| pay.pagamentoseguro.zip/_next/static/css/edd705a5ce8579b5.css |  172.67.176.50 | 200 OK | 39 kB |
URL GET pay.pagamentoseguro.zip/_next/static/css/edd705a5ce8579b5.css IP172.67.176.50:80
Requested byhttp://pay.pagamentoseguro.zip/
File typeASCII text, with very long lines (36537) Hashb947847e46f4436bd715445930adb8ba 941ea4bec642bf23bdb97f0146e13ecd4930d0ec a6a090225d15366f7041d360b4cb77ceffdfacbc0f25c752db3cfca41b7b24f4
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /_next/static/css/edd705a5ce8579b5.css HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 May 2025 23:30:47 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 02 May 2025 17:19:16 GMT
etag: W/"9765-19692027220"
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
cf-cache-status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TLPYjI0PFEpt4hn4dNYuxRJ2%2FcqJzDbFq35zdq9YiOYqpy6mVCF6Tt4fr288O2JeEsxd1nQ2hIhWfKaLhpfJBjtXab4hyqdTvpgzWtxEAo7vTkMGyDfhtgRCSSOUAQuCp9hJOhzQ57JHTw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 93c481d2db500b4d-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=434&min_rtt=434&rtt_var=217&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| pay.pagamentoseguro.zip/_next/static/chunks/app/layout-fb26fb46c645bbf1.js | 172.67.176.50 | 200 OK | 1.0 kB |
URL GET pay.pagamentoseguro.zip/_next/static/chunks/app/layout-fb26fb46c645bbf1.js IP172.67.176.50:80
Requested byhttp://pay.pagamentoseguro.zip/
File typeJavaScript source, ASCII text, with very long lines (1000), with no line terminators Hashaa58e79308ace6939cdb39ce984cc468 e341c56833dd7aaae73e703dad697d6ba2aecfac b85352a82b9fb82bc3e9b0a4c0802e83938342c1b60d47216e4f68aaa1913ee7
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /_next/static/chunks/app/layout-fb26fb46c645bbf1.js HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 May 2025 23:30:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 02 May 2025 17:19:16 GMT
etag: W/"3e8-19692027220"
vary: Accept-Encoding
x-cloud-trace-context: 428a264a18372a88d0f81035fec831ac
via: 1.1 google
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xqRjiaBsgKtke2Qg%2BjGEiIppDeXYUlzgTYps3J9lI2y76sbeHWUjWiC3cYt%2BZtmAQbOqzrlSiSCP4kHP%2BJbJce3Dc9s2BCHWsmTbbwqnAww3ON5qjNpoJVonfRcmHyN8ntiSoT1POO6%2BmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 93c481d3e841b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=482&min_rtt=461&rtt_var=128&sent=5&recv=7&lost=0&retrans=0&sent_bytes=1607&recv_bytes=774&delivery_rate=7985294&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| app.safirapag.com/scripts/card-fingerprint/clear-sale.js | 104.21.32.1 | 200 OK | 902 B |
URL GET app.safirapag.com/scripts/card-fingerprint/clear-sale.js IP104.21.32.1:443
Requested byhttp://pay.pagamentoseguro.zip/ CertificateIssuerGoogle Trust Services Subjectsafirapag.com FingerprintD0:5E:FA:7D:30:97:C3:78:5E:52:C3:C7:56:BC:D7:B4:49:E9:B4:C0 ValidityMon, 14 Apr 2025 20:45:25 GMT - Sun, 13 Jul 2025 21:43:40 GMT
File typeJavaScript source, Unicode text, UTF-8 text Hash8de9663701312141b104b509b69c5947 b105c88f5d2b151672dc3b7c1bdf5cdc26a2cd0a 432806fdf6c9385078a3e61684f11cf9274836d59608ebf64d0fcd77cb77fddc
GET /scripts/card-fingerprint/clear-sale.js HTTP/1.1
Host: app.safirapag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 May 2025 23:30:48 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: frame-ancestors 'self' *
x-frame-options: ALLOWALL
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pVw%2FQzU3CREW4WlgZYSl6%2Fb6kmY%2FvqIubp9%2FkQ1vVKuqXKpWjQcdJslXzQhTGCNfqXV6g5hBt9ptJzQvthXoKUh1SCRPaglfGxiIsumCCvPVesPDO6qMDO%2F3RBHmYndmFpfIYw%3D%3D"}]}
cache-control: public, max-age=14400
last-modified: Wed, 07 May 2025 16:22:21 GMT
etag: W/"386-196ab8e2248"
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 93c481d86c5bb500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| device.clearsale.com.br/p/fp1.png?bb=f73e0da4693fb46a6a771abeb8b38a90c05f179162acd60003402b88ebaa3f3e8eda26a574b5750409ea693286c2a6d2&ba=91b4c8af629f83dc66ee80feecd4e1948b318412548a29bfa28a32bc2dbe57c9c6a92f900d648b01f8ff39ea392926bb&a2=e18fe9f31cd04a688637a1d754d470edab18a39b888a4364ab21f3ecd74c6e5140eef5c5b829462e92de05b1919079c6&app=isl8zck7u3hsol7gufz6&sid=2fc1eb1d-5b92-3242-b62c-01a16aeb3d81&sm=true |  13.107.246.53 | 200 OK | 70 B |
URL GET device.clearsale.com.br/p/fp1.png?bb=f73e0da4693fb46a6a771abeb8b38a90c05f179162acd60003402b88ebaa3f3e8eda26a574b5750409ea693286c2a6d2&ba=91b4c8af629f83dc66ee80feecd4e1948b318412548a29bfa28a32bc2dbe57c9c6a92f900d648b01f8ff39ea392926bb&a2=e18fe9f31cd04a688637a1d754d470edab18a39b888a4364ab21f3ecd74c6e5140eef5c5b829462e92de05b1919079c6&app=isl8zck7u3hsol7gufz6&sid=2fc1eb1d-5b92-3242-b62c-01a16aeb3d81&sm=true IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttp://pay.pagamentoseguro.zip/ CertificateIssuerGoDaddy.com, Inc. Subject*.clearsale.com.br Fingerprint94:B6:7A:04:FC:F5:EE:04:A1:2A:00:7C:92:23:24:DC:72:D7:FB:26 ValidityThu, 20 Mar 2025 21:00:28 GMT - Sun, 19 Apr 2026 13:00:36 GMT
File typePNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced Hashef593e1899bd8f423f7e747439aa1d46 0f9ba331e2922f27ad7d8d90c4f8198b1eac9f89 76975ba315befd03dd68246f65598f13854cda92700123dd8a0635fd3baf2b65
GET /p/fp1.png?bb=f73e0da4693fb46a6a771abeb8b38a90c05f179162acd60003402b88ebaa3f3e8eda26a574b5750409ea693286c2a6d2&ba=91b4c8af629f83dc66ee80feecd4e1948b318412548a29bfa28a32bc2dbe57c9c6a92f900d648b01f8ff39ea392926bb&a2=e18fe9f31cd04a688637a1d754d470edab18a39b888a4364ab21f3ecd74c6e5140eef5c5b829462e92de05b1919079c6&app=isl8zck7u3hsol7gufz6&sid=2fc1eb1d-5b92-3242-b62c-01a16aeb3d81&sm=true HTTP/1.1
Host: device.clearsale.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 May 2025 23:30:49 GMT
content-type: image/png
content-length: 70
x-content-type-options: nosniff
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref: 20250507T233049Z-16c476b8794ggpkzhC1SVGuxzg0000000g900000000053wb
cache-control: public, max-age=86400
x-fd-int-roxy-purgeid: 83841767
x-cache: TCP_MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| | 104.21.31.100 | 404 Not Found | 7.8 kB |
IP104.21.31.100:443
CertificateIssuerGoogle Trust Services Subjectpagamentoseguro.zip FingerprintC1:9D:90:26:08:C9:88:E0:09:F6:88:47:9A:21:23:DE:F0:EF:1D:4B ValidityWed, 07 May 2025 21:13:22 GMT - Tue, 05 Aug 2025 22:12:11 GMT
File typeHTML document, ASCII text, with very long lines (7788), with no line terminators Hash875ea6f4c6601716a6d5094a0355a5d4 534b912539681fd29cbd9e009d41c765c57beea3 177154db8eb0594264de3f159a9e420f5a7287c200c7da48348a76464c35e2b0
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET / HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Wed, 07 May 2025 23:30:46 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"
x-powered-by: Next.js
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=PS0qxF33SpnoulC92oAxMO%2FLoCiRS9omGSJpQvLFDnoHbkddOekzNvHFt2M0ReNZWxS9CVmAm9OK8KD8z9qY0HdyJGRuSRDCVEp3XaJ6oul11OHLu%2FHK5%2F0wfTkYp73QUpp3xLS%2F5kREUw%3D%3D"}]}
x-cloud-trace-context: 5012523054a32366b3617e846a205c6d;o=1
server: cloudflare
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 93c481cecd5956ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| | 104.21.31.100 | 404 Not Found | 7.8 kB |
IP104.21.31.100:80
File typeHTML document, ASCII text, with very long lines (7788), with no line terminators Hash875ea6f4c6601716a6d5094a0355a5d4 534b912539681fd29cbd9e009d41c765c57beea3 177154db8eb0594264de3f159a9e420f5a7287c200c7da48348a76464c35e2b0
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET / HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 07 May 2025 23:30:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: no-cache, no-store, max-age=0, must-revalidate
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"
x-powered-by: Next.js
x-cloud-trace-context: 339c07ab8558765bf555560ca0038f6d
via: 1.1 google
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ns8JUCmJ6zYPKXJKq3TtfrMJKXjnoau4hE4NllLEynnHbSAu1Ouun8zYCA28ySfOe89kLWG2G%2FwSKPVcW619ipX1vii3xUupqqhGHhfmX0We%2FgYiFLUAliNiEoRA10xMWqrixD%2F90B%2Fpdg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 93c481d0fa485687-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=1052&min_rtt=1052&rtt_var=526&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=408&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| pay.pagamentoseguro.zip/_next/static/chunks/app/global-error-600e5a6fb6d0cf1b.js | 172.67.176.50 | 200 OK | 6.5 kB |
URL GET pay.pagamentoseguro.zip/_next/static/chunks/app/global-error-600e5a6fb6d0cf1b.js IP172.67.176.50:80
Requested byhttp://pay.pagamentoseguro.zip/
File typeJavaScript source, ASCII text, with very long lines (6548), with no line terminators Hasha76d59ea2b9a73e32f4701916633487f 510ce0eab3a8c8644b31ba618c4ff9e7a387cca1 babcf271fc05e7da7d487f713bc295ce80b221349ea895ee9c37e25b6356b52f
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /_next/static/chunks/app/global-error-600e5a6fb6d0cf1b.js HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 May 2025 23:30:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 02 May 2025 17:19:16 GMT
etag: W/"1994-19692027220"
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
cf-cache-status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AH%2BZU8MU46bbnvS%2Fr2RdSslNj55NO92qRBB84r8YbgIwy3ii5QILLjHGXu6rGYlKPHXi%2FpHnxoDAaDhxrKXs7SCUjnkE2eI8phue6ZmbAmhe3pMEGVdZB9S%2Fr1G5mIib5fvbentv2mZH9g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 93c481d3fbc80b4d-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=622&min_rtt=434&rtt_var=172&sent=10&recv=12&lost=0&retrans=0&sent_bytes=9024&recv_bytes=784&delivery_rate=15083333&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| cdn.jsdelivr.net/gh/axisbanking-ofc/axis-scripts/fingerprint.js | 151.101.65.229 | 200 OK | 1.8 kB |
URL GET cdn.jsdelivr.net/gh/axisbanking-ofc/axis-scripts/fingerprint.js IP151.101.65.229:443
Requested byhttp://pay.pagamentoseguro.zip/ CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT
File typeJavaScript source, ASCII text Hashb88601cc2392544408cc03f214fbcd2e 8a7f8071aad8184162caf325bde7eeb4d216a597 f33ffec4cb8cd826c3d3cdec7a39455a953673fd989fa61871d8234e5fb462e7
GET /gh/axisbanking-ofc/axis-scripts/fingerprint.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: master
x-jsd-version-type: branch
etag: W/"6dc-in+AcarYGEFiyvMlvefutNIWpZc"
content-encoding: br
accept-ranges: bytes
age: 22757
date: Wed, 07 May 2025 23:30:47 GMT
x-served-by: cache-fra-eddf8230138-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 622
X-Firefox-Spdy: h2
|
|
| pay.pagamentoseguro.zip/_next/static/chunks/927-1511c2bf12434128.js | 172.67.176.50 | 200 OK | 311 kB |
URL GET pay.pagamentoseguro.zip/_next/static/chunks/927-1511c2bf12434128.js IP172.67.176.50:80
Requested byhttp://pay.pagamentoseguro.zip/
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size311 kB (311365 bytes) Hash88407a4830bd2480fa951086dd92fc01 4673721e2b4c136e2d4d03331a871353fa1106e6 afeb746cfa8b7b47779a2c67ee487f6672b670c00029b4265fe683e9536fd75c
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /_next/static/chunks/927-1511c2bf12434128.js HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 May 2025 23:30:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 02 May 2025 17:19:16 GMT
etag: W/"4c045-19692027220"
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ltz5OhqPlLjftfWFIJlYaFYugsEJ%2BKBTeGymMduLN8rcZvETysEicjkPYGTe8ZrvoxvCHTrV3HnF7WH%2Fkk%2FFTHxT2uFdHCIw5bETfbm44cgCO6Wt6QrZAPXZHvXs4a%2Bz9Jsfr97FyyABdA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 93c481d2d8d356aa-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=444&min_rtt=444&rtt_var=222&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=381&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| pay.pagamentoseguro.zip/_next/static/chunks/main-app-61840d1e9c0558b1.js | 172.67.176.50 | 200 OK | 1.2 kB |
URL GET pay.pagamentoseguro.zip/_next/static/chunks/main-app-61840d1e9c0558b1.js IP172.67.176.50:80
Requested byhttp://pay.pagamentoseguro.zip/
File typeJavaScript source, ASCII text, with very long lines (1201), with no line terminators Hash3d92b00a9780227c3af148738ad09b02 81de54502826d23795fb88ebb57085139fa66f92 da1bebe413c62570c01c86f069037e5feff96534eb77e5e9c8ce0aceb3f44508
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /_next/static/chunks/main-app-61840d1e9c0558b1.js HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 May 2025 23:30:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 02 May 2025 17:19:15 GMT
etag: W/"4b1-19692026e38"
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VjLvsOVGrIBaVJPdBr1PViGYYBrmB6qMVnOZ7dzZwahWnjw3NlIycK5Eg7YsCfLQfUP6qSKWrWSSlWBbOd60ZCz9Qzq01r9cP8TqYiHRV0opAq57uqmvpaUJc7CvaPGyHoFQlJ3DfZhiQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 93c481d2df3fb511-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=461&min_rtt=461&rtt_var=230&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=386&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| o4508456477589504.ingest.us.sentry.io/api/4508456481325056/envelope/?sentry_version=7&sentry_key=a23ab0ae23cb5a1e561ac167e91397cf&sentry_client=sentry.javascript.nextjs%2F8.44.0 | 34.120.195.249 | 200 OK | 2 B |
URL POST o4508456477589504.ingest.us.sentry.io/api/4508456481325056/envelope/?sentry_version=7&sentry_key=a23ab0ae23cb5a1e561ac167e91397cf&sentry_client=sentry.javascript.nextjs%2F8.44.0 IP34.120.195.249:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
Requested byhttp://pay.pagamentoseguro.zip/ CertificateIssuerDigiCert Inc Subjectingest.sentry.io FingerprintDA:99:47:C5:69:E9:81:CF:86:06:05:AA:4F:F5:39:06:4B:1A:F3:22 ValidityThu, 03 Oct 2024 00:00:00 GMT - Tue, 29 Jul 2025 23:59:59 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /api/4508456481325056/envelope/?sentry_version=7&sentry_key=a23ab0ae23cb5a1e561ac167e91397cf&sentry_client=sentry.javascript.nextjs%2F8.44.0 HTTP/1.1
Host: o4508456477589504.ingest.us.sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://pay.pagamentoseguro.zip/
Content-Type: text/plain;charset=UTF-8
Content-Length: 441
Origin: http://pay.pagamentoseguro.zip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 07 May 2025 23:30:47 GMT
content-type: application/json
content-length: 2
vary: origin, access-control-request-method, access-control-request-headers
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| o4508456477589504.ingest.us.sentry.io/api/4508456481325056/envelope/?sentry_version=7&sentry_key=a23ab0ae23cb5a1e561ac167e91397cf&sentry_client=sentry.javascript.nextjs%2F8.44.0 | 34.120.195.249 | 429 Too Many Requests | 198 B |
URL POST o4508456477589504.ingest.us.sentry.io/api/4508456481325056/envelope/?sentry_version=7&sentry_key=a23ab0ae23cb5a1e561ac167e91397cf&sentry_client=sentry.javascript.nextjs%2F8.44.0 IP34.120.195.249:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
Requested byhttp://pay.pagamentoseguro.zip/ CertificateIssuerDigiCert Inc Subjectingest.sentry.io FingerprintDA:99:47:C5:69:E9:81:CF:86:06:05:AA:4F:F5:39:06:4B:1A:F3:22 ValidityThu, 03 Oct 2024 00:00:00 GMT - Tue, 29 Jul 2025 23:59:59 GMT
Hash478b411c59eb87249bea32cf7c7be5d2 023907c62eb55758905bb3c0e640b5b204ae0652 bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263
POST /api/4508456481325056/envelope/?sentry_version=7&sentry_key=a23ab0ae23cb5a1e561ac167e91397cf&sentry_client=sentry.javascript.nextjs%2F8.44.0 HTTP/1.1
Host: o4508456477589504.ingest.us.sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://pay.pagamentoseguro.zip/
Content-Type: text/plain;charset=UTF-8
Content-Length: 12937
Origin: http://pay.pagamentoseguro.zip
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 429 Too Many Requests
server: nginx
date: Wed, 07 May 2025 23:30:48 GMT
content-type: application/json
retry-after: 60
x-sentry-rate-limits: 60:transaction;profile;span;span_indexed:organization:span_usage_exceeded
vary: origin, access-control-request-method, access-control-request-headers, accept-encoding
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| device.clearsale.com.br/p/ci.png | 13.107.246.53 | 200 OK | 175 B |
URL GET device.clearsale.com.br/p/ci.png IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttp://pay.pagamentoseguro.zip/ CertificateIssuerGoDaddy.com, Inc. Subject*.clearsale.com.br Fingerprint94:B6:7A:04:FC:F5:EE:04:A1:2A:00:7C:92:23:24:DC:72:D7:FB:26 ValidityThu, 20 Mar 2025 21:00:28 GMT - Sun, 19 Apr 2026 13:00:36 GMT
File typePNG image data, 32 x 1, 8-bit/color RGB, non-interlaced Hash85be59c0a7717a4992f51f2f01f60786 e95d75211d57815212a2b9db5cec7daabda8cc8b 2dda39aa6505cdb19e7a2666a1e4c80f2a09ef0aac9d55b1668efcbe2483a21e
GET /p/ci.png HTTP/1.1
Host: device.clearsale.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://pay.pagamentoseguro.zip
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 May 2025 23:30:49 GMT
content-type: image/png
content-length: 175
access-control-allow-origin: *
cache-control: private,max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref: 20250507T233048Z-16c476b8794ggpkzhC1SVGuxzg0000000gb00000000038ta
x-cache: CONFIG_NOCACHE
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| device.clearsale.com.br/p/fp.js | 13.107.246.53 | 200 OK | 166 kB |
URL GET device.clearsale.com.br/p/fp.js IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttp://pay.pagamentoseguro.zip/ CertificateIssuerGoDaddy.com, Inc. Subject*.clearsale.com.br Fingerprint94:B6:7A:04:FC:F5:EE:04:A1:2A:00:7C:92:23:24:DC:72:D7:FB:26 ValidityThu, 20 Mar 2025 21:00:28 GMT - Sun, 19 Apr 2026 13:00:36 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65471), with no line terminators Size166 kB (166323 bytes) Hash478b8473534cc1fcb4a0b52e31ead292 4aa0ad04231986f5f182eedcbcc3bdb4d9003d73 61d3b4a9971110417237e0406cdc2d0ad024b4bf71ee84609c8b03dd0a72a942
GET /p/fp.js HTTP/1.1
Host: device.clearsale.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 May 2025 23:30:48 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"67c1c6aa-289b3"
last-modified: Fri, 28 Feb 2025 14:22:34 GMT
x-azure-ref: 20250507T233048Z-16c476b8794ggpkzhC1SVGuxzg0000000g900000000053w4
cache-control: public, max-age=2592000
x-fd-int-roxy-purgeid: 83841767
x-cache: TCP_HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| pay.pagamentoseguro.zip/_next/static/media/a34f9d1faa5f3315-s.p.woff2 | 104.21.31.100 | 200 OK | 49 kB |
URL GET pay.pagamentoseguro.zip/_next/static/media/a34f9d1faa5f3315-s.p.woff2 IP104.21.31.100:80
Requested byhttp://pay.pagamentoseguro.zip/
File typeWeb Open Font Format (Version 2), TrueType, length 48556, version 1.0 Hashd4fe31e6a2aebc06b8d6e558c9141119 bcdc4f0b431d4c8065a83bb736c56ff6494d0091 c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /_next/static/media/a34f9d1faa5f3315-s.p.woff2 HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://pay.pagamentoseguro.zip/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 May 2025 23:30:47 GMT
Content-Type: font/woff2
Content-Length: 48556
Connection: keep-alive
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 02 May 2025 17:19:15 GMT
etag: W/"bdac-19692026e38"
x-cloud-trace-context: 25b7c2d2e4db69c085be1455a95fc228
via: 1.1 google
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ilTVwq9wfiWz9H8ehIWfSs586TO6jgOpiJy8%2BDttYEErrbOT7nqUNkyXWtGxhJDebIttdWyIBKJ6eWyZrfOGHzZ6vbSiFPHCrngCs%2B%2B0L3gCfGpK35H66%2B8t%2FJ4W0tyDVHB%2BWXKEJwxFg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 93c481d2cb4f5687-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=986&min_rtt=858&rtt_var=246&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3409&recv_bytes=854&delivery_rate=6090431&cwnd=253&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| pay.pagamentoseguro.zip/_next/static/chunks/fd9d1056-87c9371532b04591.js | 172.67.176.50 | 200 OK | 173 kB |
URL GET pay.pagamentoseguro.zip/_next/static/chunks/fd9d1056-87c9371532b04591.js IP172.67.176.50:80
Requested byhttp://pay.pagamentoseguro.zip/
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size173 kB (173173 bytes) Hashde7bdbc0ca7c30c1cc3267fc1530ff00 42675a5eba6ac4468f7001bc2b7ecb1e30de336d b80243d3863f5170fbcd02de6ef907a361203e30564ddf933291b613703b862a
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /_next/static/chunks/fd9d1056-87c9371532b04591.js HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 May 2025 23:30:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 02 May 2025 17:19:16 GMT
etag: W/"2a475-19692027220"
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YJpVrS6yOQJiJsokLaE85KJm%2BdHzeZtOYRcUACvmDdWBqZSKRlSy88%2FcBoERgM8FYTIwP1wolq7WQtNpZ708ydy%2Fhnf%2FH8Sncl%2BoHBlNs1j22QeBPw2baowsDuGVVDNEtYAQtzbay20n1A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 93c481d2df23b4f9-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=430&min_rtt=430&rtt_var=215&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=386&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| pay.pagamentoseguro.zip/favicon.ico | 172.67.176.50 | 200 OK | 26 kB |
URL GET pay.pagamentoseguro.zip/favicon.ico IP172.67.176.50:80
Requested byhttp://pay.pagamentoseguro.zip/
File typeMS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel Hashc30c7d42707a47a3f4591831641e50dc 9ecfcc8f0ead0bf3d2d7c39e084b88f41cc89a2e 2b8ad2d33455a8f736fc3a8ebf8f0bdea8848ad4c0db48a2833bd0f9cd775932
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /favicon.ico HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 May 2025 23:30:47 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
x-nextjs-cache: HIT
cache-control: public, max-age=14400, must-revalidate
via: 1.1 google
CF-Cache-Status: MISS
Last-Modified: Wed, 07 May 2025 23:30:47 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2BcV4xKwZjSH7yhlIcxke5EVALMYsP24cr8FINoG3ws6XpDV%2FLofKwaCjWcbhFs2%2FMDCTyesf8wLglIFkudUu7NW7AFvLyQODreJDPbG52OZ1lU%2BZ%2BxK34smxob9gF0yI6jZyiu7RO5mfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 93c481d63cc00b4d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=673&min_rtt=434&rtt_var=231&sent=15&recv=14&lost=0&retrans=0&sent_bytes=12691&recv_bytes=1155&delivery_rate=15083333&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| device.clearsale.com.br/p/fp.js | 13.107.246.53 | 200 OK | 166 kB |
URL GET device.clearsale.com.br/p/fp.js IP13.107.246.53:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttp://pay.pagamentoseguro.zip/ CertificateIssuerGoDaddy.com, Inc. Subject*.clearsale.com.br Fingerprint94:B6:7A:04:FC:F5:EE:04:A1:2A:00:7C:92:23:24:DC:72:D7:FB:26 ValidityThu, 20 Mar 2025 21:00:28 GMT - Sun, 19 Apr 2026 13:00:36 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65471), with no line terminators Size166 kB (166323 bytes) Hash478b8473534cc1fcb4a0b52e31ead292 4aa0ad04231986f5f182eedcbcc3bdb4d9003d73 61d3b4a9971110417237e0406cdc2d0ad024b4bf71ee84609c8b03dd0a72a942
GET /p/fp.js HTTP/1.1
Host: device.clearsale.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 May 2025 23:30:48 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"67c1c6aa-289b3"
last-modified: Fri, 28 Feb 2025 14:22:34 GMT
x-azure-ref: 20250507T233048Z-16c476b8794ggpkzhC1SVGuxzg0000000g900000000053w2
cache-control: public, max-age=2592000
x-fd-int-roxy-purgeid: 83841767
x-cache: TCP_HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| pay.pagamentoseguro.zip/_next/static/chunks/webpack-6703a1bddc3105a5.js | 172.67.176.50 | 200 OK | 3.9 kB |
URL GET pay.pagamentoseguro.zip/_next/static/chunks/webpack-6703a1bddc3105a5.js IP172.67.176.50:80
Requested byhttp://pay.pagamentoseguro.zip/
File typeJavaScript source, ASCII text, with very long lines (3908), with no line terminators Hash305304ae4e0912b41da887966691174d 638e57f1a41e66d4b01c5f6c9442dde25f7a2209 2b46941fc2879f20c7b29dad2f55c49394112d0e923581b0bc17079cea291a56
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /_next/static/chunks/webpack-6703a1bddc3105a5.js HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 May 2025 23:30:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 02 May 2025 17:19:16 GMT
etag: W/"f44-19692027220"
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
cf-cache-status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bjS9PU4n%2BK8F7x9GWPjkDZvytrFeUvCfW6edDHy%2B2R%2FTjW7w60th2fSNNWkTpYkClH1AGAlwaBKxCk4Orh%2FDEMJPvGNaxbtF%2FTzq4n0pXzBDAScWCajxt3m0OZd6fXM%2Fz2T%2BahyiSp4ukA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 93c481d2c8760b61-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=431&min_rtt=431&rtt_var=215&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=385&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| pay.pagamentoseguro.zip/_next/static/chunks/580-177992d57de77454.js | 172.67.176.50 | 200 OK | 16 kB |
URL GET pay.pagamentoseguro.zip/_next/static/chunks/580-177992d57de77454.js IP172.67.176.50:80
Requested byhttp://pay.pagamentoseguro.zip/
File typeJavaScript source, ASCII text, with very long lines (16288), with no line terminators Hasha7731efd4c88f3cb7d3426199dad1d0a d3edb4384c3b4bf154c4269423eed9cdebe5d153 3f4860250e78fd1c9a3414cc40110e11ee2a79560844d0899fdb6dc8bd66a147
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /_next/static/chunks/580-177992d57de77454.js HTTP/1.1
Host: pay.pagamentoseguro.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pay.pagamentoseguro.zip/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 May 2025 23:30:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 02 May 2025 17:19:16 GMT
etag: W/"3fa0-19692027220"
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
cf-cache-status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tPVGt1agD1fJiSRJpmhNp%2F29964EHsOzYWXs%2Fwzq3EmGbbRT%2BBWkd5B3oIEbLJ8rbH9u7qZ6tdtrpPumWR5BfW0KWUtNToKsU0mV%2BOutLTZQvmjJRzZmwrGXZ9frz2o9sOrQF5TiOrgkzA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 93c481d3d8d20b61-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=485&min_rtt=431&rtt_var=170&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2860&recv_bytes=766&delivery_rate=6983922&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|