{"report_id":"2c87915b-dd7c-435f-a461-e4f3498c6b7a","version":6,"status":"done","tags":[],"date":"2025-09-25T17:37:35Z","url":{"schema":"http","addr":"pagocreditotuuya.buzz/pagar/","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"104.21.58.123","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"title":"Pagar mi cuota Tuya"},"submit":{"url":{"schema":"http","addr":"pagocreditotuuya.buzz/pagar/","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"104.21.58.123","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-30T17:37:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"pagocreditotuuya.buzz","ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-24","domain_rank":0,"first_seen":"2025-09-25T17:37:35.822315Z","last_seen":"2025-09-25T17:37:35.822315Z","alert_count":13,"request_count":13,"received_data":561337,"sent_data":6150,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:1.9.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"SweetAlert2","description":"SweetAlert2 is a JavaScript library that provides customisable, visually appealing, and responsive alert and modal dialog boxes for web applications.","website":"https://sweetalert2.github.io/","common_platform_enumeration":"","icon":"SweetAlert2.svg","categories":["JavaScript libraries"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-21T22:11:31.014241Z","alert_count":0,"request_count":1,"received_data":21446,"sent_data":573,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-21T22:11:31.798564Z","alert_count":0,"request_count":1,"received_data":7602,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/assets/js/jquery-1.9.1.min.js","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d3e776148363d154956db0874c3dbd2c","sha1":"7af3d1508c7d656d57ffed80c0ef39d9e9121924","sha256":"7aba0cd29fe07af1f1a3c2cdca3f0add3f3688a75a153abb40730a47bb69ca4b","sha512":"daa68b3273843aefe2348e748a0470a54c61957454aa2fca1ff6d2830d1c6bfc69e6466f7d16e1e76144ae3be914bb69f1b9cce64ef437957b71505c1b846084","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKcXJrg8hXXO4dK3kyfiLJBhdSZE+I+QQ7rbaN1RUx:ddkWgoBhcZRQQmW42qe","tlshash":"fd932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92637,"data":"","first_seen":"2023-03-09T21:25:48Z","last_seen":"2026-04-03T20:06:44.575195Z","times_seen":842,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/assets/js/index.js","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"219321b9cc50230b22fc431d9d6ec95d","sha1":"22ddcdc6d680fc1b5f78d5f92c62f7a89f6d5380","sha256":"7f5a04ca2e67c0dfdf30910a242dca840bc0bffc7bc7711479ced496bcc81927","sha512":"1ed2f221bd84c96649a578b8edef38a365705da63c7082edd41a38d7f1a1f4fa2ea34a4d2f7aea637595934f743114abc7d186331795283e90b2e83ebcaf450e","ssdeep":"96:I+7cL+wc/DxqsYTrHsRqRMrhJqARS7mjRg2bbcDSD8dE:IUw6Dx6sRqRMXqARomjNUDSD8dE","tlshash":"08d114ab273906314abba3ff6b829f49f5340117a801d20a3e7d47842fb8d4442a5f9d","size":6756,"data":"","first_seen":"2025-09-25T17:37:39.010574Z","last_seen":"2025-09-25T17:37:39.010574Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/assets/js/sweetalert2.js","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d0782c6606fd892d0147f4f0cbcbdaf9","sha1":"8a8c16e91ffdcf8edb791446b88d92257547b39e","sha256":"5a3c28c454dbb38273c839ab1e02b856047e0f3ee17bc1d8c026e870094d9fd9","sha512":"60e7fe22db79ca2775c5fbad0ff2b59bb9db654e8df959f29196c774ba5a9a0ae66ab72a56c72e62735c132b9fa77dc566db8e2724db51861e709d4edc6d849f","ssdeep":"768:iLMRz5DwdDB9b0/PbmM+ZEVxqQoRkm+bLfFQog85fRjYYeUh5C3s65ZxO+MmoeOJ:iWSdr0/PkZ3bc9UPepJZZx+XwE/pbR+","tlshash":"e073f9916a04f037b6ab45ae65d0e3047ab99505fcb34854f41cc8804fe7d4f2ab7aba","size":78835,"data":"","first_seen":"2025-05-26T03:36:26.988712Z","last_seen":"2026-03-11T17:03:16.565674Z","times_seen":356,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/assets/js/jquery-1.9.1.min.js","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /assets/js/jquery-1.9.1.min.js HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 26 Jun 2025 03:26:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cbdda-169dd\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dobeiMIIV9rMdTgbUA%2F3mwjas2ABZFy04pmSvPvJGfPx0XTOlgg4AicZDw0DCoEndUYkCrmNqZESLhf5f9XeeykdIhTJdKnPr0DnlB5RXzg1afDBnw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb2c543181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":92637,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"d3e776148363d154956db0874c3dbd2c","sha1":"7af3d1508c7d656d57ffed80c0ef39d9e9121924","sha256":"7aba0cd29fe07af1f1a3c2cdca3f0add3f3688a75a153abb40730a47bb69ca4b","sha512":"daa68b3273843aefe2348e748a0470a54c61957454aa2fca1ff6d2830d1c6bfc69e6466f7d16e1e76144ae3be914bb69f1b9cce64ef437957b71505c1b846084","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKcXJrg8hXXO4dK3kyfiLJBhdSZE+I+QQ7rbaN1RUx:ddkWgoBhcZRQQmW42qe","tlshash":"fd932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-09T21:25:48Z","last_seen":"2026-04-03T20:06:44.575195Z","times_seen":842,"resource_available":true,"data":null}},"time_used":228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/assets/img-home-6aa0e642.png","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /pagar/assets/img-home-6aa0e642.png HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 26 Jun 2025 03:16:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cbb9e-3c386\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CIOQCEqWyGR9oFU0Po01jsAIeNp%2FUV83mB2q%2F%2F7ZmydJvw3%2FW5TGDWEabdawhuEmokbiIxMols5U%2FExVZApI9d0f9AuaUfyh1UGeGYAF%2FWsbohGioA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb2c563181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":246662,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 496 x 443, 8-bit/color RGBA, non-interlaced","md5":"fccc0fae7440d69260fc0a218f139e37","sha1":"5975b30ef66da5e11c180eaadbd9669fc573e5df","sha256":"b28f1a7a2cff845efca3e5e19055242a2f0f185b1862e450b4185d1b65f16298","sha512":"a888698511150a0eae5dca133f78b487aca8433911f5eef4ff8298320a3ccdbed9dc10240319e2d3bd6300b5c5e17018829c3d5fcdd02f2b44d4302d5be0934b","ssdeep":"6144:/0qIc9dcqAazi3UOAFSa1gS+1k7iktcCdy0C62HM:o2pzmUOhv1k71k0C62s","tlshash":"863423d85657221dd51b40df42025459be209c29e4e33ff31bace8c5ab26e79c638bf4","first_seen":"2025-09-25T17:37:38.990576Z","last_seen":"2025-09-25T17:37:38.990576Z","times_seen":1,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/assets/Tuya-logo-footer-3fd39ab4.svg","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /pagar/assets/Tuya-logo-footer-3fd39ab4.svg HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 26 Jun 2025 03:18:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cbc0e-ecb\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LqRgjNJe%2FbEMh%2FfWsyDJcthz9VViFQWsNBLRFkwBYqAwjaWNuDFWcG0TigbzOiMhkt7VpHtbsiQWKaPyo7RVXFjsVL9Aa%2Bu7BzlrkBVddDTJEDD%2BqQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb3c583181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3787,"size_decoded":0,"mime_type":"image/svg+xml","magic":"ASCII text, with very long lines (1795)","md5":"58a584ea033b7ee562f4bb1790c6824a","sha1":"c3b2f6e55837683f51021a6e85328e9e34a6c4b2","sha256":"ee0607b9f2175be6ffa924b6e2ef55e709d6f693570e51f934939cd2c893805d","sha512":"24f783c5ca37857cffa43bd0be0218a386efa95c9c4a77b45f694411a67e0a2e1bdfd87b0d8e80fe68b0e2aeb0ec17c23e6b0302e9f5cada0cf7acde800d59bd","ssdeep":"","tlshash":"ea7155bb131087a6d8c0d7485fe4b68e723dd5d5b4b682c05b4b1864ac4aafbb13c820","first_seen":"2025-09-25T17:37:38.993597Z","last_seen":"2025-09-25T17:37:38.993597Z","times_seen":1,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/assets/artBoard-14da0b0a.svg","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /pagar/assets/artBoard-14da0b0a.svg HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 26 Jun 2025 03:43:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cc1da-492\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vndxKLkxGlm4HR5YFPU6c9axtUixPx6ZvRDux7nl%2BnmdCB%2BWBmU85IuM917MC%2FkLOiR3Nb%2B5Gbk4dii9sUUpH%2FHEn0IC8X9DOl0vJ7mJIHfMUO%2BsCQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb3c5c3181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1170,"size_decoded":0,"mime_type":"image/svg+xml","magic":"Unicode text, UTF-8 text","md5":"a8cf09c85ef5621adb3452e306859995","sha1":"894ce4fc4c8cd2ccb7d965375ebbe8d39de943d5","sha256":"c9925c696e5f9746d32717021bb2ff3d0f47f2791496be16e39ba716213a61d3","sha512":"99d23e50399710f67e22b2495206ac21133257d831004fd73e4ee293d1388e49bfd2e4fe180671586da62800d052f244a6a2c748b635d158b66144d36d46bf9b","ssdeep":"","tlshash":"56214c5554f8d91dc0065384ebfa4b0d1e68e1e3c617104ef19e20769b3941b6edf25e","first_seen":"2025-09-25T17:37:38.997384Z","last_seen":"2025-09-25T17:37:38.997384Z","times_seen":1,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/assets/Logo_tuya-a5dd233d.svg","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /pagar/assets/Logo_tuya-a5dd233d.svg HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:14 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 26 Jun 2025 03:19:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cbc28-101d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MuRTtmyE0EESzLvm73FuGlH%2BoZJ%2F35pzautq9tvCFA1C29lbcGCGkTFpS35k4mn2AZvYySjkhyRzBePbsKbtlfhwt%2BXCKsaOFVT0hFJHSfKsPSvMdA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cdfcaa3181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4125,"size_decoded":0,"mime_type":"image/svg+xml","magic":"ASCII text, with very long lines (2003)","md5":"e3e33cb300dac9e84d4c3f7ea6bc9e7f","sha1":"d97f1a06f89781953c805cee5da6d6cb3852df28","sha256":"85bbcbff97efd6e300a33b8348986e97cea4b1e3d9dee90ac8e3889f87870b66","sha512":"b4669f494c651f72e12d0425c53afbb2f6b209a0bf32a4431806edb11e0059dbde2a2dd2ab9e1023db0be1a722a0e2f3e6fb5e3abd204dafd5635cadbf544e83","ssdeep":"48:mhHCg2SAn7RZ8R8f1KCJQPESAEdVncn78YDgDaXDNUdufDH/jYvlZ3UWWxSaFS2x:mAn7+8dW1tDncn7vDqaTrcDSfB06Qk","tlshash":"bb8161fb133393fae88097585ea076c877b9e199b6b341d8c74729426c51df3613ac21","first_seen":"2025-09-25T17:37:38.999623Z","last_seen":"2025-09-25T17:37:38.999623Z","times_seen":1,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/assets/js/sweetalert2.js","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /assets/js/sweetalert2.js HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 26 Jun 2025 03:26:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cbdda-133f3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iZiAKj2tkrO15mU5QPbftH0lRSuYQwfPijSAOUs3yzD3BHk26Wacxt1Y2w4scRtUvO%2BzIMbz0r7Gev1958Xmh9GMMv8wA5HKX9gPwTlD%2F15ewoYk1w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb2c553181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78835,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (48135)","md5":"d0782c6606fd892d0147f4f0cbcbdaf9","sha1":"8a8c16e91ffdcf8edb791446b88d92257547b39e","sha256":"5a3c28c454dbb38273c839ab1e02b856047e0f3ee17bc1d8c026e870094d9fd9","sha512":"60e7fe22db79ca2775c5fbad0ff2b59bb9db654e8df959f29196c774ba5a9a0ae66ab72a56c72e62735c132b9fa77dc566db8e2724db51861e709d4edc6d849f","ssdeep":"768:iLMRz5DwdDB9b0/PbmM+ZEVxqQoRkm+bLfFQog85fRjYYeUh5C3s65ZxO+MmoeOJ:iWSdr0/PkZ3bc9UPepJZZx+XwE/pbR+","tlshash":"e073f9916a04f037b6ab45ae65d0e3047ab99505fcb34854f41cc8804fe7d4f2ab7aba","first_seen":"2025-05-26T03:36:26.988712Z","last_seen":"2026-03-11T17:03:16.565674Z","times_seen":356,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":193,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/assets/vigilado-fe17a1a4.svg","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /pagar/assets/vigilado-fe17a1a4.svg HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 26 Jun 2025 03:18:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cbbea-4a47\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sDW1ffeBihMdpTprKnNYCOaufLiG7%2BcyVxRib33Mp3LcUBiBvnm3ZpppdmSzo4Hgopowh90S%2BbcdpiSugUqdHY%2BsCDlpSr6w9N2I%2F9PqU30t1K%2F8sA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb3c593181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19015,"size_decoded":0,"mime_type":"image/svg+xml","magic":"ASCII text, with very long lines (938)","md5":"43cf08432d5cb73e775eb98cb82b5809","sha1":"6b4424202c6ff058f2d99fe9f93083a4d931f5cc","sha256":"172bfc5856f59e77638c3c547845a50d9f7d60df1a3d3ef7408c7f4ac21a73dc","sha512":"5f6e85a71580ea57775b35dab3758f8ea019a818970afbdd0c584ce53eb0ea1c841ead6cecf40fa57dbe6cdc32482e9bf3ff1736a623cd50a668abeb63efdec3","ssdeep":"192:vCcbVKc+qXtsVzLnW1Vl3Z1zBJ8L+ZoSWHrIJWfjLnggwi5bCg4FfV5u:aJ3qXjHDMlLPgriVCLFfV5u","tlshash":"e2821cf722f989c258a0d35187c859e8122cf2df72ab11c1b34d6a668f6057f716eb70","first_seen":"2025-09-25T17:37:39.003638Z","last_seen":"2025-09-25T17:37:39.003638Z","times_seen":1,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-25T17:37:12.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /pagar/ HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-permitted-cross-domain-policies: master-only\r\nreferrer-policy: same-origin\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JOX7NA1b%2FtssmILiTmX%2Fid2nmW%2FsH4XKhtkN03L7AFP42d%2BfAK4bLTik7unGCZEs8rLp3qZqeERJha3DYCu3jk9cm9OwuQK4Br1jKlQkBPyT8f3T2g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 984c49c86d880daa-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:1.9.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"SweetAlert2","description":"SweetAlert2 is a JavaScript library that provides customisable, visually appealing, and responsive alert and modal dialog boxes for web applications.","website":"https://sweetalert2.github.io/","common_platform_enumeration":"","icon":"SweetAlert2.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23563,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2369)","md5":"b04d4eb33b2d33cd47667ae66f38e839","sha1":"dfab4de18fbe189ef1f98e25de0c45e1ea74dd6f","sha256":"d25cfdcb39590923397fb718a69e58ec0532d3601473bcb3f24a21b857ffff21","sha512":"74dec67fd3759b327eb1d0a951438f5f01ae662b21a176c02ae2e731fe40267fdaa772f6ff1d4d8067f97a5b6493b70ce45e3ea775f66c1e4af53c2c518920e5","ssdeep":"384:9h4qfF2DINy6cYtWVo1uzi4iQvXs7rWthAq7s7rWthAqJv2MM:rfFBWYtKzi4iQvXs7rSAq7s7rSAqS","tlshash":"8eb2e8d061fc017ab04289ceb7726d0a1ba4f917e947d144f3ec29e08fd7c859d275aa","first_seen":"2025-09-25T17:37:39.006398Z","last_seen":"2025-09-25T17:37:39.006398Z","times_seen":1,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":34,"dns":14,"connect":1,"send":0,"wait":196,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/assets/lastDigitsTC-a0a0bf00.svg","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /pagar/assets/lastDigitsTC-a0a0bf00.svg HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 26 Jun 2025 03:42:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cc1a2-6eb\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HY9FHbtlfDrJl6sfPvfLJL1c0jiwLhr5HZQ4mo34wXdpecv%2FVRNQHboBQNoealoBJyAlaoeX1yKLli%2BE3s4P%2BDIWQu1N5hi4tzEc6G1H4wnNvf%2BGbg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb3c5a3181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1771,"size_decoded":0,"mime_type":"image/svg+xml","magic":"Unicode text, UTF-8 text","md5":"9e9ec890074dd639d047d376d6215c6b","sha1":"b2352f64c63f343718a9d99fe8b61023222380bd","sha256":"1a9aa4d0c2554b2643f2bc53d3f7964d319b9be8e4533f2d6193d7ce41070367","sha512":"6f44cd6e6d8bf4e38ad5d053eb5daf259d95bf72602348a2b3be27b330abd15e77ee94ecdfab08ee0d1d67c7984b356672b6a13886c1518a83759d4cd4bd48a2","ssdeep":"","tlshash":"9e31e1c0b5bcc808d0054181c3d18a99551df3eb86971aaef3ed60aedf780db198f25a","first_seen":"2025-09-25T17:37:39.008583Z","last_seen":"2025-09-25T17:37:39.008583Z","times_seen":1,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/assets/js/index.js","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /assets/js/index.js HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 14 Jul 2025 21:03:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6875708b-1a64\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PnVItfFqfd%2FUEwH2h7HYQP%2BroZpG4Ij7Q5580tKCQRc7t6IsfmHJNUkWOyhG6lQNhZYEBBbM%2FYhxMcKRVmOUlZxPp%2FlM7XOZEWEZEE%2B0oPrzcP1OrQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb3c5e3181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6756,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"219321b9cc50230b22fc431d9d6ec95d","sha1":"22ddcdc6d680fc1b5f78d5f92c62f7a89f6d5380","sha256":"7f5a04ca2e67c0dfdf30910a242dca840bc0bffc7bc7711479ced496bcc81927","sha512":"1ed2f221bd84c96649a578b8edef38a365705da63c7082edd41a38d7f1a1f4fa2ea34a4d2f7aea637595934f743114abc7d186331795283e90b2e83ebcaf450e","ssdeep":"96:I+7cL+wc/DxqsYTrHsRqRMrhJqARS7mjRg2bbcDSD8dE:IUw6Dx6sRqRMXqARomjNUDSD8dE","tlshash":"08d114ab273906314abba3ff6b829f49f5340117a801d20a3e7d47842fb8d4442a5f9d","first_seen":"2025-09-25T17:37:39.010574Z","last_seen":"2025-09-25T17:37:39.010574Z","times_seen":1,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pagocreditotuuya.buzz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 20612\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 25 Sep 2025 12:47:39 GMT\r\nexpires: Fri, 25 Sep 2026 12:47:39 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:08:15 GMT\r\ncontent-type: font/woff2\r\nage: 17374\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20612,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20612, version 1.0","md5":"b07da7aa3e4f363c5cdbc11312239e8c","sha1":"47bf5b2f24ea4a4caafccc89b9d2a6677ef9e3b8","sha256":"e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa","sha512":"420729406b315d8af34b62b78f39e763f5cf33cbf94467457b393fde0573dd7ffc6a23f25680988f9b82a4a3b719876ff76f3e1db047ce82615f544fc3a82532","ssdeep":"384:k5Eu+yl5Y9RpwjjmD/8Qu+POP9w+oB7rezldH9W4EMs8qCr9WvS80M8T4PTEXPFw:YEu+/Jw3FF+WP9DC/ez79jcCrb8BK4Eq","tlshash":"8192df6bce71497ac711262c773917addb8b44f627f91f2ba0562411c7b8e015c2cc7a","first_seen":"2025-01-09T06:25:34.419113Z","last_seen":"2026-04-04T02:32:50.348316Z","times_seen":45610,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":71,"dns":1,"connect":7,"send":0,"wait":9,"receive":2,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Kalam\u0026family=Roboto\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.475Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css2?family=Kalam\u0026family=Roboto\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 25 Sep 2025 17:37:13 GMT\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6916,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"a72ceb926f40b310b1e00c58c1eb8ee3","sha1":"60da9593f6b3b9bcb9d5215f4cfffbf6008c9ad8","sha256":"42868dc3a974e946108ad206956ba3ceb7ae129ffab1ff86703d2626f494c589","sha512":"02c151c0402a1c21ba8f3224eeed36db3ecdd037cefe921e093c09309e9766404c5721e8f3a08e098c6d7e1662a3ac8ec1840b1af5d4f68a752857f8a4260049","ssdeep":"192:63BblNlmNMNVNVkNVqbNfbqGIwV4BNdNzwNY:SlM6bQohDqY4XziY","tlshash":"dfe12f91041744009b835cd227ce7f35fe1f92106044d0b9abfd9baaeddbda6436836d","first_seen":"2025-09-25T17:37:39.013329Z","last_seen":"2025-09-25T17:37:39.013329Z","times_seen":1,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":106,"dns":1,"connect":20,"send":0,"wait":36,"receive":0,"ssl":91},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/assets/index-32b03093.css","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.476Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /pagar/assets/index-32b03093.css HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 26 Jun 2025 03:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cbb2c-b631\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SOzdUcsUXiAwktKMbiJFYs9o2pyMByJc2t0wtNpLonicEc42xRHQXmjwBpd%2FfNERv%2BCEkgl%2F2DqZAn7WWXPIZIuzhj5ShexuF30Sbb8NXczbbtOlUQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb2c533181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46641,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (46641), with no line terminators","md5":"c7a5ea955415f00207eaf44a6fa8c0d7","sha1":"aa5dd696af86b3a35f69c64aab56478cc8227d60","sha256":"500eee24fa6593d3492c623291fa084a73a0212293b1b25d361cbc164c5cc089","sha512":"bc6ad7eba914a75e89a1a65d47aa223e6e5f8c622ad19f7fadd0ed48adf2ab9e6a097aef54008f83a321925ac976adf1b10a0798bba5dad4640d6993d4b42775","ssdeep":"768:r3h/rhMM/pqhZTFhjpkQSAX/DLWVrRi5u:zcTFac/DLaRi5u","tlshash":"6e23c6029b50253df1f684aef0d2761fb654d403e72386eeea457528c6cb5a707b2b8c","first_seen":"2025-09-25T17:37:39.015105Z","last_seen":"2025-09-25T17:37:39.015105Z","times_seen":1,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":209,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/assets/iconArrowDown-8ab82d53.svg","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /pagar/assets/iconArrowDown-8ab82d53.svg HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 26 Jun 2025 03:17:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cbbc4-297\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J3K4m%2FDSRqUQHbL1Kct68cOzRClv3dM9N5tSWMOPQKRL%2ByScZXLvyuZVpUqQHoauvPplHe62%2BQ51nVAtKYVqB3pjw%2Fh1z0U52qAQZukZ0jgs2GEOHg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb3c573181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":663,"size_decoded":0,"mime_type":"image/svg+xml","magic":"Unicode text, UTF-8 text","md5":"eb8e497714bde18ff3cfc636c9a4362d","sha1":"4097e74839fd8507363f764f3aa348f2b8c37bb8","sha256":"0c0f484b3e060db53744d43e4138db5bbe62f163b7cf2a0bbd104a450672f01b","sha512":"c51566a0fd300d7617276c5748acc48f19c9f3245defd2900d67d215d54d4a3ea75ce86daf634f6376714b75998b8e7097dae362d78e37a0c6ea59b2c2697d28","ssdeep":"","tlshash":"6d019e5019ac8c4cd4194981dbf46fd8406cf357411618dff3b214ba167881e36bf699","first_seen":"2025-09-25T17:37:39.016809Z","last_seen":"2025-09-25T17:37:39.016809Z","times_seen":1,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pagocreditotuuya.buzz/pagar/assets/credicompras-983a8311.png","fqdn":"pagocreditotuuya.buzz","domain":"pagocreditotuuya.buzz","tld":"buzz"},"ip":{"addr":"172.67.204.8","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pagocreditotuuya.buzz/pagar/","date":"2025-09-25T17:37:13.489Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pagocreditotuuya.buzz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Sep 2025 19:38:00 GMT","end":"Tue, 23 Dec 2025 20:36:43 GMT"},"fingerprint":{"sha1":"11:45:78:EF:F9:3C:4E:C2:9A:15:B2:87:4F:6A:00:86:30:A8:A4:73","sha256":"B2:40:A2:4D:FF:A7:51:74:8D:29:AD:C9:FF:E6:6C:9B:9C:3E:61:E9:07:34:55:67:C2:D0:58:20:78:13:05:B7"}}},"request":{"raw":"GET /pagar/assets/credicompras-983a8311.png HTTP/1.1\r\nHost: pagocreditotuuya.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pagocreditotuuya.buzz/pagar/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 25 Sep 2025 17:37:13 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 26 Jun 2025 03:42:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"685cc1b8-66e0\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OXKbIqe%2BI7qOwgE38hYUS4A0PPIFJuPJkuI8%2FprC7rv4KwvmSeytaVNrXePzSYzvcXG3m1jo0U2u5j%2BEm7nQlKP6tixCmT4JaE90hymTo9c%2FN7JDsw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\ncf-ray: 984c49cb3c5d3181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26336,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 293 x 349, 8-bit/color RGBA, non-interlaced","md5":"ae56f3007a357d7d4ccdb752055c371b","sha1":"1fb7c11da4c6d7b2a2d8420408673e32a919558f","sha256":"a950e5988dd6fa326caba30c60cc36e648f2c979a11967a201b43c701bb01465","sha512":"2e8a57f80e7ce543a3281a9f35b7c5d5d7639b4cf5a85e47dfc4738577f23bfe84a7dc188dbf61b8e1661902edd26890684a3cde4e630c9a8bad89a09c549a5b","ssdeep":"768:tsI5X9tnVqWtwtGwn8SiQN8dNoAQprNrIoM91rL84N1iAra6T:z5NtqOQN8roAQprh9M/rL84vba6T","tlshash":"bac2e13a4e3eb328e5a5a9f34f616a6c94edc5c9cece6c96800d0e933f06f194271641","first_seen":"2025-09-25T17:37:39.01831Z","last_seen":"2025-09-25T17:37:39.01831Z","times_seen":1,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-25","alert":"Sinkholed","trigger":"pagocreditotuuya.buzz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}