http://52.11.137.127/#/aboutus was this address in the original beta release? if i remember right there was no contact info in the public beta. if that is correct then that should narrow the possible hack sources down to handful of people. my memory could be wrong tho. maybe someone archived the 0.0.9
There are still other possibilities:
1) Team XPY is completely clueless and posted the wrong log entries.
2) Someone put up Coinstand pages on the "hacking" server as a subterfuge.
3) Poorly disguised inside job.
One thing for sure - anyone keeping any coins on paycoin.com deserves to lose them. An online wallet that gets hacked on a regular basis is not even a red flag anymore, it's like visiting Moscow on May 9.