618162710010.png?MjAyMDExMDYxNzMwMTI1MzgucG5n","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.126Z","timestamp":1782123703126,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/06/20250618162710010.png?MjAyMDExMDYxNzMwMTI1MzgucG5n HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Wed, 18 Jun 2025 08:27:10 GMT\r\naccept-ranges: bytes\r\netag: \"3850d3c82ae0db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 4679\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":4679,"size_decoded":4971,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"a3f4b0f9884a495a6d6b655b81de995d","sha1":"f72cb0e6f0f08a7d5b9318acd017e0fec7518542","sha256":"96b1157d1de101caeeddf78f39f4e0d9818dd1b7eeb71377274060117bb41cd0","sha512":"ff1ae7b0b9cf99e1f39379d107ca8f6657cf85daa3156d2ffc456251440926265dd48e71845d68ee1dde143edf913db24e51000351c31ca802992b0afc7e7f0b","ssdeep":"96:kvyWDtvYQtHfxKc7OnseTDLfZJDq0j+cZyYFdxCUbrnuCerj+7:CXBYCp0nsAXXAQewruCerq7","tlshash":"3da18e36079a794c19a38b1261a1e448ce35df850c94006eb4e7969ecd03b5806cda33","first_seen":"2026-06-22T01:23:05.629071Z","last_seen":"2026-06-22T21:03:54.842319Z","times_seen":6,"resource_available":false,"data":null}},"time_used":5125,"timings":{"blocked":2526,"dns":0,"connect":0,"send":0,"wait":2599,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2020/08/20200817092034339.bmp?5Zub5pa55YWJ55S15YWs5LyX5Y+35LqM57u056CB","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.768Z","timestamp":1782123701768,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2020/08/20200817092034339.bmp?5Zub5pa55YWJ55S15YWs5LyX5Y+35LqM57u056CB HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":35344,"size_decoded":32848,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"a187e3aab1ce6af7d071f7ac924d7d8f","sha1":"4e842fc555f48910d4ffbedbb60d75b18b4b2c38","sha256":"cc5a965d7fe92e507f7223734b34071274b5abab77536ab174ae9206dca99cd2","sha512":"6754f184e5f828e3785ac09119dd8c9702496b74af1bf90b395777888fe48a3a44fbd22b09757523294665675683a5d7047f0a8194a8067fb6844380115299e0","ssdeep":"768:JXJBhlZSEe+ZUbSek/SdUsYkdG25STyegpeuxwIEr1+DegikM34wRNk/x3mHvW:nvlZzuUsYkdGrTyeg8J1f8ww/gHu","tlshash":"a233be06c641a336c65d24b450fa67c8e140fe88f7dd9dddf1bc80a5af1a92837cea64","first_seen":"2026-06-22T01:23:05.557392Z","last_seen":"2026-06-22T21:03:54.832183Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1798,"timings":{"blocked":1490,"dns":0,"connect":0,"send":0,"wait":177,"receive":131,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/cn/images/fix1.png","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.314Z","timestamp":1782123703314,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /cn/images/fix1.png HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Fri, 14 Aug 2020 01:46:58 GMT\r\naccept-ranges: bytes\r\netag: \"095cdcbdc71d61:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 1893\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":1893,"size_decoded":2184,"mime_type":"image/png","magic":"PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced","md5":"fcbf0eb3323b513071ee089d0f1d4a80","sha1":"2a3bbbf38ca2fa989e85920efaff45d2c9f5f00c","sha256":"0d9a3638b7cc2e11fc9b8c0fc266fab0f977268f28688b4d44b42504a4601315","sha512":"a895e9da4720d63477f0f6a0a072388cc09e5679939abd2f456398e69056e15e8f0985b01efa82687fe089134f97fa5c7d8e75c6a39cca332d43e959d342493c","ssdeep":"","tlshash":"a441f9aef5809462e50c9684b8e11113ca0b4981b9e8f5a5eee9dc5b5e033b40d285c7","first_seen":"2025-08-23T05:07:23.546806Z","last_seen":"2026-06-22T21:03:54.809356Z","times_seen":7,"resource_available":false,"data":null}},"time_used":7013,"timings":{"blocked":2330,"dns":0,"connect":0,"send":0,"wait":4683,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/09/20240929173749662.jpg?5Ya35aqSYmFubmVyLmpwZw==","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.814Z","timestamp":1782123703814,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/09/20240929173749662.jpg?5Ya35aqSYmFubmVyLmpwZw== HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 29 Sep 2024 09:37:49 GMT\r\naccept-ranges: bytes\r\netag: \"9472a03f5312db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 488546\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/12/20241205155137053.jpg?NS5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.786Z","timestamp":1782123701786,"http_version":"HTTP/1.1","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2024/12/20241205155137053.jpg?NS5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/12/20241205155137053.jpg?NS5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/04/20250423144544353.png?MjAyMDEyMjkwOTQxMzAwNDkucG5n","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.797Z","timestamp":1782123701797,"http_version":"HTTP/1.1","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2025/04/20250423144544353.png?MjAyMDEyMjkwOTQxMzAwNDkucG5n HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/04/20250423144544353.png?MjAyMDEyMjkwOTQxMzAwNDkucG5n\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/05/20250529092530213.png?MjAyNTAzMTMxNjAzMDk2ODIucG5n","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.787Z","timestamp":1782123702787,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/05/20250529092530213.png?MjAyNTAzMTMxNjAzMDk2ODIucG5n HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Tue, 10 Jun 2025 06:45:26 GMT\r\naccept-ranges: bytes\r\netag: \"0473f3fd3d9db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 35948\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":35948,"size_decoded":36240,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"564ab61ad99434bd5ffcb8d1182ac062","sha1":"ab72921f96504c2bc365b5d63afc6bab1e77006b","sha256":"cd2e551db54d5aa437940e9902783f792993dbd9edeb29b2334f6687c142a9bd","sha512":"9568c77ff0f53c7c3b0fc10139ced7b614fac2583e222647360e2460e5a96a5d838d5685460c4c4bb713919476f5a88ba344b02f137ce47890de192ff0e566ff","ssdeep":"768:uE0OzMDSJgM0iL2W5xJrRFjDmw0DCwUArdkmL5iag:uxOzlJgMnL2WF/KVUArGmL51g","tlshash":"5df2d0a5e590c530eb4dbad6d2eec2869bb73a4585c5204f9ac9d8c3480342dca1dfdf","first_seen":"2026-06-22T01:29:41.94742Z","last_seen":"2026-06-22T21:03:54.848317Z","times_seen":5,"resource_available":false,"data":null}},"time_used":3553,"timings":{"blocked":2864,"dns":0,"connect":0,"send":0,"wait":688,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/cn/images/on3.png","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.506Z","timestamp":1782123703506,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /cn/images/on3.png HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Fri, 14 Aug 2020 01:50:43 GMT\r\naccept-ranges: bytes\r\netag: \"80dbe951dd71d61:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 3100\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":3100,"size_decoded":3392,"mime_type":"image/png","magic":"PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced","md5":"8551c52b99d46f77277d82012c5de5e9","sha1":"e62a335f71efa00c00ea3d9f80301ad90820b553","sha256":"90f7637592b26fa02b5eed7fd13d4284982e8c755a037b5b568813228f7e3561","sha512":"f0704b31f2ae567eeffff385284d45013d1b5e671c276cdf83eda043fd5abdcc9e72aaddeacdd231e5f7fcf05585dbf50b5dffab14a2744584c5e72afd8e3a1a","ssdeep":"","tlshash":"ce51190fd6c17d02736ce4d344ef6447e8618ea4d6715c52f89e883e2a244ed59ad1c7","first_seen":"2025-08-23T05:07:23.561785Z","last_seen":"2026-06-22T21:03:54.81366Z","times_seen":7,"resource_available":false,"data":null}},"time_used":7499,"timings":{"blocked":2128,"dns":0,"connect":0,"send":0,"wait":5371,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/cn/images/fix6.png","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.510Z","timestamp":1782123703510,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /cn/images/fix6.png HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Fri, 14 Aug 2020 01:49:03 GMT\r\naccept-ranges: bytes\r\netag: \"80114f16dd71d61:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 1690\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":1690,"size_decoded":1982,"mime_type":"image/png","magic":"PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced","md5":"dbed1fb382079ee049f55feb1b2569ce","sha1":"9fd415a6f33c2875bfb42f921d96adbbe058de61","sha256":"9644f922b8757bcf37fddc5a0f5c991a4d949313391f5e273a6d64ca9f7a8d15","sha512":"b4eae38f9f29f440377d614755c48bc6316b6ad6a831e2cdf783648b1d295d3850e9d082242712d5956e1394c468b5dccbeb13a286c8dd25ef20e24cb12e5ae5","ssdeep":"","tlshash":"5b310aaae47474f99549e4a234da820788734540c7e1e4a9f1cccc028dfb1bd4d7adc7","first_seen":"2025-08-23T05:07:23.50912Z","last_seen":"2026-06-22T21:03:54.849876Z","times_seen":5,"resource_available":false,"data":null}},"time_used":7499,"timings":{"blocked":2128,"dns":0,"connect":0,"send":0,"wait":5371,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/editor/editor.css","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.663Z","timestamp":1782123701663,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /editor/editor.css HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:41 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":7338,"size_decoded":2321,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"9455be8f6c8b88c1162346ea226b34a5","sha1":"9565f1c6878dfb6f1243f185bd1062b1d7d29f67","sha256":"25950c9b45d684b3e0a6018aec1d64f72aa71721e89ca562810d393cb41ed833","sha512":"935a4ab2a82af73792a4efdcdab62574ef6e5d47c632a2fb8915ba698244a1e56b9b98b59c9385b8b812945059a41b1195e081bfaa025e7421655200457aa89d","ssdeep":"192:ijwhWHEjfO8m+bCXrQCSSSHaXLkuW9Qjh9DFI0sU:wwSEoeXaXRKQT","tlshash":"25e10da2412301ade7bf74876ad54725311460df92cac97a782cd017eb893f3b1a933e","first_seen":"2025-09-10T11:23:32.095465Z","last_seen":"2026-06-22T21:03:54.806498Z","times_seen":21,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":131,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/12/20241205155037037.jpg?My5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.789Z","timestamp":1782123701789,"http_version":"HTTP/1.1","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2024/12/20241205155037037.jpg?My5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/12/20241205155037037.jpg?My5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2022/03/20220330113016641.png?MjAyMTExMTkwOTI3MzgyMzUucG5n","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.829Z","timestamp":1782123701829,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2022/03/20220330113016641.png?MjAyMTExMTkwOTI3MzgyMzUucG5n HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2022/03/20220330113016641.png?MjAyMTExMTkwOTI3MzgyMzUucG5n\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1124,"timings":{"blocked":951,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/04/20250423144544353.png?MjAyMDEyMjkwOTQxMzAwNDkucG5n","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.607Z","timestamp":1782123702607,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2025/04/20250423144544353.png?MjAyMDEyMjkwOTQxMzAwNDkucG5n HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/images/on3.png","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.765Z","timestamp":1782123701765,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/images/on3.png HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/cn/images/on3.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1661,"timings":{"blocked":1486,"dns":0,"connect":0,"send":0,"wait":175,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/12/20241205155155532.jpg?Ni5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.785Z","timestamp":1782123701785,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/12/20241205155155532.jpg?Ni5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/12/20241205155155532.jpg?Ni5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/07/20250723173751259.jpg?5b6u5L+h5Zu+54mHXzIwMjUtMDctMjNfMTczNzMzXzQyMy5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.784Z","timestamp":1782123701784,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/07/20250723173751259.jpg?5b6u5L+h5Zu+54mHXzIwMjUtMDctMjNfMTczNzMzXzQyMy5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/07/20250723173751259.jpg?5b6u5L+h5Zu+54mHXzIwMjUtMDctMjNfMTczNzMzXzQyMy5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/05/20250522174237869.png?54eD5rCULnBuZw==","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.831Z","timestamp":1782123701831,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/05/20250522174237869.png?54eD5rCULnBuZw== HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/05/20250522174237869.png?54eD5rCULnBuZw==\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1127,"timings":{"blocked":955,"dns":0,"connect":0,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2020/10/20201026115714696.png?56m65rCU6LSo6YeP5qOA5rWL5LuqQU03MDAw","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.627Z","timestamp":1782123702627,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2020/10/20201026115714696.png?56m65rCU6LSo6YeP5qOA5rWL5LuqQU03MDAw HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/scripts/common.js","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.713Z","timestamp":1782123701713,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/scripts/common.js HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2444,"size_decoded":1034,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"87261f8e94ff6ae47b48adb6b7ea358c","sha1":"4861949e65577b3856f06dff25b09ccb8154716d","sha256":"443c76e9c94e3e52439d32fbd147b5b04b104fa4f042b9595baed2adba1a2548","sha512":"f7e0a5c12102675e1b9c45eb004e6817af927999501a29b1685c8dbbb24a7422a1eaf4893b0d0018cee244fa207a342dcd32b7142ef93eed8fb4edc4eaa89b8a","ssdeep":"","tlshash":"d951790bf0a582f554b736ba0f3fa8083d91481f6789c900f81d5ef04fa1958de16aa5","first_seen":"2026-06-22T01:23:05.649141Z","last_seen":"2026-06-22T21:03:54.850674Z","times_seen":6,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":257,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/scripts/jquery.fancybox.js","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.722Z","timestamp":1782123701722,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/scripts/jquery.fancybox.js HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":145563,"size_decoded":42483,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"b5c57d8cfcaf4ac9207cabb85adae499","sha1":"0877443159a308e395d0d2b706bed527dc4fbb0b","sha256":"f599ffede3a77258bacb96b8e6a6e47b3986547e7fe89c5fcf19898cc2982908","sha512":"f9ca26076a0f8535d553dc701f819b4407d32fe3f0611f59a294375d95653fb9560e1c44ea89703474c88ce3a02183d8ba4a21324def2c7a89ed76fdb3a379c4","ssdeep":"3072:Aqw8oNqetKmZ6bjdmbCR+M3EY3ryACKH42NclASCkEW:SqetKmZAdmbCR+M3F7yRKH42NclASCkb","tlshash":"94e3744e66b211258d27753d9bcf701ab67b8013a50cee213cad43481fc17a952f6fea","first_seen":"2026-06-22T01:23:05.600874Z","last_seen":"2026-06-22T21:03:54.819122Z","times_seen":6,"resource_available":false,"data":null}},"time_used":706,"timings":{"blocked":420,"dns":0,"connect":0,"send":0,"wait":156,"receive":130,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/09/20240906171354834.jpg?Ni5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.776Z","timestamp":1782123701776,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/09/20240906171354834.jpg?Ni5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/09/20240906171354834.jpg?Ni5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1790,"timings":{"blocked":1631,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/12/20241204103045615.png?MjAyMDEwMjYxMzE4NTI3MDMucG5n","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.947Z","timestamp":1782123702947,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/12/20241204103045615.png?MjAyMDEwMjYxMzE4NTI3MDMucG5n HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Wed, 04 Dec 2024 02:30:45 GMT\r\naccept-ranges: bytes\r\netag: \"e8acc485f445db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 49104\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":49104,"size_decoded":49397,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"a9f1e5a5f5619937a5d8c4a8ceb960aa","sha1":"e6164ba0ce63f4bce1dd63054e645adc91366b0f","sha256":"eb4209c3533bf5a6d71b16b701282269025e7590a8db50d851fce1a949ad6a49","sha512":"f59491e031d79af8106a24262e2277e8851226c5d2ee2902f290b0b662291995fafd8360c5f319bff1e92401a4b4c23c61ee671df3ea2e0a98f49fee3f5a8831","ssdeep":"768:J5esNEX3AUD/8GNEnN3z28s0mBYDlBUIUS3RvZFMKnoxMQqMsaWoXzai:JsaEX3AKUPnY8sjBYB5Fj8xqta9ui","tlshash":"d723f1963510856684163e82d0fe6e7d83289ee09740f891ec98e61f262e654ef3dfc6","first_seen":"2025-08-23T05:07:23.519815Z","last_seen":"2026-06-22T21:03:54.802234Z","times_seen":7,"resource_available":false,"data":null}},"time_used":4080,"timings":{"blocked":2702,"dns":0,"connect":0,"send":0,"wait":1149,"receive":229,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/06/20250618162725697.png?MjAyNDA4MDEwOTIzMzE4MTMucG5n","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.140Z","timestamp":1782123703140,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/06/20250618162725697.png?MjAyNDA4MDEwOTIzMzE4MTMucG5n HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Wed, 18 Jun 2025 08:27:25 GMT\r\naccept-ranges: bytes\r\netag: \"b922dd22ae0db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 5620\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":5620,"size_decoded":5911,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"48e5cf72e374937ba4a95c7e6f0a3a9b","sha1":"9c5f465c1a05a4df114694d4b519be7abff6723d","sha256":"82819a6ca9b714b23cf27962286e5ef756d5a22296b9b3b51d8f6ca2c94a8ed8","sha512":"5119ccf3de698cb3855d1ba24cef25202a026e6cb2c6ee47dc4344d746e1f0917ba80bfb952cc3604a27479029826c5e142a38e49d5ffb87fe9884d95adf79dd","ssdeep":"96:kvyWDtvYQtHfxKc7OnseTDLfZJDmT9B+QYa2yWv9g9FyZi7WRI2enS4oGfzExyOu:CXBYCp0nsAXXmRIQYa2ymCbyZiCI7S4n","tlshash":"d1c19e6606db7f041ad6cb641155d428edbbe92d2988053a70f2f1a5ca2194c87ccd33","first_seen":"2026-06-22T01:23:05.539147Z","last_seen":"2026-06-22T21:03:54.837886Z","times_seen":6,"resource_available":false,"data":null}},"time_used":6965,"timings":{"blocked":2512,"dns":0,"connect":0,"send":0,"wait":4453,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/12/20241205155155532.jpg?Ni5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.792Z","timestamp":1782123703792,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/12/20241205155155532.jpg?Ni5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 05 Dec 2024 07:51:55 GMT\r\naccept-ranges: bytes\r\netag: \"2a65f28dea46db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 80350\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/09/20250901090822525.jpg?5b6u5L+h5Zu+54mHXzIwMjUwOTAxMDkwNjExXzkzOF8yMDUuanBn","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.793Z","timestamp":1782123703793,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/09/20250901090822525.jpg?5b6u5L+h5Zu+54mHXzIwMjUwOTAxMDkwNjExXzkzOF8yMDUuanBn HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 01 Sep 2025 01:08:22 GMT\r\naccept-ranges: bytes\r\netag: \"c63767e9dc1adc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 493228\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/images/tousu2023.png","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.769Z","timestamp":1782123701769,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/images/tousu2023.png HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/cn/images/tousu2023.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1667,"timings":{"blocked":1486,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/07/20250723173818682.jpg?5b6u5L+h5Zu+54mHXzIwMjUtMDctMjNfMTczNzQwXzAyMi5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.773Z","timestamp":1782123701773,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/07/20250723173818682.jpg?5b6u5L+h5Zu+54mHXzIwMjUtMDctMjNfMTczNzQwXzAyMi5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/07/20250723173818682.jpg?5b6u5L+h5Zu+54mHXzIwMjUtMDctMjNfMTczNzQwXzAyMi5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/css/flexslider.css","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.707Z","timestamp":1782123701707,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/css/flexslider.css HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:41 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5444,"size_decoded":1679,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"5ab5aeb31c436ed8492afbe6ff7edb15","sha1":"09983c371537559a47795dc8689cb9f10acdcd33","sha256":"c0285ccf9d35cae30737b630c71c3304c3b06ff27b40e506df1609956815445b","sha512":"dca03880985ab977d8403c9b9a583085e36f4b950f11d1cd4eadb7c70dc6dc208c92c8345e81c61ca58fac78d5645f4123d12b7fbdf2f18d4e30075d98089559","ssdeep":"48:+XMpyh1MxrAe6fimuiJONPGpONmmMm8MjUdjIFQ3mStnayATLw0owvEC518a3H:Kfh1MWfgiJOmpfkdFQ2YRoL57","tlshash":"69b1d1ac16f51740e817d2acad82d71ebb7cc002961edc4ce5e11638ceda3894973add","first_seen":"2026-06-22T01:23:05.621852Z","last_seen":"2026-06-22T21:03:54.803502Z","times_seen":6,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":105,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/scripts/wow.min.js","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.721Z","timestamp":1782123701721,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/scripts/wow.min.js HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8415,"size_decoded":3231,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8385)","md5":"36050285bfeeb7395752f0f9bbc08273","sha1":"5924f7bbbf1dfa3f0926851d01f782f23a59e805","sha256":"0ec632e6ab02d4fdd514da7f5edc74aa28c9d4c71af76f1c8b93a1fba85bcc69","sha512":"bf887e087c52583114b77bfb417d7dffa0ee8634d39155af14591a24b2add9ef4c8a0c0555364122800d07a55f5f1fb0c723b39541b069a437ff558ddbf380a3","ssdeep":"96:UrZgL1xvPV6GqKgR6TYLWHFMLJA6pOROVEE1fosvGeaMozHImBaoqbl:Ury9PVfIFrlAJROVEEdos+eatzHILoA","tlshash":"750267c97a967031d75796f6833f0106b6361aeeb028047cb5b88dd57c78868523bf38","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-06-23T19:45:37.313507Z","times_seen":13104,"resource_available":true,"data":null}},"time_used":550,"timings":{"blocked":386,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/05/20250522174207182.png?5rG96L2mLnBuZw==","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.819Z","timestamp":1782123701819,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/05/20250522174207182.png?5rG96L2mLnBuZw== HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/05/20250522174207182.png?5rG96L2mLnBuZw==\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":961,"timings":{"blocked":780,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2020/10/20201026130634125.png?6LaF5aOw5rOi5rCn5rCU5Lyg5oSf5ZmoR2FzYm9hcmQtODUwMFYtUkg=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.972Z","timestamp":1782123702972,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2020/10/20201026130634125.png?6LaF5aOw5rOi5rCn5rCU5Lyg5oSf5ZmoR2FzYm9hcmQtODUwMFYtUkg= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Mon, 26 Oct 2020 05:06:34 GMT\r\naccept-ranges: bytes\r\netag: \"fb3649c655abd61:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 13452\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":13452,"size_decoded":13745,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit colormap, non-interlaced","md5":"feb83e57074f85606717f863bdb45fd5","sha1":"49523f570c3c4e228f188a511356e0c020231221","sha256":"de1a4766f65beeb2dc569cd9b9ed1e876d7e9cb70b24b0a51995ac085aa5bbdf","sha512":"0d9b1cb530bbb9259ffeef12b02f3ea02f9deac59118b168cdf1b19377204a050681249738deacdb403531ce0d8619c34c3567919d31709fdaa0fc6d0981c433","ssdeep":"192:B70Oh/N6siV7FqJ3CDkWH5zrIaoCoyeppqIcdygv1z+n3HUmF5V6xGKVRMac:J1nAsJCD1HlIZyepYIIwFwPs","tlshash":"5652bf48cc8824d5c4194c6239e6586b67accf89d681758b260f7bbc4eb33d42a97ccf","first_seen":"2025-08-23T05:07:23.491888Z","last_seen":"2026-06-22T21:03:54.839343Z","times_seen":7,"resource_available":false,"data":null}},"time_used":4055,"timings":{"blocked":2676,"dns":0,"connect":0,"send":0,"wait":1379,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/04/20250411151543369.jpg?MGU4YWJkZDM2MDhjMzQ4NjYzNmVjZWI4NTY0NjM2ZC5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.640Z","timestamp":1782123703640,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/04/20250411151543369.jpg?MGU4YWJkZDM2MDhjMzQ4NjYzNmVjZWI4NTY0NjM2ZC5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 11 Apr 2025 07:15:43 GMT\r\naccept-ranges: bytes\r\netag: \"2acbb289b1aadb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 298252\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":298252,"size_decoded":298547,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 1920x450, components 3","md5":"6efed9f96966508602c3418658fb2fd3","sha1":"ecf7eaf9cf714a07ee709fc4aa0e83720bc55459","sha256":"b25655f49c6ec0b58090e250918bfefc74766fd3dccfb389984685ecfde64f5f","sha512":"f3aea3d3acef002cab2b5adac8c20009aca8b037e43616f77cf4326400da3530d48d8a848900dc996ab7f2af9ab70328c66c6652f470b220a8a3e86c8f926169","ssdeep":"6144:hLIBUXdjREi1ldszS/JyyVg4Y5NfakOcoGhbBduNDCIX6n:i0d33dEShyyWnFakboGXwD5qn","tlshash":"9e54235d4164103235a739d34ac4e82392d3ef049ad68bbad7783e2f859a053a770ff2","first_seen":"2026-03-01T03:09:37.078748Z","last_seen":"2026-06-22T10:22:08.260641Z","times_seen":2,"resource_available":false,"data":null}},"time_used":16561,"timings":{"blocked":2013,"dns":0,"connect":0,"send":0,"wait":9042,"receive":5506,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/06/20250618162725697.png?MjAyNDA4MDEwOTIzMzE4MTMucG5n","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.839Z","timestamp":1782123701839,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/06/20250618162725697.png?MjAyNDA4MDEwOTIzMzE4MTMucG5n HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/06/20250618162725697.png?MjAyNDA4MDEwOTIzMzE4MTMucG5n\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1289,"timings":{"blocked":1126,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/06/20250618162742056.png?MjAyNDA4MDEwOTIzNTU2MjUucG5n","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.293Z","timestamp":1782123703293,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/06/20250618162742056.png?MjAyNDA4MDEwOTIzNTU2MjUucG5n HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Wed, 18 Jun 2025 08:27:42 GMT\r\naccept-ranges: bytes\r\netag: \"f93eeddb2ae0db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 6100\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":6100,"size_decoded":6392,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"8b826f62af48336dca27ddf9db5a428d","sha1":"1362bf9ff61dbba7741dad81142986af3ba0f32b","sha256":"75edc874c9a6d670270056d619019bbb62010d591629c762b8eda9ed9904c70a","sha512":"7b065d0da11e1e685b38683ee2fdfe7e29ac62c727934842a259d474d32d15f723246527ad098109a636fe50a6fc3f0d03021922f235256777e4c05f83d80456","ssdeep":"96:kvyWDtvYQtHfxKc7OnseTDLfZJDmDrVeX8uxFI3Kph4lI8RkeVgNJhsJ8d/pAB:CXBYCp0nsAXXRsuxO32tRtNJWed/pAB","tlshash":"eec1aeff41a7241c298f071b22b9f17d8d6d3bdc28454519d5d352664f0933c9489a73","first_seen":"2026-06-22T01:23:05.615201Z","last_seen":"2026-06-22T21:03:54.853194Z","times_seen":6,"resource_available":false,"data":null}},"time_used":7028,"timings":{"blocked":2346,"dns":0,"connect":0,"send":0,"wait":4682,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/cn/images/on1.png","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.320Z","timestamp":1782123703320,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /cn/images/on1.png HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Fri, 14 Aug 2020 01:50:43 GMT\r\naccept-ranges: bytes\r\netag: \"80dbe951dd71d61:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 2829\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":2829,"size_decoded":3121,"mime_type":"image/png","magic":"PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced","md5":"4a1a44497e22de36b6dd35e3e406fa8f","sha1":"9abfe480b9b4a56f7a66223b9abf21a831f06ed9","sha256":"f2d65530b71244f74981056c39a77ecdb088d5789df3b238afed4b02da8bb589","sha512":"7111069db2c85dbb75b5377cd81d2d080bde3b2a66913eb6652920d8fd35815b913d68110a3d54f1c203a46648689cf99ef1bc17594c59f8bd5666bc16f322b3","ssdeep":"","tlshash":"2851080deac51247a79c989764fd9a1b5c50dcc09afddd54794bd83b8c100b44408adb","first_seen":"2025-08-23T05:07:23.616187Z","last_seen":"2026-06-22T21:03:54.845374Z","times_seen":7,"resource_available":false,"data":null}},"time_used":7470,"timings":{"blocked":2329,"dns":0,"connect":0,"send":0,"wait":5141,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/12/20241204103045615.png?MjAyMDEwMjYxMzE4NTI3MDMucG5n","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.824Z","timestamp":1782123701824,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/12/20241204103045615.png?MjAyMDEwMjYxMzE4NTI3MDMucG5n HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/12/20241204103045615.png?MjAyMDEwMjYxMzE4NTI3MDMucG5n\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1099,"timings":{"blocked":931,"dns":0,"connect":0,"send":0,"wait":168,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2022/03/20220330113016641.png?MjAyMTExMTkwOTI3MzgyMzUucG5n","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.975Z","timestamp":1782123702975,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2022/03/20220330113016641.png?MjAyMTExMTkwOTI3MzgyMzUucG5n HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Thu, 31 Oct 2024 07:28:26 GMT\r\naccept-ranges: bytes\r\netag: \"0895779662bdb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 34392\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":34392,"size_decoded":34684,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"d57d89ca1441fbbed29891f8806b2eaa","sha1":"6dcda18c661e24ebb069bcb78590368d2e3977b6","sha256":"d4ea7019386c9a806196a610357f0ef13e33403b470b15c391defb27e86908ba","sha512":"b52d80c9355b2b784d794f856f44ae1f99f878745dd38f1624d4b517750fa82087e1f7956069c132de48ed9e17aba3e889f5cd52499bbb041ff7a5836dbb3af0","ssdeep":"768:Xjd5KNa+yGMBf/uKzoj3gfXFBakWnP6US1cjUAHjRjhe0L7:XjHKNX+flzouTWPocjjj5v","tlshash":"50f2e15d39618da2cc96af0234b95c0b50f38af0bf887d0c5d89d16b833b658cee55a3","first_seen":"2025-08-23T05:07:23.521431Z","last_seen":"2026-06-22T21:03:54.822883Z","times_seen":7,"resource_available":false,"data":null}},"time_used":4055,"timings":{"blocked":2676,"dns":0,"connect":0,"send":0,"wait":1379,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/06/20240619154419553.png?WDIwMjMxMDE2MTQxNDIxNTUyLnBuZw==","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.118Z","timestamp":1782123703118,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/06/20240619154419553.png?WDIwMjMxMDE2MTQxNDIxNTUyLnBuZw== HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Mon, 25 Nov 2024 08:10:02 GMT\r\naccept-ranges: bytes\r\netag: \"0a9666d113fdb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 42392\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":42392,"size_decoded":42684,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"b303f7a9645a02cf2f0acd570d01e208","sha1":"6dbb650b1ac6db147312c4e601fba2e4d9576e12","sha256":"625f67574b1a733cf0f645c7cdeed754192a8b4fda629a011fa0bcb88c73b653","sha512":"b4303da81d1a4fd8d2a94fdfa9563316e7f9e3df8c52a45f6f452f761ef1aa82f28fc65c23bb32d9123437aaa2d86af9d3eff4945382b5535be1052ef3cae6c2","ssdeep":"768:1N2NHQfLbw3qJIU1nKvqXoksk3vKHHfJEPOtFjAPwRjVZjyngdEpen8/li6J0B:1N2NDq21vqXNZ3ve/mOjAPwRTH6U8/lA","tlshash":"5e13e19aaef380024fad59299def15119fe78accdf79500e8fc698120490d66ddd9283","first_seen":"2025-08-23T05:07:23.530978Z","last_seen":"2026-06-22T21:03:54.840084Z","times_seen":7,"resource_available":false,"data":null}},"time_used":4145,"timings":{"blocked":2533,"dns":0,"connect":0,"send":0,"wait":1611,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/09/20240904111937912.jpg?Mi5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.783Z","timestamp":1782123703783,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/09/20240904111937912.jpg?Mi5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 04 Sep 2024 03:19:37 GMT\r\naccept-ranges: bytes\r\netag: \"716af64579feda1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 93433\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/09/20240904111937912.jpg?Mi5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.778Z","timestamp":1782123701778,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/09/20240904111937912.jpg?Mi5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/09/20240904111937912.jpg?Mi5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/06/20240619154419553.png?WDIwMjMxMDE2MTQxNDIxNTUyLnBuZw==","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.835Z","timestamp":1782123701835,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/06/20240619154419553.png?WDIwMjMxMDE2MTQxNDIxNTUyLnBuZw== HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/06/20240619154419553.png?WDIwMjMxMDE2MTQxNDIxNTUyLnBuZw==\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1269,"timings":{"blocked":1110,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/cn/images/tousu.png","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.593Z","timestamp":1782123703593,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /cn/images/tousu.png HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Thu, 14 Nov 2024 07:42:34 GMT\r\naccept-ranges: bytes\r\netag: \"09192c46836db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 11409\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":11409,"size_decoded":11701,"mime_type":"image/png","magic":"PNG image data, 156 x 156, 8-bit/color RGBA, non-interlaced","md5":"331e66d6fea791ddbd7eccecd8dd3082","sha1":"6c1f1d097116541023c6d1cc8b4fd11080acca4b","sha256":"d679c36f65cc54811ef39c6355f1a44c0631312dcc7f31743f6cf286ea50a979","sha512":"0bb8287b441a9f1bd69e9e0c2616c0b4ff0edef6cced889b47f0d8ca56a3b5387c07bbf7ea534082184d5184cd38f213215800d9db1b1efff18844d4e5223dc5","ssdeep":"192:VkknYifE35HO7OYJMdWTAVT418RwRgTescFHQ9d9WLmmE6vjNGIkuA0kJyT05o3U:NnYifE35u7vsXVT4KasiH8fpmE6LgudW","tlshash":"0f329f48af00ed591394ab56bffb11c3125a1d718682365becc8959398734bacc4a5cf","first_seen":"2025-08-23T05:07:23.563513Z","last_seen":"2026-06-22T21:03:54.814718Z","times_seen":7,"resource_available":false,"data":null}},"time_used":7659,"timings":{"blocked":2059,"dns":0,"connect":0,"send":0,"wait":5600,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/12/20241205154926428.jpg?Mi5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.947Z","timestamp":1782123703947,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2024/12/20241205154926428.jpg?Mi5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/master/faith/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.260Z","timestamp":1782123702260,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /master/faith/sj.js HTTP/1.1\r\nHost: fcl.xueyuxingfeng.com:6987\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/css/jquery.fancybox.css","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.708Z","timestamp":1782123701708,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/css/jquery.fancybox.css HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17219,"size_decoded":4544,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (328)","md5":"3a92d916e8ffe355fc24b25484f33e61","sha1":"0072edc66d69c72ef6856f533a2c54c4039e22dd","sha256":"39fb4a4f04d2a249346848d9266606f94d72ef183b5dc6fc10495bab2d135717","sha512":"3f76dee0d8a8eb86ae182abaa5c1c69a913ec8d17bf4cf93459ab946515b8b5b4aca9275925cd8f6c004982a11e360ce4a6fef734a951187dff9d593515ffcde","ssdeep":"192:FfKrvwzDFF6Wz1vP3h3C1PFf8tkprEFUha7IaLtPbtPL2kErcejcHv:9NsqQf8tkuFGaEaLdt2kE4ee","tlshash":"4b72feef7aa02204213a8d64d39fde58e334a0115516dcfba6d9f848cfc5be811d6bc6","first_seen":"2026-06-22T01:23:05.653426Z","last_seen":"2026-06-22T21:03:54.834821Z","times_seen":6,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":194,"dns":0,"connect":0,"send":0,"wait":167,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2023/10/20231017104558098.png?5qih5Z2XLeWwjy5wbmc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.833Z","timestamp":1782123701833,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2023/10/20231017104558098.png?5qih5Z2XLeWwjy5wbmc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2023/10/20231017104558098.png?5qih5Z2XLeWwjy5wbmc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1258,"timings":{"blocked":1097,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/cn/images/dianhua2023.png","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.433Z","timestamp":1782123703433,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /cn/images/dianhua2023.png HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Tue, 09 May 2023 02:47:30 GMT\r\naccept-ranges: bytes\r\netag: \"04de7982082d91:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 3822\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":3822,"size_decoded":4113,"mime_type":"image/png","magic":"PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced","md5":"365f4e0efe32ee500921828ec6679e35","sha1":"ea32bcb2036f8d630a09ecb39d42c2056ad66b42","sha256":"0f293fcb76fd4d4e10627ce26f649a14c1e916743c6172808677cd8ef5cc8d5f","sha512":"59e2f8ad8cdad9396705b66c30b1329181fbf43c7d9fd0df524c7be62c65837abace7a5704540a722c747f55d54d7ac4b0a4e29ca1c94543ccb3173ed06d2079","ssdeep":"","tlshash":"81715c7b01d7be0c5ad18347a060e02dccbeaa1c3d494a7af862ab278e0154c45c8ab3","first_seen":"2025-08-23T05:07:23.619196Z","last_seen":"2026-06-22T21:03:54.833936Z","times_seen":7,"resource_available":false,"data":null}},"time_used":7589,"timings":{"blocked":2218,"dns":0,"connect":0,"send":0,"wait":5371,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2020/10/20201026115714696.png?56m65rCU6LSo6YeP5qOA5rWL5LuqQU03MDAw","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.795Z","timestamp":1782123701795,"http_version":"HTTP/1.1","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2020/10/20201026115714696.png?56m65rCU6LSo6YeP5qOA5rWL5LuqQU03MDAw HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2020/10/20201026115714696.png?56m65rCU6LSo6YeP5qOA5rWL5LuqQU03MDAw\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/06/20250618162752494.png?MjAyNDA4MDEwOTI0MTEzNzUucG5n","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.269Z","timestamp":1782123703269,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/06/20250618162752494.png?MjAyNDA4MDEwOTI0MTEzNzUucG5n HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Wed, 18 Jun 2025 08:27:52 GMT\r\naccept-ranges: bytes\r\netag: \"7ee225e22ae0db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 5673\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":5673,"size_decoded":5965,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"18800d4f6970abf85acfee8b44885ff1","sha1":"b4ff25f4ca12f2945b355867e082833707775f71","sha256":"c286009773abea7ed808f21cf7b6065566bbad4f147b43e37712c9d747d40cd9","sha512":"392aa4dcdcf33bb7eda1a6086765bd5d402ff4d21843c72eda6661445cc74150757f95e923aeee9e662dde5855505a8f1dbdf0c5f6352894f550de40b186f4fb","ssdeep":"96:kvyWDtvYQtHfxKc7OnseTDLfZJD5u5MBRPt8Iu97hcwSoNr/Tcx8GI8H:CXBYCp0nsAXX5rRl8Im7SwSm/ThKH","tlshash":"c3c17d6606d99c0c1c91eb477074b5aaddffa7ac3c9d0636b09386615e0089c97c7663","first_seen":"2026-06-22T01:23:05.637808Z","last_seen":"2026-06-22T21:03:54.851442Z","times_seen":6,"resource_available":false,"data":null}},"time_used":7065,"timings":{"blocked":2383,"dns":0,"connect":0,"send":0,"wait":4682,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/07/20250723173818682.jpg?5b6u5L+h5Zu+54mHXzIwMjUtMDctMjNfMTczNzQwXzAyMi5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.647Z","timestamp":1782123703647,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/07/20250723173818682.jpg?5b6u5L+h5Zu+54mHXzIwMjUtMDctMjNfMTczNzQwXzAyMi5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 23 Jul 2025 09:38:18 GMT\r\naccept-ranges: bytes\r\netag: \"d4319c85b5fbdb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 499037\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-22T10:21:41.101Z","timestamp":1782123701101,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:41 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"FancyBox","description":"FancyBox is a tool for displaying images, html content and multi-media in a Mac-style 'lightbox' that floats overtop of web page.","website":"https://fancyapps.com/fancybox","common_platform_enumeration":"","icon":"FancyBox.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WOW","description":"Reveal CSS animation as you scroll down a page.","website":"https://www.delac.io/WOW","common_platform_enumeration":"","icon":"","categories":["JavaScript frameworks","Web frameworks","JavaScript graphics"]}],"data":{"size":203055,"size_decoded":40780,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"2e55b752a41ccf44386e31ee1c96b24a","sha1":"67f9d5ef79dc5a62c1e2c0871a50d6260423cf08","sha256":"6645ddd4ad7dde5acd8046cb2e91e56df0b0b066267495c51199f145e40ff36e","sha512":"82843f07a2d7ebbc3988951c10f9bf9830be3bb090aa031f1c5a012d06ca036b5dd287e9a4579b56cbd6095b5a4343026f73f300be2528d0bd6cffacce1d9d72","ssdeep":"6144:GKrkk4RJ/L+hR5TXiTeDa6AZOy+WqllRYEGHEx/RoW7gCPqEncWMc:GcaF8/RN","tlshash":"bc14a81314e176ef166622f0d6f72729b5d29a93f853290536fc668a8fd2f8bdc07006","first_seen":"2026-06-22T01:23:05.585257Z","last_seen":"2026-06-22T21:03:54.807644Z","times_seen":6,"resource_available":true,"data":null}},"time_used":692,"timings":{"blocked":-1,"dns":3,"connect":132,"send":0,"wait":294,"receive":263,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/scripts/jquery-1.9.1.min.js","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.711Z","timestamp":1782123701711,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/scripts/jquery-1.9.1.min.js HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":92649,"size_decoded":37030,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32087)","md5":"935837b3d2425ce93af9ca9e75a06582","sha1":"c2c0b23ed8d7a93f4de530d11a779c61192be67f","sha256":"f3201e5fe8d7d0e7f1864b52b94e72c4703fae2020fd6f6f320250c6cbfd5c4a","sha512":"df6404db7ea7a5b6e568e123e52f60a791bcde1dea6c572c45a562f6042b1b50aa0cab943f7934a51de54bb8bf9939137e0bd12b9dd7e1a4aa13fda22557c18b","ssdeep":"1536:Znu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaH1RUR:ZdkWgoBhcZRQgmAY2qe","tlshash":"47932bdd72d2b03257ab30bd006f640ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2026-06-22T01:23:05.604842Z","last_seen":"2026-06-22T21:03:54.824254Z","times_seen":6,"resource_available":false,"data":null}},"time_used":387,"timings":{"blocked":225,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/scripts/meau.js","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.724Z","timestamp":1782123701724,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/scripts/meau.js HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":5784,"size_decoded":2009,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"2e4ebcf23d00be7fa920f52d53b55c4c","sha1":"09746ac60594b5d0d74bd1ef87e0e31d262f5979","sha256":"2171ba3ef3a376064fd4fb33938c6d6eeae0747d59fa57b33c8124c2610e3096","sha512":"752250e5d660ce3d3c38c07a718419ee5262a7484732889ac447978acd0090d22d1b423fdee8f7cc4b3fcece2adda2923e42f3ea1130c5bc064c7adcca09f314","ssdeep":"96:C98PBl1IumX/gIeMpP7ImkJAPKfDTazQx7gmt4/LC4PmZ+RLRMdK/JyD:CCZl1IumX/LtPkIPKfDTakxft4/3PmMs","tlshash":"d3c1c8183cb120205527e13617aba5f5f6a857339005c800fceeb34d0f996a9775ee8f","first_seen":"2026-06-22T01:23:05.633712Z","last_seen":"2026-06-22T21:03:54.833163Z","times_seen":6,"resource_available":false,"data":null}},"time_used":580,"timings":{"blocked":420,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/12/20241205155117475.jpg?NC5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.788Z","timestamp":1782123701788,"http_version":"HTTP/1.1","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2024/12/20241205155117475.jpg?NC5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/12/20241205155117475.jpg?NC5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/03/20250314103622166.png?5b2p5bGPWC5wbmc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.796Z","timestamp":1782123701796,"http_version":"HTTP/1.1","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2025/03/20250314103622166.png?5b2p5bGPWC5wbmc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/03/20250314103622166.png?5b2p5bGPWC5wbmc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/05/20250522174221338.png?5Yy755aXLnBuZw==","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.826Z","timestamp":1782123701826,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/05/20250522174221338.png?5Yy755aXLnBuZw== HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/05/20250522174221338.png?5Yy755aXLnBuZw==\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1113,"timings":{"blocked":935,"dns":0,"connect":0,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/05/20250522174131728.png?5pqW6YCaLnBuZw==","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.610Z","timestamp":1782123702610,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/05/20250522174131728.png?5pqW6YCaLnBuZw== HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Thu, 22 May 2025 09:41:31 GMT\r\naccept-ranges: bytes\r\netag: \"ab5310b3fdcadb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 279819\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":279819,"size_decoded":280113,"mime_type":"image/png","magic":"PNG image data, 600 x 360, 8-bit/color RGBA, non-interlaced","md5":"fd308afcf357c6272a91f91f66fd6a47","sha1":"2e6664ead58b6ff12bde94e0e92319165110fd12","sha256":"27e3e22634db88e2e423fe4a8f05e8276be32f8879e4f52347ec227b23dba02b","sha512":"844565e61d7a3149b01573ff7f288aa0407667d3755c355af978896067a991ee1090c13947c6b03fa5ba658ba929011a095305c056420f4e9d03b3a2fde06b52","ssdeep":"6144:nwoCpuBEHjWgfq0Kj8zbPaufSM3btN9TZwF+k:nYp9j7nc8zbPaufXZN9NwIk","tlshash":"3d542342f8011a279f7d09668864cc16a8d0b0cc9bdae77ede41557b6747e0b383ac9f","first_seen":"2025-11-27T07:59:55.831969Z","last_seen":"2026-06-22T10:22:08.272955Z","times_seen":3,"resource_available":false,"data":null}},"time_used":4416,"timings":{"blocked":0,"dns":2054,"connect":229,"send":0,"wait":918,"receive":459,"ssl":755},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/05/20250522174237869.png?54eD5rCULnBuZw==","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.978Z","timestamp":1782123702978,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/05/20250522174237869.png?54eD5rCULnBuZw== HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Thu, 22 May 2025 09:42:37 GMT\r\naccept-ranges: bytes\r\netag: \"d1b37cdafdcadb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 285808\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":285808,"size_decoded":286102,"mime_type":"image/png","magic":"PNG image data, 600 x 360, 8-bit/color RGBA, non-interlaced","md5":"d87a86f33eacf3bce4bf347a42f9fb8a","sha1":"f5a49e5498fc7c568636c95dceb28c8dbe9bd9e0","sha256":"b8219311545ef68f8a755cdb235d8502536d8192bca85b95fbc6b7c6f545f2db","sha512":"6c888e2b0ee7ddd3b2d8e62058d0f768bcee6983be0f9e55fe18affc6e5ca5cd1f65b5ef48a9fe74e741370239bece9f64715b2be2bcdc7f7acd9b954d04788d","ssdeep":"6144:hzucHzfhqxq6aF/PWVYaJeby/oHf7H2POfl7wn9+9w+qtrlkK6H:tuGzfhm4HiLJeby/8r2POfl79B2L6H","tlshash":"44542396bf066d69b2cd35e24e405073deb3171899f9da3db38e092042bdbb760e0179","first_seen":"2025-11-27T07:59:55.892605Z","last_seen":"2026-06-22T10:22:08.27555Z","times_seen":6,"resource_available":false,"data":null}},"time_used":15385,"timings":{"blocked":2673,"dns":0,"connect":0,"send":0,"wait":1380,"receive":11332,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/images/on1.png","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.757Z","timestamp":1782123701757,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/images/on1.png HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/cn/images/on1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1491,"timings":{"blocked":1332,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/ghs.png","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.318Z","timestamp":1782123703318,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /ghs.png HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Dec 2020 02:11:56 GMT\r\naccept-ranges: bytes\r\netag: \"8e7f4ad19c9d61:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 19256\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":19256,"size_decoded":19548,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"d0289dc0a46fc5b15b3363ffa78cf6c7","sha1":"29c400bc3b89f6085766dac4e0330ded5cb73d52","sha256":"a20583c81805fe64f7fa210851ce29754af9d25fd6aa5a3225a9557529602513","sha512":"10a9cd6fd64b8107db8b058eb8c4cc0fe23bb5c13a91d40caf93d323f4a15f1b34463bf0eacb0239c6dbd699ec6c49a8625e86cec674cc7b351509155b889e7f","ssdeep":"96:VSMllcHitlIxv9vk7C1+I4wWHLihk/xGWvki7rxmVKXUsDEVWvdNGthls+GfNXrL:VSHIIHUCD4wabkijpso15909rfEx","tlshash":"1c823928fcf0b125548993393de674095c779bc3c681ac45badc8a0b6f00fa95d6b183","first_seen":"2023-04-16T20:03:19Z","last_seen":"2026-06-23T21:30:51.019406Z","times_seen":10375,"resource_available":false,"data":null}},"time_used":7470,"timings":{"blocked":2329,"dns":0,"connect":0,"send":0,"wait":5141,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/09/20240906171354834.jpg?Ni5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.598Z","timestamp":1782123703598,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/09/20240906171354834.jpg?Ni5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 06 Sep 2024 09:13:54 GMT\r\naccept-ranges: bytes\r\netag: \"2ecae6183d0db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 63181\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":63181,"size_decoded":63474,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=2], baseline, precision 8, 1920x451, components 3","md5":"861fc65493726df91ecf11c229a9e3b5","sha1":"691f8e0d37eccc9466fa9fff2b4ac12c392b396b","sha256":"52a7efeaa52b4f8c1d812221b4ee1cfc844878253d11d573c61ef214fe5fd677","sha512":"13a689fa5428131cbd49f82a11578d2a27f7c9f79f5fedab56d99888f5d08d48594689d58565e6d8d0884d8c3ac8ed42038168ae0a7ceeceb06eaf34efeb33f5","ssdeep":"1536:NbluY1jENy5CY0dI6ABQRcy6dYNlKoMojccEtR2Sg:N5uY1jEYB0O649YNl3ZEty","tlshash":"7153e0035d0e4c02dc19cfb8fc4646ed6769aa19ba163ecd21934fa37b592420e4f1ec","first_seen":"2025-08-23T05:07:23.574281Z","last_seen":"2026-06-22T21:03:54.81053Z","times_seen":6,"resource_available":false,"data":null}},"time_used":10639,"timings":{"blocked":2055,"dns":0,"connect":0,"send":0,"wait":6059,"receive":2525,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/05/20250522174131728.png?5pqW6YCaLnBuZw==","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.793Z","timestamp":1782123701793,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/05/20250522174131728.png?5pqW6YCaLnBuZw== HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/05/20250522174131728.png?5pqW6YCaLnBuZw==\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":794,"timings":{"blocked":632,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/09/20250901090910103.jpg?5b6u5L+h5Zu+54mHXzIwMjUwOTAxMDkwNjE4XzkzOV8yMDUuanBn","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.631Z","timestamp":1782123702631,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2025/09/20250901090910103.jpg?5b6u5L+h5Zu+54mHXzIwMjUwOTAxMDkwNjE4XzkzOV8yMDUuanBn HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2023/10/20231017104558098.png?5qih5Z2XLeWwjy5wbmc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.110Z","timestamp":1782123703110,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2023/10/20231017104558098.png?5qih5Z2XLeWwjy5wbmc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Tue, 17 Oct 2023 02:45:58 GMT\r\naccept-ranges: bytes\r\netag: \"e18a2ea40da1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 29958\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":29958,"size_decoded":30248,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"b05e1269776088f6e255b7ac1aef96e7","sha1":"4a5a334170afa17090cd8dbcbc472d30b14fe143","sha256":"bdb3f364e3148373b541aec6be0a8a807edd1ffcb09355cd60fefefd4878d8a8","sha512":"83e4d247af68a81691367fc792b02e6a8740039b20655d120f2178d0c5896bdf32f40579bbd01808f4b04ae8fc8d6878c1de3f4bf586e871a942923ff6e51003","ssdeep":"768:Pq2Nq5Tn2M6H4h56pmbHksAsOTyLgizB/kdhVeqMURvF:Pq2Nq5TnWO5FbHEsOTyp9/kdTfDRvF","tlshash":"3ad2e142aac1dc9618d9a698f4edf40143934dd7b804951f7dcae5b28e200feced39da","first_seen":"2025-08-23T05:07:23.510717Z","last_seen":"2026-06-22T21:03:54.844617Z","times_seen":7,"resource_available":false,"data":null}},"time_used":4152,"timings":{"blocked":2542,"dns":0,"connect":0,"send":0,"wait":1610,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/09/20250901090910103.jpg?5b6u5L+h5Zu+54mHXzIwMjUwOTAxMDkwNjE4XzkzOV8yMDUuanBn","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.792Z","timestamp":1782123701792,"http_version":"HTTP/1.1","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2025/09/20250901090910103.jpg?5b6u5L+h5Zu+54mHXzIwMjUwOTAxMDkwNjE4XzkzOV8yMDUuanBn HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/09/20250901090910103.jpg?5b6u5L+h5Zu+54mHXzIwMjUwOTAxMDkwNjE4XzkzOV8yMDUuanBn\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2020/12/20201230140352264.png?5rG96L2m5LqM5rCn5YyW56Kz5Lyg5oSf5Zmo5oC75oiQQUNEUy0xMDAx","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.821Z","timestamp":1782123701821,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2020/12/20201230140352264.png?5rG96L2m5LqM5rCn5YyW56Kz5Lyg5oSf5Zmo5oC75oiQQUNEUy0xMDAx HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2020/12/20201230140352264.png?5rG96L2m5LqM5rCn5YyW56Kz5Lyg5oSf5Zmo5oC75oiQQUNEUy0xMDAx\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":957,"timings":{"blocked":780,"dns":0,"connect":0,"send":0,"wait":177,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/06/20250618162752494.png?MjAyNDA4MDEwOTI0MTEzNzUucG5n","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.842Z","timestamp":1782123701842,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/06/20250618162752494.png?MjAyNDA4MDEwOTI0MTEzNzUucG5n HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/06/20250618162752494.png?MjAyNDA4MDEwOTI0MTEzNzUucG5n\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1419,"timings":{"blocked":1257,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/05/20250522174207182.png?5rG96L2mLnBuZw==","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.806Z","timestamp":1782123702806,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/05/20250522174207182.png?5rG96L2mLnBuZw== HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Thu, 22 May 2025 09:42:07 GMT\r\naccept-ranges: bytes\r\netag: \"47a32c8fdcadb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 372552\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":372552,"size_decoded":372845,"mime_type":"image/png","magic":"PNG image data, 600 x 360, 8-bit/color RGBA, non-interlaced","md5":"6903a0064f6ec84de0f2a2e1106f12e3","sha1":"6227f1d009d20c046f6f48904ce22dde3130e1ab","sha256":"77e077024b96a73f03eb591fdba7b1ea56f27accc75954192f86142021116af1","sha512":"541b27f90ab7cfee4446d75c73ddb39f403a6d99e01045c0e71268fd0ca76552969cde3be1458b5181eeac2e3b5013a15114e130d367d90f494537b171f44db5","ssdeep":"6144:fx4Q2c5O7Q1c8TBreQNF476kNsZQGpVkQO+pYzL5+p31OorVUiRpGc:54lonFeQs76+si4WlWME/OGVVRpb","tlshash":"c784239c52763c37c6eb3bc2b5ba399c475377a61a808572cd931911c70b0da67ace0e","first_seen":"2025-11-27T07:59:55.908968Z","last_seen":"2026-06-22T21:03:54.821514Z","times_seen":8,"resource_available":false,"data":null}},"time_used":4451,"timings":{"blocked":2845,"dns":0,"connect":0,"send":0,"wait":1148,"receive":458,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/css/owl.carousel.min.css","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.702Z","timestamp":1782123701702,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/css/owl.carousel.min.css HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:41 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3351,"size_decoded":1361,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3184)","md5":"b2752a850d44f50036628eeaef3bfcfa","sha1":"fba46353cf90450ef3d362a123f1e7af3e8c561e","sha256":"521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc","sha512":"b52dd2e6a1b40658674113b2257bcd8de10ce14a4c5c7ad07d31a66d0d602a67a50b195210151ac614418ff1054f3a5b3f84554aba448a46e6749a1b0af844de","ssdeep":"","tlshash":"9161bbe5314a225f480f83121dd81e86393dcc52d8660a5a92bbd71447dae6d213ffcf","first_seen":"2023-04-05T13:49:19Z","last_seen":"2026-06-23T22:31:22.42744Z","times_seen":39730,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":130,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/css/animate.css","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.705Z","timestamp":1782123701705,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/css/animate.css HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:41 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":71946,"size_decoded":5964,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"8b757de66c393ab793355b9371714895","sha1":"4519bd6c65e7689642c48ed9b84dd9c809cf7ffb","sha256":"73873fe841e638011d9394ff1f1799df4b8f14fd6710ebc731732fca21c3ba53","sha512":"bdaf41d11b48f90bb7c1dc9ca496a2303832249b6981c64d66f287263a1ae06d8eed75c3992adae596f253f174905fd99a8669e83544bfc94f42567dd9be181b","ssdeep":"384:hKHuaudH2fqftulucfwf7l3laGPGF+pfHf7SpS/fjfHqDxbe3NxdV2PVrib:gHuauIfqftulucfwfs+pfHf7SpS/fjfp","tlshash":"e1630e6d2991118457238a5d83df9e68273ce573182a9cef73c2488bdf86fac67c5207","first_seen":"2026-06-22T01:23:05.618988Z","last_seen":"2026-06-22T21:03:54.798759Z","times_seen":6,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":130,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/09/20240904163831506.png?5bCPMjAyNDA1MjgxMTQyNTI0NTkucG5n","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.823Z","timestamp":1782123701823,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/09/20240904163831506.png?5bCPMjAyNDA1MjgxMTQyNTI0NTkucG5n HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/09/20240904163831506.png?5bCPMjAyNDA1MjgxMTQyNTI0NTkucG5n\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":954,"timings":{"blocked":779,"dns":0,"connect":0,"send":0,"wait":175,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/05/20250522174221338.png?5Yy755aXLnBuZw==","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.959Z","timestamp":1782123702959,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/05/20250522174221338.png?5Yy755aXLnBuZw== HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Thu, 22 May 2025 09:42:21 GMT\r\naccept-ranges: bytes\r\netag: \"5c17a2d0fdcadb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 345491\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":345491,"size_decoded":345785,"mime_type":"image/png","magic":"PNG image data, 600 x 360, 8-bit/color RGBA, non-interlaced","md5":"df8958fbbf93b4a226ca73795bb3a11e","sha1":"91517c1312a742c265f938de718de5d8f9c0f9da","sha256":"e103d8619dc3014f4155e0927c39c96bf4b93e744724eb576c515923b123b9ba","sha512":"4e4f2cf0f741a976bce68b0db5c3978ea0c06c3727ba685ef314d39b6aee4f487cff89c75ef0353d61aa51284dcf75521dfa5d83a5011ce14ba1ddf201d4ca04","ssdeep":"6144:y77sTm89D160xF6ThbwIm07th7BxLJ/to4sA+L0SvTzrz0brnoaMTodcMDEksozk:csZFxsTuIm0DFBxS53IcP/0XoaMicMDA","tlshash":"f27423daf6a242cd08af0977bb1cf76d4160863119baeb96d4c30a378c7605705b7de8","first_seen":"2025-11-27T07:59:55.846733Z","last_seen":"2026-06-22T21:03:54.831329Z","times_seen":7,"resource_available":false,"data":null}},"time_used":14947,"timings":{"blocked":2692,"dns":0,"connect":0,"send":0,"wait":1378,"receive":10877,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/images/fix6.png","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.772Z","timestamp":1782123701772,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/images/fix6.png HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/cn/images/fix6.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1667,"timings":{"blocked":1491,"dns":0,"connect":0,"send":0,"wait":176,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/06/20250618162742056.png?MjAyNDA4MDEwOTIzNTU2MjUucG5n","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.840Z","timestamp":1782123701840,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/06/20250618162742056.png?MjAyNDA4MDEwOTIzNTU2MjUucG5n HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/06/20250618162742056.png?MjAyNDA4MDEwOTIzNTU2MjUucG5n\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1427,"timings":{"blocked":1254,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/images/dianhua2023.png","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.764Z","timestamp":1782123701764,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/images/dianhua2023.png HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/cn/images/dianhua2023.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1625,"timings":{"blocked":1462,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/07/20250711092040569.png?bmV36KeS5qCH5qih5p2/LnBuZw==","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.800Z","timestamp":1782123701800,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/07/20250711092040569.png?bmV36KeS5qCH5qih5p2/LnBuZw== HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/07/20250711092040569.png?bmV36KeS5qCH5qih5p2/LnBuZw==\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":964,"timings":{"blocked":790,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2020/10/20201026130634125.png?6LaF5aOw5rOi5rCn5rCU5Lyg5oSf5ZmoR2FzYm9hcmQtODUwMFYtUkg=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.830Z","timestamp":1782123701830,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2020/10/20201026130634125.png?6LaF5aOw5rOi5rCn5rCU5Lyg5oSf5ZmoR2FzYm9hcmQtODUwMFYtUkg= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2020/10/20201026130634125.png?6LaF5aOw5rOi5rCn5rCU5Lyg5oSf5ZmoR2FzYm9hcmQtODUwMFYtUkg=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1123,"timings":{"blocked":953,"dns":0,"connect":0,"send":0,"wait":170,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/05/20250529092530213.png?MjAyNTAzMTMxNjAzMDk2ODIucG5n","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.802Z","timestamp":1782123701802,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/05/20250529092530213.png?MjAyNTAzMTMxNjAzMDk2ODIucG5n HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/05/20250529092530213.png?MjAyNTAzMTMxNjAzMDk2ODIucG5n\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":972,"timings":{"blocked":807,"dns":0,"connect":0,"send":0,"wait":165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/12/20241205155037037.jpg?My5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.956Z","timestamp":1782123703956,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2024/12/20241205155037037.jpg?My5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/04/20250411151543369.jpg?MGU4YWJkZDM2MDhjMzQ4NjYzNmVjZWI4NTY0NjM2ZC5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.774Z","timestamp":1782123701774,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/04/20250411151543369.jpg?MGU4YWJkZDM2MDhjMzQ4NjYzNmVjZWI4NTY0NjM2ZC5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/04/20250411151543369.jpg?MGU4YWJkZDM2MDhjMzQ4NjYzNmVjZWI4NTY0NjM2ZC5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1831,"timings":{"blocked":1660,"dns":0,"connect":0,"send":0,"wait":171,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2022/06/20220609150340047.png?5ZG85rCU5pyrRVRDTzLkvKDmhJ/lmagucG5n","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.949Z","timestamp":1782123702949,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2022/06/20220609150340047.png?5ZG85rCU5pyrRVRDTzLkvKDmhJ/lmagucG5n HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Thu, 31 Oct 2024 07:23:00 GMT\r\naccept-ranges: bytes\r\netag: \"0e27b7652bdb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 30419\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":30419,"size_decoded":30710,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"926772dbbd267d35d37a848bf4c002c6","sha1":"b5990966f8fcd776f3f82e58fd4315af637e9d2b","sha256":"e31a7a8788086a8a14625cd23d94799dd857327d33dcd34e53b1fa766ed01b08","sha512":"fa1f7d51223c0cdc5a056b526f2d38f61f63bc263f684e6028254da3b846ed799a0100f141558906a77a6d5a75b3c5017ea3ddf3c859a7490ee3b2445aeeba17","ssdeep":"384:+anfifYwet3HQhKxERSx1/NWCPHUzNEiVaiZYK3uJOU/ruGlsFDzWe7wNxbc6Cuo:Xa431EUHU+w3uJOUDPIDj01JNCvNz","tlshash":"39d2df3a7d70c61a078da00c49cce5f5e2b373c8e6059ac3ede1a13a1c9549e2fa1d4b","first_seen":"2025-08-23T05:07:23.539389Z","last_seen":"2026-06-22T21:03:54.836411Z","times_seen":7,"resource_available":false,"data":null}},"time_used":4080,"timings":{"blocked":2702,"dns":0,"connect":0,"send":0,"wait":1378,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/images/fix1.png","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.755Z","timestamp":1782123701755,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/images/fix1.png HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/cn/images/fix1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1486,"timings":{"blocked":1328,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/10/20241015103606865.png?R2FzYm9hcmQtMjA2M+Wwjy5wbmc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.801Z","timestamp":1782123701801,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2024/10/20241015103606865.png?R2FzYm9hcmQtMjA2M+Wwjy5wbmc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/10/20241015103606865.png?R2FzYm9hcmQtMjA2M+Wwjy5wbmc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":968,"timings":{"blocked":791,"dns":0,"connect":0,"send":0,"wait":177,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/03/20250314103622166.png?5b2p5bGPWC5wbmc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.624Z","timestamp":1782123702624,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2025/03/20250314103622166.png?5b2p5bGPWC5wbmc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2025/07/20250711092040569.png?bmV36KeS5qCH5qih5p2/LnBuZw==","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.777Z","timestamp":1782123702777,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2025/07/20250711092040569.png?bmV36KeS5qCH5qih5p2/LnBuZw== HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Fri, 11 Jul 2025 01:20:40 GMT\r\naccept-ranges: bytes\r\netag: \"cad6d432f2db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 46608\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":46608,"size_decoded":46899,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"e244691b37777c7cd164606cdd0be22e","sha1":"524cfc23d478122784f3e07dfa2b8316b46940b2","sha256":"5742d43317009ae66774fc24e92bc3cc32f0cc72a280711db4dea2a15412788a","sha512":"0775047dd86ac6d16b446ccfc70bd1abcbf4614fe6154c0794e71d0f70a3a9980dee3abd7b215ad89a095694ea0b719d7d14a445a9c9bb8ab419019d6ba2d532","ssdeep":"768:EECOWcaMYjzTeoOezPqVqkF1BJ18W5h6CtYST36i7BIwy9Ibg4kkO:EDOoMY/Teo3bqgktDp50IYSlB5FRnO","tlshash":"ff23df527e82d9000a4d398ad9ec5055c7b70ad5cec1a45d5febca138ca1aecdec29e3","first_seen":"2026-06-22T01:23:05.635726Z","last_seen":"2026-06-22T21:03:54.804644Z","times_seen":5,"resource_available":false,"data":null}},"time_used":3561,"timings":{"blocked":2872,"dns":0,"connect":0,"send":0,"wait":460,"receive":229,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/10/20241015103606865.png?R2FzYm9hcmQtMjA2M+Wwjy5wbmc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:42.782Z","timestamp":1782123702782,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/10/20241015103606865.png?R2FzYm9hcmQtMjA2M+Wwjy5wbmc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Tue, 15 Oct 2024 02:36:06 GMT\r\naccept-ranges: bytes\r\netag: \"e9698fcaa1edb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 31072\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":31072,"size_decoded":31364,"mime_type":"image/png","magic":"PNG image data, 260 x 260, 8-bit/color RGBA, non-interlaced","md5":"4b8499284c81bf486a114427c173e9ee","sha1":"01bd6d0f2124a3e70165c3c3a3403ba25332a51e","sha256":"51da91375dfc897aaef5851cb51d9d46c858bcd63114239185bf386cb439492c","sha512":"4d960ef9c614f3619efcdcc2e1cce9b33e83750e968a42b57b4079befb12c2af239b94d8f90ef4fcd7243369972a89628ee729a2179719b9b31320a0b073ef47","ssdeep":"768:8gHVYAcV6mxaSSw4zxzRvt4cfMo0i1yaZTBax7PWOC:8g1YAe6YaSShzxzRVzfR9e7PWOC","tlshash":"d2d2e1d9fc3db0f3ed44a50120ee420a0e3b1dc9fda5c6a45f1a5931da668ce855ae83","first_seen":"2026-06-22T01:23:05.624138Z","last_seen":"2026-06-22T21:03:54.840807Z","times_seen":5,"resource_available":false,"data":null}},"time_used":3326,"timings":{"blocked":2867,"dns":0,"connect":0,"send":0,"wait":230,"receive":229,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/09/20240904112020740.jpg?My5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.633Z","timestamp":1782123703633,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/09/20240904112020740.jpg?My5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 04 Sep 2024 03:20:20 GMT\r\naccept-ranges: bytes\r\netag: \"c9767d5f79feda1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 150094\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":150094,"size_decoded":150389,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 1920x451, components 3","md5":"73ce0dbf4c1c3f11662a8431cc1e8175","sha1":"8d401fa5f5c1250ac604c14f7de4c9985823a37f","sha256":"7bd308f0a3076d202313b9494d0a7d45616c3c620e97037f6f32fd939210eb6c","sha512":"148dae39633f948a7a10f77c0f426175e36edae1952b2ea7d8714dd6822f586b6cf63793dcca64077a326520acd449c5a637aa13802633dfc375e1d912c02f0f","ssdeep":"3072:JzjIgzSkgQqp791psk3XpmhB4/7j3A7qY1MSs/0yWMXQ:RIWSDhtsknpn7j3g1MShXMQ","tlshash":"16e3122762830618ed2c8e3099d56c0732ab581f3b827d057d5fffa4a7d3e5039a54b9","first_seen":"2025-08-23T05:07:23.541576Z","last_seen":"2026-06-22T10:22:08.284787Z","times_seen":4,"resource_available":false,"data":null}},"time_used":15555,"timings":{"blocked":2020,"dns":0,"connect":0,"send":0,"wait":8584,"receive":4951,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/scripts/owl.carousel.js","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.719Z","timestamp":1782123701719,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/scripts/owl.carousel.js HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:42 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":89684,"size_decoded":24155,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (360)","md5":"2d7ac095ef1a1cc27a5ad1c0a109b288","sha1":"2855cd9ab4582164e8db84ebaa089ef80d53efde","sha256":"751486d91797ababb17827678561e6611e215f71972bc2db19f4f6b2e144face","sha512":"a4df6c3983769768e7176dd6e60a6369eebfeee7c0e182cee2a363e24ae2b8338a838c918879d6f1d12a7345a9d0f620624f8d4e2d950221dc0bd5ebf0fc389f","ssdeep":"1536:owLoreUC7AuLMjvNlP8GNMBJ6IcIhKJQIOybQOoiYl9OJ06QKOf:oUMNlPBqJTuOGQOotDDKOf","tlshash":"299393c5f36c261b422631785eae23ce723d402ad911186f7ca8e9dc29d5468437eff9","first_seen":"2025-09-10T11:23:32.071553Z","last_seen":"2026-06-22T21:03:54.830563Z","times_seen":17,"resource_available":true,"data":null}},"time_used":658,"timings":{"blocked":361,"dns":0,"connect":0,"send":0,"wait":165,"receive":132,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2025/06/20250618162710010.png?MjAyMDExMDYxNzMwMTI1MzgucG5n","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.837Z","timestamp":1782123701837,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploadfiles/2025/06/20250618162710010.png?MjAyMDExMDYxNzMwMTI1MzgucG5n HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2025/06/20250618162710010.png?MjAyMDExMDYxNzMwMTI1MzgucG5n\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1276,"timings":{"blocked":1122,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/cn/images/tousu.png","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.770Z","timestamp":1782123701770,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cn/images/tousu.png HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/cn/images/tousu.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":1784,"timings":{"blocked":1624,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/uploadfiles/2024/12/20241205154926428.jpg?Mi5qcGc=","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.790Z","timestamp":1782123701790,"http_version":"HTTP/1.1","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2024/12/20241205154926428.jpg?Mi5qcGc= HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://www.gassensor.com.cn/uploadfiles/2024/12/20241205154926428.jpg?Mi5qcGc=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2020/11/20201124170824099.png?bG9nbzMwMC5wbmc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.322Z","timestamp":1782123703322,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2020/11/20201124170824099.png?bG9nbzMwMC5wbmc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\nlast-modified: Wed, 10 Jul 2024 03:57:42 GMT\r\naccept-ranges: bytes\r\netag: \"07f40507dd2da1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 14455\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":14455,"size_decoded":14747,"mime_type":"image/png","magic":"PNG image data, 197 x 54, 8-bit/color RGBA, non-interlaced","md5":"4038aa0d476e4800ba8f909f4f6181c9","sha1":"22361e792033925688c7e9190d83d672274afa3d","sha256":"a983cad412529b2fec1b10ca78989e8d557c94a74528cb0904c543da9147019f","sha512":"0a61507f23e4a94f85a57776d54ecaad46485b60e29d4b97343d0ba8d2c40a3c801ba9444a258b15d02bde536e9c087dcb6dbeee2065ce3b68b2ff686298fe81","ssdeep":"384:yfnkG+14I7EI1io/At6TNO5eUhcyR4lp9duLwE6zc:4w1L7D1ig+6RQD6fA3","tlshash":"f952c184f9e664615081dcc1b27ba18ae5f761d46987f5622cdf70056c770caee8efc0","first_seen":"2025-08-23T05:07:23.586796Z","last_seen":"2026-06-22T21:03:54.852228Z","times_seen":7,"resource_available":false,"data":null}},"time_used":7700,"timings":{"blocked":2329,"dns":0,"connect":0,"send":0,"wait":5371,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/10/20241031155306912.jpg?5b6u5L+h5Zu+54mHXzIwMjQxMDMxMTU1MjAwLmpwZw==","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"47.98.213.239","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.821Z","timestamp":1782123703821,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.gassensor.com.cn","organization":""},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Tue, 24 Mar 2026 00:00:00 GMT","end":"Thu, 08 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C0:94:41:3B:CA:73:F3:5F:36:04:CE:44:96:4A:91:F5:C5:CA:C0","sha256":"3C:EB:7F:5A:96:3D:E9:36:67:46:CB:25:EF:01:8D:D9:5E:40:7D:62:D2:F4:C5:DC:BC:18:A5:4A:8B:30:71:9C"}}},"request":{"raw":"GET /uploadfiles/2024/10/20241031155306912.jpg?5b6u5L+h5Zu+54mHXzIwMjQxMDMxMTU1MjAwLmpwZw== HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 31 Oct 2024 07:53:06 GMT\r\naccept-ranges: bytes\r\netag: \"79df8ec692bdb1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ezEIP\r\nx-frame-options: SAMEORIGIN\r\ndate: Mon, 22 Jun 2026 10:21:45 GMT\r\ncontent-length: 142601\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/12/20241205155117475.jpg?NC5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.954Z","timestamp":1782123703954,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2024/12/20241205155117475.jpg?NC5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gassensor.com.cn/uploadfiles/2024/12/20241205155137053.jpg?NS5qcGc=","fqdn":"www.gassensor.com.cn","domain":"gassensor.com.cn","tld":"com.cn"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:43.969Z","timestamp":1782123703969,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /uploadfiles/2024/12/20241205155137053.jpg?NS5qcGc= HTTP/1.1\r\nHost: www.gassensor.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://remote.dentistwestallis.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"remote.dentistwestallis.com/","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-22T10:21:40.918Z","timestamp":1782123700918,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T22:14:30.23529Z","times_seen":16663220,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"remote.dentistwestallis.com/jquery.min.js","fqdn":"remote.dentistwestallis.com","domain":"dentistwestallis.com","tld":"com"},"ip":{"addr":"170.130.213.6","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://remote.dentistwestallis.com/","date":"2026-06-22T10:21:41.661Z","timestamp":1782123701661,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: remote.dentistwestallis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://remote.dentistwestallis.com/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 22 Jun 2026 10:21:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 738\r\nLast-Modified: Fri, 10 Oct 2025 03:04:26 GMT\r\nConnection: keep-alive\r\nETag: \"68e877ba-2e2\"\r\nExpires: Mon, 22 Jun 2026 11:21:41 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":738,"size_decoded":1051,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (738), with no line terminators","md5":"84dbd62ab21f9a080a3c75007194d6f4","sha1":"c5e7a0dcb98e094964d941fd44af99c097255501","sha256":"2ba1b5b707262ff63d5557ef29c82e3c5fb59728b65d95b56ad14382f367877b","sha512":"e86349b8322b0e3317d56bdfe0ef17de495872e979b11bf4bf9857983299905753be82bfea15028e6dfcb00ce5273725e074061d3fc0714c11310a5755b0536e","ssdeep":"","tlshash":"ed01fbd887c4d85f6ecc5d53ea14deca62b2812b97d971838328fe8c05a9152c85c489","first_seen":"2023-03-07T12:08:36Z","last_seen":"2026-06-23T13:14:15.728607Z","times_seen":292,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":131,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"remote.dentistwestallis.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}