{"report_id":"fa1188b6-ccb7-4084-aa09-8d4e01fef7a6","version":6,"status":"done","tags":[],"date":"2026-03-05T00:58:57Z","url":{"schema":"http","addr":"paypal.growin20.com","fqdn":"paypal.growin20.com","domain":"growin20.com","tld":"com"},"ip":{"addr":"62.60.226.86","port":0,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"https","addr":"paypal.growin20.com/","fqdn":"paypal.growin20.com","domain":"growin20.com","tld":"com"},"title":"PayPal – Bei Ihrem Konto anmelden","dom":{"size":37542,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (570)","md5":"cb7734fb3e0ce82c572249ead6a28dc9","sha1":"df79910b8ef9d2a9d613b778b12653f5cfb2a86a","sha256":"4b3d97349a17f8b04f14bf9dd1b53882d18b2dd95a8905afd47f67dfa1ac6f1f","sha512":"5ee5b3809e88602f42e0697913512e5a9d1fd666d06e4de058b87222c070966b4ef2c0f5df4cafb63ad31b06228d8bdf55f0869132dfb225cc1e84f4219e8e48","ssdeep":"384:bQ61pbBxH4XMFVMCcLA1s+97TyBCljuhHX2x1DI0M4w5CUCTduZQUuflTUfzU6Z:bQSDOXMFVMCcLI977jy2HeU9TezNZ","tlshash":"acf2e8af2cb30091949791a937ab4b513b28d407ce03d8193fec578c6f89989dd72b9c","dom_hash":"domhash4bdd6d324fa003452e62c0729ca2417c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"paypal.growin20.com","fqdn":"paypal.growin20.com","domain":"growin20.com","tld":"com"},"ip":{"addr":"62.60.226.86","port":0,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-09T00:58:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-05T00:58:36Z","timestamp":1772672316,"ip_dst":{"addr":"Client IP","port":45170,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.60.226.86","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 8","source":"{\"timestamp\":\"2026-03-05T00:58:36.261110+0000\",\"flow_id\":619058688713696,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.60.226.86\",\"src_port\":443,\"dest_ip\":\"172.18.0.20\",\"dest_port\":45170,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400007,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 8\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-03-05T00:58:36.156640+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-05","alert":"Phishing Block","trigger":"paypal.growin20.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"paypal.growin20.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"paypal.growin20.com","ip":{"addr":"62.60.226.86","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"domain_registered":"2024-05-14","domain_rank":0,"first_seen":"2026-03-05T00:58:57.572857Z","last_seen":"2026-03-05T00:58:57.572857Z","alert_count":6,"request_count":3,"received_data":39002,"sent_data":1512,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"upload.wikimedia.org","ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"domain_registered":"2003-03-16","domain_rank":4329,"first_seen":"2012-05-21T09:39:45Z","last_seen":"2026-03-02T06:49:07.571675Z","alert_count":0,"request_count":1,"received_data":35618,"sent_data":495,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache Traffic Server:9.2.11","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]}]},{"fqdn":"flagcdn.com","ip":{"addr":"104.21.31.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-04-05","domain_rank":30920,"first_seen":"2020-04-05T08:17:33Z","last_seen":"2026-02-26T03:03:48.379236Z","alert_count":0,"request_count":1,"received_data":877,"sent_data":435,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"paypal.growin20.com/","fqdn":"paypal.growin20.com","domain":"growin20.com","tld":"com"},"ip":{"addr":"62.60.226.86","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"2806fc7c0eacfeee1a14b32922113df6","sha1":"a1722ace323a8f380ae9eae82c282849b1dd7d34","sha256":"69af89578ffe882ff103f484935fd9a34c0a9126c39c786f01017a0127b62132","sha512":"5790bb7d2c335c444c4421257f4136288f00a4ee6d84b34108bd1aa3127e769e0d9c56acf0cb28d5e80e06151af7c4ac9043c2417be7b78462eff07b910d28da","ssdeep":"","tlshash":"8bf0238d3c92b05337fa3638c2238a7f3361070175835524c606cc2428504860886c8e","size":445,"data":"","first_seen":"2026-03-05T00:59:01.013644Z","last_seen":"2026-03-05T08:13:00.553526Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paypal.growin20.com/","fqdn":"paypal.growin20.com","domain":"growin20.com","tld":"com"},"ip":{"addr":"62.60.226.86","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"b35b7377a6eb33c98beee0c01d98e6fa","sha1":"0f76ea2ef634d619063beff349f9443c6b5a6136","sha256":"f3f22508fab58cd45c658636a144069559d3ac9e4fd521838e924dbb26e0b666","sha512":"6ad07de6d31c9b8609e1be3fa3a9fd159569b7e3e58fd6b16ee27183d951a5009e249b0f1702ba73904936d100ce50d5daf6325466bd8c408ee1c5e4b55597e1","ssdeep":"384:KCljuhHX2x1DI0M4w5CUCTduZQUuflTUfzU6U:3jy2HeU9TezNU","tlshash":"ce9264bf1ca3049084db6266225a4a943f29880bde03f4157dec5b4c3f49d9ede72b9c","size":20045,"data":"","first_seen":"2026-03-05T00:59:01.015886Z","last_seen":"2026-03-05T08:13:00.554422Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"paypal.growin20.com/favicon.ico","fqdn":"paypal.growin20.com","domain":"growin20.com","tld":"com"},"ip":{"addr":"62.60.226.86","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paypal.growin20.com/","date":"2026-03-05T00:58:36.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"paypal.growin20.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 15:34:35 GMT","end":"Mon, 01 Jun 2026 15:34:34 GMT"},"fingerprint":{"sha1":"5F:23:A3:E4:8D:06:CE:00:79:79:FC:92:6E:BD:E6:AA:62:91:01:3B","sha256":"BF:45:AB:55:22:23:12:F2:6E:5C:CF:C9:96:1C:C8:14:7A:C5:CA:7E:6D:D5:F1:F6:F4:E6:D8:E7:C6:23:E2:7B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: paypal.growin20.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://paypal.growin20.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.0\r\nDate: Thu, 05 Mar 2026 00:58:36 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 282\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":282,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"2a7c1f5726978636cb1e5a2d27fa21cf","sha1":"3ee150bdb1f17498d7eb7da928ee56c448035fbd","sha256":"d66932362ca53b2b09e54b6bb5f1a5c4ddded7370ba224b2e5488f10db82a1fb","sha512":"c0c01a242446bdbe61a34c5252245a44a0553c8077de972a413fd5a0f3bcdabee03707e38efcf83965867e7e4e496863742aca8114530461ba5746fa36871326","ssdeep":"","tlshash":"8ad02bae5043738b5861155079c225c2278d23e6a43ac9e83dc6d49752ac63ecd9aecc","first_seen":"2026-03-05T00:59:01.001449Z","last_seen":"2026-03-05T08:13:00.551758Z","times_seen":3,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-05","alert":"Phishing Block","trigger":"paypal.growin20.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"paypal.growin20.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"paypal.growin20.com/","fqdn":"paypal.growin20.com","domain":"growin20.com","tld":"com"},"ip":{"addr":"62.60.226.86","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-05T00:58:36.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"paypal.growin20.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 15:34:35 GMT","end":"Mon, 01 Jun 2026 15:34:34 GMT"},"fingerprint":{"sha1":"5F:23:A3:E4:8D:06:CE:00:79:79:FC:92:6E:BD:E6:AA:62:91:01:3B","sha256":"BF:45:AB:55:22:23:12:F2:6E:5C:CF:C9:96:1C:C8:14:7A:C5:CA:7E:6D:D5:F1:F6:F4:E6:D8:E7:C6:23:E2:7B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: paypal.growin20.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Thu, 05 Mar 2026 00:58:36 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 9239\r\nConnection: keep-alive\r\nLast-Modified: Tue, 03 Mar 2026 20:28:10 GMT\r\nETag: \"94b4-64c248ab91eb5-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38068,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"5201bc4b57338948ed64f8429545cb5c","sha1":"f51738eebc9e268c03aa144ef71b90f332287ade","sha256":"8326b00700b113f281912b6277e602bedebcc0dee1fe921391fb7b9440417120","sha512":"f82dbc009b5900082f6dc0da5c2bbe458318cd43914603ec8f60876dd31bc15bfd5fa46e3f4dfa8fc72415ac5d1dc2f8770cec7692434b9ba39b32f9138c25cb","ssdeep":"384:lZVKppQv9svw4qy2gtaUBOkrEmx2bVPHRo/4fu0d2ApOUG5GU72UXC:lfEw4wVSO62w5owGe2SC","tlshash":"f303935eac42048584b793a9bb624e59ff5a8607c703411b7efc57882fb2885cd62fdc","first_seen":"2026-03-05T00:59:01.004814Z","last_seen":"2026-03-05T08:13:00.543035Z","times_seen":3,"resource_available":false,"data":null}},"time_used":672,"timings":{"blocked":281,"dns":64,"connect":105,"send":0,"wait":109,"receive":0,"ssl":110},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-05","alert":"Phishing Block","trigger":"paypal.growin20.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"paypal.growin20.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"upload.wikimedia.org/wikipedia/commons/thumb/b/b5/PayPal.svg/1280px-PayPal.svg.png","fqdn":"upload.wikimedia.org","domain":"wikimedia.org","tld":"org"},"ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paypal.growin20.com/","date":"2026-03-05T00:58:36.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.wikimedia.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Feb 2026 06:44:51 GMT","end":"Wed, 13 May 2026 06:44:50 GMT"},"fingerprint":{"sha1":"88:E4:43:3F:CC:87:1D:73:6E:F1:49:80:44:76:A9:8C:17:D8:DC:40","sha256":"59:E3:D6:A8:2D:49:87:A7:F3:1E:35:0E:3A:0F:77:A1:0B:7D:32:09:4C:1F:9F:2D:5D:0F:42:89:16:CB:BF:08"}}},"request":{"raw":"GET /wikipedia/commons/thumb/b/b5/PayPal.svg/1280px-PayPal.svg.png HTTP/1.1\r\nHost: upload.wikimedia.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://paypal.growin20.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 04 Mar 2026 10:55:44 GMT\r\netag: 6f024a27ba6a3d07b78a894d3c0f7b07\r\nserver: ATS/9.2.11\r\ncontent-type: image/png\r\ncontent-disposition: inline;filename*=UTF-8''PayPal.svg.png\r\nlast-modified: Mon, 28 Jul 2025 02:38:20 GMT\r\ncontent-length: 34307\r\nage: 50572\r\naccept-ranges: bytes\r\nx-cache: cp3076 hit, cp3076 hit/94\r\nx-cache-status: hit-front\r\nserver-timing: cache;desc=\"hit-front\", host;desc=\"cp3076\"\r\nstrict-transport-security: max-age=106384710; includeSubDomains; preload\r\nreport-to: { \"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{ \"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error\u0026schema_uri=/w3c/reportingapi/network_error/1.0.0\" }] }\r\nnel: { \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}\r\nx-client-ip: 91.90.42.154\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache\r\ntiming-allow-origin: *\r\nset-cookie: WMF-Uniq=zhe5KRuLH6vgaPi6ovIV6AMaAAAAAFvd10HhVQGnU9E6N6Hcz6SlDWnN_F4nFFXg;Domain=upload.wikimedia.org;Path=/;HttpOnly;secure;SameSite=None;Expires=Fri, 05 Mar 2027 00:00:00 GMT\r\nx-request-id: 25f092f6-7926-4361-b528-9f2b7a1c2ed4\r\nx-analytics: \r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache Traffic Server:9.2.11","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]}],"data":{"size":34307,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1280 x 341, 8-bit/color RGBA, non-interlaced","md5":"6f024a27ba6a3d07b78a894d3c0f7b07","sha1":"401831c91c2e44cc3c5a289b7f6b72b51daa4f58","sha256":"74cbde916a06e707f8803d92d68ff5f6c9d515c1e759ade14f4a98734cbd5209","sha512":"d3520020a31e8ed083d1d035f1a991bf061a36637e32b2ab089432f3644093076713473d90874baccd9ed60116a86b88cfc7ca809a88716242bfb63142366c53","ssdeep":"768:/h6uXW1XI9mA3p7QMJ85nEneYNzTz1jL6R49eIiROcl2073N:/guG1XOmA3p7QwOrYND0R45iV3Z","tlshash":"d0f2e18f95ebe69a5cdb837914624192a27494bf38d08c70a7fb2d1ce065b271ccd273","first_seen":"2025-08-30T15:18:01.124968Z","last_seen":"2026-04-01T10:58:53.330616Z","times_seen":4,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":115,"dns":58,"connect":24,"send":0,"wait":49,"receive":11,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flagcdn.com/w40/de.png","fqdn":"flagcdn.com","domain":"flagcdn.com","tld":"com"},"ip":{"addr":"104.21.31.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://paypal.growin20.com/","date":"2026-03-05T00:58:36.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flagcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 01 Feb 2026 23:55:48 GMT","end":"Sun, 03 May 2026 00:51:06 GMT"},"fingerprint":{"sha1":"97:E5:1A:B3:84:F2:6B:A4:C9:CC:1C:2F:0C:D4:69:CF:C4:79:1C:DE","sha256":"EF:AA:87:60:10:3F:E6:19:B4:27:93:81:80:21:B8:60:D5:77:0D:BB:83:21:E3:EA:F8:74:19:34:97:18:CD:A2"}}},"request":{"raw":"GET /w40/de.png HTTP/1.1\r\nHost: flagcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://paypal.growin20.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 05 Mar 2026 00:58:36 GMT\r\ncontent-type: image/png\r\ncontent-length: 99\r\nserver: cloudflare\r\nlast-modified: Tue, 01 Jul 2025 15:39:58 GMT\r\netag: \"6864014e-63\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2678400, s-maxage=2678400\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1282108\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FHsTzZwJNaQvcqzZax1UOxiVQbBLP8wW9oKr3rtXvXAt4UgIaNLhbRs9SboW624Hv%2FnvWscu%2B024g%2BehtmpUdqmK5ARQDPB6vGp4\"}]}\r\ncf-ray: 9d752c5b7927120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":99,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 24, 2-bit colormap, non-interlaced","md5":"52ce5902ed51d2db9393c9439c46b82c","sha1":"6cf73d922d72ac8fce47e6f494a04129d719483e","sha256":"4bf08b86243b0c5d79c196728100dd278a398ab57edaf56c871fceb9d879dbeb","sha512":"d1b9b9a226dfcd6a78015f4209da23e287052086df89bf2711ae407294c954c76102bc98faa0e7fce389584bf07d41a09a8470b657fb4443ce5cb1e383fe3f85","ssdeep":"","tlshash":"b1b012ee7154ac65d34c43331f028023ea61c12582155143a095d123051550883c4e9b","first_seen":"2025-02-01T01:01:45.04509Z","last_seen":"2026-06-06T13:26:01.06559Z","times_seen":330,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":31,"dns":20,"connect":1,"send":0,"wait":5,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"paypal.growin20.com/visit.php","fqdn":"paypal.growin20.com","domain":"growin20.com","tld":"com"},"ip":{"addr":"62.60.226.86","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://paypal.growin20.com/","date":"2026-03-05T00:58:36.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"paypal.growin20.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 15:34:35 GMT","end":"Mon, 01 Jun 2026 15:34:34 GMT"},"fingerprint":{"sha1":"5F:23:A3:E4:8D:06:CE:00:79:79:FC:92:6E:BD:E6:AA:62:91:01:3B","sha256":"BF:45:AB:55:22:23:12:F2:6E:5C:CF:C9:96:1C:C8:14:7A:C5:CA:7E:6D:D5:F1:F6:F4:E6:D8:E7:C6:23:E2:7B"}}},"request":{"raw":"POST /visit.php HTTP/1.1\r\nHost: paypal.growin20.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://paypal.growin20.com/\r\nContent-Type: multipart/form-data; boundary=---------------------------28492291542452997791811538847\r\nContent-Length: 471\r\nOrigin: https://paypal.growin20.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":471,"data":"-----------------------------28492291542452997791811538847\r\nContent-Disposition: form-data; name=\"ua\"\r\n\r\nMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\n-----------------------------28492291542452997791811538847\r\nContent-Disposition: form-data; name=\"ref\"\r\n\r\n\r\n-----------------------------28492291542452997791811538847\r\nContent-Disposition: form-data; name=\"lang\"\r\n\r\nen-US\r\n-----------------------------28492291542452997791811538847--\r\n"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Thu, 05 Mar 2026 00:58:36 GMT\r\nContent-Type: application/json\r\nContent-Length: 11\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"82380d1e263b6093f3c7535690fcdd75","sha1":"022d91f218046ab2e61cac1eb13d6a718f75df2b","sha256":"4062edaf750fb8074e7e83e0c9028c94e32468a8b6f1614774328ef045150f93","sha512":"180ea3cf6e7a00cb12ecff7ce095b8cef1921621de681a64e5e53e3efc0cf6053e557205f2bdb9b9d5af4de3d54c79d1c9b1c474b83897590c647b1e92d9c93a","ssdeep":"","tlshash":"2a500003000c0030c00003000300ff30000300300000000c000c3000033000c0003c03","first_seen":"2023-04-05T15:24:10Z","last_seen":"2026-06-08T19:56:56.403534Z","times_seen":10342,"resource_available":true,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":192,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-05","alert":"Phishing Block","trigger":"paypal.growin20.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-05","alert":"Sinkholed","trigger":"paypal.growin20.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}