{"report_id":"b47bb492-d333-4271-b5e4-cacfd2454387","version":6,"status":"done","tags":[],"date":"2025-09-25T16:59:05Z","url":{"schema":"http","addr":"cashier.haipay.top/","fqdn":"cashier.haipay.top","domain":"haipay.top","tld":"top"},"ip":{"addr":"90.84.160.26","port":0,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"final":{"url":{"schema":"https","addr":"cashier.haipay.top/","fqdn":"cashier.haipay.top","domain":"haipay.top","tld":"top"},"title":"404 Not Found"},"submit":{"url":{"schema":"http","addr":"cashier.haipay.top/","fqdn":"cashier.haipay.top","domain":"haipay.top","tld":"top"},"ip":{"addr":"90.84.160.26","port":0,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-30T16:59:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-25T16:58:47Z","timestamp":1758819527,"ip_dst":{"addr":"90.84.160.28","port":80,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.24","port":39304,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-09-25T16:58:47.033480+0000\",\"flow_id\":173705468998165,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":39304,\"dest_ip\":\"90.84.160.28\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"cashier.haipay.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cashier.haipay.top/\",\"length\":166},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":555,\"bytes_toclient\":664,\"start\":\"2025-09-25T16:58:46.946709+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"cashier.haipay.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"cashier.haipay.top","ip":{"addr":"90.84.160.28","port":443,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"domain_registered":"2023-09-13","domain_rank":1066953,"first_seen":"2025-09-25T16:59:05.905785Z","last_seen":"2025-09-25T16:59:05.905786Z","alert_count":5,"request_count":3,"received_data":1886,"sent_data":1417,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-25T16:58:47Z","timestamp":1758819527,"ip_dst":{"addr":"90.84.160.28","port":80,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.24","port":39304,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-09-25T16:58:47.033480+0000\",\"flow_id\":173705468998165,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":39304,\"dest_ip\":\"90.84.160.28\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"cashier.haipay.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cashier.haipay.top/\",\"length\":166},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":555,\"bytes_toclient\":664,\"start\":\"2025-09-25T16:58:46.946709+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cashier.haipay.top/","fqdn":"cashier.haipay.top","domain":"haipay.top","tld":"top"},"ip":{"addr":"90.84.160.28","port":443,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-25T16:58:43.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.haipay.top","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Thu, 06 Feb 2025 13:53:31 GMT","end":"Tue, 10 Mar 2026 13:53:31 GMT"},"fingerprint":{"sha1":"8E:E9:15:72:EA:D0:D1:BB:3E:8B:DB:68:FA:FB:A2:BC:92:41:0B:5A","sha256":"84:9B:DA:84:BF:50:2A:28:E4:69:F0:5E:FA:9F:9D:26:ED:23:21:6A:93:82:19:9D:A1:B8:6F:EC:68:1A:6A:00"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cashier.haipay.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Thu, 25 Sep 2025 16:58:48 GMT\r\ncontent-type: text/html\r\ncontent-length: 118\r\nserver: openresty\r\nx-router-code: 40000\r\nx-ccdn-origin-time: 952\r\nvia: EU-FRA-marseille-EDGE1-CACHE3[1230],EU-FRA-marseille-EDGE1-CACHE2[973,TCP_MISS,1216],EU-FRA-paris-GLOBAL1-CACHE26[962],EU-FRA-paris-GLOBAL1-CACHE6[953,TCP_MISS,958]\r\nx-hcs-proxy-type: 0\r\nx-ccdn-cachettl: 1800\r\nx-ccdn-req-id-46b1: 1f90ecaf0515a23c356772ee610b1b10\r\nage: 1\r\nstrict-transport-security: max-age=5184000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":118,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"b58d632409efb03916cfef3229576c55","sha1":"c2fb66483c899f427b0354d52b080ce8bb6b47c4","sha256":"b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176","sha512":"89c3e788a45a9313a40e4285f4082a25eee4499448af294700c3014eb410584b5cd0c43e753eda3eaf2e7124b956cdea8fb0ce6be34b58c1243e5855e6fb62fb","ssdeep":"","tlshash":"c4b0926e21026d4c8663307466c2a591d09a532ba9a6552208408013618a1a98ac239a","first_seen":"2023-04-05T13:56:51Z","last_seen":"2026-06-10T06:32:27.974456Z","times_seen":596,"resource_available":true,"data":null}},"time_used":8343,"timings":{"blocked":3533,"dns":3312,"connect":44,"send":0,"wait":1277,"receive":0,"ssl":174},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-25T16:58:47Z","timestamp":1758819527,"ip_dst":{"addr":"90.84.160.28","port":80,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.24","port":39304,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-09-25T16:58:47.033480+0000\",\"flow_id\":173705468998165,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":39304,\"dest_ip\":\"90.84.160.28\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"cashier.haipay.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cashier.haipay.top/\",\"length\":166},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":555,\"bytes_toclient\":664,\"start\":\"2025-09-25T16:58:46.946709+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"cashier.haipay.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashier.haipay.top/","fqdn":"cashier.haipay.top","domain":"haipay.top","tld":"top"},"ip":{"addr":"90.84.160.28","port":443,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-25T16:58:48.561Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.haipay.top","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Thu, 06 Feb 2025 13:53:31 GMT","end":"Tue, 10 Mar 2026 13:53:31 GMT"},"fingerprint":{"sha1":"8E:E9:15:72:EA:D0:D1:BB:3E:8B:DB:68:FA:FB:A2:BC:92:41:0B:5A","sha256":"84:9B:DA:84:BF:50:2A:28:E4:69:F0:5E:FA:9F:9D:26:ED:23:21:6A:93:82:19:9D:A1:B8:6F:EC:68:1A:6A:00"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cashier.haipay.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Thu, 25 Sep 2025 16:58:48 GMT\r\ncontent-type: text/html\r\ncontent-length: 118\r\nserver: openresty\r\nx-router-code: 40000\r\nvia: EU-FRA-marseille-EDGE1-CACHE3[3],EU-FRA-marseille-EDGE1-CACHE2[0,TCP_HIT,0],EU-FRA-paris-GLOBAL1-CACHE26[962],EU-FRA-paris-GLOBAL1-CACHE6[953,TCP_MISS,958]\r\nx-hcs-proxy-type: 1\r\nx-ccdn-cachettl: 1800\r\nx-ccdn-req-id-46b1: 400d5fcd5f3375523ff9c8b14ba9b51e\r\nage: 1\r\nstrict-transport-security: max-age=5184000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":118,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"b58d632409efb03916cfef3229576c55","sha1":"c2fb66483c899f427b0354d52b080ce8bb6b47c4","sha256":"b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176","sha512":"89c3e788a45a9313a40e4285f4082a25eee4499448af294700c3014eb410584b5cd0c43e753eda3eaf2e7124b956cdea8fb0ce6be34b58c1243e5855e6fb62fb","ssdeep":"","tlshash":"c4b0926e21026d4c8663307466c2a591d09a532ba9a6552208408013618a1a98ac239a","first_seen":"2023-04-05T13:56:51Z","last_seen":"2026-06-10T06:32:27.974456Z","times_seen":596,"resource_available":true,"data":null}},"time_used":58,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-25T16:58:47Z","timestamp":1758819527,"ip_dst":{"addr":"90.84.160.28","port":80,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.24","port":39304,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-09-25T16:58:47.033480+0000\",\"flow_id\":173705468998165,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":39304,\"dest_ip\":\"90.84.160.28\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"cashier.haipay.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cashier.haipay.top/\",\"length\":166},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":555,\"bytes_toclient\":664,\"start\":\"2025-09-25T16:58:46.946709+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"cashier.haipay.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashier.haipay.top/favicon.ico","fqdn":"cashier.haipay.top","domain":"haipay.top","tld":"top"},"ip":{"addr":"90.84.160.28","port":443,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cashier.haipay.top/","date":"2025-09-25T16:58:48.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.haipay.top","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Thu, 06 Feb 2025 13:53:31 GMT","end":"Tue, 10 Mar 2026 13:53:31 GMT"},"fingerprint":{"sha1":"8E:E9:15:72:EA:D0:D1:BB:3E:8B:DB:68:FA:FB:A2:BC:92:41:0B:5A","sha256":"84:9B:DA:84:BF:50:2A:28:E4:69:F0:5E:FA:9F:9D:26:ED:23:21:6A:93:82:19:9D:A1:B8:6F:EC:68:1A:6A:00"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cashier.haipay.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashier.haipay.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\nserver: openresty\r\ndate: Thu, 25 Sep 2025 16:58:48 GMT\r\ncontent-type: text/html\r\nx-ccdn-req-id-46b1: 1ef8840a39cb07832e080e4559b2383b\r\ncontent-length: 345\r\nvia: EU-FRA-marseille-EDGE1-CACHE3[8]\r\nstrict-transport-security: max-age=5184000\r\nx-ccdn-forbid-code: 020000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":345,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"1228df3118146bab6aae1d5d82662f7c","sha1":"d468149bb972fbfaa17707e5fcbf94de4982df93","sha256":"9da659bfa4bbd7a5670f719e7f64cda6857a4e36ebfd43f7bf8723dc1ab4369f","sha512":"197de71b36433185f3fa8593bb1d650b01955a00d0bed9e45c0cf25690253b8a49ebe314bef5b62c8deb9c954c9435d89d05c72b0903cc6a7e2e36e6c25bf0b6","ssdeep":"","tlshash":"8ae0d806e96f28167bc782fd1647660c8249822649dd246075034247e08205bc1bf6d8","first_seen":"2025-09-25T16:59:10.613431Z","last_seen":"2025-09-25T16:59:10.613431Z","times_seen":1,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"cashier.haipay.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}