{"report_id":"e1f74758-0680-4577-866a-04abe3a91c61","version":6,"status":"done","tags":[],"date":"2026-06-01T14:39:08Z","url":{"schema":"http","addr":"tw-payments.one","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"104.21.9.8","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"tw-payments.one/","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"title":"Safe Card","dom":{"size":19062,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"6e715420848fbc827ad0975294557d7e","sha1":"d1d0d0591054c21344939e21552142ef47544af1","sha256":"c3a4d258919236cc6fa27b2eacd52c7d12b746dc445bb16ac8b93bd9b8632bf0","sha512":"4e52d5801ff8cf1a89faa91d4e992b56e93fb13ee8a42e34768b33665aa2d17d3ce7588c74c07826d518e58eeb8d535333422dabfbd5dc0590bb51ac0dbd581a","ssdeep":"192:BrdNb41MSiRxT+Ns8cGdaY8GxH8VduWhY2cqrrs2WZ+63QrrkDja0rOvVRF6/TQT:BrlNRK8kQr4DJydC/cS7mR","tlshash":"6a82735b96f312772953a0a16bf71b866fa5d013c249d9643bec138ccf8acc9996370c","dom_hash":"domhash3dc7471226c3bae9e86ad75a2f0a21c1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"tw-payments.one","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"104.21.9.8","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-06T14:39:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"tw-payments.one","ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":60,"request_count":30,"received_data":11903943,"sent_data":13211,"comment":"","tags":null,"fingerprints":[{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"translate.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":6317,"first_seen":"2012-05-31T07:21:21Z","last_seen":"2026-06-01T13:20:41.941114Z","alert_count":0,"request_count":1,"received_data":431537,"sent_data":540,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-05-31T22:18:21.058888Z","alert_count":0,"request_count":4,"received_data":197468,"sent_data":2220,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-05-31T22:42:17.707694Z","alert_count":0,"request_count":1,"received_data":24860,"sent_data":441,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"translate.google.com","ip":{"addr":"142.250.178.78","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":609,"first_seen":"2012-05-30T01:30:32Z","last_seen":"2026-05-25T18:14:14.14893Z","alert_count":0,"request_count":1,"received_data":77244,"sent_data":461,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-05-31T22:21:48.210615Z","alert_count":0,"request_count":1,"received_data":15848,"sent_data":482,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.gstatic.com","ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":146047,"first_seen":"2012-05-29T15:36:17Z","last_seen":"2026-05-31T22:53:30.955311Z","alert_count":0,"request_count":1,"received_data":21138,"sent_data":544,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tw-payments.one/bouncer.js","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6237c996bf89e6852bad26b32dabd85e","sha1":"82138f24c718204b73e832b08d3b7fe10ce5042f","sha256":"5888ed4cf350929851c612e2d89ba8d7ea8802bb5ea7edf2b07ba4a7b26ae7bd","sha512":"117ed9b4e4812f2125457a7915a54f977e3ca3fe4500d8afd4d0fa44f9eb1e4fe4e066c31f0575da09e9e7433b327ef478d0c97881a617d4a10d597c9e58b598","ssdeep":"","tlshash":"b221023e883653324fa350bc679b52506a7310537118d45e7a8ec3407f35fe9ca56ace","size":1198,"data":"","first_seen":"2026-06-01T10:51:03.715955Z","last_seen":"2026-06-01T14:41:01.805288Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/_/translate_http/_/js/k=translate_http.tr.no.3YJnW89P_L8.O/am=BBAAJw/d=1/rs=AN8SPfoFTszovdqF80xRKT6H7PvSVGb32Q/m=el_conf","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c95c28438a440cd793199117f22102b4","sha1":"d1d3fa560e146c60ed14d5d92503dbd6ca6a2ef4","sha256":"4ddd744c02594a17074694e95c9c59f5a7cefd9d820bc57ec08e5c7cdb2bfafa","sha512":"70ac206198019241a78bd7e99c94fa9188b965d2037ed102311283484d53511ef97f18e69f93150ea465d1b659cff0c0089fff9de0a5d411e74f33e3007a78c7","ssdeep":"1536:Xe5L4wm+/O8J73SHJKIYULQ4Zu1KrGOU3uWeOXXHxiGwNWiK:XqVSHIaZSKr23/zxifK","tlshash":"5d73b7ccb6a574658353f5a5412f000eb23b69aef8084cacb298d8f1adf5949413bf7d","size":76674,"data":"","first_seen":"2026-06-01T14:34:56.709517Z","last_seen":"2026-06-01T14:55:23.020392Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"069f11d53a906032cbf1e528043e7d16","sha1":"42ca10bea3f1596dfb3dc95be4f80bdd8cf78de5","sha256":"763dc68077919d6b4bf1989aa2521cdee36fb293747814a1e95f79f721ecc6ad","sha512":"c5aad14ee206cdfe8d7029676241e22e330c2f1606816443479671a70be2281002f9e53726e48fe664a00779749238ff290b3d181606f12b18dbc4095f7031f7","ssdeep":"192:dnNb41MSiRxT+Ns8cGdaY8GxH8VduWhY2cqrrs2WZtvQrrkDja0rOvVRF6/TQduc:dXNRKHQr4DJydC/cS7mv","tlshash":"bd82725b96f312772953a0a16bf71b866fa4d013c249d9643bec138ccf8adc9996370c","size":19034,"data":"","first_seen":"2026-06-01T10:52:55.138066Z","last_seen":"2026-06-01T14:41:01.824117Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"tw-payments.one/coin-2.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /coin-2.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Apr 2026 12:03:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=21rnxmtvjVz57j6qk7KMqlKUlZAfOgG39alXTrJj5VihNgjDW%2BDHWyHpZW9saiK3GA5b%2B5xFGpl5HFVUSy%2FH72Mgba5JmBTcHxlcFhjiw1NoT%2F93n0zJfVlRds3kuyjqOwY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: a04ef6b93d393181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-06-07T06:48:57.712819Z","times_seen":33765,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/phone3image.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /phone3image.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:11 GMT\r\netag: \"7bcbd-6a18484f-926cf0b5f22824d8;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 371111\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YCTCeTz2A4Opyl61zijWohl3rb2ZGFuSKhpHxJHAwIb2UHsf%2BgBY1yl32LfGEZB1aPeaIFcCrZMZrATCBfjYLWXVKt%2Fo37vTOHtB5EwQzCC0rUnOWKhXptr6JYvRUyDew9c%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b93d423181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":507069,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d98f60d0f1e584c5a31a48e2771e2ff9","sha1":"64986489ae3eee8af3180db20370fd3a512d93c8","sha256":"ef154187de3d627f4596396bac0c41502996cdf2273959b3b583c06ba24a69e4","sha512":"7054312977ae826d988fb9976759d3868bafb2ab6c02174ccb4ae7800f41af83b9d188c586df09218ce3883d894fa96756bd16bab2dcd103657c04e0d1990e23","ssdeep":"12288:eFFFFF2YsSm6y+9xyzwisudXPg7aj51G/5YKn9nTJ6oQjPYtF:eFFFFF2YsSm6y1M9uRBG/5T9TukF","tlshash":"6eb41330bbb29ed958014b3435688707ece4798926dcc9d48b9dcacb66ef73d8c5182d","first_seen":"2026-02-11T15:17:55.594612Z","last_seen":"2026-06-01T14:41:01.820291Z","times_seen":56,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/cta-banner.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /cta-banner.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:08 GMT\r\netag: \"2906-6a18484c-63e36f503aeb7f48;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3213\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hVwtxGHwpQPUuBGMSpLxzeVlJbuUh7HgqTZ01X2%2BRoRHErbOuQCMQ4NjzI8I8ciIY%2FZe3pO4LFticconSY%2FQCZ7nk%2B9hMM8nis%2Bg3Pf8i6bV4Ms7SysNRJPw5mQiN7Q48xY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b94d483181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10502,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e34a0d2ddecc4eca36af15326e3ef4cc","sha1":"27158ef8abf4724643ad911ed1091688e6d2ba40","sha256":"1fe123414ca02e7118d90c20c5ef90f15d45ce6dbeb6820a44d89498319a20de","sha512":"90db61f4078563bf7f118b99c3927ca8410b4062f977ffaa49f72c2733e67b1fe0c0b570030fb4133d92ceef7888ce08242e72495fe3beea03ad413df2944edb","ssdeep":"192:sXxy6K0CCGDMdkLeLEIwy5HpYpE72KPJesp:MxtXQIwepfJesp","tlshash":"e1221dde33148cbcfd268ba2eb03737822275ab30a996780cd371a79155551ea93fdc4","first_seen":"2026-02-11T15:17:55.649184Z","last_seen":"2026-06-01T14:41:01.822814Z","times_seen":47,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/favicon.ico","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:46.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Apr 2026 12:03:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FCxsXhXGglIv%2BkogOMx3z%2FkPwoHjf3JJq0FBwX7JJ%2BCzvMoTbHgNGHfZUfqpndNssif6OV2Ku81syaZqFECDemim0vbm2%2FHFqzlktUwNDNXy1Sbkg5l2sj5koZmwq1s6IPE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Mon, 01 Jun 2026 14:38:47 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: a04ef6c5cff13181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-06-07T06:48:57.712819Z","times_seen":33765,"resource_available":true,"data":null}},"time_used":614,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":614,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.3YJnW89P_L8.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpszk8PftMEJZQi1m0PDTyKGhtJ2g/m=el_main","fqdn":"translate.googleapis.com","domain":"translate.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:47.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:15 GMT","end":"Thu, 30 Jul 2026 15:53:14 GMT"},"fingerprint":{"sha1":"19:42:B0:56:3A:E4:79:BF:8B:69:E2:50:F4:76:BF:1E:A9:D7:7A:49","sha256":"D7:FF:C1:46:95:F3:5F:08:04:B0:E1:A8:FE:14:FC:60:19:58:D6:C7:D3:6E:82:B3:64:07:E9:E1:CB:9A:27:8C"}}},"request":{"raw":"GET /_/translate_http/_/js/k=translate_http.tr.no.3YJnW89P_L8.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpszk8PftMEJZQi1m0PDTyKGhtJ2g/m=el_main HTTP/1.1\r\nHost: translate.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"rosetta\"\r\nreport-to: {\"group\":\"rosetta\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/rosetta\"}]}\r\ncontent-length: 124092\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 28 May 2026 19:00:45 GMT\r\nexpires: Fri, 28 May 2027 19:00:45 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 27 May 2026 21:10:48 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nage: 329882\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":430674,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2481)","md5":"cdb20c6e0d72e7a5b9f970f205e2c2b8","sha1":"ff0845b1ad0f82fefe85e823977478ef69e63a84","sha256":"4a2c3ca0a453fbe9630eb02a86234e39f8d4f608c8c8e3d7f473b74152911d9c","sha512":"c226d907ea8c0b10881fe68f68b6ffcdd36c3e85609135cc6a2b41a08f3af7af287edc14ad2ffc559f6ca12c73574a1c91ac3666880d72dde03c22e8ab6c9a4d","ssdeep":"3072:B7qR9H2ia2b0Ogx31u72CRyr6w8QfTHEsxwFfCHVVeJ6kn5uQAeFCATObdzsgCa0:OYjyVpfJLh6dzs6LzE","tlshash":"8694d9cab3a378539262f8a1a47f0147b93dac57a44c4c6cb189d8db1eb08194573f7b","first_seen":"2026-05-28T19:41:36.748572Z","last_seen":"2026-06-01T18:51:14.114378Z","times_seen":735,"resource_available":true,"data":null}},"time_used":163,"timings":{"blocked":53,"dns":2,"connect":15,"send":0,"wait":16,"receive":39,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/badge-applepay.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.693Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /badge-applepay.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Apr 2026 12:03:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s03IpkPBpslvGLqTHIvgD%2Buayfn9btoUrIEBCRznA%2FDnHbXW0i%2FQZ0vJIJZNQdZhE0lWmrx615HmedBBJtQAqPNf9bO7kNaSvdEKLBVpX9H5o1k96vAVXDH7q91sORinIrI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: a04ef6b93d363181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-06-07T06:48:57.712819Z","times_seen":33765,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/transaction-3.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /transaction-3.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:11 GMT\r\netag: \"2b353-6a18484f-a3d94cb1f604864d;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 114441\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HB9mP%2FNRzoFq5yvfPkDRLTwZoe57MQlzf%2BjA0P40npXRgTnGurJJzZz%2F24gRg8VX%2FRKIDEmCjKZqfrfNhPStGsCAcCysRAW18w5%2BLy2jfTH6PhaAxxU%2FKGghVFEsNXZ%2Fq3I%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b93d443181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":176979,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e25586cad8f6f0b2857bb0b784160ef","sha1":"bf952a2bbc04fa0c28b625387bd59a2c18a0713d","sha256":"9911c3f626ae9855c9f7ff7ff4c4086278067684ff2edec970834659d73bebcb","sha512":"d0a0ab0db039c4dfc46470973eafd3328fffc1389c5bee33971002f8dda8d08fc0aa7dfd16316f4419dc169a9958a26258177f8ad2467c69313a1a543119a075","ssdeep":"3072:oQMapi7SNFbaXxjULeGIPTmlZy6yWCpVcBAliNwqt:oddXxcfATCwW6VsHwE","tlshash":"5604e0fe5b9d38e5f953afe4225100dd3d12a8b7a800da68cf701b66749240e87addd3","first_seen":"2026-02-11T15:17:55.615342Z","last_seen":"2026-06-01T14:41:01.814558Z","times_seen":41,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":142,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/icon3.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /icon3.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:09 GMT\r\netag: \"171a-6a18484d-d80e76d12ea151d0;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1353\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nb7GyVD%2FSDgfjRLk5rrdwp%2BlVZNEb3itTJVOol94lXXEQ5C5sNBfQ%2BlLlFuZ8qbm4kBslKhe7Uu1rhQUHEhpll1bwHV2k9SVALegAYOZ7GpG9cV7ljTkq%2BnYMH2btlgYROE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b94d473181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5914,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"cf29f6b43683fa8462f27d6b643cc872","sha1":"0ca16d391a77d59bebad3d80ad8392d714b16465","sha256":"0cd370c7deeb7481811226d092c3854796df2a5fb58390f5298483bb22f8aede","sha512":"f44ca85002088eaf763b07480166e2593ba5485223000ee566104f5591cb18088d45696cccf9a7182dfd53582d7ca7f5e757de252a9ae452b28fc3ef182ce1ea","ssdeep":"48:bx0B6A+Ld2JJZdLXj3fALg3XLRDYL/atJJZUYb0ENQ+F5HgUBVJAohL8SLbFX88t:qBJJZpDFTJJZhBlGCZfvcUmckJiUcBcQ","tlshash":"c8c121aebb68dc37f559d3eeca01e139115641ab7580c260c1a8ef1f14164e6ae2fac4","first_seen":"2026-02-11T15:17:55.633592Z","last_seen":"2026-06-01T14:41:01.809437Z","times_seen":69,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/safe.html","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /safe.html HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tw-payments.one/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/html\r\nlast-modified: Thu, 28 May 2026 13:51:11 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nNO%2BcobvSTHBE57BNgvXEvCpZUR%2BX%2Bvc2sJCDiUg6bs7wL9e%2BH6CMLDaJN5qUR6kkihPaT6iUY%2F5UvxSiaWVCBSgym8QRokLIlm3hKzct7m8WCIJ6sHXl99Kgvx2Dtpztl8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a04ef6b9fd623181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":19058,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"6893173e17293c8570cf03e06864f043","sha1":"3fa554cc4c884a6759a1f21e45c3995974d75c38","sha256":"affdaf4371fd1346a93ae40931a1c9b0eea0eb1ccc88c794fb43722bde6dce70","sha512":"f1b8be8b2c80468b49e81caae969767a1383d1a352d23fa45b507f353364a1fc44dd5588c5a5e3362d939e5ffc41c6e2f1f1a02fad03b1135bb9412de45eec34","ssdeep":"192:dnNb41MSiRxT+Ns8cGdaY8GxH8VduWhY2cqrrs2WZt3QrrkDja0rOvVRF6/TQduc:dXNRKvQr4DJydC/cS7mv","tlshash":"8382725b96f312772953a0a16bf71b866fa1d013c249d9643bec138ccf8acc9996370c","first_seen":"2026-06-01T10:52:55.127029Z","last_seen":"2026-06-01T14:41:01.819127Z","times_seen":3,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:47.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tw-payments.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 28 May 2026 01:46:26 GMT\r\nexpires: Fri, 28 May 2027 01:46:26 GMT\r\ncache-control: public, max-age=31536000\r\nage: 391942\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-07T07:11:16.149808Z","times_seen":205597,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":78,"dns":1,"connect":28,"send":0,"wait":18,"receive":10,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/hero-image.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /hero-image.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:16 GMT\r\netag: \"726b27-6a184854-5caa48ff6f13517e;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JZxp6u7eo0kkYx6mZp5p7G8vyfzYQ10gxmubJ07OwyFFm4Phb%2FTA5RiMR6pbvhHqrc2B%2FGRwcVVtHj3M%2BWcLl9zpmiVPJOJ0sh9uM3GVOHqooTrBkXgi7RkK3MTUSscdZH8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04ef6b92d333181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":7498535,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"68c8c6ee8fdf7bc9e251dd804db4c58b","sha1":"537376050ffa7b1712186ec2d93ce581e0840c82","sha256":"eedf55fd89b8d215e2a46d64e1e42c83fdeb779d47c82f26e57a032a9eb87e07","sha512":"9213bfcd385217b9cae20b25c23cb62f5a65229979dacf67c3764216e816e6066c8f14e9cb3c0b5e4ab924d2e2fdd5bf596dd8e5d47553b17cf7e4c24fec9b81","ssdeep":"12288:xzIVo3YRbjTCfuc1CG2XYjV8F7s4MUFo2U70mhsnE/hqhwDEAj3+7X/hvTP1Jy4y:tIVqYRbnrYjVEMdj7DEGDEAzqXfXw82","tlshash":"d4252330b9b57e3a4e0cc329727f0a09a9e1e298e0d9f59157da7476618ff34e3250b4","first_seen":"2026-02-11T15:17:55.645605Z","last_seen":"2026-06-01T14:41:01.808823Z","times_seen":26,"resource_available":false,"data":null}},"time_used":532,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":375,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/coin-4.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /coin-4.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Apr 2026 12:03:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Zcm51U60udMoe0jMlO%2Bx7TTfnqWxCPGpHpm7Xbr8wNE5oFAe7j4hnNFfLljWsY3Mh%2BPnrGLhUMkTv3KnPs8PrKsMRIeAhkHBzV8UHC8xIeeYA2P6Ff9G5unH3XarqIAxChg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: a04ef6b93d3c3181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-06-07T06:48:57.712819Z","times_seen":33765,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/coin-5.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /coin-5.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Apr 2026 12:03:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nVhZbxQfMq1i45a2iAG3U%2FgX5WEcdAX9MKntg0wwwxjU0mSXVFZXeEowTVs%2BwkN63OoxcotcmgCxthyUkKI%2BKJd89BlgktJjfaOLV1031eG3T04%2FkY1cgAQZjvhlIVBuYo8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: a04ef6b93d3d3181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-06-07T06:48:57.712819Z","times_seen":33765,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/assets/ModalController-BX5sPID1.js","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:47.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /assets/ModalController-BX5sPID1.js HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/assets/main-WMRpD85t.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T07:09:49.261984Z","times_seen":16206673,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/assets/rolldown-runtime-BTPm5ob3.js","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:47.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /assets/rolldown-runtime-BTPm5ob3.js HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/assets/main-WMRpD85t.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T07:09:49.261984Z","times_seen":16206673,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:47.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tw-payments.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 28 May 2026 01:46:26 GMT\r\nexpires: Fri, 28 May 2027 01:46:26 GMT\r\ncache-control: public, max-age=31536000\r\nage: 391942\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-07T07:11:16.149808Z","times_seen":205597,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":79,"dns":1,"connect":29,"send":0,"wait":24,"receive":5,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/assets/main-WMRpD85t.js","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /assets/main-WMRpD85t.js HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Thu, 28 May 2026 13:51:18 GMT\r\netag: \"1964c9-6a184856-335720800f597a28;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W6BmjNnAvAYxfMDtFMlfBxoIhADsQUETvnZDJY6%2F7aEba%2BuumbtRHPhBZBnpP6gnwS%2FMavc42vOSzI2iNg6ebnCWuJuL6fveNqb%2BD46QCt9YhXl%2FDN5PsmiuLIpsPQH9n1E%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04ef6b92d323181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":1664201,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (38986)","md5":"3744937f07a794cd9169fbf3928f6de6","sha1":"5914b0227c542a15d2180a3e1f1d7a8255d75a69","sha256":"689d8b611b5286503ae594eac6fb0528ee488967ed65e59b5887cf2902c1eebc","sha512":"e5450290e8a5b4624d6eb04289aa16912922d97bcb96f97cbefa569e8bd200111ad289684c77bc8ff2428f318b304c25801b00167fed5626fd313bd4caec2ebd","ssdeep":"12288:VkhPWCGEYKX6Skyr98sBUgy7PfBmSjyowoMVQae3PAD:sxTBUgy7XYSjAoMVQae/AD","tlshash":"7c254b9273a1f03243da81aa54775401f338a899580d542cf6ace8efbfa5d8495fbf34","first_seen":"2026-05-24T01:02:59.560376Z","last_seen":"2026-06-01T14:41:01.808172Z","times_seen":6,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":212,"receive":119,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/coin-1.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /coin-1.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Apr 2026 12:03:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LthdbZeQ93gnvGrehMrIM8HwIydU9qiyqgW1eo80nPv8omXNjgjtjYBtRIeY%2Bh6Tfrz7b5fUMeQpZUoPZersvZOxjMLhAdu7nGgBpWIsZXjnVoeOD5E4r56p5qoOH%2FE%2Bk6A%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: a04ef6b93d3a3181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-06-07T06:48:57.712819Z","times_seen":33765,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/transaction-1.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /transaction-1.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:11 GMT\r\netag: \"405e7-6a18484f-91b7642b59d3acbd;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 185166\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zJTdkrfRuqCx%2FgZuEUJ5EUfc0fL0Kyx6kK7X6v%2FyZJ0Q%2Bcz8JiMn7tO%2FDD1RbRx%2BVXl7vQBScqQ8BmHp3K9B%2FfSjN53ZPzn2EAJ2%2F4ZhjokEnuzWN1uXfrZ3i%2BGkGqwet9g%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b93d3f3181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":263655,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"db568317464c15ab309230a51235c896","sha1":"1a157428bb251b4e42e964929793643a83436043","sha256":"88a1895d56bb70b83a19d2a94fcec44c8522915b9fd7352dce51e388db11e764","sha512":"feeb7005b511fb9e88ed704e0c08a102e9b110fdd22ba4ca89d52ff5ffd4d348b3ac15653f904ebf3cc997eb8793336165af814275c59b8bcb02f6894ff579a1","ssdeep":"6144:Doo1fVliSpzFEtSnJS09nPhiGDKcDY4sYdHmEU69068d+tF/BUf3g:DoKfrH91no05JiGGx4sc9rkg","tlshash":"5a44f1edcb94aebab5d16fa4c018885c71c0ad5aa3e0d7f98b061d1a804d1cc697ddcf","first_seen":"2026-02-11T15:17:55.652726Z","last_seen":"2026-06-01T14:41:01.812679Z","times_seen":41,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":86,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/transaction-5.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /transaction-5.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:12 GMT\r\netag: \"e88b-6a184850-9c820ff3bd5b3695;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 29106\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2chVuv9Gs5HI4L7idoUBmio2B6YWPrvyR6bXWtK45rcmlol%2BeAT3KdDaouau0UoE2QhubGkoJrWGF%2BGlUE6WBZheAW%2BRIhIZYviOI%2Bq0hsmiGWynLL1qApLFlFrIXMCDTwQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b93d433181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":59531,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1e72d629ae587c33dcbb324f2d007c0b","sha1":"a332c8966b9e0ac88e3bab7cc9fa244c91c50715","sha256":"ad668f58d977ad554013e8391485f5eab400fcbc93bf79e3914252c572e75dca","sha512":"86cfa0225c3724e66fbc1ebfc65d0c3ffa124c8f2e65d3f4a412ffdf405bf0e6eeae4fe64182156940792b813b84fe4ea13e88058a85b65d51eb600add2e9c5d","ssdeep":"768:FQ8myizafY70xR7kuyTa2xZ1/IfHVVvkKUiSgBxdwqYPZdZi0Wjv6jFVoH16ZQsf:W8myizafY70srT5NAUi7X1v6jFmo7VBH","tlshash":"2d435bfd57b676fcf084a7f69b1180b83d92bdb36c58ca08c7288c55a59185ca998cc3","first_seen":"2026-02-11T15:17:55.586235Z","last_seen":"2026-06-01T14:41:01.81604Z","times_seen":43,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:47.976Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tw-payments.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 28 May 2026 01:46:26 GMT\r\nexpires: Fri, 28 May 2027 01:46:26 GMT\r\ncache-control: public, max-age=31536000\r\nage: 391942\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-07T07:11:16.149808Z","times_seen":205597,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":47,"dns":1,"connect":14,"send":0,"wait":35,"receive":11,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/bouncer.js","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /bouncer.js HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Thu, 28 May 2026 13:51:08 GMT\r\netag: \"4ae-6a18484c-288b0bf538f3eb17;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 492\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uA%2FXDEc83y0KGTrZ%2BWaC2UVYrX9N3Tkmkwi4g7Cb2tB0LXVlPhwwG3RqsdFHI2cBIthzGe%2FxKLG1OZDQauuhAWUdGpCYBKzL9ZkSY1Rp77tnu7S1MiaSMsFVuQCU4bXgps0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a04ef6b92d303181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":1198,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text","md5":"6237c996bf89e6852bad26b32dabd85e","sha1":"82138f24c718204b73e832b08d3b7fe10ce5042f","sha256":"5888ed4cf350929851c612e2d89ba8d7ea8802bb5ea7edf2b07ba4a7b26ae7bd","sha512":"117ed9b4e4812f2125457a7915a54f977e3ca3fe4500d8afd4d0fa44f9eb1e4fe4e066c31f0575da09e9e7433b327ef478d0c97881a617d4a10d597c9e58b598","ssdeep":"","tlshash":"b221023e883653324fa350bc679b52506a7310537118d45e7a8ec3407f35fe9ca56ace","first_seen":"2026-06-01T10:51:03.715955Z","last_seen":"2026-06-01T14:41:01.805288Z","times_seen":4,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/qrcode@1.5.1/build/qrcode.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.686Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/qrcode@1.5.1/build/qrcode.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 9398\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.5.1\r\nx-jsd-version-type: version\r\netag: W/\"5cba-nSz2TvWW6iEAn1NDJwuyMKymjPY\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230181-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 1206938\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FMA1bez5FG7hmgEgCM58Mb3DpGpE9g%2F6xb%2FKi2cQ%2FviVV4G37ydgJ%2BgLnSi%2FWw5dvK8LhI8FQ5hnf13dMkAWUyR3bu6U9Unoo3fO1ufRA7lO7kLDbeiMLU1qunufbIiv0Go%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a04ef6b9498b568f-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23738,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (23467)","md5":"8a34f79c8f5ca1bb03e4500142c2b26e","sha1":"9d2cf64ef596ea21009f5343270bb230aca68cf6","sha256":"ec64d89ab3096dce8084912dedff9f2ca5ae64144d0cacd4a082c293d5d06b59","sha512":"cdce5449d2dda271080978576a167c1d01e4eb095cb89b1ac05a19814b6dbbceff4b8e4436e3b636190324596f36ef40969406bd1283f6374e8b91b8224845ed","ssdeep":"384:Ue3LeEsPd+Iv27CKsC7Gepp+WTYBO79NpSmlj6XWZVRYmDEh52xsc8r3OmfPqIME:xkWTYBClRX42q6ye7wF","tlshash":"a0b2ea98f3a5a16c43e76495042f1006e1beb924792e8965db51d4c3fcf8ee99037f38","first_seen":"2024-09-04T02:32:53Z","last_seen":"2026-06-06T20:44:04.822496Z","times_seen":167,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":1,"connect":2,"send":0,"wait":8,"receive":1,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/badge-gpay.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /badge-gpay.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Apr 2026 12:03:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nqomVQijRTk9XVHQE8eijuIWyAUc27JwH9H3wbC7KKj7CLbVoE%2F8xlYpeHCRPESyeel%2FMP%2FvMRYtup4Rq5HX9YNNJp6IvLOF%2BrBVJjJjWwJUtfHB5lULS0ZJtH5Plc03pGg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: a04ef6b92d343181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-06-07T06:48:57.712819Z","times_seen":33765,"resource_available":true,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/transaction-2.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /transaction-2.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:11 GMT\r\netag: \"41804-6a18484f-46b91292de6b2fc6;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 149054\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A7UOEXwfWwj5Nupvnw7VAJgQq%2FSZUUSulDYEHoX0KLtNHkRat%2BwOoRnaJr8Bj8X8WMPWMpBBqEuAO91NlXlwXpDinz8mwYiFIMREgjkwwmZ4jGvsiY32%2FEVr5bjKQi%2B8KY4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b93d403181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":268292,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4826f7019e2d76a610891dfd207d651b","sha1":"96966f65156b6ee9f98992f245b55e1958da1dd6","sha256":"c13bd825533da4ba98f309c216c9cd00280195449726a784c54c87f9fd3253e7","sha512":"04bf367c5129afb65c4f6d1027e79e886c553363330f50cdefacbd17ed8eb9c61c07aae8b03435b07d53072204f1d5323ee56cd1152b46e4959d6813eedf3285","ssdeep":"6144:D9PqY8czKWdjFuyUsOeIQatt2wl1J1OlmuMhR:kY8czKvmOeIQkJhYM37","tlshash":"a944f76e4d4d7b9e77325d6ecb03283e2e8624edb204d1cf698f75ecd3620549628ca1","first_seen":"2026-02-11T15:17:55.634539Z","last_seen":"2026-06-01T14:41:01.813767Z","times_seen":41,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/icon2.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /icon2.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:09 GMT\r\netag: \"346b-6a18484d-1ba8332083a05df8;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3686\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=giS1%2B7UFgTNMTkEIoZ8CgoLC5z5JbwC9bBIGuoADeKArfon8Q4AcJmyiZUu9kZF0B%2BtAXSj2dM2gfu7dtvPVffmCqmQ6VKSYdSWIGJjfliNkP2OQIZKguFSF0dGZ4cn465w%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b94d463181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":13419,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1a4bf8d0dd48561b2b531f16994573da","sha1":"9e5547a87fcf112dfb398bfb61ebc00e7025558b","sha256":"5884f2c20f92ec8866d09edda61027e0ce2e6666e0bf45b6ecad192bfde48f1d","sha512":"dd50bd6762d7dcb5290f02d8dadd26426d47dc6820979ed38a4ff0e7122fb6ceaf1318792ec2666d6d5f35d414e8fcd83eaeb6eccb19023556e1489870d8a1e0","ssdeep":"192:35nvZrCCypp07LmxZRkaVuVefXg9NT4X4w3RM7GKcmxZnefXgykaVut8:3pxr2pO/m6aAm2eX4wh4GfmE2aA2","tlshash":"665294ce33188dfcf95297d6d30371a9316680f75a8192a4ca361e3e244648edd6bec1","first_seen":"2026-02-11T15:17:55.632619Z","last_seen":"2026-06-01T14:41:01.822205Z","times_seen":69,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"translate.google.com/translate_a/element.js?cb=googleTranslateElementInit","fqdn":"translate.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.178.78","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:51:36 GMT","end":"Thu, 30 Jul 2026 15:51:35 GMT"},"fingerprint":{"sha1":"E5:96:47:77:13:A6:29:CD:FF:81:1B:F8:39:BC:A7:BB:8F:64:3A:E7","sha256":"0F:2D:F7:5D:E8:A1:BF:0D:8E:B8:3A:AC:9A:9D:1B:82:66:8F:C2:E9:77:F6:7C:BD:32:3F:86:9C:97:9C:2D:5C"}}},"request":{"raw":"GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1\r\nHost: translate.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":76674,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2113)","md5":"c95c28438a440cd793199117f22102b4","sha1":"d1d3fa560e146c60ed14d5d92503dbd6ca6a2ef4","sha256":"4ddd744c02594a17074694e95c9c59f5a7cefd9d820bc57ec08e5c7cdb2bfafa","sha512":"70ac206198019241a78bd7e99c94fa9188b965d2037ed102311283484d53511ef97f18e69f93150ea465d1b659cff0c0089fff9de0a5d411e74f33e3007a78c7","ssdeep":"1536:Xe5L4wm+/O8J73SHJKIYULQ4Zu1KrGOU3uWeOXXHxiGwNWiK:XqVSHIaZSKr23/zxifK","tlshash":"5d73b7ccb6a574658353f5a5412f000eb23b69aef8084cacb298d8f1adf5949413bf7d","first_seen":"2026-06-01T14:34:56.709517Z","last_seen":"2026-06-01T14:55:23.020392Z","times_seen":7,"resource_available":true,"data":null}},"time_used":559,"timings":{"blocked":234,"dns":1,"connect":28,"send":0,"wait":57,"receive":0,"ssl":234},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/phone-4.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /phone-4.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:10 GMT\r\netag: \"51c11-6a18484e-7b0c0cfc63da2f08;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 248673\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a%2FuhYcb6u56MVTQ5Ki1tyR%2Fx8LxrAhTofqIdxUM064UAHuatL76NfHq4Gm4eXZ0D1dood7p4teGoUR3XY2bmdaItiMxBP6eeTvPHYC80Ip%2Ff4ipsMN74DUPUg%2BAM6pS6vao%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b93d383181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":334865,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fbbd3aab77cb5df884cf3a3b4aaa4c21","sha1":"c9442ec1d483e4e76b4506b5f23d9b15f1474656","sha256":"715103f9615c025f8758f7b2a514a93effc6b6ad62e508de1b6177e91d1a8763","sha512":"ff89024db537159b90d260d70735c193bd49b0b98c92352c146709198e895932cdb4ea72dd707d6b04c336590c70c34c37893fcac92f1ecca6ec96b6d76d0911","ssdeep":"6144:GUiwM0ajDICgS5J6B/oZ0+FtnK7DpyWFGLdDdPr+3CBmwvQ2tcD:GVYeZVOBQu+FoXpyW0ZrQWIX","tlshash":"3d642352de434d1ea5705d8e402ca4dcfbb809dca68064f89bd4b993c1cae62c769c7f","first_seen":"2026-02-11T15:17:55.607976Z","last_seen":"2026-06-01T14:41:01.806116Z","times_seen":60,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":119,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/phone1image.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /phone1image.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:10 GMT\r\netag: \"44ddd-6a18484e-c38e09c7c9416ac9;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 207637\r\ndate: Mon, 01 Jun 2026 14:38:46 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1%2BXXfuAK%2Fj%2FqHM%2FVlnVyaapQjtSiJ4WyDfzD72L4CIRZ02LrkMB2MVZj9bqs39hKxGxkquX%2BtRlbB6X4IJjtmHukUjzm80sxnNAra4OPYhfK5QM9oBupcOnvrU667OqmRHk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b93d373181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":282077,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ca4651a3f7588dccfabc715b35b24232","sha1":"14d9385dd947c210fe1b0843c490fef9829aed8e","sha256":"c93e72d14125b0109d98fa5b03d9a354975132fa37c6703befe71a176678f6f1","sha512":"4cd9adef3ba223112e9511db5d83918cda2c4a7a57ac66601b310d8bafc3a54f829580072bf84089e0b7ca77508c195887720c6051e640ce044cf8562cfe183f","ssdeep":"6144:+WCOM2JQUYWVRLPIIBVWtsx/8VxaBsSiYV79EHZt:PCOlKt+LPFVasleaB7xmj","tlshash":"525423f27e4e7c9b8f6e5127f3525934146588c5c9a0be52cfab37bf0645e20c8ea481","first_seen":"2026-02-11T15:17:55.621094Z","last_seen":"2026-06-01T14:41:01.811941Z","times_seen":42,"resource_available":false,"data":null}},"time_used":1414,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1407,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:47.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tw-payments.one\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 28 May 2026 01:46:26 GMT\r\nexpires: Fri, 28 May 2027 01:46:26 GMT\r\ncache-control: public, max-age=31536000\r\nage: 391942\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-07T07:11:16.149808Z","times_seen":205597,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":48,"dns":1,"connect":16,"send":0,"wait":17,"receive":22,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-01T14:38:44.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 28 May 2026 13:51:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FoxpY3UIrEPf5fS%2FTkJupxYGx65bsm4PWHqA5jsdQv35zBeYrNqloJoW48cZm7zHl9hpJTD4RIftduB1hChrTEzK1MsuMXzsfr6QhmwAeiag2KHUXlwj6ibZhAnGMUbF0uY%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: a04ef6b77c0e783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22088,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"a013ed0d078d5d48e2a79d2abf0e1f15","sha1":"32b2f7f54b3cb1d47d038bcc96462372ae0605a0","sha256":"d9e620e7e0e608dc9185be63ed9c9e79ca0ca0e77968bc220e0a761747172224","sha512":"60ac2a1fde4bc90823e08d32274a28a2666084604345e684e494558359a66795e5c91887def3f3f057736ff326d8874d3aa6d64a65f3874800b245f2d12a148b","ssdeep":"384:sIp+hMD+fIpwyJ/dQoEtFZMt27Lb7HR/39pjlC+i8fieNK:s6DkI6y5dGzbzR/3bjlCHkK","tlshash":"18a20a63a2a02127206761e276d33b5e7060c413d7275ae83bfc61588fcafda59372c9","first_seen":"2026-06-01T10:51:03.724892Z","last_seen":"2026-06-01T14:41:01.823449Z","times_seen":4,"resource_available":true,"data":null}},"time_used":150,"timings":{"blocked":23,"dns":7,"connect":1,"send":0,"wait":103,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800;900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:15 GMT","end":"Thu, 30 Jul 2026 15:53:14 GMT"},"fingerprint":{"sha1":"19:42:B0:56:3A:E4:79:BF:8B:69:E2:50:F4:76:BF:1E:A9:D7:7A:49","sha256":"D7:FF:C1:46:95:F3:5F:08:04:B0:E1:A8:FE:14:FC:60:19:58:D6:C7:D3:6E:82:B3:64:07:E9:E1:CB:9A:27:8C"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700;800;900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 01 Jun 2026 14:38:44 GMT\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15162,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"b8d3b4b9d4ee8cae44e2afcef48e7a93","sha1":"ea3c361f22fa31fb8612dd2ca30f1ac7ba03f75b","sha256":"7c966efd5a04f87920e8cef5c332c73b0d529b21c46fa312ff0020047d882c35","sha512":"7418cc24da4237fed57bbd3e92618985c30c29ab320908f146d0fe954c6a49e179007537480bfc7f2bf76e76a47da055c6cb6fb2744991e0c3a471c88fc06f08","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGfNx0NO3kCxHYNCbOO3L+:vXuM0p2+g7GQK","tlshash":"c2628892002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-11T12:17:30.699497Z","last_seen":"2026-06-07T04:17:39.409193Z","times_seen":2381,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":137,"dns":0,"connect":28,"send":0,"wait":53,"receive":0,"ssl":123},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/coin-3.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /coin-3.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Apr 2026 12:03:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cBUPjietNrYtlNREjn4367vxNyNE8jvstlkYBQIBgTUPOWsHNor5YYjZojRDoYkVPdFWEpcVYAN8LTk%2BlASDgqiikbRI7QhPACvb9u4PrtW3hQxZ%2FBlVEjvpu26vXRvLSFM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: a04ef6b93d3b3181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-06-07T06:48:57.712819Z","times_seen":33765,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/transaction-4.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /transaction-4.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:12 GMT\r\netag: \"72d0f-6a184850-6f9aa2056a67cd12;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 339989\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gftDuIoFoFrvLLmjyZd%2FkLno6Z1kyuU7BAF5TQFmP9vpZXiRt3tNHaJaTAxjrNSTUrqv9hRtifzKEvCiJD7V9%2FrwRndW4eLob4n7r%2B%2FV6G0seTWQg%2BaEWhxoMS79b4wXDJI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b93d413181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":470287,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bca38eeb7bac214663ac8eff2524e320","sha1":"a80916376b03934091dda99409373e975cb6a932","sha256":"5fd0912daca141fc9f6d54746fb0074be178eb18146a4f52faf72f4808f96f2c","sha512":"ad06f779e320bedb0744f8dcccc7652552b36e87426f644d5e0693a062580f39b7361a8408f2ee373f1146a132e8b7876db25751253bb2d2d859eb6fbf7bfdb0","ssdeep":"12288:1kx6YpLS3cZOJ8EdHWvB3tlV2obAO1esnjYaH+1wo:1EHsMZOnkvBDVFJBHS","tlshash":"c2a412b98bb60bf8c64a83f6813245753a670cbbaf95df64c7968cc2314006d4e59ccb","first_seen":"2026-02-11T15:17:55.600127Z","last_seen":"2026-06-01T14:41:01.815377Z","times_seen":45,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/icon1.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /icon1.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:08 GMT\r\netag: \"70fc-6a18484c-b3e9f76706597f09;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 8958\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qgm1grRlg0XEMWEr0YCs0ubmjwaP689cDTwWtEn4kgYGimdYid9p1ZLpm3%2BfsDmenYz5rS1Y7uBKEADgCBrLY%2BzgqRc63LuGgNzRULZ2XBFrOSzOkQQzNiP0D5qMcjtmMc8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b93d453181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28924,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c2b45b63af2e789e308494b1c39eb30b","sha1":"a515a2b4874b574c8b8867806098e4f9911e4f11","sha256":"c4db6bb328ef78023c9182449c928af831feb01021d4bccd650b6d0c354c12d6","sha512":"bbdc3a13ac7aaa13973bac44c15f9e33b8a381ee94405a669b4069dd61649a7f94d92d6714555f7d52daf70b6576bdc93d93d439f3ad0dc0598310acb63b2d08","ssdeep":"384:C4qAlAemnXq21Ig9JX5k5Z0XLeeUUUoULEsfqEqklflsKcPez:C4qxemLPDGCMhN","tlshash":"60d2c7ee37140cbafc16d3eaeb0220bd502b54bb6ac55720c6299b29344685dde7fdc1","first_seen":"2026-02-11T15:17:55.635436Z","last_seen":"2026-06-01T14:41:01.818562Z","times_seen":69,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.B7Dih9Jyjnw.L.F4.O/am=BBAAJw/d=0/rs=AN8SPfow65MVwWyUrqhRcgF8bzAeNnSj_A/m=el_main_css","fqdn":"www.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:47.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /_/translate_http/_/ss/k=translate_http.tr.B7Dih9Jyjnw.L.F4.O/am=BBAAJw/d=0/rs=AN8SPfow65MVwWyUrqhRcgF8bzAeNnSj_A/m=el_main_css HTTP/1.1\r\nHost: www.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"rosetta\"\r\nreport-to: {\"group\":\"rosetta\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/rosetta\"}]}\r\ncontent-length: 3967\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 28 May 2026 19:15:59 GMT\r\nexpires: Fri, 28 May 2027 19:15:59 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 09 Apr 2026 01:12:55 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nvary: Accept-Encoding\r\nage: 328968\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20284,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (20284), with no line terminators","md5":"fde4f72b90fe807270db3c332dd058df","sha1":"7ef4d70af01c38a7f80a7650be25f63aff4ba751","sha256":"ab31c9be358d2107fc1158434c7aeaaf15f82e3e405ed67ab236b5ac232ed159","sha512":"9bef39350af557afeb10cb71068426ab28befaf5295359954787be06a5ce0993d69e8f5018a5a17c44311d294dd1a87a6f82edd0f5743df0149b8e4e53061695","ssdeep":"192:nvqx/EhZINcrXsfg0SgG8CqA3uku9SJFzvQVMbnUIfIxIVVpTrecfzPtcmt4v78l:gMF8Sb3i0JFzourUqWMVpTrdfzPtcBG","tlshash":"c492872057aed01967efa82364d36dff71d444db90123eeaaf5a7352cd821f231ea214","first_seen":"2026-04-13T20:43:22.641436Z","last_seen":"2026-06-07T06:30:34.606363Z","times_seen":10223,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":84,"dns":1,"connect":15,"send":0,"wait":16,"receive":0,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/phone2image.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /phone2image.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:44 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 28 May 2026 13:51:10 GMT\r\netag: \"33a0e-6a18484e-66706106bbb38182;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 144497\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D%2FjusuJNQs0SzJijG39pcL3DYHJEal17iNh9l3RYkxUUV5ZY5B9FFEQNF3BMifJg0xAulo2qGc543eEcqK3X8zpamJ58bM67tyfHmChCJ8tIuRcIHPYR5qbVDN%2F8VeNzI%2B0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a04ef6b93d3e3181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":211470,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3868b22ca7f77068f2edba51cb879f5d","sha1":"fe91e29b99959eb88558f4e78bece76ce23bd0fe","sha256":"4e58e1a299c1ce83b1695fe172ef5ffe3196da11e66ba6a2c28c79ce0451235f","sha512":"6b25bd1312de3bfa16ea450f081e27a0167c46cf4ff73cbfd5e5401875213dadb431d69c81d431b87e08ce9128b330cb1f6579ab2e322ee597325b95a101496f","ssdeep":"6144:7W7gNT/WbJNlDDxTtYOGwj4WYIUZVbeucmj:isJ/WbNxZYOmn6s","tlshash":"1324d0334547fdefbb278dd8e11a62209dddba93d684d24caf8458c126fb428cc615b8","first_seen":"2026-02-11T15:17:55.63009Z","last_seen":"2026-06-01T14:41:01.817931Z","times_seen":71,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":70,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/assets/preload-helper-Chd9yIcd.js","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:47.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /assets/preload-helper-Chd9yIcd.js HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/assets/main-WMRpD85t.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 14:38:47 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Thu, 28 May 2026 13:51:19 GMT\r\netag: \"4b8-6a184857-5ed23ac6eec78a9c;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 606\r\ndate: Mon, 01 Jun 2026 14:38:47 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SnVM%2F0zRyXRhrOh5G4KA%2FdQVfZL9sdNOSi3zfn5Ptc88OWgd17KhVIxk9Cn5gZXJQhQYulE6JfGD8FGlUC9cscSx2IFyXcGvM%2FmPECEOy9gomIda4c3FXFatAhZN4F8bgRI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a04ef6cd19f83181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1208,"size_decoded":0,"mime_type":"application/x-javascript","magic":"ASCII text, with very long lines (1208), with no line terminators","md5":"da61a49d6ce7b71eaef4e9e80e677709","sha1":"4bb4282bba629fb52a701ca91dc1f4ceffb0b681","sha256":"2f8a57aecfda9c30a9e1e5b32d55c33dc107941c5a3c87a003017d6eccc0847a","sha512":"2a8f3e1421aaef43116f653cf20d5b9cce7cb2628331b159c8c006a83070676c213e5ea115d995bb762353f220b06b079daf081d0780c5a2eeb525ea301bd972","ssdeep":"","tlshash":"af2162ea23c0a036839c6667f1b5e397eb9529c3b40e1404c05ddc92ba1cdd485c9e9a","first_seen":"2026-03-15T21:30:51.938434Z","last_seen":"2026-06-07T07:17:40.181634Z","times_seen":2567,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tw-payments.one/badge-atm.svg","fqdn":"tw-payments.one","domain":"tw-payments.one","tld":"one"},"ip":{"addr":"172.67.140.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tw-payments.one/","date":"2026-06-01T14:38:44.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tw-payments.one","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 12:53:45 GMT","end":"Wed, 26 Aug 2026 12:53:44 GMT"},"fingerprint":{"sha1":"20:4A:01:79:A7:AD:EE:87:18:44:04:35:C4:FA:4A:2C:FA:33:59:11","sha256":"D2:1A:0D:5C:88:77:29:F9:55:DF:6C:90:6A:A5:41:F7:C1:2D:EE:B2:A3:69:3C:3F:66:14:73:3A:CD:6D:48:65"}}},"request":{"raw":"GET /badge-atm.svg HTTP/1.1\r\nHost: tw-payments.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tw-payments.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Apr 2026 12:03:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Eo0av5C%2FJc82MJauKV7O7nhwzYgfn1oo5CM5OlfR4uaumfKXf8p622t55IEjua114v42L31stGsL5%2FC%2B2tWrzZKstnLc22Jm4KszTtkVBFVJReuSfXzMx0hxiuFytx4SyVM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Mon, 01 Jun 2026 14:38:44 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: a04ef6b93d353181-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-06-07T06:48:57.712819Z","times_seen":33765,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"tw-payments.one","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}