{"report_id":"d9ec3fe2-4f41-439a-9b6f-2b95da190f66","version":6,"status":"done","tags":[],"date":"2026-05-07T11:14:50Z","url":{"schema":"http","addr":"tw-payment.org","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"172.67.193.215","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"tw-payment.org/","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"title":"Loading…","dom":{"size":29618,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (26536)","md5":"98523554b2f6f3c958cc84be1aeb2a9f","sha1":"a2267e57c0a79f46155510b050bff9af6ee6e54d","sha256":"ad313f566370743ad8f5cef72da7106d6a48c003c321213e69408afdcfff2577","sha512":"b5ae34d6360ef79922870d21f93c02299da9672e9b6bf19ea774ec3548177ea0ae535b35a690688eb45a31a15eb7f9b4d9c043d96e0a2a8f7fed17c7692a6b49","ssdeep":"384:Q+yuUdaJkOsHa3F7B/hujqmFBDQ58oZA7qbhXvO2Ei6g0nIhz9f/6XYXUOKRe1hE:Q+yuRF7dx8Y8orbh22HOA9H6XA3DT4tj","tlshash":"7dd2d72ef514c92add577e5931bf7d3a248dd16a438184f4b6dcca1903928f8a7e38c2","dom_hash":"domhashfda307121f3620685a4114acc43ef113","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"tw-payment.org","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"172.67.193.215","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-11T11:14:50Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"tw-payment.org","ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-02","domain_rank":0,"first_seen":"2026-05-07T11:14:51.294659Z","last_seen":"2026-05-07T11:14:51.294659Z","alert_count":15,"request_count":15,"received_data":521517,"sent_data":7004,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"192.178.25.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-05-03T22:25:11.554838Z","alert_count":0,"request_count":1,"received_data":230802,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tw-payment.org/_next/static/chunks/4bd1b696-409494caf8c83275.js","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bc071e9c777357d51dff977fb1a134fc","sha1":"9fa232d68efce3b2b2c3352511e475ddc64e4bb4","sha256":"d7fd4b1b9d7f818cc97ddd7b672944e523f23d36a2963d5769caf809141fb9e6","sha512":"69cc9135f9e2a7eef21803fc95efd56348b6de5fafad94fdc2c83d8f6d5e5af8aede3facbdb712a4e26aedc9d87d78c59f01464923f17f5c4ff64480df365611","ssdeep":"1536:XWET9Lwegcl2MywYleojBFOQLfioEV7hNc7lFlgXGhJx4bzZc5zg5tgW/zAe6c0:19LwzMyh1vLEE7RgXOQ5SIA1","tlshash":"4ef3f8ec3999e611aeb342a700df28037378261b240d4d60a614fd9ea57845bb17bfde","size":173024,"data":"","first_seen":"2025-09-05T19:18:55.705611Z","last_seen":"2026-06-13T03:24:08.857118Z","times_seen":803,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/chunks/main-app-837263badd404a90.js","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"62af470c4f4d093c93656774d49942e4","sha1":"ae79a72717c0a54c95693d916207cd37eb8aa733","sha256":"9bacec6705f0595b5504249763ac851b8ba4aa1c26cb8881691434443fd08fc4","sha512":"b5fd553e2cf1c5601554f20e52ad3d35ff801010d330f5fd2dbe9d1e76f3ef8e029f7997b571e388f81baccd89c66c8d692566afa34f041c11ad89ef23aee353","ssdeep":"","tlshash":"66f0d69a4f0cf92f5c26ad64fe97ace2285f4175202b4e606905de623c23b6dd270405","size":569,"data":"","first_seen":"2026-05-07T11:14:54.588515Z","last_seen":"2026-05-07T11:16:14.198821Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/chunks/app/layout-25cacddab34f41f6.js","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"999fc7a15c741b294fe3dc7f10be8811","sha1":"57ae75f0ee2f9fd0a04b93b2067fb5d11e8aea4e","sha256":"ec2bc7eaf8bb9265e298695e5cac6192601cf41d1b7a71c24880e7f9d150b84b","sha512":"fa0d8dbf345caf075e04707517c94e4cf09c2d6e8189c2395cedeb0d43b3e25156b45d3ed9bcdf14c72c3eb9d6eebbe8abeaf865e9ade90629f9397a18ffa80a","ssdeep":"192:D39zcafxrVz5jc3Ab/4r7m74zjmcvWmVIKqI6:D3FxrsyQ6mM","tlshash":"a3d1d9b23786fc3546958881e433c6c2b9111935241f68d0a7baccfd35b9ec495e1f99","size":6723,"data":"","first_seen":"2026-05-07T11:14:54.581546Z","last_seen":"2026-05-07T11:16:14.201593Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a6e1178e4bbf5730bd664a49dd3bc24","sha1":"17c3ae3273f9de6afbbdedf2e413dbb3a6722792","sha256":"3814cddd18b2095e01abb745a99e5ada90178e709c09879324c3b623f2d829ea","sha512":"cfb1aab0bf589e33fd12906f448ddbbf7163420a088de513b174304c9ba3a7abcd9b41c98bc4dd51edd0206c1fe4660db9857e3c6163d1bf50c670cefddee509","ssdeep":"","tlshash":"de9002b090c39c5890264186687100160b6c040c01080141132184d810115048e40d8e","size":43,"data":"","first_seen":"2023-03-13T01:07:12Z","last_seen":"2026-06-13T10:27:19.327611Z","times_seen":160105,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c82a2b240d9a1af34dac6c94f82028ca","sha1":"40f3e3b48e13272fc1268881c7bdd702df552394","sha256":"af773b3c31e825b936b339034dc3321eca2324cb84ae8aae6ee75cf7f711254e","sha512":"9a592ac6bb0709529684d614cedc2eb8f9a446d9abf1ffd324555218bf9897bf76620ab1b60307b3e33e650423db4b9ddbb58925fd4c93acbc5857e2eaa26749","ssdeep":"","tlshash":"5c11ef44f14afcc39c32de3b912b5c7584d4fdbd4270998832cfc9970662e69928441a","size":873,"data":"","first_seen":"2026-05-07T11:14:54.592373Z","last_seen":"2026-05-07T11:16:14.206782Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"48aee6a15db79ea057d4e341c6ed5d91","sha1":"8e753d144d760caea03cf3f4ae7bfa7cff833f24","sha256":"514be39206a8c450e93957489b3dcbdcc3a8ced46c4dbaccb6191fdda399c535","sha512":"caa4394bf7f3414770c005c191d01fd062bc39a75eabb6480d40c463d888f963e7916405ef7fb9e80df5e03dd2c5ba31b8012b40c1581ba30d8ccca4b043a8ed","ssdeep":"","tlshash":"b2d04c88211b4c7156a72a454f6fb604b056621294919b217d1e63485f21e17d754854","size":224,"data":"","first_seen":"2026-01-10T14:02:29.698224Z","last_seen":"2026-06-11T21:52:43.610413Z","times_seen":520,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=test","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"192.178.25.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cfdd2157943d3717ddbfa31bb2f4cd7d","sha1":"c242d26c7564ce1fedca5ff92d0827da85de9b8e","sha256":"b3c4371fb29f23a8dad2b1d726426a85c6e90340f1004def5fd6019a4f9fa2a3","sha512":"98b88eb3e368b28a8bb744f67eb3b59ea06a445ac3ae17cabb10de10321c38802d1220168b47510485d8678c1ae4ba5507d5ed82f3aac2770b257ed9fd93b3cb","ssdeep":"3072:e1kAHZYoZ0nwcfuJ1wUuyJPjfu/lcewk+o7fW/4faA1YMJQm6/1SWuCHFi:6ZpaMxjZWO/lMJQm6/Juoc","tlshash":"34242acdb3da706693a3b578903f014ba27a7992f84cc894f142d8c42d7466a4277f7d","size":230153,"data":"","first_seen":"2026-05-07T11:12:42.599884Z","last_seen":"2026-05-07T12:20:13.027251Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7447d0c5dba4d48511aee530e54a3382","sha1":"a041738129f2bc696dbf1b6659adeae978f80d03","sha256":"a104c930c385cb9199a6aa33a9bb0366d3f2f2c9aedbae8e919e8978c03b2176","sha512":"027a92c629f7da787ef32e7689ce0b1289698ce77894287f77bdcfd28d57ed12bddb22ddc18fa5e032eceb8c78a9fcd24c13dd6c36a194bc0b7d28a6fd81aaaa","ssdeep":"96:L1g85Fke9F6SxjfWTi5EwrC9NEiNENNEiVyJIrqtDWlJ:bke9F62jOEsE7E5IFJ","tlshash":"afa157396016dd2efc6a7d48247e5c3e298da26b4b94cfb4e2ecce144746439b7d28c0","size":4639,"data":"","first_seen":"2026-05-07T11:14:54.594712Z","last_seen":"2026-05-07T11:14:54.594712Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/chunks/webpack-915a4beb39c6de68.js","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e00ad5eed75162b54948c926313431ac","sha1":"d76f4b5a281c84c4b563f55d01f89e579e509ec5","sha256":"974affbf3dd42324a85038f83bdc2e745a7a4d2c2332e941ea2180910a592bbb","sha512":"444a53aaf6842927a4413ec5a95aa44de2f38a70e05a838efd75560cf95a915e434a54692fd10aedefc56854c42bd7203ecafe19805bff091c1e9e4168480c22","ssdeep":"","tlshash":"6e71d6a53621f9b166f044c65c7ed582f229313b112fecf0a707d8b9a424ad10562ff3","size":3730,"data":"","first_seen":"2026-05-04T09:45:54.620674Z","last_seen":"2026-05-08T16:18:51.896887Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"79acce4a198bdceb56455e3a224412ee","sha1":"d1cedcb886abd91bd66f05e17f4571955fecd5e2","sha256":"0fad4b83ab21fce431b3534625c8dd983bb6ed20a5d64ca76ca2d9206de854cd","sha512":"001d1367097f46082ec733956ea29ebbdec56b47b7d369e598261ae4752fb28b5b4a3ff1f1f8d82435abe0da75a4c0bf5b40670ad35c7b3e9e0fd342f1e69ead","ssdeep":"384:JZA7qbhXvO2Ei6g0nIhz9f/6XYXUOKRe1hzga0Wyqa:Jrbh22HOA9H6XA3Da","tlshash":"f172941ef304d225da872fa976ff6d77205981a5038240f87adcc61903669fca6f75c2","size":16653,"data":"","first_seen":"2026-05-04T09:45:54.623936Z","last_seen":"2026-05-08T16:18:51.913211Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/chunks/493-71c8c43e41b12838.js","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c3eb1b4190c3cb3ade425692d4e89325","sha1":"6256c4dc555008a9fb95187d391392a44a5196d4","sha256":"2a29dd4dc77a0838b54f9ad9d3360d234b917ac9bbe586b0968028791c8d431d","sha512":"a1e5471e51c73c0fca0d33861a43f55ce55e7055d593b497c5d01451f04c94e91ceb42378c8d88cc8ad51a7a2a05f03968d32aec8c3356fead73673eec8dfe1e","ssdeep":"1536:0zigN+8/BhcO5HYHqLVcXm7yIzPr6Q04ToTlTx1p7eChTtaocZXxreXRNIrky/Sz:u79LmA+uy4r904Aj44RN0z/Sz","tlshash":"d8f3dab636d0f8d107a780e5843b400af3291c3b146f74a0a3e6dcd975645dea1b3faa","size":173010,"data":"","first_seen":"2026-04-26T13:16:34.47902Z","last_seen":"2026-05-08T16:18:51.897842Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"949a3c8737acd3b1d08cd42fe1e71e91","sha1":"f1aa3cc46ab2fd7d3a66befd5b3ceba8d84c6287","sha256":"7a7956fb1778cf1c2be9a52d3353ee515510f7555c5f3ec12ea91e662565ea12","sha512":"d4c80b77472ad9e8d8f403a24352a4257043c295edd49c38620a37ee704e12da2ae90bbb9035618fa720e538e09aafa5b1652baf56f256f74ae4b131605f1c85","ssdeep":"","tlshash":"5a9002b880448c26683364131c342c03119c844a04441e6493d4dd44275553a7605d8a","size":55,"data":"","first_seen":"2026-03-22T20:48:27.570469Z","last_seen":"2026-05-08T16:18:51.914622Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d72c7497442bfaf053879d7bb041104","sha1":"f339f3f4f5855610fccabbb3c31377d800cb59f6","sha256":"e2569e2d04f877aa246701a1f7d8243421c413350a0e536ee173aa93482657ea","sha512":"cdb25a17d5fa162271c83afffa72a02c99f86d0933ab41c419437402711afbfc870bf3cf82ba8cf18fb7adaa3803cabacf06ac2072b7322dede8b8a390369a0e","ssdeep":"","tlshash":"4231f13d3008d94fedaa7819127e6d3650d9457b07e49a7c9bc8df0148820bd6ba6981","size":1579,"data":"","first_seen":"2025-12-23T19:50:11.702308Z","last_seen":"2026-06-05T19:48:54.853293Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"175bda9a3eed5d27709f7d854d86eebe","sha1":"e1570c59dfad5f9dce5cad5d3233aa58aac3707f","sha256":"0b2a4d5b2f885d008a1737e249ee12c4c87bc31eeac909bdea8fda53108742b9","sha512":"05048e02040fbffb7afda70a430b33a0c052c1e006ddb06190b41e21e68cbf159aae98e052a10d924ca231e3a5026757956bff440547f7731374d1744279baf1","ssdeep":"","tlshash":"1bf08b60ac02cf0eea6b7e69147efd3520dec46a0185c9df86c0ce290a81a793db1dc1","size":598,"data":"","first_seen":"2026-03-22T20:48:27.573021Z","last_seen":"2026-05-08T16:18:51.916811Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"tw-payment.org/_next/static/chunks/493-71c8c43e41b12838.js","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/chunks/493-71c8c43e41b12838.js HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tw-payment.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SPXoJS4ST2XrIzEMoPh1BZ5J8k0hjDxql9qzVxVjdd%2FNjFQYekTxdF6OT3jHPv%2BiL3E8ESM0OumRCTi36RHHhWjqrcYraetWx2HEzCLc0%2BuooUSje%2B5G%2BxLvIzQZhqT2ZA%3D%3D\"}]}\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"69f9833a-2a3d2\"\r\ncf-ray: 9f7fcd23e8af5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":173010,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c3eb1b4190c3cb3ade425692d4e89325","sha1":"6256c4dc555008a9fb95187d391392a44a5196d4","sha256":"2a29dd4dc77a0838b54f9ad9d3360d234b917ac9bbe586b0968028791c8d431d","sha512":"a1e5471e51c73c0fca0d33861a43f55ce55e7055d593b497c5d01451f04c94e91ceb42378c8d88cc8ad51a7a2a05f03968d32aec8c3356fead73673eec8dfe1e","ssdeep":"1536:0zigN+8/BhcO5HYHqLVcXm7yIzPr6Q04ToTlTx1p7eChTtaocZXxreXRNIrky/Sz:u79LmA+uy4r904Aj44RN0z/Sz","tlshash":"d8f3dab636d0f8d107a780e5843b400af3291c3b146f74a0a3e6dcd975645dea1b3faa","first_seen":"2026-04-26T13:16:34.47902Z","last_seen":"2026-05-08T16:18:51.897842Z","times_seen":28,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=test","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"192.178.25.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Apr 2026 05:17:21 GMT","end":"Wed, 01 Jul 2026 05:17:20 GMT"},"fingerprint":{"sha1":"44:62:36:EA:04:7F:DE:AF:4E:CA:E9:8F:72:03:CB:45:DF:75:F7:F7","sha256":"B4:8C:53:A3:0D:7C:33:E8:76:50:59:1C:1B:D2:32:8D:60:4E:01:31:A3:F4:72:1A:B4:D1:AB:C2:8A:9A:8C:74"}}},"request":{"raw":"GET /gtag/js?id=test HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payment.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\nexpires: Thu, 07 May 2026 11:14:29 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Thu, 07 May 2026 09:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 84252\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":230153,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4625)","md5":"cfdd2157943d3717ddbfa31bb2f4cd7d","sha1":"c242d26c7564ce1fedca5ff92d0827da85de9b8e","sha256":"b3c4371fb29f23a8dad2b1d726426a85c6e90340f1004def5fd6019a4f9fa2a3","sha512":"98b88eb3e368b28a8bb744f67eb3b59ea06a445ac3ae17cabb10de10321c38802d1220168b47510485d8678c1ae4ba5507d5ed82f3aac2770b257ed9fd93b3cb","ssdeep":"3072:e1kAHZYoZ0nwcfuJ1wUuyJPjfu/lcewk+o7fW/4faA1YMJQm6/1SWuCHFi:6ZpaMxjZWO/lMJQm6/Juoc","tlshash":"34242acdb3da706693a3b578903f014ba27a7992f84cc894f142d8c42d7466a4277f7d","first_seen":"2026-05-07T11:12:42.599884Z","last_seen":"2026-05-07T12:20:13.027251Z","times_seen":10,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":87,"dns":2,"connect":20,"send":0,"wait":39,"receive":46,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/media/70355d4fbd533ab2-s.p.woff2","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/media/70355d4fbd533ab2-s.p.woff2 HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://tw-payment.org/_next/static/css/385d1cca048e3fce.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 20144\r\npriority: u=4,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\netag: \"69f9833a-4eb0\"\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\naccept-ranges: bytes\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DaG%2FZurxQaocosNil1G%2FYUZvVKmi3V0%2FcrOfOQdiY3gCWSmw3372%2BvAYgP0rEwLmI%2Fhxk1HV%2ByAuW1IKFRSVQh%2B6etQdUZZiO7lYirrhpinkWWINoKmH1Phq6%2BbCdbECfg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f7fcd25b8bd5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20144,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20144, version 1.0","md5":"9b9969b222383443533022faa1a8dc15","sha1":"960bfc7f598d95e5e1f183f66f0b9570c59be7f5","sha256":"fd4c8e65080adbaf0cc819eb67b08ed9300e9274dd0069b382d286b93b9544a0","sha512":"dca295932532388d01fc0130671252a3bf707bd9a2e5608d69b2ad0ee9134a9349e2c45734ca8bc223ea4090e918420166c6944395852a108ef7d25a360fd2f0","ssdeep":"384:bDDIoOYd5DFolWnW7Hy2ljK3VB87feqOMtmna2213/p:bwYdFFolz7HyMjK/87vOaPvp","tlshash":"4c92e067de6d3916fcd415f04619ec1ea1b12f617c2206fb0cc8c946906da8d6aaed88","first_seen":"2025-11-23T10:03:25.17893Z","last_seen":"2026-06-11T21:52:43.598394Z","times_seen":132,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/chunks/app/layout-25cacddab34f41f6.js","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/chunks/app/layout-25cacddab34f41f6.js HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tw-payment.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pc67OSzL8AjUAdoABURatZZbrr7N7RefmifZfnyX5eFbjQzXGQCKw3gj0qTrN3AIteC3SQdaWymnyWO6KU6tRhZ5oJnE5NLQ2po9DRuLCpVOa%2B44R7cewRMyXdpcT6cs9Q%3D%3D\"}]}\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"69f9833a-1a43\"\r\ncf-ray: 9f7fcd23e8b15687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6723,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6723), with no line terminators","md5":"999fc7a15c741b294fe3dc7f10be8811","sha1":"57ae75f0ee2f9fd0a04b93b2067fb5d11e8aea4e","sha256":"ec2bc7eaf8bb9265e298695e5cac6192601cf41d1b7a71c24880e7f9d150b84b","sha512":"fa0d8dbf345caf075e04707517c94e4cf09c2d6e8189c2395cedeb0d43b3e25156b45d3ed9bcdf14c72c3eb9d6eebbe8abeaf865e9ade90629f9397a18ffa80a","ssdeep":"192:D39zcafxrVz5jc3Ab/4r7m74zjmcvWmVIKqI6:D3FxrsyQ6mM","tlshash":"a3d1d9b23786fc3546958881e433c6c2b9111935241f68d0a7baccfd35b9ec495e1f99","first_seen":"2026-05-07T11:14:54.581546Z","last_seen":"2026-05-07T11:16:14.201593Z","times_seen":2,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/media/70355d4fbd533ab2-s.p.woff2","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/media/70355d4fbd533ab2-s.p.woff2 HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://tw-payment.org/_next/static/css/385d1cca048e3fce.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 20144\r\npriority: u=4,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\netag: \"69f9833a-4eb0\"\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\naccept-ranges: bytes\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zPpgUDHuGji%2F%2BFs8CVQhxJ4q0v1WSCDFrRDWLfdMuw2i0%2BMdLpaygXehHnNuRQfJzTGYJKyHtqWOxjn%2Be3fH%2FlVwSbf967g5X1gu6VDn9syxVC7sXFxXvTxTokLBCDh1NA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f7fcd25b8bc5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20144,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20144, version 1.0","md5":"9b9969b222383443533022faa1a8dc15","sha1":"960bfc7f598d95e5e1f183f66f0b9570c59be7f5","sha256":"fd4c8e65080adbaf0cc819eb67b08ed9300e9274dd0069b382d286b93b9544a0","sha512":"dca295932532388d01fc0130671252a3bf707bd9a2e5608d69b2ad0ee9134a9349e2c45734ca8bc223ea4090e918420166c6944395852a108ef7d25a360fd2f0","ssdeep":"384:bDDIoOYd5DFolWnW7Hy2ljK3VB87feqOMtmna2213/p:bwYdFFolz7HyMjK/87vOaPvp","tlshash":"4c92e067de6d3916fcd415f04619ec1ea1b12f617c2206fb0cc8c946906da8d6aaed88","first_seen":"2025-11-23T10:03:25.17893Z","last_seen":"2026-06-11T21:52:43.598394Z","times_seen":132,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/icons/logo-two.png","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.476Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /icons/logo-two.png HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 4159\r\npriority: u=6,i=?0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Tue, 10 Mar 2026 11:51:28 GMT\r\netag: W/\"103f-19cd7967600\"\r\nx-frame-options: SAMEORIGIN, SAMEORIGIN\r\nx-content-type-options: nosniff, nosniff\r\nreferrer-policy: no-referrer-when-downgrade, no-referrer-when-downgrade\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nstrict-transport-security: max-age=15552000\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ufDmbFMKiht6gbt1lYHf%2F979zgzDxtuXMwKgpnUBL32sP4dXDpclkA6TjLFWLR1r8yObmt7gFUKXAkN7aD4X3TIEktFr37391VNWOnp4l1uJoq6QjLFZqaNVmpWSYajLSQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f7fcd2638bf5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4159,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 71 x 81, 8-bit/color RGBA, non-interlaced","md5":"58fd2a12f571cafad976ed5feddeeacc","sha1":"c7c0342c9edb1d20d96f26c0d713b83c4124b144","sha256":"98e40eaf5f022cb4f4e94991a6fbcc95a11f93545c1354237b2f40cca4d9405b","sha512":"399b57f3f371f14c98a8a1600ba028f721739d76511e2c1476aefb46f212cf58dd9e9142eb0f77e160644a9fec03d32405459658345912457fc19304aad69a70","ssdeep":"96:taIF26hHzU/RmovWsHQOJ9SNnGFHUikhpeuaeJNGYXRfCK0uG7SPR:n1zMhWsHQs9StwHLQJdRJ0XWJ","tlshash":"54817db5f830ccc0cc2d6c61d1ad6d8c103613454dc6b879ef96e9b3a2645d3145cbda","first_seen":"2026-04-13T07:55:48.870403Z","last_seen":"2026-06-11T21:52:43.59566Z","times_seen":64,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":241,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-07T11:14:28.532Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 May 2026 11:14:28 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-store\r\nx-frame-options: SAMEORIGIN, SAMEORIGIN\r\nx-content-type-options: nosniff, nosniff\r\nreferrer-policy: no-referrer-when-downgrade, no-referrer-when-downgrade\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5VgzzsoKDvgPS8HBXSblL9YcjdY5a8mM0%2BIi6xLIMy76oC9WshbJM2MCOUuRx%2Fh2E1lzojFrUNXfk3mE1kfE3FvnzfDsziQKMCd8Piml6LIWYoI2H1SdA%2FFx9Gd81qEoJg%3D%3D\"}]}\r\nstrict-transport-security: max-age=15552000\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9f7fcd208fa976ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28918,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (26377)","md5":"d8a19525ef1107a3f522578f74f3c202","sha1":"a0769c4d755f46dc9fbe6c1cc1847875241b7c28","sha256":"459f1bd290ccc02866c56bc5e8ec1669c397d8a5e0feb2886da12bfe05706939","sha512":"f54957467a09436ccd393aec2a601f652c9d2f4460fb243e146bca8f1f3c4e0fd3cbd6565bb98244bcc84bc890f0fb3671f9a49e0e0d6b568fc79c397aa5909c","ssdeep":"384:fv9OPafiYurWmgK/hujqmFBDQ58oZA7qbhXvO2Ei6g0nIhz9f/6XYXUOKRe1hzg9:fv9OP0Ux8Y8orbh22HOA9H6XA3DT4t9","tlshash":"b6d2c72ef114c92add573e5931bf6d3a248dd166438184f8b6dcca1903928f9a7f38c2","first_seen":"2026-05-07T11:14:54.585373Z","last_seen":"2026-05-07T11:14:54.585373Z","times_seen":1,"resource_available":true,"data":null}},"time_used":331,"timings":{"blocked":34,"dns":13,"connect":1,"send":0,"wait":260,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/chunks/webpack-915a4beb39c6de68.js","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/chunks/webpack-915a4beb39c6de68.js HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tw-payment.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wmZkHa%2BEw4eWG1QQegN7UN02lP7ziI9VmraAhTvStfOr%2B4VZXlsP%2FVw8ggNf%2BolFaiqqJEmqZjAPKxyClOARaTNdh2t%2FxaHdrrzVLCZEBxm2760TEXQ1JRktOD3mEzRpwg%3D%3D\"}]}\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"69f9833a-e92\"\r\ncf-ray: 9f7fcd23e8ae5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3730,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3730), with no line terminators","md5":"e00ad5eed75162b54948c926313431ac","sha1":"d76f4b5a281c84c4b563f55d01f89e579e509ec5","sha256":"974affbf3dd42324a85038f83bdc2e745a7a4d2c2332e941ea2180910a592bbb","sha512":"444a53aaf6842927a4413ec5a95aa44de2f38a70e05a838efd75560cf95a915e434a54692fd10aedefc56854c42bd7203ecafe19805bff091c1e9e4168480c22","ssdeep":"","tlshash":"6e71d6a53621f9b166f044c65c7ed582f229313b112fecf0a707d8b9a424ad10562ff3","first_seen":"2026-05-04T09:45:54.620674Z","last_seen":"2026-05-08T16:18:51.896887Z","times_seen":18,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":175,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/chunks/4bd1b696-409494caf8c83275.js","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/chunks/4bd1b696-409494caf8c83275.js HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tw-payment.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=khMMxYS16U5bjRF7b%2FXpDPpFFTnBNE6smyFcSyFiaUyumXMF7MRNqnL6uS2qVnVKfDckZW1%2BW%2BC8FSotnZEsNb6tSoCg9puFK5KGRWKJOkdTntfd8wUadqJ%2BFK3zLtBylw%3D%3D\"}]}\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"69f9833a-2a3e0\"\r\ncf-ray: 9f7fcd23e8ad5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":173024,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"bc071e9c777357d51dff977fb1a134fc","sha1":"9fa232d68efce3b2b2c3352511e475ddc64e4bb4","sha256":"d7fd4b1b9d7f818cc97ddd7b672944e523f23d36a2963d5769caf809141fb9e6","sha512":"69cc9135f9e2a7eef21803fc95efd56348b6de5fafad94fdc2c83d8f6d5e5af8aede3facbdb712a4e26aedc9d87d78c59f01464923f17f5c4ff64480df365611","ssdeep":"1536:XWET9Lwegcl2MywYleojBFOQLfioEV7hNc7lFlgXGhJx4bzZc5zg5tgW/zAe6c0:19LwzMyh1vLEE7RgXOQ5SIA1","tlshash":"4ef3f8ec3999e611aeb342a700df28037378261b240d4d60a614fd9ea57845bb17bfde","first_seen":"2025-09-05T19:18:55.705611Z","last_seen":"2026-06-13T03:24:08.857118Z","times_seen":803,"resource_available":true,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":101,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/chunks/main-app-837263badd404a90.js","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/chunks/main-app-837263badd404a90.js HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tw-payment.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZJgZ1dD8NAWFP9Bhe%2BK1NqqJoB22J91QrCsMtbvvHFJKF9bRrcU9VbTCy8D7L%2FLtUbGOdn6DHP9jXzLRkolKAWhHk9wDqO7z1%2F5eevR%2BgCvldpiTykEsMqX43fQabp1Nzg%3D%3D\"}]}\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"69f9833a-239\"\r\ncf-ray: 9f7fcd23e8b05687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":569,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (569), with no line terminators","md5":"62af470c4f4d093c93656774d49942e4","sha1":"ae79a72717c0a54c95693d916207cd37eb8aa733","sha256":"9bacec6705f0595b5504249763ac851b8ba4aa1c26cb8881691434443fd08fc4","sha512":"b5fd553e2cf1c5601554f20e52ad3d35ff801010d330f5fd2dbe9d1e76f3ef8e029f7997b571e388f81baccd89c66c8d692566afa34f041c11ad89ef23aee353","ssdeep":"","tlshash":"66f0d69a4f0cf92f5c26ad64fe97ace2285f4175202b4e606905de623c23b6dd270405","first_seen":"2026-05-07T11:14:54.588515Z","last_seen":"2026-05-07T11:16:14.198821Z","times_seen":2,"resource_available":true,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/media/70355d4fbd533ab2-s.p.woff2","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/media/70355d4fbd533ab2-s.p.woff2 HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 20144\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\netag: \"69f9833a-4eb0\"\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\naccept-ranges: bytes\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7pcDyUbMP30lyoQZfDCIzcdxUHcxO9xB5u5q%2Fy8%2FkCeCjkIk9MZJWAlHrnB7gFqtzinRDD7KcGsIcgvoGsUuCOop4yRMccOES1lQZycbzLkQM2ZwrjT844xl6fSy1wcmVQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f7fcd2658c15687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20144,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20144, version 1.0","md5":"9b9969b222383443533022faa1a8dc15","sha1":"960bfc7f598d95e5e1f183f66f0b9570c59be7f5","sha256":"fd4c8e65080adbaf0cc819eb67b08ed9300e9274dd0069b382d286b93b9544a0","sha512":"dca295932532388d01fc0130671252a3bf707bd9a2e5608d69b2ad0ee9134a9349e2c45734ca8bc223ea4090e918420166c6944395852a108ef7d25a360fd2f0","ssdeep":"384:bDDIoOYd5DFolWnW7Hy2ljK3VB87feqOMtmna2213/p:bwYdFFolz7HyMjK/87vOaPvp","tlshash":"4c92e067de6d3916fcd415f04619ec1ea1b12f617c2206fb0cc8c946906da8d6aaed88","first_seen":"2025-11-23T10:03:25.17893Z","last_seen":"2026-06-11T21:52:43.598394Z","times_seen":132,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/css/385d1cca048e3fce.css","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/css/385d1cca048e3fce.css HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tw-payment.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: text/css\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7JfhBjitEbph251bmtQrvKvBCur2mhniV01neklX9NmVBinoEp9qRQooRF5Iulj6gbFFT3LTzYrh8wnaaGpLzLBogY2b%2BUavZS0gQLy5TW%2Fwak7o3KsXcJ2N1tQZvBjFrg%3D%3D\"}]}\r\npriority: u=2,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"69f9833a-2068\"\r\ncf-ray: 9f7fcd23e8ab5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8296,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8296), with no line terminators","md5":"a73097b533d338ab4c29630e1a60f215","sha1":"dcdaf3127f95504381b77d704a62ca7a4c91b34f","sha256":"a152a893fbaa11ce3a1cf6e625402d9b852515ebd2f1731e27d152694c9ca588","sha512":"6667bb1ec9ec33000a3aa7851486c58cac2bc2db317d366885e862ea9e972fd59db9ef175dd0455c2a38cd599ac6c3baf367fff07c8739bc97008d16a2c84539","ssdeep":"192:IWxYYgWxmY3WxcYGWx2Y4IWxou+BlYfE6:FBtvQ1b/4Fou+BmfE6","tlshash":"7902be34c42e848ed932fc9231cd3f13283c141595e55e16efad99a98edb827b3e1b58","first_seen":"2026-04-07T15:06:50.299958Z","last_seen":"2026-06-11T21:52:43.593994Z","times_seen":69,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/media/70355d4fbd533ab2-s.p.woff2","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/media/70355d4fbd533ab2-s.p.woff2 HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://tw-payment.org/_next/static/css/385d1cca048e3fce.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 20144\r\npriority: u=4,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\netag: \"69f9833a-4eb0\"\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9mdgdjfKhfJPEb8l6%2BGYiSZ5OOfa1QZNUQeUEJVzJiAeSzJ0IGSayT8Qaq3Ek3udKLwF3WexJ42Ish9CyH%2B0NHBhBfm5vyww7npHXdyjKQSXnYLXjhWfEoJuRaatA%2FuzQQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f7fcd25b8bb5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20144,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20144, version 1.0","md5":"9b9969b222383443533022faa1a8dc15","sha1":"960bfc7f598d95e5e1f183f66f0b9570c59be7f5","sha256":"fd4c8e65080adbaf0cc819eb67b08ed9300e9274dd0069b382d286b93b9544a0","sha512":"dca295932532388d01fc0130671252a3bf707bd9a2e5608d69b2ad0ee9134a9349e2c45734ca8bc223ea4090e918420166c6944395852a108ef7d25a360fd2f0","ssdeep":"384:bDDIoOYd5DFolWnW7Hy2ljK3VB87feqOMtmna2213/p:bwYdFFolz7HyMjK/87vOaPvp","tlshash":"4c92e067de6d3916fcd415f04619ec1ea1b12f617c2206fb0cc8c946906da8d6aaed88","first_seen":"2025-11-23T10:03:25.17893Z","last_seen":"2026-06-11T21:52:43.598394Z","times_seen":132,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/media/07a25e30db343ec8-s.p.woff2","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/media/07a25e30db343ec8-s.p.woff2 HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 13792\r\npriority: u=3,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\netag: \"69f9833a-35e0\"\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=19C5uzMQR3ia1IwiguUMkNsEuD2goOqejf34wjh4k1XmOkLvaVoC5YSqZAlwzdARgCTHYbvfOecFFOff%2BdvKTkzcrnZhRIACWn501BpfkeC%2BRDGIMi4CQtwTw5RLQo%2BiZw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f7fcd2658c05687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13792,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 13792, version 1.0","md5":"4ae2d48436b3d6fcab18c9de2f7f8fc3","sha1":"108fe3712707923941996546a4ba325a3f4f96bc","sha256":"c54a0fc890f9cbaf295a1bbcf745351b099182bf87b149cf6eeec856f46750bf","sha512":"9f3dff01a9823f0fdcef0eebc2b6a0d25ce20b534a577a02c411934c6425dd22c1c32861ae3f741ec6e04b7022d15bd0cdda89be07413361d9d9c0eea5a01079","ssdeep":"384:nMSLVRCzUjz7V5hHOhqjzXCmNZMHI9lJG/dS2:MSLVRCAcqvCwvG/dS2","tlshash":"1e52c0bc9e7d6d1b705f13f66e6f7675e582b92700076c4ab0514cbc2144b23b2e846e","first_seen":"2025-11-23T10:03:25.189462Z","last_seen":"2026-06-11T21:52:43.603218Z","times_seen":94,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/icons/logo-two.png","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /icons/logo-two.png HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 4159\r\npriority: u=6,i=?0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Tue, 10 Mar 2026 11:51:28 GMT\r\netag: W/\"103f-19cd7967600\"\r\nx-frame-options: SAMEORIGIN, SAMEORIGIN\r\nx-content-type-options: nosniff, nosniff\r\nreferrer-policy: no-referrer-when-downgrade, no-referrer-when-downgrade\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nstrict-transport-security: max-age=15552000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wXTAJ%2FiXHN8nqvBFSfmOaWUWEyF4s0s%2FuISHC%2FJDV%2B%2BjCaGLxw0sj%2FGL7o%2B0CeX6KdYiXHHgfNAcdorz1u6TwQEquIGKl9pkgMaS7jFHhtNEAudMyUqxtQRHfI43fK4jlw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f7fcd2638be5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4159,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 71 x 81, 8-bit/color RGBA, non-interlaced","md5":"58fd2a12f571cafad976ed5feddeeacc","sha1":"c7c0342c9edb1d20d96f26c0d713b83c4124b144","sha256":"98e40eaf5f022cb4f4e94991a6fbcc95a11f93545c1354237b2f40cca4d9405b","sha512":"399b57f3f371f14c98a8a1600ba028f721739d76511e2c1476aefb46f212cf58dd9e9142eb0f77e160644a9fec03d32405459658345912457fc19304aad69a70","ssdeep":"96:taIF26hHzU/RmovWsHQOJ9SNnGFHUikhpeuaeJNGYXRfCK0uG7SPR:n1zMhWsHQs9StwHLQJdRJ0XWJ","tlshash":"54817db5f830ccc0cc2d6c61d1ad6d8c103613454dc6b879ef96e9b3a2645d3145cbda","first_seen":"2026-04-13T07:55:48.870403Z","last_seen":"2026-06-11T21:52:43.59566Z","times_seen":64,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payment.org/_next/static/css/30e914f7c532213a.css","fqdn":"tw-payment.org","domain":"tw-payment.org","tld":"org"},"ip":{"addr":"104.21.76.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tw-payment.org/","date":"2026-05-07T11:14:29.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payment.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 21:21:31 GMT","end":"Fri, 31 Jul 2026 21:21:30 GMT"},"fingerprint":{"sha1":"DF:C5:18:74:D2:F7:43:B4:1B:A6:5D:A6:60:97:E9:06:44:54:55:23","sha256":"E6:20:C5:99:04:5D:21:87:B4:2B:3F:DB:D9:4E:F2:DA:41:AE:EE:66:FC:01:8C:7D:23:16:E5:5D:03:81:D4:A7"}}},"request":{"raw":"GET /_next/static/css/30e914f7c532213a.css HTTP/1.1\r\nHost: tw-payment.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tw-payment.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 May 2026 11:14:29 GMT\r\ncontent-type: text/css\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eERrnQ33ftJsLx4iFAw39yXrcIG39y3HLkhR%2FOp%2BNabWp6YcO6z%2BaDUmq9s3kWy52p%2FjqT%2Bzbkq7vLpfx7%2FKgye714jiv%2FdFQplyebvnfrM96InpyWo036Q328vF58UVVg%3D%3D\"}]}\r\npriority: u=2,i=?0\r\nlast-modified: Tue, 05 May 2026 05:42:18 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Fri, 07 May 2027 11:14:29 GMT\r\ncache-control: public, max-age=31536000, immutable\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"69f9833a-29fb\"\r\ncf-ray: 9f7fcd23e8ac5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10747,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (10747), with no line terminators","md5":"63d7d893cc61f68092a9849b7fa50f9c","sha1":"8dbefe92c7be03cdad36a65ed07c777761850712","sha256":"7b4f8097adfdb78457be0b3e9968e57ecf918ecfd6df6f80442b4b9e1d74757c","sha512":"ea5863f538ae8347880f944c22cf85c967a3f1b0d8538fa2cbdacab3f21fa709816f64c8e511701427d7a282e499ba63dfa437c8bb1e3e8d891d97bc5b081f51","ssdeep":"192:LCohu075xY5GESdtcSc4P3A2wb/eBPVWZmGE1PnZpak1g2wol4+kVJj+vD1PwOzM:1u075KgESdtcSVActUAg2wihJwJ","tlshash":"0b2295399260813df02ada9274c6ad8fb8a4c533f7134398da737cedd6811cb473524a","first_seen":"2026-05-04T09:45:54.619781Z","last_seen":"2026-05-08T16:18:51.886871Z","times_seen":22,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-07","alert":"Sinkholed","trigger":"tw-payment.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}