{"report_id":"9f42286a-c6a1-439f-b7b1-8952c4c47d48","version":0,"status":"done","tags":[],"date":"2026-06-27T00:58:56Z","url":{"schema":"http","addr":"paysupport.site.je","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"paysupport.site.je/?i=1","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"title":"Home","dom":{"size":6855,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (969)","md5":"b469aa2929fe7f4cb9b487bbf8b49aad","sha1":"04ac0eac4d6963252ce60beef647ca1b2fa765bd","sha256":"34a15c80c0f256a3e7b5d1b99e5ba289092368331f342988532a4cb612f48d94","sha512":"ccea5d9016d2b852c2a3ae6590bca723c50c7dfa92abe92ba41cd78cf960c0e8a97120ca09af76a7da81435759515a8b1c364929cbac72e721a1c869e88f7d81","ssdeep":"192:Vb0puXwUoXcGLfvfTnPMtbkvTp/rPbecbPFXbaD/TD:e6HoMGLfvbnEtbkvTNCqPFXbaD/TD","tlshash":"eae19537e40e48bb411341d0e617fb9df71bca22de936c9561f1966912deee8809b08d","dom_hash":"domhash78f612d9cd3457de6f1049b84b0e5fef","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"paysupport.site.je","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-01T00:58:56Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"paysupport.site.je","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"paysupport.site.je","ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2026-05-27","domain_rank":0,"first_seen":"2026-06-27T00:58:56.600805Z","last_seen":"2026-06-27T00:58:56.600805Z","alert_count":32,"request_count":8,"received_data":647567,"sent_data":4624,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"site.pro","ip":{"addr":"18.153.162.30","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2005-03-02","domain_rank":55170,"first_seen":"2014-12-01T11:54:39Z","last_seen":"2026-06-15T17:07:43.476568Z","alert_count":0,"request_count":1,"received_data":10222,"sent_data":558,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"paysupport.site.je/?i=1","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"92e10541e5c61640cca7af5ec33df588","sha1":"43710b76ce2ff2dd7b087c73ba161f9254892a09","sha256":"d466058e7a9758c180ef40405d1f8eac9d294dddc6c6f4198aa5b069c492852d","sha512":"43bd11990928ebb413a338ccefe2ad789e927435572936928f84115d1dcbf439e54c634697c72115920256bc26eeb5996593d038862ba1f68d76329db78c3da5","ssdeep":"","tlshash":"44b012f47045b05884340065bb433366366008344335d810d0212004f24d90b48eccfb","size":93,"data":"","first_seen":"2026-05-25T18:13:17.284429Z","last_seen":"2026-06-27T00:59:20.790432Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/?i=1","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"0adadd0ac786a54001e1be5c0e1f25a3","sha1":"2d0d52960a8f71f2ecf7600adb8a82db232cce62","sha256":"9f36e86d5faed54639461a07e2ad37f21c7a0d14c098227393048396b24d57c8","sha512":"1cc5615bbf57f6287fb627879987521b8cb1636d21e4e5d90f3738fcf87e25b4c6b752a869e19c9c846cd3a70acc40e631d9cac8e1f7585a11c925c0cc69629d","ssdeep":"","tlshash":"bb70000828802000300b20a0002f000c0020280020820000080c80828c2003c020280e","size":19,"data":"","first_seen":"2026-05-25T18:13:17.285691Z","last_seen":"2026-06-27T00:59:20.790973Z","times_seen":29,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/?i=1","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"8565e6be1ecc7db6e89f954301203d3e","sha1":"85bf33534620c1bbaf5a02b324889992f4edf339","sha256":"2383f19bdcac2f2ba70257273c8dbb4842d092fe01c6584444eb85ffcf69f485","sha512":"c77dee790fd3ab96bf6b273e080be423615e4347008aa9db2bf89826d730f718d1dff58aa0a4c017ffb791e70de1d29494d10e26a74985320a01ddf80cb103b5","ssdeep":"","tlshash":"a4e06824cf5fc1298178626f059fa7d9e57c44320c545cae2cf4993154cafca00eacd0","size":368,"data":"","first_seen":"2026-06-27T00:58:58.852215Z","last_seen":"2026-06-27T00:58:58.852215Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/?i=1","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"9201f99fddd71fac93017462d23c5431","sha1":"bdc1c2fded956be37d4b41e0cf32579751a2de55","sha256":"472f0cce4a85e0cf454c646b48e5bcc6f5b6c95d8e72437d3716b10b10a9a920","sha512":"8feb81b2adc3261dce52daa72bd616e59a120ded09deafb890eff53e66c0498368896b1b2b828a944f8a7b4ca6b74c28d453f4c94bd6ac6ee67a4b3c96b0621c","ssdeep":"","tlshash":"e0d0a770f79e180bd1753ce838d8c4dc067cc45046d08cb27c2ca80414bb29802e55a3","size":255,"data":"","first_seen":"2026-05-25T18:13:17.289371Z","last_seen":"2026-06-27T00:59:20.792297Z","times_seen":29,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/aes.js","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc66e046447092c606f2587837f96874","sha1":"fcf354a8044f494ee1f9fe868dde3f570f50e593","sha256":"5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96","sha512":"51cd149b2876e90621afc579fb172e253548a851d4c202181e1faba812f5beb1ae9ccf9f153137f60c569e05a79dcb272176e0126eceac54316208d2699a689f","ssdeep":"192:4hsoEj776Bn/tnHcgaollys/6+EgH3JLg7oLu0MyMVu:i50/3xoGs/jE839g2FB1","tlshash":"355200c203894a7cf2c92ed68c2f605620f3e54a3d251249efb399dbbc77d895075a36","size":13733,"data":"","first_seen":"2023-10-15T19:29:47Z","last_seen":"2026-06-27T05:12:36.372038Z","times_seen":7791,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/js/common-bundle.js?ts=20260618170555","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ef886ab71edfb44f8c2446313e91d25","sha1":"2c3cf8646093285336d8eccab64a5662d9b37fb0","sha256":"df76e43c7fe309be7f101fc14e79f686075a40e82aebd09f408fd899d922c210","sha512":"74bfc353cb5a9277099559338dbfdd5cfcf9fc2d30d8de3d95af35f5ca158a24257f4387a12fe927e8ae1db0f50d5cc4ba35c4b58e36a8e000872607712f575a","ssdeep":"768:gOSuappdO0gpiakbMzZE7He5VYpf47WIIozDKj5unibk33w6r5Dz4o0frRdZwh7V:gOOUfOMzZEkKgyo4TcaMR","tlshash":"9713f76d7224316a90db37eb417f22187237a522d506c875b926d0c82fb998362f7f2d","size":43074,"data":"","first_seen":"2026-06-27T00:58:58.846979Z","last_seen":"2026-06-27T00:59:20.789254Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/js/jquery-3.5.1.min.js","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"b61aa6e2d68d21b3546b5b418bf0e9c3","sha1":"9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7","sha256":"f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b","sha512":"5882735d9a0239c5c63c5c87b81618e3c8dc09d7d743c3444c535b9547b9b65defa509d7804552c581cb84b61dd1225e2add5dca6b120868ec201fa979504f4b","ssdeep":"1536:/jExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvaks:/Yh8eip3huuf6IidlrvakdtQ47GK8","tlshash":"3193f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89478,"data":"","first_seen":"2023-03-07T01:03:09Z","last_seen":"2026-06-27T05:00:38.338371Z","times_seen":17115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"paysupport.site.je/?i=1","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-27T00:58:33.721Z","timestamp":1782521913721,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"site.je","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Thu, 28 May 2026 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:7E:CB:26:FA:72:6A:D5:3C:29:F5:B5:65:B0:8A:92:05:BE:B9:00","sha256":"EC:A3:87:98:36:0E:A0:93:1D:92:C1:4E:51:86:76:BC:C5:D6:49:5D:93:80:55:F8:F3:CF:4F:9A:74:48:69:B6"}}},"request":{"raw":"GET /?i=1 HTTP/1.1\r\nHost: paysupport.site.je\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paysupport.site.je/\r\nCookie: __test=f1c116836c3dc4f0b326248187e9a1a3\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 27 Jun 2026 00:58:33 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: PHPSESSID=f292b4adbd6abab7863d28ffb615c1d1; expires=Sun, 28 Jun 2026 00:58:33 GMT; Max-Age=86400; path=/; HttpOnly\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":7229,"size_decoded":7634,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1006), with CRLF, LF line terminators","md5":"a9419a2d8cf4ab74544673733327ad8b","sha1":"d3621691a55ab875f59a23639d080d4bc36c465e","sha256":"683f52e8795f528e644c78e4bd20a620e5a8e07ea452d59169efa2e78068fbf7","sha512":"7c86b2c6aef4dd56074d9d8e27aa2695b7e4badba7b621460690c643d502f62ca4fbc345bdbb79f95080fd981ae58cc3f91f83f4c8937bf21a390e6c5d5d7584","ssdeep":"192:Q05pxXwXZwWpXIzeJRMvABwXOkqf8Fcb/Dv3/BbeczYhb2:TVCZNpX2eJ64BoOkqf8Fcb/Dvwpa","tlshash":"bee1967af50e886f42130590a233f759e62fc911ce93585571f2976712dfee882671cc","first_seen":"2026-06-27T00:58:58.83953Z","last_seen":"2026-06-27T00:58:58.83953Z","times_seen":1,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"paysupport.site.je","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/css/a188dda851df00d03fbe9110eacd609d-bundle.css?ts=20260618170555","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://paysupport.site.je/?i=1","date":"2026-06-27T00:58:33.830Z","timestamp":1782521913830,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"site.je","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Thu, 28 May 2026 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:7E:CB:26:FA:72:6A:D5:3C:29:F5:B5:65:B0:8A:92:05:BE:B9:00","sha256":"EC:A3:87:98:36:0E:A0:93:1D:92:C1:4E:51:86:76:BC:C5:D6:49:5D:93:80:55:F8:F3:CF:4F:9A:74:48:69:B6"}}},"request":{"raw":"GET /css/a188dda851df00d03fbe9110eacd609d-bundle.css?ts=20260618170555 HTTP/1.1\r\nHost: paysupport.site.je\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paysupport.site.je/?i=1\r\nCookie: __test=f1c116836c3dc4f0b326248187e9a1a3; PHPSESSID=f292b4adbd6abab7863d28ffb615c1d1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 27 Jun 2026 00:58:33 GMT\r\nContent-Type: text/css\r\nContent-Length: 2217\r\nConnection: keep-alive\r\nLast-Modified: Thu, 18 Jun 2026 14:05:56 GMT\r\nETag: \"8a9-65487accad6c7\"\r\nCache-Control: public, max-age=31536000, immutable\r\nExpires: Sun, 27 Jun 2027 00:58:33 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2217,"size_decoded":2549,"mime_type":"text/css","magic":"ASCII text, with very long lines (2217), with no line terminators","md5":"7d320c011fa8c6d6bfddd71fb9a92706","sha1":"2f09670a3a41efbd639bc38fd8ae857f90551694","sha256":"d7e0bcda3b8e20f38c760b404c0f39bb8269fc16220f0373eb27c2f2be0bb54c","sha512":"2f440dd62c3caa30a7c03a812435f43f9afc4d6cb5d8cccde3fbbed6e9a943d8679faf397879a539095da21c4558adddf55d421d1533bd1e5216ef23d61ff921","ssdeep":"","tlshash":"53419eb0562d877cfa23d0686f10addba1cf8105fe1315a5ced1f938829b5856cb22cc","first_seen":"2026-06-27T00:58:58.841256Z","last_seen":"2026-06-27T00:59:20.785264Z","times_seen":2,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":30,"send":0,"wait":33,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"paysupport.site.je","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"site.pro/assets/img/sitepro-logo-black.svg","fqdn":"site.pro","domain":"site.pro","tld":"pro"},"ip":{"addr":"18.153.162.30","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paysupport.site.je/?i=1","date":"2026-06-27T00:58:34.172Z","timestamp":1782521914172,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"site.pro","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 05:25:37 GMT","end":"Tue, 01 Sep 2026 05:25:36 GMT"},"fingerprint":{"sha1":"E1:C8:1B:AD:65:B7:16:F7:03:A4:0B:4B:FC:AB:A6:ED:12:78:A8:C8","sha256":"DC:AB:AF:9A:6D:70:29:E3:52:8B:02:54:7D:FF:79:D6:F9:0D:7C:CF:3D:FA:6F:31:64:D8:B2:95:FF:5B:BF:23"}}},"request":{"raw":"GET /assets/img/sitepro-logo-black.svg HTTP/1.1\r\nHost: site.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paysupport.site.je/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Sat, 27 Jun 2026 00:58:34 GMT\r\nserver: Apache\r\nupgrade: h2\r\nconnection: Upgrade\r\nlast-modified: Tue, 31 Aug 2021 14:31:03 GMT\r\netag: \"267a-5cadbcc9ee8b2\"\r\naccept-ranges: bytes\r\ncontent-length: 9850\r\ncache-control: max-age=0\r\nexpires: Sat, 27 Jun 2026 00:58:34 GMT\r\nx-robots-tag: noindex\r\ncontent-type: image/svg+xml\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":9850,"size_decoded":10222,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"818eb8bdcbc286df42dd7440f380ce0e","sha1":"65d35e6fa2f6d0f93e5d615426fd131625a10eeb","sha256":"610e2ad9c53af5c04253ffe1ebaf08b7cfdd0b4af3a73e53c7ae05fb685793ae","sha512":"6689182e2c037e717cf88452c8f61c0dfa032432e4824ef706e4c864f5aa8defc92d7f758078c50264db273457b94e41bb969e13b628d926e72b22c3379a9ae8","ssdeep":"192:xbwgnu98Xq7uPdVs1Kkwl8ramLySZHEb4NEV7qQ1aXWVzNGmgGS5Pbwt9I07h:N1g8XIedVMFG8mwtHtEtHgh5PMtG07h","tlshash":"121295fa93e5b2e0e406f7f0d93525b5ba6b24ba7702c7e583516ed8ba0105d8cc8cc1","first_seen":"2024-06-29T18:31:16Z","last_seen":"2026-06-27T00:59:20.785923Z","times_seen":2550,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":65,"dns":41,"connect":23,"send":0,"wait":39,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/favicon.ico","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paysupport.site.je/?i=1","date":"2026-06-27T00:58:34.539Z","timestamp":1782521914539,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"site.je","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Thu, 28 May 2026 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:7E:CB:26:FA:72:6A:D5:3C:29:F5:B5:65:B0:8A:92:05:BE:B9:00","sha256":"EC:A3:87:98:36:0E:A0:93:1D:92:C1:4E:51:86:76:BC:C5:D6:49:5D:93:80:55:F8:F3:CF:4F:9A:74:48:69:B6"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: paysupport.site.je\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paysupport.site.je/?i=1\r\nCookie: __test=f1c116836c3dc4f0b326248187e9a1a3; PHPSESSID=f292b4adbd6abab7863d28ffb615c1d1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: openresty\r\nDate: Sat, 27 Jun 2026 00:58:33 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107,"size_decoded":391,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"2f666954e563dc1d203b1ddd8a2511a0","sha1":"62d9b258578e41990a5182d4ba1edfde24e8ec26","sha256":"30eedefcdd6870576babcba3fcd73f44ad563b4087bf8d1dd4e4663433f44858","sha512":"4165768d6a2798c538fddf16127a709e40fd3028b777634477aa6fe50207133ad654b839adf1cebd39ec0a0584a4e8d91b4b9c9d1af492a58e184fa2ba4947a1","ssdeep":"","tlshash":"74b012fd12115d4c43b032b07bc0319290931397b163552148c0d0233a4937ccdc33cb","first_seen":"2023-04-29T23:51:38Z","last_seen":"2026-06-27T00:59:20.789937Z","times_seen":2794,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"paysupport.site.je","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-27T00:58:33.141Z","timestamp":1782521913141,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"site.je","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Thu, 28 May 2026 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:7E:CB:26:FA:72:6A:D5:3C:29:F5:B5:65:B0:8A:92:05:BE:B9:00","sha256":"EC:A3:87:98:36:0E:A0:93:1D:92:C1:4E:51:86:76:BC:C5:D6:49:5D:93:80:55:F8:F3:CF:4F:9A:74:48:69:B6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: paysupport.site.je\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 27 Jun 2026 00:58:32 GMT\r\nContent-Type: text/html\r\nContent-Length: 845\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":845,"size_decoded":1055,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (845), with no line terminators","md5":"f20a7f1a203b04aad83271a93344aae4","sha1":"51e01f6fd19f4611405d2b701199c55f4140ed96","sha256":"0c56c36bd83edc8067d5758ddece45fa90403ab3ac2bed5dd3d55e96da1b2026","sha512":"50068358388ed5998e0c9df26ea7b49cf86085c76c9510295d778da465bc68b2d15f195eff6c14614d02e9cf667f810e04809c60dc7464b2dc3c568657848de7","ssdeep":"","tlshash":"870141b9fca1e4c59bc000c01836d41e641296a6e541c9afc0c282e461e0bdc0e85d3a","first_seen":"2026-06-27T00:58:58.843893Z","last_seen":"2026-06-27T02:07:08.118035Z","times_seen":3,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":116,"connect":30,"send":0,"wait":31,"receive":0,"ssl":74},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"paysupport.site.je","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/js/jquery-3.5.1.min.js","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://paysupport.site.je/?i=1","date":"2026-06-27T00:58:33.823Z","timestamp":1782521913823,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"site.je","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Thu, 28 May 2026 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:7E:CB:26:FA:72:6A:D5:3C:29:F5:B5:65:B0:8A:92:05:BE:B9:00","sha256":"EC:A3:87:98:36:0E:A0:93:1D:92:C1:4E:51:86:76:BC:C5:D6:49:5D:93:80:55:F8:F3:CF:4F:9A:74:48:69:B6"}}},"request":{"raw":"GET /js/jquery-3.5.1.min.js HTTP/1.1\r\nHost: paysupport.site.je\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paysupport.site.je/?i=1\r\nCookie: __test=f1c116836c3dc4f0b326248187e9a1a3; PHPSESSID=f292b4adbd6abab7863d28ffb615c1d1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 27 Jun 2026 00:58:33 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 89478\r\nConnection: keep-alive\r\nLast-Modified: Thu, 18 Jun 2026 14:05:58 GMT\r\nETag: \"15d86-65487aceb920f\"\r\nCache-Control: public, max-age=31536000, immutable\r\nExpires: Sun, 27 Jun 2027 00:58:33 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89478,"size_decoded":89827,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators","md5":"b61aa6e2d68d21b3546b5b418bf0e9c3","sha1":"9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7","sha256":"f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b","sha512":"5882735d9a0239c5c63c5c87b81618e3c8dc09d7d743c3444c535b9547b9b65defa509d7804552c581cb84b61dd1225e2add5dca6b120868ec201fa979504f4b","ssdeep":"1536:/jExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvaks:/Yh8eip3huuf6IidlrvakdtQ47GK8","tlshash":"3193f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:03:09Z","last_seen":"2026-06-27T05:00:38.338371Z","times_seen":17115,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"paysupport.site.je","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/css/common-bundle.css?ts=20260618170555","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://paysupport.site.je/?i=1","date":"2026-06-27T00:58:33.829Z","timestamp":1782521913829,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"site.je","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Thu, 28 May 2026 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:7E:CB:26:FA:72:6A:D5:3C:29:F5:B5:65:B0:8A:92:05:BE:B9:00","sha256":"EC:A3:87:98:36:0E:A0:93:1D:92:C1:4E:51:86:76:BC:C5:D6:49:5D:93:80:55:F8:F3:CF:4F:9A:74:48:69:B6"}}},"request":{"raw":"GET /css/common-bundle.css?ts=20260618170555 HTTP/1.1\r\nHost: paysupport.site.je\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paysupport.site.je/?i=1\r\nCookie: __test=f1c116836c3dc4f0b326248187e9a1a3; PHPSESSID=f292b4adbd6abab7863d28ffb615c1d1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 27 Jun 2026 00:58:33 GMT\r\nContent-Type: text/css\r\nContent-Length: 255373\r\nConnection: keep-alive\r\nLast-Modified: Thu, 18 Jun 2026 14:05:56 GMT\r\nETag: \"3e58d-65487accebaea\"\r\nCache-Control: public, max-age=31536000, immutable\r\nExpires: Sun, 27 Jun 2027 00:58:33 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":255373,"size_decoded":255709,"mime_type":"text/css","magic":"ASCII text, with very long lines (65271)","md5":"4feabf6fbaeeabb85718ab537defbfca","sha1":"d1b07a54e80a3fde6d69c36e55342cd83253a9c4","sha256":"af3149dbbe9f1aa97cf89cf7f33ca118526a5d601b320faa9a85f7c5d9530679","sha512":"8398fc4baa63e0eba6e81859544b81204c87b55e19612f8559436f223916da60479b51e23357af9c6bd65bbda7c7e0db67c71b2713dc7438f9f8eeb575df7e98","ssdeep":"1536:/w/KRob1+H1ej5GzPnQ1IqmCQei1yfNkjePPdqq4u0BDWpbqMtBtmtAt8:JYq8QeR1xgxXDWpbqMtBtmtAt8","tlshash":"7244d761a55031adb273c46272c06e49312c8223e9778e73fd5b6968cac619f3763f1e","first_seen":"2026-06-27T00:58:58.845758Z","last_seen":"2026-06-27T00:59:20.788454Z","times_seen":2,"resource_available":false,"data":null}},"time_used":412,"timings":{"blocked":-1,"dns":0,"connect":30,"send":0,"wait":37,"receive":304,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"paysupport.site.je","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/js/common-bundle.js?ts=20260618170555","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://paysupport.site.je/?i=1","date":"2026-06-27T00:58:34.157Z","timestamp":1782521914157,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"site.je","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Thu, 28 May 2026 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:7E:CB:26:FA:72:6A:D5:3C:29:F5:B5:65:B0:8A:92:05:BE:B9:00","sha256":"EC:A3:87:98:36:0E:A0:93:1D:92:C1:4E:51:86:76:BC:C5:D6:49:5D:93:80:55:F8:F3:CF:4F:9A:74:48:69:B6"}}},"request":{"raw":"GET /js/common-bundle.js?ts=20260618170555 HTTP/1.1\r\nHost: paysupport.site.je\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paysupport.site.je/?i=1\r\nCookie: __test=f1c116836c3dc4f0b326248187e9a1a3; PHPSESSID=f292b4adbd6abab7863d28ffb615c1d1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 27 Jun 2026 00:58:33 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 43074\r\nConnection: keep-alive\r\nLast-Modified: Thu, 18 Jun 2026 14:05:58 GMT\r\nETag: \"a842-65487ace9a1f1\"\r\nCache-Control: public, max-age=31536000, immutable\r\nExpires: Sun, 27 Jun 2027 00:58:33 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":43074,"size_decoded":43422,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1669)","md5":"0ef886ab71edfb44f8c2446313e91d25","sha1":"2c3cf8646093285336d8eccab64a5662d9b37fb0","sha256":"df76e43c7fe309be7f101fc14e79f686075a40e82aebd09f408fd899d922c210","sha512":"74bfc353cb5a9277099559338dbfdd5cfcf9fc2d30d8de3d95af35f5ca158a24257f4387a12fe927e8ae1db0f50d5cc4ba35c4b58e36a8e000872607712f575a","ssdeep":"768:gOSuappdO0gpiakbMzZE7He5VYpf47WIIozDKj5unibk33w6r5Dz4o0frRdZwh7V:gOOUfOMzZEkKgyo4TcaMR","tlshash":"9713f76d7224316a90db37eb417f22187237a522d506c875b926d0c82fb998362f7f2d","first_seen":"2026-06-27T00:58:58.846979Z","last_seen":"2026-06-27T00:59:20.789254Z","times_seen":2,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"paysupport.site.je","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paysupport.site.je/gallery/PP_Email.jpg?ts=1781791555","fqdn":"paysupport.site.je","domain":"site.je","tld":"je"},"ip":{"addr":"185.27.134.55","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://paysupport.site.je/?i=1","date":"2026-06-27T00:58:34.300Z","timestamp":1782521914300,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"site.je","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Thu, 28 May 2026 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"12:7E:CB:26:FA:72:6A:D5:3C:29:F5:B5:65:B0:8A:92:05:BE:B9:00","sha256":"EC:A3:87:98:36:0E:A0:93:1D:92:C1:4E:51:86:76:BC:C5:D6:49:5D:93:80:55:F8:F3:CF:4F:9A:74:48:69:B6"}}},"request":{"raw":"GET /gallery/PP_Email.jpg?ts=1781791555 HTTP/1.1\r\nHost: paysupport.site.je\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://paysupport.site.je/?i=1\r\nCookie: __test=f1c116836c3dc4f0b326248187e9a1a3; PHPSESSID=f292b4adbd6abab7863d28ffb615c1d1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 27 Jun 2026 00:58:33 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 246642\r\nConnection: keep-alive\r\nLast-Modified: Thu, 18 Jun 2026 14:05:58 GMT\r\nETag: \"3c372-65487ace7f824\"\r\nCache-Control: public, max-age=31536000, immutable\r\nExpires: Sun, 27 Jun 2027 00:58:33 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":246642,"size_decoded":246980,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 99\", baseline, precision 8, 1080x1288, components 3","md5":"6b77d2871cb0717b1db5423de43a80c5","sha1":"3500c181c0539bce6abf84cc458f2679a2c22dd1","sha256":"f200b6b50d5bb33eeb0b973629f61302a266312ff6134930e1cd676d9a66c6dd","sha512":"b60a1c8ec8aec1ed28495184f632cd0780ae6f633f17ec22aa020e4f301cff9ab2209d86ba8d1e933c44061e6be4360c84be68a3861350e036880dc3a492fbb6","ssdeep":"6144:/nIdUrWY5pMO7pzGN/HAwa0zXb3yfAYYbxbhWD5HUA+gqQkL:/nLWY5pH7lGN/HAwa0zr3yfdYbxQDpUx","tlshash":"eb34cf75f3dbd301436b500e44bd7cb303a996e810c1e987a4938e6277a1f35aa8767e","first_seen":"2026-06-27T00:58:58.84837Z","last_seen":"2026-06-27T00:59:20.786433Z","times_seen":2,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":214,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"paysupport.site.je","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"paysupport.site.je","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}