{"report_id":"ad459826-81a4-4bb7-8627-5877624cbc28","version":6,"status":"done","tags":[],"date":"2025-10-15T03:22:36Z","url":{"schema":"http","addr":"www.macpaypal.com/","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":0,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.macpaypal.com/","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"title":"macpay全球商业支付专家——印度支付、巴基斯坦支付、泰国支付、越南支付、马来支付、斯里兰卡支付、尼泊尔支付、香港支付、韩国支付、日本支付"},"submit":{"url":{"schema":"http","addr":"www.macpaypal.com/","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":0,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-19T03:22:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.macpaypal.com","ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"domain_registered":"2023-12-26","domain_rank":0,"first_seen":"2025-08-10T04:50:46.795439Z","last_seen":"2025-08-10T04:50:46.795439Z","alert_count":58,"request_count":58,"received_data":1474701,"sent_data":26430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"crypto-js","description":"crypto-js is a JavaScript library of crypto standards.","website":"https://github.com/brix/crypto-js","common_platform_enumeration":"","icon":"default.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.macpaypal.com/","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9f7d064627e1901095a868e007b22290","sha1":"787119c9d0d0438c870b77dbefe06b6f29e9bbee","sha256":"705993ca8b1b573675a1ad182c08a2a6e09c0f4d4d951ce79389600ca8fcf480","sha512":"d98695a81daea2429a8d0fe6c6fa3b4b32de88db3f279e8fea68cb6d48eeab491489aa75d5b043967fda0a1f7a1415cfe89374973beece16a6491179fd426e0e","ssdeep":"","tlshash":"2690043075c5411101104d1533f44401173ddc0f00c4d030303c0ccc5113550f11510c","size":40,"data":"","first_seen":"2025-08-10T04:50:48.446513Z","last_seen":"2026-02-14T20:10:33.321372Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/script-v1.bundle.min.js","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"02c0f86312fc556a219c524d3ea2ef14","sha1":"ab2d9e56ef551b7b80aceab64ea3a10212901b0d","sha256":"2f6b66f3ec23bf80d45c310fc2a5d8c2121f93171cea3804c6586031a7e6bc99","sha512":"6b0b4fc842cb522e2ec61172babb1409c708e27f6f344a6cda37d73a36d5eb44d45555fb6bb31fb72fe46145e86433c89bb59ef564cf529c03d0b825c6464cd5","ssdeep":"3072:Mkn6x2xe9NK6nC6ZY0G64CEof9egf3EUps/Y0o5a4aF4p3:Mk6oxeeQPZQRCEof9egf3E7A0owo","tlshash":"ad140a8db291717203afb1b6106f420fb236246d6849806cf169d8ea7cb8d4d617bf7d","size":202139,"data":"","first_seen":"2025-08-10T04:50:48.385645Z","last_seen":"2026-02-14T20:10:33.268141Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/paykun5e1f.js?v=2","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9267dff5c43a56d55dfbfedff1ec1a0d","sha1":"8c5cbda9fdbb58e8629d5dad83268f1e7f60e33c","sha256":"1e64a3126abf775c5f2170ab1d1857c0247a0aecd44ed1634fbb57bb26e0b7c3","sha512":"58dac5b75a09ee3f142298cdd64c4cb98c8a52f5b4a4d4c1f058e883328880f250ebab8a94265b7ecc6d39b0ecf098a5315d3be8e7fae2aa5b2e98a17bf22c6e","ssdeep":"384:iUBPaJoRDTzWY4bbyBTC5cGyUIViJO6At+PI/Wp91JWCmjaG8ezZipNJHe5EyCRb:iUBPaJOTyPbyBTC5cGb3HLpNJHQ94ZTN","tlshash":"9f9244447ac19b6e138e8baf76aed0c1f7852a926ac04d52d044fc5467ce323f9ca5f4","size":19656,"data":"","first_seen":"2025-08-10T04:50:48.399202Z","last_seen":"2026-02-14T20:10:33.283585Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/lxkh7b30.js?v=4","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b323aebac5d517828e9a5525d2373b83","sha1":"db9ef541ac4d69827c232e97d05800c34ee19f01","sha256":"480162965b2a3e2591c0fe14a809ddb19632be8995560cef752eccfc7bf67543","sha512":"a2cff9af1d5bbeadb06cb69a34cc23721cb872e7a94536ab6f07b811d8e3d6ee5d704479aeb6bdcc89b247531742dccb31ac8d7cabd0414c00977f5c715f9577","ssdeep":"","tlshash":"bf8103e9c6415935809a9a939f4a320c31634077151bee527e6c932c3fc470b73e6bdd","size":3878,"data":"","first_seen":"2025-08-10T04:50:48.383346Z","last_seen":"2026-02-14T20:10:33.272349Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/jquery-3.5.1.min.js","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89476,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-05T13:37:54.928527Z","times_seen":218061,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9d8b89b000d29a5442d4aa69877bfe28","sha1":"6531a0a1d3598c0230d66db00d91586da5c89002","sha256":"5d6b23c9c1602df52383ed79be609fb8079afa183f7ce0ff935b001984c5979f","sha512":"7aed0cdf4433329f2b4852c2e4d70b98b0fcbad9e26be75d610435a35f4cf5d5e24edb61ec044d5be6637f09c1cc0b289bb228f7455896f6fe45d886d06fb0c9","ssdeep":"","tlshash":"4dd0a747115820716c6b02149ff8a0022b3c8507ad1b39dc7a9e13852f0e21e6076fc4","size":263,"data":"","first_seen":"2025-08-10T04:50:48.448893Z","last_seen":"2026-02-14T20:10:33.322316Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/owl.carousel.min.js","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f416f9031fef25ae25ba9756e3eb6978","sha1":"e2a600e433df72b4cfde93d7880e3114917a3cbe","sha256":"a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d","sha512":"6cfb3b01eea956f84e4a221cc940a547bfead8e02c462a2fc38bc0917fb325bc374a101e7aa7b3ab9d11208708511abb39adb4ad6da7daaf9fc9704d714f65af","ssdeep":"768:UCI7dmuMFAAJG4dlQKNORpnXGAtep2lcwJeL+wr2RSGc7UuHjRUQuFBt33:PITMFC4dbMVRSGcgRDV","tlshash":"e7137346b3202d2a869b61a0663f160bb23a241ce414547d7d79e6de6d7dc8c213ffbc","size":44342,"data":"","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-04-05T13:51:39.906924Z","times_seen":48318,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"a86d43829a8e9a0d0948023f44e778cb","sha1":"1d6afb4426497fa9d3fa668558dfead7eced3c08","sha256":"9fb9ae5431d73c5071267b28d737261226f5fd4af7e7d11a80c16e765007e167","sha512":"5a7087f23a2405d519c412ff582ffa76dc407366c1da657123979b32b75d0c54ba97afd5726ec1ec35ec278a05b0c7aca4f1471d65c068109bd6a63c0696a7fb","ssdeep":"","tlshash":"d2516a04f4f266b3486f7024379f780425ab80175f69d831ba8f9b921fb896d7942297","size":3017,"data":"","first_seen":"2025-08-10T04:50:48.450307Z","last_seen":"2026-02-14T20:10:33.32318Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/crypto-js.min.js","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a39fc84fa7659e1d898bbcddf20aa989","sha1":"5989527a378b55011a59522f41eeb3981518325c","sha256":"bba05a999896e6d09e9a37b69ebb5e282d8aa0b20a5fd94a3d2a6f0a43a16a6c","sha512":"665d64fdbb39474cf3c00c3e931ccc8781e3a42d98d9fcbc42ef31a14500e265d362d82aea85ad2d450c49189a259fe11f487013b96872058ba33bec919ae7bf","ssdeep":"768:YMHGOB30cm8vOjKPmKW4V5SYirM9OT81sEyHhOvhJ:Oc30cmBKPmKWC4YVEoJ","tlshash":"6f232bc5a19ca09193eb65d0483f704bb0633676061dc698f264f8deacbc5ead03ad7d","size":47943,"data":"","first_seen":"2023-03-07T14:29:14Z","last_seen":"2026-04-05T07:23:58.034592Z","times_seen":1907,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.macpaypal.com/static/gq/yinni.jpg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/gq/yinni.jpg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 16 Jul 2025 03:06:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877171b-821\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2081,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x134, components 3","md5":"fd6d96bca8d7342f7520ba338a5b0613","sha1":"f88ba0dc6aad2f2635123e50a4966eb123a3254a","sha256":"cfff9383ac8b8bfbe99af27e4286787cb41e0d5b89c32b5c5b5b687d93bc7789","sha512":"21890eb72b1b9116c7b2568c8cc9df52a120fc11e567a4a9d5c48143d870e5c2673a6642ce9b3841cead6ef76e8f88c4cfd7082dbca4f9e6bd37a5be3cdf46e3","ssdeep":"","tlshash":"124149fffb39568bdce94ebd5b637434cc2955ab58123b9ac2d0510892f23b0e711164","first_seen":"2025-08-10T04:50:48.407065Z","last_seen":"2026-02-14T20:10:33.295028Z","times_seen":5,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":586,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/payment-options.svg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/payment-options.svg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 16 Jul 2025 03:05:23 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716f3-36a47\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":223815,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"07b12882e4044cb11282d9e9ff50a771","sha1":"30db65b2024f6e7418d9a59e296215af93ee4671","sha256":"0c3734b0419219b083e949dfb76df6ccb9ac541260fe7e50676d418f12661c07","sha512":"da3bfbfbc7a880515d55e6cabbb1130693db0fe06b89495fa5d6dcd144ebc1dd182067e70b78a63eb53b727502994b6cf00e02397d7d6a56a1da59e348995dd8","ssdeep":"3072:EgU1KGTlWtY7Wp/NEL7ueQqP+a7izN8vjoiub8CcPB6jJ5rgboQ:EgU1KwloY7Wp/NEGeQGzOy1u46FjQ","tlshash":"8f24bff323e08bd99c9087449fe49a89633de5dab0b301c0b75715669da2afb703ed11","first_seen":"2025-08-10T04:50:48.353926Z","last_seen":"2026-02-14T20:10:33.308671Z","times_seen":5,"resource_available":false,"data":null}},"time_used":562,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":562,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/client5.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/client5.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771704-e63\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3683,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 216 x 71, 8-bit colormap, non-interlaced","md5":"70d7e0743be4914f8d73b0a2b7257414","sha1":"2a3e8764afa2f969b9247b4d46214fd06f0f7af9","sha256":"a260610e877ffbbb00b78264b6649db80c4bd16668392033101d4d35ae6169f8","sha512":"936d6e65fc36bd8a9ff8a4b525ba805c08a3ce96dd5e4da94a3a87dc185186878e4904fe3a7f1978f92930886c3c47eed385e33648e896c60807370d03a86cc5","ssdeep":"","tlshash":"1a712a277aeac66d76137232414b9f93df9305952e47239f46a4d030cf45866185adf0","first_seen":"2025-01-02T23:48:21.383454Z","last_seen":"2026-02-14T20:10:33.297499Z","times_seen":6,"resource_available":false,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":554,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/success.gif","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/success.gif HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/gif\r\nlast-modified: Wed, 16 Jul 2025 03:05:27 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716f7-4745\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18245,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 130 x 110","md5":"eb1b4e6632b9b536d9233c13663de338","sha1":"fb7cd81d486c7c4e3d4902b9695246ddc1e0d9eb","sha256":"25556b7be399fc1e2bffcf6472264ba1152297da297de4a9e219230e656d0b6a","sha512":"6740cd0e1876e54315d03e0be19f91dc33adbc68547d6c107ab8427bf7fc137bc710fd79c78701c89412c8b9524549241e410b51077c7c54076c68667eacc233","ssdeep":"384:kTLrJeGNVlQuCKFWEAThCvoJ7Cd17F9FPVeNyfRD:6FfiuCKFWEW0v8GxxfF","tlshash":"df828e3fc04c4a86f42a69f53866992b4d7e09d48ceed5b2b4cdfc0225a604d85d8ef9","first_seen":"2025-08-10T04:50:48.369588Z","last_seen":"2026-02-14T20:10:33.2786Z","times_seen":5,"resource_available":false,"data":null}},"time_used":550,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":550,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/logo-nn.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/logo-nn.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716f8-13ce\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5070,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 140, 8-bit/color RGBA, interlaced","md5":"8b61deeae29476d3500a8b2a872ac185","sha1":"bb7f508f9a4caeeb269c3ff87b4bb8e9278efe83","sha256":"ff0e6f01d8d95d20608118a8f60a99948f046a12a423d1c60055cf5e97f2a1f7","sha512":"dc88d9b814b27dbc18aa2f201b0eb1508f00f7e7a70d1efb6010e4f4649d13129ad4758315603eae7539f1ad3fdd472e933890390e5219322dabda1e04045dca","ssdeep":"96:7zhcA9V12rQxggv95gggg99nik9xygggggggggV+I6w/phjgggggggggggggggg/:loQ3Vr9nikxJr6Gpg/hepHPoa","tlshash":"f9a10733c3b9031bda3a6734525143a52a398ced99bdb4098ae47c1ab33f5dd7860602","first_seen":"2025-08-10T04:50:48.403113Z","last_seen":"2026-02-14T20:10:33.30469Z","times_seen":5,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/footer.html","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:15.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /footer.html HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:15 GMT\r\ncontent-type: text/html\r\nlast-modified: Wed, 16 Jul 2025 03:04:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716d9-d63\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3427,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"8a1c56ffe97c14b7fbb71cb5553e740e","sha1":"2904d425c5a588af474661144e0df2cc337293b2","sha256":"c97380e5b3efc4238afd56c7029c52cf4eecd76d8a5a08cf933fd09be6c7890a","sha512":"a907f34c9160b483f7a8f886fd5ca6a5a3831e913500ad0f416cbd45def6439c137e807dac4648bfe66b2ab2ac0fbfd8fc15c9c517561a45ea5da8b3ca5e6dde","ssdeep":"","tlshash":"80610f291ee10c35908640a37660fb599eb67207b08a651036fe48d13fc3e9e8a467cd","first_seen":"2025-08-10T04:50:48.431052Z","last_seen":"2026-02-14T20:10:33.269226Z","times_seen":5,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/image/curve-layer.svg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:15.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/image/curve-layer.svg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/static/css/style-v1.bundle.minbea6.css?v=7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:15 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 556\r\nlast-modified: Wed, 16 Jul 2025 03:06:00 GMT\r\netag: \"68771718-22c\"\r\nexpires: Fri, 14 Nov 2025 03:22:15 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":556,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"57c8bf2e49911ee8601c35d310cde416","sha1":"dc0104ec1105c5f30daf338d82d5b51a877eb222","sha256":"db8982624179d5e07e937ec6f66c807e45bbfc377ea7642c49222799b1372ae9","sha512":"fe40ea83edb9c179fced33cb73cef56e086f65d51198031ca1dcd13aa92d516a9ab9507731828a68a77d680e332369a9564b46f90b9b76445c709dc6b0b91c3b","ssdeep":"","tlshash":"19f0c009c625ec7d9555e310b3f862c253b0608ad2840cdcaaea38fee3958e45657fe8","first_seen":"2025-08-10T04:50:48.440993Z","last_seen":"2026-02-14T20:10:33.3095Z","times_seen":5,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/xf/kny.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/xf/kny.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:47 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877170b-90a\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2314,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 268 x 179, 8-bit colormap, non-interlaced","md5":"0bd95ed943c3b844ddbcdf36444f33a0","sha1":"1ce69b631c73cd13e45b2d977f2aff8964410545","sha256":"dbca2bdb28fc7c0461d8cbc0aec3248abdd4809d8bbb279e9823e0aaffadb7e8","sha512":"c9f5ec4d40ed592b15d3613ea457b282008669bcffa20138c336ec30181a4d9c1f38a52e0959a83545870d6f81fc2ef9807eee8fc6370c604ed146ed96dfd6b4","ssdeep":"","tlshash":"ad41e8f7c48d44185bb579f7244cc4f38339510c1a2651aef7ecbd426c96a5844369dd","first_seen":"2025-08-10T04:50:48.375908Z","last_seen":"2026-02-14T20:10:33.307101Z","times_seen":5,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/gq/bjst.jpg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/gq/bjst.jpg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 16 Jul 2025 03:06:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771719-377c\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14204,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 22.2 (Windows), datetime=2023:08:25 14:43:52], baseline, precision 8, 200x131, components 3","md5":"345e06979faba1e563a5df6571b61c64","sha1":"d5cb201681665c6732b47fcf7f23c7a3a3a4e664","sha256":"8b34e5f9747e4b727b931dbb28f70c78826c2dec0a34fd3f24dc0b0c24abca72","sha512":"1cb8c3b39690f9ce236b5577ecb3a82e3883cd4372e8dd71188d5ca9262a5ee6de21be307533dd733e676281c6a77fbc4bd9a9a51f2407e1b2702a8035d26279","ssdeep":"192:5zH2ULRD28y4llRXzH2ULRPknmjX1ZcM17obyWUA:lHPL4PifHPLCnG/sbyWd","tlshash":"63522a387eb18ea2f8d542359496db9ba3219e80e7977641b89d32c53f71bc18c4d307","first_seen":"2025-08-10T04:50:48.336872Z","last_seen":"2026-02-14T20:10:33.289702Z","times_seen":5,"resource_available":false,"data":null}},"time_used":396,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":396,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/xf/orange.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/xf/orange.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877170d-1c7a\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7290,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 138 x 134, 8-bit/color RGBA, non-interlaced","md5":"6d1b64de5e910839b0741ff992b1db4b","sha1":"037413ca4840eb8366945b81df3d762ceab1ef9e","sha256":"74c1634cf310442d0bd197fa73972c3526dfefd67183e6d3a68565490a901bd1","sha512":"6472fe12b63cbdd7521797332ca75a1a1433f24144609675074896e4a516f314158829be6010569c8130cce6051e0b26ba42d92eccf4b9b8830f071490564221","ssdeep":"192:HSat9jSZ4W0VCe2Iybb0iyr6kKJLYIRbQ3aNAQIqe:yafi8TZybQOF/RbIaNTe","tlshash":"72e1b0f980138cbef92ea1413b57fb40439f0598c492a21e6c98c4743c07ba508cf1f9","first_seen":"2025-08-10T04:50:48.373177Z","last_seen":"2026-02-14T20:10:33.314794Z","times_seen":5,"resource_available":false,"data":null}},"time_used":585,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":585,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/120-payment-methods.svg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/120-payment-methods.svg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 16 Jul 2025 03:05:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716f6-14513\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":83219,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f42bee6a2055004a359fecd53adaffd7","sha1":"8d8e2a1f2d9c2b0dccdfa653fbb7fa494c05c808","sha256":"a5df7a03b2a4ff37240d10e3bf1b88c137535add4f6aeda42767fa7b56d3daac","sha512":"c4ac6cc892ccf922b80965ef050684402b0fcec3b3791578faa93f2c6c8cd43ac942f8e75f2f8a4e243b364df26f7d723837e57c3c7f8302d0f464959c0ef3ca","ssdeep":"1536:5bimSOLejE8pu2M6WYa5iiBQocXr8UI9VA2D1L:ZeI8A1FRBQHqL","tlshash":"2b83fbd139e888896d640740dfe89cd8472ee2cf516728c6f36d243b9fb12a921cf765","first_seen":"2025-08-10T04:50:48.428034Z","last_seen":"2026-02-14T20:10:33.262205Z","times_seen":5,"resource_available":false,"data":null}},"time_used":563,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":563,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/pci-dss-graphic.svg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/pci-dss-graphic.svg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 16 Jul 2025 03:05:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716fa-5a72\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23154,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"120949ef1dea690738b18226d33a3c7a","sha1":"54ba4da8256d95bf77c25c3b70a2a14651041901","sha256":"25d8e72f1b2da786548a31a0988710de707ef48b9df8a1f49fff8b70d2204fc7","sha512":"aac1eb0dc5d366f81a78b17611d9f0a842894dde9525ea1b6b96b11177c46500f4b1d232d404050d0af4ec9db5d0e4268e45f35106619c57086aae7491d72185","ssdeep":"384:d4/npmTfd1FkIZhtVsimKBQ6UO72GaIOU43M6BR9b:dzD6IL/daMSM679b","tlshash":"fba23de134f588c158705742d7c959e8893df2df22a318d9b35d20b79f7296a328fb21","first_seen":"2025-08-10T04:50:48.435257Z","last_seen":"2026-02-14T20:10:33.312089Z","times_seen":5,"resource_available":false,"data":null}},"time_used":561,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":561,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/css/style-v1.bundle.minbea6.css?v=7","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/css/style-v1.bundle.minbea6.css?v=7 HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 16 Jul 2025 03:05:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716e9-35c48\"\r\nexpires: Wed, 22 Oct 2025 03:22:14 GMT\r\ncache-control: max-age=604800\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":220232,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65366), with CRLF line terminators","md5":"bd8e76b59c19b4b99f220758941c69f7","sha1":"b4f96764c1af3c124153b5a18c19240ed3b2d315","sha256":"c37bd357fe4876cfb2dbe8afdd6c1c079a499bd5c98e4ffdb5a886bc8d9ed03b","sha512":"f396f5d2bc8d677caa1f82913633c44e24538d45272b5e2c0997bc6476c9109e05861a74de7b8c75d33be511d0be660dd0ff8c81215efd3ae497150a5d747f70","ssdeep":"1536:pw/A1gIuiHlq0m48lNbNmWbmpl4H8bDzsr0eVQPRMiQThSycwTymBQTuvjvur+06:FdngGOgfyBNhSycwTymBQTuvjvurnLc","tlshash":"f124c960f5103079b227c5aab0e1fe9935299052e6174ff7f26f35a88b851cb1633f1a","first_seen":"2025-08-10T04:50:48.381559Z","last_seen":"2026-02-14T20:10:33.319387Z","times_seen":5,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":549,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/xf/wave.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/xf/wave.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877170e-1ffa\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8186,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 138 x 134, 8-bit/color RGBA, non-interlaced","md5":"0065d4c6bb043cba79cadc1a9b983467","sha1":"dbccc448c77733d343f4945e003a1852830f02f5","sha256":"d5e80b2418d3afff7d05ee5a120a50cc4fe18d20d5626386a306d23799436e0d","sha512":"27149d1e6e24bbda632ade02e3ad0a7cdaaf5558c8809e4e00bb43910c28f1cc036bb87c83cb92cbebf501c7e1f3f5093ef11feed99c244d95d40393a7d2136a","ssdeep":"192:k4cLwAJlj/wGv6V3lW1Q1KPwgM5c0j7pp6n5NUc:k4ckADjtZQYwf5ctEc","tlshash":"99f1d083ea1bd0a5c7e8b7e156d82963b607c98001e0c8ddf5c68e9283fb1f6a4d0346","first_seen":"2025-08-10T04:50:48.364419Z","last_seen":"2026-02-14T20:10:33.301974Z","times_seen":5,"resource_available":false,"data":null}},"time_used":567,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":567,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/ltt.jpg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/ltt.jpg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 16 Jul 2025 03:05:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716f5-6e7\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1767,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, progressive, precision 8, 117x56, components 3","md5":"2e5e0934c614fadd5dad515dbb1e1a7b","sha1":"5ca14157d36c9231bcd79caaa37ab899ef702c7c","sha256":"e809ae8cb00f98d7cd82e6c2dc0580d51b547ec8c307fc56b51cabfd8396f134","sha512":"d4e4b0e991352b1856b8f2bf4e17238aced8f49a766dc0d1b3467b2ea1505d59f257ae070ea2f44cf16566f9cc9da86b6230cc072a90e753c9b79130c6dbbc82","ssdeep":"","tlshash":"e231d630f6e95c1ad7247cb682b0296bb56b2d1131ed4ad30ac561191f7fcba4f8a045","first_seen":"2025-01-02T23:48:21.337558Z","last_seen":"2026-02-14T20:10:33.264174Z","times_seen":6,"resource_available":false,"data":null}},"time_used":558,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":558,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/client4.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/client4.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771703-10a8\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4264,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 215 x 71, 8-bit colormap, non-interlaced","md5":"99684aca945ffdd66821241eba4b9537","sha1":"0a281334d806fb6360782d3728420e7b4fb96729","sha256":"74cc5663cbc71efe7b90fefdf9936ef666fa6561d7ddcc990c812929d9e44213","sha512":"6159c5a93603ee52a7f858a4ff465252c70ef4552c0859fce4a9cfd4c23fa79d07403c5cb4b09daa8ca45e850eeb78a4944a012246108521813e71815e7b94f3","ssdeep":"96:Aqa9SvTtBas3/5DGTvw4Yg3uS4MfxFeY76ZkjMWFK4t5k+rM:A3srnHlGAg+2f76ZxCk5","tlshash":"3b915c99f20e2e369ed0525b9c79c3ea7e892990711e5701b23e0472f9bfcc63574286","first_seen":"2025-01-02T23:48:21.339226Z","last_seen":"2026-02-14T20:10:33.287611Z","times_seen":6,"resource_available":false,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":554,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/client7.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/client7.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771700-d71\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3441,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 216 x 71, 8-bit colormap, non-interlaced","md5":"4dc27e9dbb288ab8d8485c355789f3a7","sha1":"1829dc05a22b91186b679e4a0e5f0e94230ec267","sha256":"a947ba6ecee8cf2c8cc6a06578cd3523dd21d25921e6c7439111b27d23c8cd3e","sha512":"30ba91c0d00f42d2315350d3f4f4144c2f069499fb26dc61554e4822e55e95fc78393cae7f91e3b2d8476ad4a20a8de73ba9bc1602d7425d7c6b2fd0284d6713","ssdeep":"","tlshash":"80616eb66302e74038591015ec1c24fbd5106d57641ec9a93b79f685bd7fe58380d4fb","first_seen":"2025-01-02T23:48:21.332064Z","last_seen":"2026-02-14T20:10:33.28861Z","times_seen":6,"resource_available":false,"data":null}},"time_used":553,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":553,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/crypto-js.min.js","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/js/crypto-js.min.js HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 03:05:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ec-bb47\"\r\nexpires: Wed, 22 Oct 2025 03:22:14 GMT\r\ncache-control: max-age=604800\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":47943,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32008)","md5":"a39fc84fa7659e1d898bbcddf20aa989","sha1":"5989527a378b55011a59522f41eeb3981518325c","sha256":"bba05a999896e6d09e9a37b69ebb5e282d8aa0b20a5fd94a3d2a6f0a43a16a6c","sha512":"665d64fdbb39474cf3c00c3e931ccc8781e3a42d98d9fcbc42ef31a14500e265d362d82aea85ad2d450c49189a259fe11f487013b96872058ba33bec919ae7bf","ssdeep":"768:YMHGOB30cm8vOjKPmKW4V5SYirM9OT81sEyHhOvhJ:Oc30cmBKPmKWC4YVEoJ","tlshash":"6f232bc5a19ca09193eb65d0483f704bb0633676061dc698f264f8deacbc5ead03ad7d","first_seen":"2023-03-07T14:29:14Z","last_seen":"2026-04-05T07:23:58.034592Z","times_seen":1907,"resource_available":true,"data":null}},"time_used":551,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":551,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/hblogo/tuyou.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/hblogo/tuyou.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ee-daf\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3503,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 152 x 31, 8-bit/color RGBA, non-interlaced","md5":"77b2c4d88358800a5f635d0a5b364efb","sha1":"cbc85372498a56623073d818511ac6519a6dcdd1","sha256":"d74febf41efc00b077f230654f4e866ca48470a2af1eeb888d59026fcb9d8dbe","sha512":"1afbe99f5b813050098ba1eef407726a77030808ca540811e254758c27051fe0e0e7bc44a43642f81591f37dd68e38c250f05356eda375ac421836680b290ae6","ssdeep":"","tlshash":"96713b4da0569804db9e9a4054f9f552af3e8d408cd0e0c83a8fdc5f4622372a766a9b","first_seen":"2025-01-02T23:48:21.32867Z","last_seen":"2026-02-14T20:10:33.316688Z","times_seen":6,"resource_available":false,"data":null}},"time_used":559,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":559,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/favicon.ico","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:15.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/favicon.ico HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:15 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 4286\r\nlast-modified: Wed, 16 Jul 2025 03:05:10 GMT\r\netag: \"687716e6-10be\"\r\nexpires: Fri, 14 Nov 2025 03:22:15 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"5cbc5a1e8f0eb7c7a463209fd77c52b1","sha1":"fa57d02b2e3ae1264d306fcd14090cd69f8a9809","sha256":"5c46ee15c930f3d8313e8d905db481711d0e0b2daa4f3424fd741e2c6b4d5e36","sha512":"a84e9254dc2e2ca1b2853e059710d8d9a24455a2622032b8e17a1fe5ea2414053d05eff4797a4924f3208f4a50e26f5197126212dbcea75f1f17831f11571b22","ssdeep":"24:subr8vMAv/2ulUz9QF99CDzIKFmQ4Kxo6WNTNFR7fRmTj6En:dwJ/28z9OxV4KxoDNXR7feOEn","tlshash":"f29129525830284ed6695fb8688663fd8bc69926f3cadcc171d075d07072ca038d6779","first_seen":"2025-08-10T04:50:48.422781Z","last_seen":"2026-02-14T20:10:33.292717Z","times_seen":5,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/gq/taiguo.jpg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/gq/taiguo.jpg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 16 Jul 2025 03:06:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877171b-82d\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2093,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x100, components 3","md5":"aa0156c2d89e1a3f20c3065c3ab80d76","sha1":"aa55fed9167dbed090268b7d6e0b93b7fadb175b","sha256":"ee9d0b30ebd8229e1c4a7de7f171ca4293c23e28350fc1d39d8624f68a527359","sha512":"2dbbcea4a0261950a7d0b6f37b5dc8369cea61fc9d5bc0f20b9fd8f183a80ed07c3f6e5829a7ae735c85e27d5b2e44b26b194ab63c8e09011d873d07a8db7cf1","ssdeep":"","tlshash":"2041eafaa72c8c45df0217bb4c6156a171c80230deb7847b408c6cadd5a5cb90d58378","first_seen":"2025-08-10T04:50:48.405206Z","last_seen":"2026-02-14T20:10:33.280817Z","times_seen":5,"resource_available":false,"data":null}},"time_used":396,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":396,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/icon1.svg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/icon1.svg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 16 Jul 2025 03:05:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771706-538\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1336,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c0209f2e9f33489bf153c196d0cd03a6","sha1":"5c3772564a43af98fad53d6072d5bfe5aee5c782","sha256":"e032ddd33e3a955388594c6f6664b1dc2f8d00d09b906d376f1349b7aa668b8a","sha512":"55a0aae84d104e2cb5f2d870ca84f09998b3b1320ce885e94d9526771975503baf896a041469b1b3b4d57aaf409ccdc926c750f65a2e1bacf3643d318799341e","ssdeep":"","tlshash":"8121cc76a2599c5fe531c07ccbf9589162b7b5a2d110d4f062f33a3bf12e8d61a0d2b8","first_seen":"2025-08-10T04:50:48.379141Z","last_seen":"2026-02-14T20:10:33.286634Z","times_seen":5,"resource_available":false,"data":null}},"time_used":566,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":566,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/hblogo/yihua.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/hblogo/yihua.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:19 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ef-2463\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9315,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 165 x 46, 8-bit/color RGBA, interlaced","md5":"742fbc4d63de16e6da82624e4777dd85","sha1":"ec8e18db6a0cc78372562e901b5514c02eea674c","sha256":"8cf56eb7dfa3a85a0092dcd9b8da8578a157d03303fc48a735d146d6e8b29a54","sha512":"1f895f0f581090905f8d187cd79e8c755e5ae2176afba805103ce3a734d002c4bd69ad0933a238a7fbe99e291f075eb6acd6214325a40b5fbb26c511468e5078","ssdeep":"192:zIIHUCD4wa6XgOTyXBZJQpeSlnn9g7yHNaFQO4BFvXRK:90wXLKBjAFha7aGQrvs","tlshash":"0112af08c4c24c96b5aa09923caed51788254b40d5c9ef54b6ff921b833aba0b458ddb","first_seen":"2025-01-02T23:48:21.347105Z","last_seen":"2026-02-14T20:10:33.258916Z","times_seen":6,"resource_available":false,"data":null}},"time_used":561,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":561,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/script-v1.bundle.min.js","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/js/script-v1.bundle.min.js HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 03:05:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ed-3159b\"\r\nexpires: Wed, 22 Oct 2025 03:22:14 GMT\r\ncache-control: max-age=604800\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":202139,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65515)","md5":"02c0f86312fc556a219c524d3ea2ef14","sha1":"ab2d9e56ef551b7b80aceab64ea3a10212901b0d","sha256":"2f6b66f3ec23bf80d45c310fc2a5d8c2121f93171cea3804c6586031a7e6bc99","sha512":"6b0b4fc842cb522e2ec61172babb1409c708e27f6f344a6cda37d73a36d5eb44d45555fb6bb31fb72fe46145e86433c89bb59ef564cf529c03d0b825c6464cd5","ssdeep":"3072:Mkn6x2xe9NK6nC6ZY0G64CEof9egf3EUps/Y0o5a4aF4p3:Mk6oxeeQPZQRCEof9egf3E7A0owo","tlshash":"ad140a8db291717203afb1b6106f420fb236246d6849806cf169d8ea7cb8d4d617bf7d","first_seen":"2025-08-10T04:50:48.385645Z","last_seen":"2026-02-14T20:10:33.268141Z","times_seen":5,"resource_available":true,"data":null}},"time_used":552,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":552,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T03:22:13.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:13 GMT\r\ncontent-type: text/html\r\nlast-modified: Wed, 16 Jul 2025 03:04:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716db-c865\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"crypto-js","description":"crypto-js is a JavaScript library of crypto standards.","website":"https://github.com/brix/crypto-js","common_platform_enumeration":"","icon":"default.svg","categories":["JavaScript libraries"]}],"data":{"size":51301,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (503)","md5":"6f7874e8e6a6d572b28b87232a6f2ca2","sha1":"694502164316d0cc0a5dcd583430980cc9934865","sha256":"cc9c34f1e90c26c37bf65a2436fee2ab95f7f8b5e9ca2a6d9c428734ded17797","sha512":"922941640e087d08b49a92dae501b0fb6e3d3d1dc2f881a235920ba7a9c1cd8f37c6bfc8edf4c117c1edd95c9eaaf57095fe2d5065e6839013f4565ca55dfed0","ssdeep":"384:4Aj2IIIbCd45SDOwoTwjH+YthuXov3H+6f+5+fp1Tss9q6Qd9Gf3kcdVkXx4vxLW:4pIIIbCdX5TQQqZGf3kcTxLF8","tlshash":"2533423051f19d77405650a2b6219b766fe19313e6472a0072ff0ada2fd2de98f0b36e","first_seen":"2025-08-10T04:50:48.417287Z","last_seen":"2026-02-14T20:10:33.310385Z","times_seen":5,"resource_available":true,"data":null}},"time_used":1220,"timings":{"blocked":413,"dns":6,"connect":198,"send":0,"wait":395,"receive":0,"ssl":204},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/gq/yenan.jpg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/gq/yenan.jpg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 16 Jul 2025 03:06:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877171a-507\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1287,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x100, components 3","md5":"fd99a1d1d9bb6e7e678795de4c41755a","sha1":"81ec68c1d9226c69263017635563a6e624e449e9","sha256":"f86fdb1da6eb50ace9ec10a89b4c4c5683a0e9b939068e7852d1c19fed8beb83","sha512":"3e2ec92c22bbac91b176ce897677e1dfb04ba44554afb256ce518fabc161b0f3302f9c1c9a3a8b06726a9ecf42be2e85c1922b841ab7993c6dbef531b245f3b8","ssdeep":"","tlshash":"6921f988bb61ae1bff317a309f8134f0159052fd9062ac7aa4f03c484820df02e95344","first_seen":"2025-08-10T04:50:48.397642Z","last_seen":"2026-02-14T20:10:33.307913Z","times_seen":5,"resource_available":false,"data":null}},"time_used":395,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":395,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/client1.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/client1.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771704-702\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1794,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 216 x 71, 8-bit colormap, non-interlaced","md5":"9b2c3c1d662af0d050f2dc6bf95029f7","sha1":"8f3708524b18fe73037035296f902031909c4546","sha256":"555d6ea04f41377b4fcdf165f59881011094effd5bb70bdc031aa16ac0333425","sha512":"656c21d0c0c98b8ca8331bd3be90b946cc2ceffacae40febc748eeda40db5a4922e3b715dfd804158a56eefadfd7e422f971f12896017525f2186563cf328ee6","ssdeep":"","tlshash":"5b310bc046b5a086deb5e255e044364a76604d31530d07e3d746d07b69bae80011f662","first_seen":"2025-01-02T23:48:21.335606Z","last_seen":"2026-02-14T20:10:33.30327Z","times_seen":6,"resource_available":false,"data":null}},"time_used":555,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":555,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/client15.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/client15.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ff-1178\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4472,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit colormap, non-interlaced","md5":"1a949bf800ae2bcec797801b85055540","sha1":"c263975557f3b69510aaf5167a6c28cf3b68f29e","sha256":"fec93b8a4e6ae8771bb593d60a632a15a2f932856b24d133dbed087966ab2f15","sha512":"f0a7e8ab0f639288251a55cef767c72d3c368979d53602e796e65f1ec25f7b4a82279c83e762a6ac88bdf6150139a37aea2dd9469de62a2d9e073baee4fcc310","ssdeep":"96:CJuIwdWe1X9rH5Lw0jItpopNvUwkjNW/OJksQEgX7z+DU/DBBLw:Nd7tq0jIGEJkjEcvc","tlshash":"7e917dfaf4a8519afdbe8b059f833d85653381f034743880f452c59aaf786318860168","first_seen":"2025-01-02T23:48:21.342962Z","last_seen":"2026-02-14T20:10:33.312993Z","times_seen":6,"resource_available":false,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/jquery-3.5.1.min.js","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/js/jquery-3.5.1.min.js HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 03:05:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ec-15d84\"\r\nexpires: Wed, 22 Oct 2025 03:22:14 GMT\r\ncache-control: max-age=604800\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":89476,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-05T13:37:54.928527Z","times_seen":218061,"resource_available":true,"data":null}},"time_used":552,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":552,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/font/fontawesome-webfont.woff2","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:15.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/font/fontawesome-webfont.woff2 HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/static/css/font-awesome.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:15 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 77160\r\nlast-modified: Wed, 16 Jul 2025 03:06:04 GMT\r\netag: \"6877171c-12d68\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-05T13:47:03.454986Z","times_seen":413210,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":266,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/xf/gn.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/xf/gn.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877170e-56a\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1386,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 255 x 170, 8-bit colormap, non-interlaced","md5":"97944233267b0d27deb003295e88a4bb","sha1":"04a12b216d306ca79c76e58d141b6b2b363f63c6","sha256":"4125d2e9a04728f87906704000f11d13ba4935c29acbad2cdabc53b9c1d14c1b","sha512":"891cf9401ad70c92e621dea5b537ff0303dbce225c256cd29ad3ab6b79aadd7d1f4644b2a8e41b51e6276ed1afd7a67beeaca3bcc55e6105ae9f2af73291f627","ssdeep":"","tlshash":"b621d88889f20b22ee1f2275c70d5b679a03482fd62b437268a1c01ee88577998e47c0","first_seen":"2025-08-10T04:50:48.345673Z","last_seen":"2026-02-14T20:10:33.285627Z","times_seen":5,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/gq/yindu.jpg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/gq/yindu.jpg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 16 Jul 2025 03:06:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771719-889\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2185,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x131, components 3","md5":"587eaa5856e584866dfdc8acc73e593a","sha1":"e6c481a13c93c6ecfa828d2c55ba11e25eb83615","sha256":"916d0eeb2ec36a90af3eb2b9adabe0b5a07e6adf846fc08327b825cc4d968b39","sha512":"de380159c2056b16f0f6c45b766e10f4c78e85c377b1038373577061f90d6c87684e826a65d5b4dbfa81283399ba075e3ff90d2463f4d5c21550527c8b99fd06","ssdeep":"","tlshash":"7641b6170e0cd512e333ceb4ff6662240a6f5d461fc2de798880aad94e08e768cb1963","first_seen":"2025-08-10T04:50:48.371572Z","last_seen":"2026-02-14T20:10:33.273529Z","times_seen":5,"resource_available":false,"data":null}},"time_used":396,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":396,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/icon3.svg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/icon3.svg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 16 Jul 2025 03:05:41 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771705-661\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1633,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a6d4e543cde0f161215ae16c9318979f","sha1":"099355110c408b40cae64e20980933d838041753","sha256":"0cfe1017760ab6915572daa438efd6cbd7104079e97228ff39f242a263f5245d","sha512":"97713f91248385999dad7232ef254ad880cc99b2066f1148c39983dde91a0a2ffd5564865e48990d554d8bf1c45d2d10f01c5c74cee94a58940d3d146752dab6","ssdeep":"","tlshash":"ea31f13b96546d35e320c38fc2e0e965705aa5d5f183a0e89fc7baaa1c22cd3542ca55","first_seen":"2025-01-02T23:48:21.348174Z","last_seen":"2026-02-14T20:10:33.270171Z","times_seen":6,"resource_available":false,"data":null}},"time_used":564,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":564,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/fh.jpg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/fh.jpg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 16 Jul 2025 03:05:31 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716fb-11bb\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4539,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, progressive, precision 8, 309x131, components 3","md5":"5c04377998b4894b1850b1d7d9455ba9","sha1":"0a086b319b82ee86d93ad3f637cf8aba477026c6","sha256":"eb9d30fbac2fd1a981b2d8e6eed6fcfa88f28c689ac4ab43dc0f9de0f0dc626e","sha512":"ad333bdddb430d95a6acd50e14931aafa57b60cde06b5c305657d4cfbc0697a4e10c27e654cef6dbcb356b83d1984cf4ff9e1e034a3b836037f8b067badfb651","ssdeep":"96:dEaeYfZdXPvwhBcUMjc6QM0hAz7XPusjXlIQKK140XjFov5OaVGV0m:dENsGsI1hAfGsXlIQKKZXRjaU2m","tlshash":"89918f4d6f1f4427c46225fe5a247b3116b51d0d4e526f8e12186e143efe0e2fd4553c","first_seen":"2025-01-02T23:48:21.381685Z","last_seen":"2026-02-14T20:10:33.265876Z","times_seen":6,"resource_available":false,"data":null}},"time_used":559,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":559,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/client14.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/client14.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ff-7bb\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1979,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 216 x 71, 8-bit colormap, non-interlaced","md5":"6a8c53d986dd3fa1572307f4ba91835b","sha1":"ad17d449b5d8012a356627275754e9ed0faebc25","sha256":"5293cb2dd4532d4cfaa2db74b1b46f5631797841dac06065bad11e1f77be9452","sha512":"5a93c0348a473c9b7a4b5eacc46a91dc6d8c267983872956db81a088a3b000accf622ed07ba85ab1345912c0a213be9146c39de9b5e52b797ffefe34c6c6dd00","ssdeep":"","tlshash":"8e414cfd21a82f2e6d5151b65e1cd0838b67e0d806e334cc81b4b4b263a6cf0195f4ac","first_seen":"2025-01-02T23:48:21.341291Z","last_seen":"2026-02-14T20:10:33.277585Z","times_seen":6,"resource_available":false,"data":null}},"time_used":557,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":557,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/gq/baxi.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/gq/baxi.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:06:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877171a-4e2b\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20011,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 152, 8-bit/color RGB, non-interlaced","md5":"ec2d7fa8251d6831a142ef37e4ff10a3","sha1":"8aa8264ae3032a347d937ae55458804ab136c67f","sha256":"eba6b4b99cda0b43dd40117ca3856392137764a854fa89b03bcc090f64f7686f","sha512":"cabbf53d641ba941dc4a8daa6d551ec867812dd124cc3b66b5a1cd075dfe740771e0f9c68928c35b3e5f990f37f1688b486642e61d8d4dc18f34c9e85a393c08","ssdeep":"384:5LuTb7AS2aWGIrOfweg4MqNbG/8m8dDPB3QLzgIOEkYzdfrH3cwpf:V2ApAIr2/KqNbG/85dgLMANBDXcwx","tlshash":"fe92d05b1095d544be7a36e32239c40fa8a8e00f24dd1f31a7ac5e03d2f1c53699bdea","first_seen":"2025-08-10T04:50:48.389871Z","last_seen":"2026-02-14T20:10:33.313858Z","times_seen":5,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":586,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/icon2.svg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/icon2.svg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 16 Jul 2025 03:05:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771704-5cd\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1485,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"eb7eac57d819da5f8a187848babf6770","sha1":"78d5a16482463e635bd1308c8a928a661dd33a73","sha256":"9dcfd656f7e2a810cdd9fa1ff74b25a9d0b289fa4ae5f4acaef8d6cd4a7da0ec","sha512":"2df382171aa6de9304614e4afdaf8910150a9f5d9fdc8a0d60e212e00076b59bf7649c974e118dc645c284ab3c16ea4bb4216dd2befcfa570437f19154c93867","ssdeep":"","tlshash":"4c31ce3e831e9e3af455d3949da0710b1666d5d7f2c681ddef827d272c11cb38874a20","first_seen":"2025-08-10T04:50:48.442827Z","last_seen":"2026-02-14T20:10:33.281864Z","times_seen":5,"resource_available":false,"data":null}},"time_used":565,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":565,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/hblogo/club.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/hblogo/club.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:19 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ef-4d28\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19752,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 298 x 76, 8-bit/color RGBA, non-interlaced","md5":"4c226b3f85725d4180996907c5b00291","sha1":"fcb66c47b8d1cf3e1987fea2073ba81e89f7234b","sha256":"73ef98b1a7a731a5234ac97379ff68d91a15baa152cfc78628dde79424329cbe","sha512":"1d27a68a5598a33d8fc8f9ed8c71ed9c9f3a37b32a41708dcbbb2ed47e93c77ee391138231e1b797f94ee0eebd6044cb5c92d69fe9fb00a73081b713009ce63b","ssdeep":"384:sjh1f2GBGL0GJolPNDy2uuLKoQqpf5Vp0N+JeKIWktlr8G6p:sjh1f24GIGCPRXusRfp0NmIWrG6p","tlshash":"1292e1a4bc87c942d81bdba7119e263db1418112963bf8dd18cae046bf4577e21322ed","first_seen":"2025-01-02T23:48:21.34942Z","last_seen":"2026-02-14T20:10:33.315777Z","times_seen":6,"resource_available":false,"data":null}},"time_used":560,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":560,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/client3.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/client3.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771707-e87\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3719,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 202 x 51, 8-bit colormap, non-interlaced","md5":"af438d2a0180237e18776fcede22cf6b","sha1":"f3466c76dc5b9696116151090e9e2b3b26bce60c","sha256":"ba16fff6debf834da9d25760b73a489ee7d25197e7283442d9a36b3523773107","sha512":"3e4f90b62e0cca710f87732353e8c7c8bb10035ef95903a03eeecbad1a9f0195f1a9b6868a3d748c3dfe79ca2813c96f08fe47815d0629f67102f4651bd6d4e0","ssdeep":"","tlshash":"62719d615ad0ba0a12d53f9108331c010e4b685387d7d80c6ec23beb8ff5b7aa2bcd45","first_seen":"2025-08-10T04:50:48.396431Z","last_seen":"2026-02-14T20:10:33.271303Z","times_seen":5,"resource_available":false,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":554,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/owl.carousel.min.js","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/js/owl.carousel.min.js HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 03:05:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ed-ad36\"\r\nexpires: Wed, 22 Oct 2025 03:22:14 GMT\r\ncache-control: max-age=604800\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44342,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (31997)","md5":"f416f9031fef25ae25ba9756e3eb6978","sha1":"e2a600e433df72b4cfde93d7880e3114917a3cbe","sha256":"a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d","sha512":"6cfb3b01eea956f84e4a221cc940a547bfead8e02c462a2fc38bc0917fb325bc374a101e7aa7b3ab9d11208708511abb39adb4ad6da7daaf9fc9704d714f65af","ssdeep":"768:UCI7dmuMFAAJG4dlQKNORpnXGAtep2lcwJeL+wr2RSGc7UuHjRUQuFBt33:PITMFC4dbMVRSGcgRDV","tlshash":"e7137346b3202d2a869b61a0663f160bb23a241ce414547d7d79e6de6d7dc8c213ffbc","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-04-05T13:51:39.906924Z","times_seen":48318,"resource_available":true,"data":null}},"time_used":551,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":551,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/image/elips.svg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:15.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/image/elips.svg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/static/css/custom.min.bundle5e1f.css?v=2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:15 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 982\r\nlast-modified: Wed, 16 Jul 2025 03:05:59 GMT\r\netag: \"68771717-3d6\"\r\nexpires: Fri, 14 Nov 2025 03:22:15 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":982,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fd71b225475b1a9ca831eb20f481d416","sha1":"f28826595b89fe3b25b7a7e3f50ca7fd764ab831","sha256":"95772400be85b05bb30a1ae19f972d6bc4dcc3635bbe56ca88a89bdb257a9239","sha512":"3b4772aca7e3d114018530613acf83632953a75763c0f2cf0ec3de2d5bcef9b406a2703fc673b5c868290661104566755feb4e8ecc74e0c70d7d2e3fd884b1a0","ssdeep":"","tlshash":"1911bd9431b8d81409354544ebc63ec4ca3ef2c742b716deb1a834af9f704da264b375","first_seen":"2025-08-10T04:50:48.356177Z","last_seen":"2026-02-14T20:10:33.291464Z","times_seen":5,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/lxkh7b30.js?v=4","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/js/lxkh7b30.js?v=4 HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 03:05:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ee-f26\"\r\nexpires: Wed, 22 Oct 2025 03:22:14 GMT\r\ncache-control: max-age=604800\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3878,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"b323aebac5d517828e9a5525d2373b83","sha1":"db9ef541ac4d69827c232e97d05800c34ee19f01","sha256":"480162965b2a3e2591c0fe14a809ddb19632be8995560cef752eccfc7bf67543","sha512":"a2cff9af1d5bbeadb06cb69a34cc23721cb872e7a94536ab6f07b811d8e3d6ee5d704479aeb6bdcc89b247531742dccb31ac8d7cabd0414c00977f5c715f9577","ssdeep":"","tlshash":"bf8103e9c6415935809a9a939f4a320c31634077151bee527e6c932c3fc470b73e6bdd","first_seen":"2025-08-10T04:50:48.383346Z","last_seen":"2026-02-14T20:10:33.272349Z","times_seen":5,"resource_available":true,"data":null}},"time_used":198,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/logo-n.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/logo-n.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716f9-21f5\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8693,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 140, 8-bit/color RGBA, non-interlaced","md5":"6ff82da3d30814bbf0af239eb52771a1","sha1":"48ec268a85832920b0401241b4d094a65dd4b61a","sha256":"e5eca004a732cf6ebc5f33e1f80ec3d7dcb319732d3cd48b4829580e96d03db0","sha512":"5c849e8deee2b18b2eecd5a70b7d72f8c8fcb61b9ba9d61ac236251099ef9e1f80801570d2a80ea2f1b118df286ccf2fa648c7c0f7c30bb3b149789fd0c2efaf","ssdeep":"192:YpKq502X0HNus1PqGIgE1dAerf5b6xjCc0LTfqT4PvZS0t:k55l7s1PpEYsUuc0LmT4PZ","tlshash":"3602af9e7d84c9004e4aae03fe87a30df97426419b85155cb3dcad61914af2ffc2a74b","first_seen":"2025-08-10T04:50:48.377495Z","last_seen":"2026-02-14T20:10:33.311194Z","times_seen":5,"resource_available":false,"data":null}},"time_used":585,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":585,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/xf/mtn.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/xf/mtn.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877170d-4c77\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19575,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 138 x 134, 8-bit/color RGBA, non-interlaced","md5":"a6eaa76b70d854ec09b3feeeb3132990","sha1":"b0dde4876495093a54adbba05bad0d4df7a9b1b6","sha256":"a2860fc449aff1cac9c4867b7cc12497f328009dc20fd6ee68f0053f8e3bd90a","sha512":"bccd4c00f385af1c80ae9e9602a1d7706eeb2090f57c01cda1ab8d4f75d41c73317e32fb8aff261cdf63177fcf5350904f18c7fee43eb7246122a80364563da3","ssdeep":"384:y1nOG3OE262oUKnSVpPWaPWcpxT06ZVI1qxGreZa+fuvKCA4zQJSbAj94iuvn6:SnOG3T2hoUKSeaechu1qEreFfuyCA4kn","tlshash":"d492e01dec76a07c9f31c316a003a60146243ea678e06cf45facfb57a7416992d24fa5","first_seen":"2025-08-10T04:50:48.39145Z","last_seen":"2026-02-14T20:10:33.275153Z","times_seen":5,"resource_available":false,"data":null}},"time_used":584,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":584,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/client8.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/client8.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716f4-8c0\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2240,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 215 x 71, 8-bit colormap, non-interlaced","md5":"70b0cb5f3449808813658e7966178d09","sha1":"579776207934cc3c450099e0359674c8457ab57f","sha256":"a84d40f1e454f0c3d52a012225b2c03092a31aa70e944001cb4f911193b5a39c","sha512":"23023f97a210e897c3c4cace6a90c302fed5f31ad634b65324a7945a43f2a373719d1600b23fcd3693363db787f6d8caa97a6f56e62d75a9b40bf0b569ab5633","ssdeep":"","tlshash":"42414c33b3570a34848644191108f3f4a5a11a1c64ef670a377ce4032aef70ab6c84bf","first_seen":"2025-01-02T23:48:21.334112Z","last_seen":"2026-02-14T20:10:33.318499Z","times_seen":6,"resource_available":false,"data":null}},"time_used":552,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":552,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/cancel.gif","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/cancel.gif HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/gif\r\nlast-modified: Wed, 16 Jul 2025 03:05:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771703-37e5\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14309,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 130 x 110","md5":"b177387867bf57d74b13e8a3d218c950","sha1":"0e31544346a25208fd2cbb4f906ffa92be850f35","sha256":"e25129d32ba242417b0ef751bb88f024a1b769e5467b4acd3da70e2a6c83017e","sha512":"47f92e9556b1246687881c90139da90b84e2ab5c1fc204eaf76316f4f8b527a90957445cf3b7b9bc8da9e1349f6e19e1157c9711594e749566d05e73afe86963","ssdeep":"192:PX7F7YhzkycyWjfvW4PC+lqGSDLsJthzbp/1l04V3uS/dJ8OG2cVOCiTDbl:v6hzkRrLW4ai3zX6s5/dK86Sx","tlshash":"4f529dcf960c8d55fc832eb42c7b86ab18a69ad8d8f5e433b4cc3695735002d80dc3a6","first_seen":"2025-08-10T04:50:48.342288Z","last_seen":"2026-02-14T20:10:33.306147Z","times_seen":5,"resource_available":false,"data":null}},"time_used":550,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":550,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/xf/moov.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/xf/moov.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877170c-2290\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8848,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 138 x 134, 8-bit/color RGBA, non-interlaced","md5":"2577d26c289729651a20c0e17ac1fe9b","sha1":"8140078f9d9e12001dabe30166d5ffe878ccbf7b","sha256":"198b75cf85af80cc7a5aaaf3c4d4f9a723a053e2632bcf29b32b2c5b6dde64ab","sha512":"7a751b952696beba7dec1b4e049a36f6bc5d6850c83a7a8c85a105a7d8829e6761b21186cb203555b5f6ea16905ac287f8031fce76540edb7718e87842176cfa","ssdeep":"192:HSTfpv0WXK+ic1HhpbVD/00rbRIRSQKS2Asb9ML55HBdsr3hFPXT+uw:y7ps6KEv2uSKI69qBdsdFPXT+uw","tlshash":"7802beb235ab93789f5ff1570c1619b89d851a8dad6833726e2a7e74248ef7843200f1","first_seen":"2025-08-10T04:50:48.351217Z","last_seen":"2026-02-14T20:10:33.276338Z","times_seen":5,"resource_available":false,"data":null}},"time_used":583,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":583,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/css/custom.min.bundle5e1f.css?v=2","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/css/custom.min.bundle5e1f.css?v=2 HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 16 Jul 2025 03:05:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716e8-cb72\"\r\nexpires: Wed, 22 Oct 2025 03:22:14 GMT\r\ncache-control: max-age=604800\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52082,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (52078), with no line terminators","md5":"e5cf995013cde65a7e0ebec1aeed0d65","sha1":"cca71f14e41dc694a1ee6ef475f08e7b0885d3b8","sha256":"689f867e7c44b06c55d39353ddc6d52a550bcd0d35b7ab532b9cc36e72a45a45","sha512":"f9a5ad09a967fc6eac870531184a7126fa02ce1e86f66f7108257c06096a3a32a80e65c82bfd34e6c937bf72869cfba5e18b60caeffc5545555b2cf67f288c54","ssdeep":"768:QjY/u6xRDiNQO7ZOBdmzdkzYn1p/pxpFpFpZpzpipApHpwpnpnwGMixHq08SMg:QjY/h32mdz1wGMixHqvm","tlshash":"b4337232a685602db12bcaf6e091b5e9711ce403e3634bfbe9653536cac52e7173274c","first_seen":"2025-08-10T04:50:48.361433Z","last_seen":"2026-02-14T20:10:33.298988Z","times_seen":5,"resource_available":false,"data":null}},"time_used":546,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":546,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/hblogo/Becric_logo_1.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/hblogo/Becric_logo_1.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ee-1a00\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6656,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced","md5":"880dc9157e1642fc66073b58840edee5","sha1":"5e089ed1a503c716c8be871ebf651537ecd7ac8a","sha256":"7ca588879ed1c187abc1d0e8b661dcdbfbb2715f890ac926d57b585689faf788","sha512":"f63d7b232c436ae6323119e6cf3b780c2bef7b36426491c04aa1bad959d93a2986fc2a0fb8077d9cd847f96314e6198b338aca3f21185f1d24a63eec89f6e375","ssdeep":"96:XCkBKccijKCW9OGxuywgf+MTze6mYM3nZPwu4TTZw1ObtqQQbzE7x1KOQvCZSsAF:XHbKFOGLJyFKuS2o1x7KOQvQSpoS5ueX","tlshash":"41d19e9688c5c2a0535629722265a6f2f2d671ce5e057c15bc628fe8f1ed2f0ce2c2f5","first_seen":"2025-08-10T04:50:48.409187Z","last_seen":"2026-02-14T20:10:33.296097Z","times_seen":5,"resource_available":false,"data":null}},"time_used":557,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":557,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/js/paykun5e1f.js?v=2","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/js/paykun5e1f.js?v=2 HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 16 Jul 2025 03:05:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716eb-4cc8\"\r\nexpires: Wed, 22 Oct 2025 03:22:14 GMT\r\ncache-control: max-age=604800\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19656,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19656), with no line terminators","md5":"9267dff5c43a56d55dfbfedff1ec1a0d","sha1":"8c5cbda9fdbb58e8629d5dad83268f1e7f60e33c","sha256":"1e64a3126abf775c5f2170ab1d1857c0247a0aecd44ed1634fbb57bb26e0b7c3","sha512":"58dac5b75a09ee3f142298cdd64c4cb98c8a52f5b4a4d4c1f058e883328880f250ebab8a94265b7ecc6d39b0ecf098a5315d3be8e7fae2aa5b2e98a17bf22c6e","ssdeep":"384:iUBPaJoRDTzWY4bbyBTC5cGyUIViJO6At+PI/Wp91JWCmjaG8ezZipNJHe5EyCRb:iUBPaJOTyPbyBTC5cGb3HLpNJHQ94ZTN","tlshash":"9f9244447ac19b6e138e8baf76aed0c1f7852a926ac04d52d044fc5467ce323f9ca5f4","first_seen":"2025-08-10T04:50:48.399202Z","last_seen":"2026-02-14T20:10:33.283585Z","times_seen":5,"resource_available":true,"data":null}},"time_used":551,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":551,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/css/font-awesome.min.css","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/css/font-awesome.min.css HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 16 Jul 2025 03:05:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716ea-7925\"\r\nexpires: Wed, 22 Oct 2025 03:22:14 GMT\r\ncache-control: max-age=604800\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31013,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30850)","md5":"ddcee6c40c3a3752624138e5c04f61b1","sha1":"a8fe575c595c488361193e3d560cae1299e5979a","sha256":"df736da8ae628e0e73e0392bd2e18e870a7eed192b2e14918139fba58ab5fbf1","sha512":"73877fb4f133142eba3d758199ea2218510902435363640d4081b3ef863380578ada6ada51486a0e3997a95ba2306e47e75384caffc7e414df9b94d259cbc4d1","ssdeep":"384:AEaHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:AEawlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"ccd242e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d22a522c5fb9","first_seen":"2025-08-10T04:50:48.387478Z","last_seen":"2026-02-14T20:10:33.284569Z","times_seen":5,"resource_available":false,"data":null}},"time_used":544,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":544,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/css/owl.carousel.min.css","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/css/owl.carousel.min.css HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 16 Jul 2025 03:05:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716e9-d20\"\r\nexpires: Wed, 22 Oct 2025 03:22:14 GMT\r\ncache-control: max-age=604800\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3360,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3193)","md5":"96c973e5b6cfad2256dc51bb68f91e07","sha1":"5d0f468a60752875b5f3581bf06d3be5a42b2e57","sha256":"f70ddd586877849b4e0eebe97fba56099ff07669606532ba8635d2e385142393","sha512":"6bcca4876d996d9fa20779f5c31bd031f3cee5bbf639358c530404401f49242e5274d21cbada24d5fc62b9724d3de72c23f6b0398e05c95415bed811d1cc0fc7","ssdeep":"","tlshash":"9161bbe5314a225f480f83221dd81e86393dcc52d86a0a5a92bbd71447dae6d213ffcf","first_seen":"2024-08-19T19:16:14.213922Z","last_seen":"2026-03-28T18:47:06.319887Z","times_seen":11,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/logo-nn-1.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/logo-nn-1.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687716fc-86b\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2155,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 301 x 141, 8-bit/color RGBA, non-interlaced","md5":"6bf2b54bd71416b4d167e5baf7e3c560","sha1":"e0cc8edce9243b1406d850dca0f5f348298ff66a","sha256":"997b8567054f0d686d9c2cf195687f1e06e06363e8015fe9811f066d63db3620","sha512":"bfcce0eaf88ea4a2a27d97fc9544e81f5b73eba3e6a9be344feab668872d073f875c44ed4b883396153aba91260ade5849bda41e5b5116d3be9981d6b6cf7206","ssdeep":"","tlshash":"264166480edc37e71129c92701b34358a912d78e220fbd655d86839f2f563fb51f2ba9","first_seen":"2025-08-10T04:50:48.444846Z","last_seen":"2026-02-14T20:10:33.293829Z","times_seen":5,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/gq/xifei.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/gq/xifei.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:06:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877171a-bd0a\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48394,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 550 x 366, 16-bit/color RGBA, non-interlaced","md5":"b75c24915a1ccadd4a1d48526f27ca8b","sha1":"8370a11114c6a3a271a1631acde866b0866d5210","sha256":"fe6e41391536a143ba8bf747c1cde6472fe49da979f5a34596e062de5d68cd8c","sha512":"648db69881465e38a7aa2234238e6051dcf37def7c90d136e00df239601cd040d0e7db121a74c19cc2fc5f66756e432819a653b1a1c1a7e170b6be4efdc962b0","ssdeep":"768:mErHDMf1BBBsBsLL58BktDYuUzCCUwufOKuBf7nhy4KCWf88hvj7NdkecHcCBxtm:jT6y+fUzCCULfOrtWf88hvLkbxtmoX9u","tlshash":"112348a787da1ef24e899b77b7032450844f087def7a4d8283c6ea5178bf3c452e5209","first_seen":"2025-08-10T04:50:48.348545Z","last_seen":"2026-02-14T20:10:33.260965Z","times_seen":5,"resource_available":false,"data":null}},"time_used":394,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":394,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/icon4.svg","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/icon4.svg HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 16 Jul 2025 03:05:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771701-53e\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1342,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a698647e21f464b0a1a3fe15b320f6e2","sha1":"4b878db75692de17cf7821048c1e69478e679af1","sha256":"7a07891f3f5ae4d60dc01ec81f715e2055c86f7e0c3f10782c58ecfc52c55fd1","sha512":"b9f7dce02200f85d7111124cbdc99a2dca074892ec38c88bd4a863bf84c9f9e3eb1c4d5649dcdbd195d7c4c885859e03be3f8112fa918a527f2dde8b4a35733b","ssdeep":"","tlshash":"ad213e3f622a0dbaf0564fdc964880242461d5cbf25ba2d85f93ba3a6c01c678074b60","first_seen":"2025-08-10T04:50:48.393292Z","last_seen":"2026-02-14T20:10:33.320348Z","times_seen":5,"resource_available":false,"data":null}},"time_used":563,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":563,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/client2.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/client2.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771706-1235\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4661,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 215 x 71, 8-bit colormap, non-interlaced","md5":"6bc3353f8a04977eb81c3ca391468ffb","sha1":"aff082d38723b0fb2ea9ab9fe80b37c6db907fee","sha256":"b44f97da2d520d9bcde96cdb3f86da9d7df9af80956166b4b793ef51211d1688","sha512":"7c7da06f7a28d5784c9ac5e9f9b37aa0b2b81113b6420e347442527a19b352649f930b0e26c865c4bd45e88758d47f27439a4ccbbfb10f175dde9740411bf5ea","ssdeep":"96:t+E0hAMcY8JRaRK3pBLCvSE3pOubWewXb0tkH5IILJgUt0fvb:t44JRlFpAXpwBH6IGUqfT","tlshash":"f4a17f0803d3d9af510196f115b03e116cb8b7ce8be38956ec4f91f8deb8aac524a885","first_seen":"2025-08-10T04:50:48.41168Z","last_seen":"2026-02-14T20:10:33.317563Z","times_seen":5,"resource_available":false,"data":null}},"time_used":555,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":555,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/picture/client6.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/picture/client6.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68771701-a78\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2680,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 216 x 71, 8-bit colormap, non-interlaced","md5":"a33af0ff94d7fa35de071d33038d8525","sha1":"46d7150e621ddabc4a54ea9ba5aab60ee775c8ab","sha256":"9030f5c73b957b9a99d344b61e1ce423f82c8b81ba06d087453d6223da2ead42","sha512":"27865e580b1505c6f86ac4c05cbfdac86c6a74294115fc6fcfe242edc6ef681341438b4f038b103624f8b7d3f59475020d2e1d2313c6413038b50a02d68fafd8","ssdeep":"","tlshash":"81513debaa8d95d4e0e9a5303ded07a5e9713889c28c4c47112e4c9e45ad7e50a107ba","first_seen":"2025-01-02T23:48:21.330372Z","last_seen":"2026-02-14T20:10:33.267086Z","times_seen":6,"resource_available":false,"data":null}},"time_used":553,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":553,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.macpaypal.com/static/xf/ci.png","fqdn":"www.macpaypal.com","domain":"macpaypal.com","tld":"com"},"ip":{"addr":"206.119.180.168","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.macpaypal.com/","date":"2025-10-15T03:22:14.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"macpaypal.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 07:53:27 GMT","end":"Wed, 17 Dec 2025 07:53:26 GMT"},"fingerprint":{"sha1":"5C:09:0B:3A:0E:D0:54:B1:73:49:A8:F3:14:56:C0:EB:8F:46:F8:68","sha256":"C5:07:C0:52:31:47:F0:BB:A7:C5:65:BC:89:56:85:57:DF:60:98:46:2C:FD:32:C0:13:93:D6:B2:84:DE:A8:FE"}}},"request":{"raw":"GET /static/xf/ci.png HTTP/1.1\r\nHost: www.macpaypal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.macpaypal.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Oct 2025 03:22:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 16 Jul 2025 03:05:47 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6877170b-7cd\"\r\nexpires: Fri, 14 Nov 2025 03:22:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1997,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 200, 8-bit/color RGBA, non-interlaced","md5":"4227e1e1734438fa74db595542ab5526","sha1":"e077f51ce1f4e474176d7385e73b1a9b4ae590a0","sha256":"a8af46e57eff80730e9bcf2459884477f1a069d5f6846bac1aecbbf9d9979019","sha512":"ed90634305622046a265272b16f0fc011bd11e80ed967ee9a48dc0e43b31f685e979ddf192737c439b2dc8014a181dedf2fb44c5b4f2a922408802520923b829","ssdeep":"","tlshash":"d3418c079e110c0c06c9dd3a68d6143a432a6b41ce63d79bba9df41ec5b006b4f2ebe2","first_seen":"2025-08-10T04:50:48.419774Z","last_seen":"2026-02-14T20:10:33.300564Z","times_seen":5,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"www.macpaypal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}