GET gatavalen.cc/img/coins/doge.png
200 OK 4.3 kB URL GET HTTPS
gatavalen.cc/img/coins/doge.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-04
Last Seen 2025-08-08
Times Seen 7412
Size 4.3 kB (4251 bytes)
MD5 ae64499c8825452f6262177ee6dd525b
SHA1 92a35e0817cefb5befbb18422fb4c9d220f6754c
SHA256 47fb417f6b72c4edc08dfb90a376b2c88b3b51992bf3c83dd14e011edba2f339
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/doge.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 4251
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-109b"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET gatavalen.cc/img/coins/usdt.png
200 OK 923 B URL GET HTTPS
gatavalen.cc/img/coins/usdt.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-06
Last Seen 2025-08-08
Times Seen 7231
Size 923 B (923 bytes)
MD5 ae9f6b15ca809b5d92a8f305d954682b
SHA1 e6350b10f296d88e48c32ae6ad41b95488d2fc56
SHA256 e8b7dc15525de712cb597b4c4daa6b11dce462e6dd10913e41720f59b2608117
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/usdt.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 923
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-39b"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET gatavalen.cc/img/coins/matic.png
200 OK 2.7 kB URL GET HTTPS
gatavalen.cc/img/coins/matic.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-06
Last Seen 2025-08-08
Times Seen 7248
Size 2.7 kB (2668 bytes)
MD5 e52d4c5303ae23b87eafcba68fec13f0
SHA1 d62532d0d8b480481e825e43dad042bba1b34905
SHA256 6b6a7ed2702dc19ede76fa573dcadbf7cd0680eeb320a1650b2ee0061135ba93
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/matic.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:40 GMT
Content-Type: image/png
Content-Length: 2668
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-a6c"
Expires: Sun, 03 Aug 2025 23:05:40 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
200 OK 81 kB URL User Request GET HTTPS
jygigd.blogspot.com/
IP / ASN
142.250.74.161
#15169 GOOGLE
Resource Info
File type HTML document, ASCII text, with very long lines (16914)
First Seen 2025-08-02
Last Seen 2025-08-02
Times Seen 1
Size 81 kB (81373 bytes)
MD5 7a3cfef2c904dcfd2d6e7f9b5b15b7ce
SHA1 00daa055b907407a2a3e47a8d200b1af55207b18
SHA256 e19787b6124c75466fe827d949c85d3669f254d3112ddf4aa3ca9748431d0a07
Certificate Info
Issuer Google Trust Services
Subject misc-sni.blogspot.com
Fingerprint 1D:16:A8:3B:68:4F:69:29:5C:33:92:B5:3A:20:9B:2A:EF:42:7E:77
Validity Mon, 07 Jul 2025 08:34:52 GMT - Mon, 29 Sep 2025 08:34:51 GMT
Technology Fingerprints
Blogger (Blogs) Blogger is a blog-publishing service that allows multi-user blogs with time-stamped entries.
Python (Programming languages) Python is an interpreted and general-purpose programming language.
Clipboard.js (JavaScript libraries) N/A
OpenGSE (Web servers) OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.
Java (Programming languages) Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.
GET / HTTP/1.1
Host: jygigd.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 02 Aug 2025 23:05:36 GMT
date: Sat, 02 Aug 2025 23:05:36 GMT
cache-control: private, max-age=0
last-modified: Sat, 07 Jun 2025 01:39:08 GMT
etag: W/"9b8efedd53393c57906686317d15bccca4a1618b06aa67fb55dc0b622efeed93"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 16147
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET gatavalen.cc/_nuxt/entry.816a5a0f.css
200 OK 50 kB URL GET HTTPS
gatavalen.cc/_nuxt/entry.816a5a0f.css
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type ASCII text, with very long lines (49996)
First Seen 2023-05-06
Last Seen 2025-08-08
Times Seen 7961
Size 50 kB (49997 bytes)
MD5 a3ec7f83dfc6f1a0b43babe4e72d86ab
SHA1 b759686938891eebffcfa01b2a49914bded151cd
SHA256 816a5a0f5b2b5e79d25af268686381bfd7f2d7db7e04c59adc55731d13b67812
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /_nuxt/entry.816a5a0f.css HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:38 GMT
Content-Type: text/css
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"685e267a-c34d"
Expires: Sun, 03 Aug 2025 23:05:38 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
GET gatavalen.cc/img/coins/bitcoin.png
200 OK 2.7 kB URL GET HTTPS
gatavalen.cc/img/coins/bitcoin.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced
First Seen 2023-05-01
Last Seen 2025-08-08
Times Seen 12910
Size 2.7 kB (2691 bytes)
MD5 2edf1ef8b333c40979976d1a49bc234c
SHA1 d75ac12795b4a9575c874e1b190712cd62a87afc
SHA256 50a1901684f223bf26594dd3415b1e50f184820a16daa810cc5452911e9117a9
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/bitcoin.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 2691
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-a83"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET gatavalen.cc/img/coins/ethereum.png
200 OK 2.8 kB URL GET HTTPS
gatavalen.cc/img/coins/ethereum.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced
First Seen 2023-05-01
Last Seen 2025-08-08
Times Seen 13134
Size 2.8 kB (2780 bytes)
MD5 856bfdb63dc0d6fad6b92fc6a29719e1
SHA1 2fed2e3409ce1bbbfb37f6da4abeecc30cefc021
SHA256 eebe29898b8b7de5c9e47daab474152be8095e3ab42d768b84b085c5a12b95c6
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/ethereum.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 2780
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-adc"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET gatavalen.cc/payouts/img/bitcoin.png
200 OK 25 kB URL GET HTTPS
gatavalen.cc/payouts/img/bitcoin.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 126 x 127, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-06
Last Seen 2025-08-08
Times Seen 7749
Size 25 kB (25437 bytes)
MD5 dd81b4a670bf3c3dd0034b0c0a03234d
SHA1 6eccd5f254ab4988ffd2f4f89289b16041d61f22
SHA256 d77369aa7567af2889718639538e0140ce999433bca0a41a6ea291a985490f97
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /payouts/img/bitcoin.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 25437
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-635d"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET images.unsplash.com/photo-1674502374937-391815503667?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
200 OK 17 kB URL GET HTTPS
images.unsplash.com/photo-1674502374937-391815503667?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
IP / ASN
151.101.66.208
#54113 FASTLY
Requested by https://gatavalen.cc/payouts/
Resource Info
File type ISO Media, AVIF Image
First Seen 2024-03-28
Last Seen 2025-08-08
Times Seen 7514
Size 17 kB (16746 bytes)
MD5 e81b4d123b08935a977e36b977d98169
SHA1 7586f14e4fc906f4ac17ad40d00c5c6de51495b0
SHA256 26d169ff03a742dfb99ace5e3bb48972aea95438c8cb3f8eb25feb9700cb1f34
Certificate Info
Issuer GlobalSign nv-sa
Subject images.unsplash.com
Fingerprint 9B:86:3C:82:31:8B:9F:99:21:5C:FC:2D:15:DF:50:DC:E3:87:7A:40
Validity Wed, 09 Oct 2024 01:16:11 GMT - Mon, 10 Nov 2025 01:16:10 GMT
GET /photo-1674502374937-391815503667?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80 HTTP/1.1
Host: images.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-imgix-id: af6c159a0265b60cde3856b87b476502ab3baf43
cache-control: public, max-age=31536000
last-modified: Sat, 19 Jul 2025 06:41:28 GMT
server: imgix
date: Sat, 02 Aug 2025 23:05:39 GMT
age: 1268651
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-fra-eddf8230170-FRA, cache-hel1410033-HEL
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 16746
X-Firefox-Spdy: h2
GET gatavalen.cc/img/bg/circuit.svg
200 OK 5.3 kB URL GET HTTPS
gatavalen.cc/img/bg/circuit.svg
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type SVG Scalable Vector Graphics image
First Seen 2023-05-21
Last Seen 2025-08-08
Times Seen 7386
Size 5.3 kB (5273 bytes)
MD5 dffdfc8a90f7ff767f72a1d6216fcea6
SHA1 7f8d3b7b7ea288aed96e1a5b326d3f8571b0ebe6
SHA256 759172998df26a3de2a6c715de7bea7e1ade68a5596833e8dc1425c1a504cce0
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/bg/circuit.svg HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/_nuxt/entry.816a5a0f.css
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/svg+xml
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"685e267a-1499"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
GET gatavalen.cc/img/coins/dot.png
200 OK 2.6 kB URL GET HTTPS
gatavalen.cc/img/coins/dot.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-06
Last Seen 2025-08-08
Times Seen 7345
Size 2.6 kB (2613 bytes)
MD5 ab2bbbdbe07a46e0e047850c62301f0b
SHA1 01c54ef9fe29c5ca43e457c5cb4cae52ffccda40
SHA256 3418e6d1452040dfb46794119972418cdae99ff6535915c79714fda227b0e677
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/dot.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:40 GMT
Content-Type: image/png
Content-Length: 2613
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-a35"
Expires: Sun, 03 Aug 2025 23:05:40 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET godprox.cc/go/539433/y2
302 Found 2.3 kB URL User Request GET HTTPS
godprox.cc/go/539433/y2
IP / ASN
193.233.86.34
#49392 LLC Baxet
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-08
Times Seen 5719795
Size 2.3 kB (2347 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject godprox.cc
Fingerprint 41:85:59:8D:28:0E:AB:00:A0:E1:DA:EB:22:66:11:9E:BA:D5:51:0A
Validity Fri, 04 Jul 2025 08:24:46 GMT - Thu, 02 Oct 2025 08:24:45 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
PHP (Programming languages) PHP is a general-purpose scripting language used for web development.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /go/539433/y2 HTTP/1.1
Host: godprox.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getk100.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 02 Aug 2025 23:05:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sun, 01 Jan 2014 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=d2fcba1812ddff90c018fafd6a34cf5e; expires=Sat, 01-Oct-2044 23:05:37 GMT; Max-Age=604800000; path=/; domain=godprox.cc
ofr_1=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D; expires=Tue, 02-Sep-2025 23:05:37 GMT; Max-Age=2678400; path=/; domain=godprox.cc
Location: https://gatavalen.cc/payouts/?b=YTo0OntzOjU6ImxhYmVsIjtzOjA6IiI7czozOiJ1c3IiO2k6ODM5O3M6NDoibm9wZCI7czoxMDoiZ29kcHJveC5jYyI7czoxOiJvIjtpOjE7fQ==
GET gatavalen.cc/_nuxt/client-only.11dfce23.js
200 OK 468 B URL GET HTTPS
gatavalen.cc/_nuxt/client-only.11dfce23.js
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type Java source, ASCII text, with very long lines (467)
First Seen 2023-03-14
Last Seen 2025-08-08
Times Seen 7520
Size 468 B (468 bytes)
MD5 1b9370aaf1247adec1abae0a54fa2ec9
SHA1 992735adce31717f721d0570f206e24c2f8d6e6e
SHA256 8b9669ebd8a376e53af6be534e039dc797ac566c71b960f45f3f61726f568129
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /_nuxt/client-only.11dfce23.js HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/_nuxt/index.b71f6f30.js
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"685e267a-1d4"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
GET images.unsplash.com/photo-1671116807928-2963fe1e75c1?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
200 OK 16 kB URL GET HTTPS
images.unsplash.com/photo-1671116807928-2963fe1e75c1?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
IP / ASN
151.101.66.208
#54113 FASTLY
Requested by https://gatavalen.cc/payouts/
Resource Info
File type ISO Media, AVIF Image
First Seen 2024-04-08
Last Seen 2025-08-08
Times Seen 7507
Size 16 kB (15475 bytes)
MD5 679ab0612d02491c2296a53972cce1e5
SHA1 d5c4f9ae3968089c3494d7769e67d0796df8c438
SHA256 c0b3f5105965db98eb23c42e4cc52ed4629c49e19f7785915449efe5c39da268
Certificate Info
Issuer GlobalSign nv-sa
Subject images.unsplash.com
Fingerprint 9B:86:3C:82:31:8B:9F:99:21:5C:FC:2D:15:DF:50:DC:E3:87:7A:40
Validity Wed, 09 Oct 2024 01:16:11 GMT - Mon, 10 Nov 2025 01:16:10 GMT
GET /photo-1671116807928-2963fe1e75c1?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80 HTTP/1.1
Host: images.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-imgix-id: 95e94c27d48c78f4f125dcaa78a2e0ea67c9ebdf
cache-control: public, max-age=31536000
last-modified: Tue, 24 Jun 2025 06:09:19 GMT
server: imgix
date: Sat, 02 Aug 2025 23:05:39 GMT
age: 3430581
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-fra-eddf8230043-FRA, cache-hel1410033-HEL
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 15475
X-Firefox-Spdy: h2
GET gatavalen.cc/img/coins/litecoin.png
200 OK 2.5 kB URL GET HTTPS
gatavalen.cc/img/coins/litecoin.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced
First Seen 2023-05-02
Last Seen 2025-08-08
Times Seen 11964
Size 2.5 kB (2456 bytes)
MD5 bdaeb947a2eb31bae0a170559df9013c
SHA1 7fc8496c9bf51eea98dc9060262f87a792a24a43
SHA256 3225172adc122cc7f8f09fbcc94757061330651a485f17091f41726767f7ea3f
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/litecoin.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 2456
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-998"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET gatavalen.cc/img/coins/xrp.png
200 OK 2.3 kB URL GET HTTPS
gatavalen.cc/img/coins/xrp.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced
First Seen 2023-05-04
Last Seen 2025-08-08
Times Seen 9474
Size 2.3 kB (2330 bytes)
MD5 39edd8e5c80256300562f68afb1ab525
SHA1 506e80486e2b9e90f7344334cd95e93ac8fa0338
SHA256 cf4c3c2ec18de3d4dcd49151ffe00cb299f86fc98467cf806b9c447467935479
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/xrp.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 2330
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-91a"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET gatavalen.cc/img/coins/bnb.png
200 OK 1.4 kB URL GET HTTPS
gatavalen.cc/img/coins/bnb.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-06
Last Seen 2025-08-08
Times Seen 7416
Size 1.4 kB (1387 bytes)
MD5 aef8727bea8367cd9fd252c025b45887
SHA1 c2ab9d909455bff35181dfd92bcc7baba930867f
SHA256 ce5a07d36768bcb5524044a9e92a606ae6effe1cb0913dfa418703461db62fe3
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/bnb.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 1387
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-56b"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET gatavalen.cc/_nuxt/error-component.e8645654.js
200 OK 1.2 kB URL GET HTTPS
gatavalen.cc/_nuxt/error-component.e8645654.js
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type ASCII text, with very long lines (719)
First Seen 2023-07-17
Last Seen 2025-08-08
Times Seen 7225
Size 1.2 kB (1182 bytes)
MD5 88b31d9279571188e305fd1b5392108d
SHA1 360bfd5ae1bbbf5cb9c1d9c1f55bae4989bdf7f5
SHA256 7c20920a025aaf7b9c4b24cfd7405b9b90053dbf4c32c2ca67057fd5bd281ca7
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /_nuxt/error-component.e8645654.js HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:40 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"685e267a-49e"
Expires: Sun, 03 Aug 2025 23:05:40 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
GET api.coingecko.com/api/v3/simple/price?ids=bitcoin%2Cethereum%2Ccardano%2Cbitcoin-cash%2Clitecoin%2Cdogecoin%2Cripple%2Cmatic-network%2Cpolkadot%2Cbinancecoin%2Ctether%2Csolana&vs_currencies=usd&include_24hr_change=true&precision=2&1754175954906
200 OK 746 B URL GET HTTPS
api.coingecko.com/api/v3/simple/price?ids=bitcoin%2Cethereum%2Ccardano%2Cbitcoin-cash%2Clitecoin%2Cdogecoin%2Cripple%2Cmatic-network%2Cpolkadot%2Cbinancecoin%2Ctether%2Csolana&vs_currencies=usd&include_24hr_change=true&precision=2&1754175954906
IP / ASN
104.20.41.132
#13335 CLOUDFLARENET
Requested by https://gatavalen.cc/payouts/
Resource Info
File type JSON text data
First Seen 2025-08-02
Last Seen 2025-08-02
Times Seen 3
Size 746 B (746 bytes)
MD5 3a348b841993d9f78990cba22b41192a
SHA1 6696eac84a7f871ff2beeaafbbad4e6ff94498ce
SHA256 1a1e6a8c93a257202cf7fe515deeb28c200102a29f3562706404a8fd0a7459ef
Certificate Info
Issuer Google Trust Services
Subject api.coingecko.com
Fingerprint 2E:74:37:5E:B9:00:DE:3F:68:1A:7F:06:73:41:4A:CF:78:79:56:05
Validity Mon, 14 Jul 2025 14:45:02 GMT - Sun, 12 Oct 2025 15:45:01 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /api/v3/simple/price?ids=bitcoin%2Cethereum%2Ccardano%2Cbitcoin-cash%2Clitecoin%2Cdogecoin%2Cripple%2Cmatic-network%2Cpolkadot%2Cbinancecoin%2Ctether%2Csolana&vs_currencies=usd&include_24hr_change=true&precision=2&1754175954906 HTTP/1.1
Host: api.coingecko.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gatavalen.cc/
Origin: https://gatavalen.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Aug 2025 23:05:55 GMT
content-type: application/json; charset=utf-8
cf-ray: 969139063c355689-OSL
access-control-allow-origin: *
access-control-allow-methods: POST, PUT, DELETE, GET, OPTIONS
access-control-expose-headers: link, per-page, total
access-control-max-age: 7200
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: max-age=30, public, must-revalidate, s-maxage=60
access-control-request-method: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
vary: Accept-Encoding, Origin
content-encoding: gzip
etag: W/"24ce488f8bfa10a6663d4e18a5741eed"
x-request-id: eecfc8fd-864b-4968-84e5-542ebe46be94
x-runtime: 0.002149
alternate-protocol: 443:npn-spdy/2
content-security-policy-report-only: script-src https://accounts.google.com/gsi/client; frame-src https://accounts.google.com/gsi/; connect-src https://accounts.google.com/gsi/;
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: MISS
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET sharkboss.top/share/get_redir.php
200 OK 18 B URL GET HTTPS
sharkboss.top/share/get_redir.php
IP / ASN
172.67.129.154
#13335 CLOUDFLARENET
Requested by https://getk100.cc/qwe.html
Resource Info
File type ASCII text, with no line terminators
First Seen 2025-03-14
Last Seen 2025-08-03
Times Seen 1089
Size 18 B (18 bytes)
MD5 24ab8edcd36237141ae6b4b2123b6431
SHA1 068c18284a85dc57d46bcff1354fc03c83b65128
SHA256 42590ebf88b95de54c9024dc451dbbfcdd273585e9b5074e800f254d7676bd0e
Certificate Info
Issuer Google Trust Services
Subject sharkboss.top
Fingerprint C0:60:A9:A9:84:74:33:3F:88:27:C5:C5:97:86:1E:1E:69:BB:08:20
Validity Fri, 20 Jun 2025 06:43:51 GMT - Thu, 18 Sep 2025 07:39:58 GMT
Technology Fingerprints
PHP (Programming languages) PHP is a general-purpose scripting language used for web development.
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /share/get_redir.php HTTP/1.1
Host: sharkboss.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getk100.cc/
Origin: https://getk100.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Aug 2025 23:05:37 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RH9KkElY0DgJBabA%2F09pUyHsdv%2BuD%2BQ0WZQMYbTUBmDQxT1p8tOqy1NQaJEHarVL9fgBoIIg5TByApVbuGVtWPGIlVP4k33o7B2l"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: PHPSESSID=cbut22sftasqgci1lqpp3qf7op; Path=/; Domain=sharkboss.top; Max-Age=604800000; Expires=Sat, 01 Oct 2044 23:05:37 GMT
cf-ray: 9691389ae9247127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET gatavalen.cc/_nuxt/visit.4c68a206.js
200 OK 421 B URL GET HTTPS
gatavalen.cc/_nuxt/visit.4c68a206.js
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type Java source, ASCII text, with very long lines (420)
First Seen 2023-03-14
Last Seen 2025-08-08
Times Seen 7535
Size 421 B (421 bytes)
MD5 c7e3cb2df48145483231af7036ac2511
SHA1 557fa64be798741b3966edc1395ce6a08ae91186
SHA256 aa520d0866b7b49b642e4c85b6915e695a087f963e120cba2e91041de4a54010
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /_nuxt/visit.4c68a206.js HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/_nuxt/index.b71f6f30.js
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"685e267a-1a5"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
GET images.unsplash.com/photo-1672456465401-7ba2598de4c2?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
200 OK 20 kB URL GET HTTPS
images.unsplash.com/photo-1672456465401-7ba2598de4c2?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
IP / ASN
151.101.66.208
#54113 FASTLY
Requested by https://gatavalen.cc/payouts/
Resource Info
File type ISO Media, AVIF Image
First Seen 2024-04-04
Last Seen 2025-08-08
Times Seen 7509
Size 20 kB (19973 bytes)
MD5 549e7547da0fafbd2e03b9b2ca862c2b
SHA1 c94c728ace0f424caae9d0804bcf40fe7e73f36e
SHA256 de22661a5aad51215203bd79e07e1da3527726339e7a4fa504c8775f38de49ad
Certificate Info
Issuer GlobalSign nv-sa
Subject images.unsplash.com
Fingerprint 9B:86:3C:82:31:8B:9F:99:21:5C:FC:2D:15:DF:50:DC:E3:87:7A:40
Validity Wed, 09 Oct 2024 01:16:11 GMT - Mon, 10 Nov 2025 01:16:10 GMT
GET /photo-1672456465401-7ba2598de4c2?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80 HTTP/1.1
Host: images.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-imgix-id: 70a3dca1c7c587f14acd94a4d39862859432c881
cache-control: public, max-age=31536000
last-modified: Thu, 17 Jul 2025 23:27:50 GMT
server: imgix
date: Sat, 02 Aug 2025 23:05:39 GMT
age: 1381069
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-fra-etou8220062-FRA, cache-hel1410033-HEL
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 19973
X-Firefox-Spdy: h2
GET gatavalen.cc/payouts/?b=YTo0OntzOjU6ImxhYmVsIjtzOjA6IiI7czozOiJ1c3IiO2k6ODM5O3M6NDoibm9wZCI7czoxMDoiZ29kcHJveC5jYyI7czoxOiJvIjtpOjE7fQ==
302 Found 2.3 kB URL User Request GET HTTPS
gatavalen.cc/payouts/?b=YTo0OntzOjU6ImxhYmVsIjtzOjA6IiI7czozOiJ1c3IiO2k6ODM5O3M6NDoibm9wZCI7czoxMDoiZ29kcHJveC5jYyI7czoxOiJvIjtpOjE7fQ==
IP / ASN
193.233.86.34
#49392 LLC Baxet
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-08
Times Seen 5719795
Size 2.3 kB (2347 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /payouts/?b=YTo0OntzOjU6ImxhYmVsIjtzOjA6IiI7czozOiJ1c3IiO2k6ODM5O3M6NDoibm9wZCI7czoxMDoiZ29kcHJveC5jYyI7czoxOiJvIjtpOjE7fQ== HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getk100.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 02 Aug 2025 23:05:38 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D; expires=Tue, 02-Sep-2025 23:05:38 GMT; Max-Age=2678400; path=/; domain=gatavalen.cc
Location: http://gatavalen.cc/payouts/
GET gatavalen.cc/_nuxt/index.b71f6f30.js
200 OK 30 kB URL GET HTTPS
gatavalen.cc/_nuxt/index.b71f6f30.js
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type Unicode text, UTF-8 text, with very long lines (29624)
First Seen 2023-11-26
Last Seen 2025-08-08
Times Seen 7154
Size 30 kB (29627 bytes)
MD5 9eeeb4d4e651c91eca7a19503b465212
SHA1 24c5e02592c21f6f7181d1b3abb998ded5b61b56
SHA256 134b62d8677d19e752b03e19f80ea2bd0c4eea35badc7244139813cdf1379427
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /_nuxt/index.b71f6f30.js HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/_nuxt/entry.4e713294.js
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"685e267a-73bb"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
GET gatavalen.cc/_nuxt/OnlineUsers.13b0b975.js
200 OK 638 B URL GET HTTPS
gatavalen.cc/_nuxt/OnlineUsers.13b0b975.js
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type Java source, ASCII text, with very long lines (637)
First Seen 2023-03-14
Last Seen 2025-08-08
Times Seen 7539
Size 638 B (638 bytes)
MD5 318bb3d9407c5219c0d10faf3efb2fb3
SHA1 562dc2cdcd8754204be0ae7d4fc820a1dbc583a1
SHA256 1a21637c07b53055a9627efbe546551eada3aca036aa7b825204ae296e4aa9bb
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /_nuxt/OnlineUsers.13b0b975.js HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/_nuxt/index.b71f6f30.js
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"685e267a-27e"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
GET plus.unsplash.com/premium_photo-1673507503135-79a58e3ece0d?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
200 OK 14 kB URL GET HTTPS
plus.unsplash.com/premium_photo-1673507503135-79a58e3ece0d?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
IP / ASN
151.101.130.208
#54113 FASTLY
Requested by https://gatavalen.cc/payouts/
Resource Info
File type ISO Media, AVIF Image
First Seen 2025-02-06
Last Seen 2025-08-08
Times Seen 6669
Size 14 kB (13844 bytes)
MD5 f84109203c885956e74f60138f1f4868
SHA1 984eae8ca9a4a42f47c2ab08f178af4a24fb7c82
SHA256 3d5c7b1e6ad7b1d8ae7e41532e6a90bc0010339b0ff5d834c000ad18b78e392b
Certificate Info
Issuer Certainly
Subject plus.unsplash.com
Fingerprint 61:92:64:F4:53:CB:56:40:C3:DD:BD:AD:76:20:B2:5D:C8:73:19:02
Validity Sun, 20 Jul 2025 16:20:04 GMT - Tue, 19 Aug 2025 16:20:03 GMT
GET /premium_photo-1673507503135-79a58e3ece0d?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80 HTTP/1.1
Host: plus.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-imgix-id: 47d609409255953a48c7ed54e0fbebff7a5da510
cache-control: public, max-age=31536000
last-modified: Thu, 10 Jul 2025 01:32:23 GMT
server: imgix
date: Sat, 02 Aug 2025 23:05:39 GMT
age: 2064795
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-fra-eddf8230052-FRA, cache-hel1410021-HEL
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 13844
X-Firefox-Spdy: h2
GET images.unsplash.com/photo-1599566150163-29194dcaad36?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
200 OK 14 kB URL GET HTTPS
images.unsplash.com/photo-1599566150163-29194dcaad36?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
IP / ASN
151.101.66.208
#54113 FASTLY
Requested by https://gatavalen.cc/payouts/
Resource Info
File type ISO Media, AVIF Image
First Seen 2024-04-04
Last Seen 2025-08-08
Times Seen 7508
Size 14 kB (14484 bytes)
MD5 634f7a129d0a02122009c07b0fdb53d8
SHA1 96e16ce42223c6448b6f988059f61526270b4745
SHA256 a6b313b884672d146deabf2d311f04b513fcaa73a537fdc3441ea05eb3d012e9
Certificate Info
Issuer GlobalSign nv-sa
Subject images.unsplash.com
Fingerprint 9B:86:3C:82:31:8B:9F:99:21:5C:FC:2D:15:DF:50:DC:E3:87:7A:40
Validity Wed, 09 Oct 2024 01:16:11 GMT - Mon, 10 Nov 2025 01:16:10 GMT
GET /photo-1599566150163-29194dcaad36?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80 HTTP/1.1
Host: images.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-imgix-id: 2ef2e7b98ab70fa5d66b3ec58d6c60d4cca0d7b1
cache-control: public, max-age=31536000
last-modified: Wed, 23 Jul 2025 04:46:43 GMT
server: imgix
date: Sat, 02 Aug 2025 23:05:39 GMT
age: 929936
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-fra-etou8220055-FRA, cache-hel1410033-HEL
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 14484
X-Firefox-Spdy: h2
GET gatavalen.cc/img/coins/ada.png
200 OK 2.8 kB URL GET HTTPS
gatavalen.cc/img/coins/ada.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced
First Seen 2023-05-06
Last Seen 2025-08-08
Times Seen 7370
Size 2.8 kB (2790 bytes)
MD5 2b4047ef139810f5403fe2987bd2dc9e
SHA1 529276c43a521743eb53df1cfe8bc8ffff220dfa
SHA256 38c163ecba73c000df0abfe2ad5c4f941164909f8078e8a304dba4db696bc709
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/ada.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 2790
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-ae6"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET www.jygigd.blogspot.com.au/
302 Moved Temporarily 81 kB URL User Request GET HTTP
www.jygigd.blogspot.com.au/
IP / ASN
142.250.74.161
#15169 GOOGLE
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-08
Times Seen 5719795
Size 81 kB (81373 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Technology Fingerprints
OpenGSE (Web servers) OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.
Java (Programming languages) Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.
GET / HTTP/1.1
Host: www.jygigd.blogspot.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Location: http://jygigd.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 02 Aug 2025 23:05:36 GMT
Expires: Sat, 02 Aug 2025 23:05:36 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 195
Server: GSE
200 OK 480 B URL User Request GET HTTPS
getk100.cc/qwe.html
IP / ASN
185.208.156.66
#42624 Global-Data System IT Corporation
Resource Info
File type HTML document, ASCII text, with CRLF line terminators
First Seen 2025-07-14
Last Seen 2025-08-08
Times Seen 2205
Size 480 B (480 bytes)
MD5 cd8c417d302143d363c85b6160960c56
SHA1 26e7e0a0bc5989ff536d7650746ce59a70a665d3
SHA256 f26b0729e3f43d67fcbdddeedaffd66fc9bf2c21083827d91e954aa6ecf72bfa
Certificate Info
Issuer Let's Encrypt
Subject getk100.cc
Fingerprint A7:F8:04:D0:9A:03:74:1D:6D:08:27:B1:7C:C1:8B:78:1B:90:96:93
Validity Wed, 04 Jun 2025 14:17:34 GMT - Tue, 02 Sep 2025 14:17:33 GMT
Technology Fingerprints
LiteSpeed (Web servers) LiteSpeed is a high-scalability web server.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /qwe.html HTTP/1.1
Host: getk100.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
last-modified: Sun, 20 Jul 2025 21:54:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 244
date: Sat, 02 Aug 2025 23:05:37 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
GET images.unsplash.com/photo-1674490364497-ee1f32e4cb4c?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
200 OK 8.3 kB URL GET HTTPS
images.unsplash.com/photo-1674490364497-ee1f32e4cb4c?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
IP / ASN
151.101.66.208
#54113 FASTLY
Requested by https://gatavalen.cc/payouts/
Resource Info
File type ISO Media, AVIF Image
First Seen 2024-04-08
Last Seen 2025-08-08
Times Seen 7509
Size 8.3 kB (8273 bytes)
MD5 ec4b073614a51c1f725fce8e8d604212
SHA1 78d92252aaebc3a81cb72ccb56358299531fe464
SHA256 412a29cbc2ed4ffab295396c8fe411672785968ef9d514191d493b6b388953ae
Certificate Info
Issuer GlobalSign nv-sa
Subject images.unsplash.com
Fingerprint 9B:86:3C:82:31:8B:9F:99:21:5C:FC:2D:15:DF:50:DC:E3:87:7A:40
Validity Wed, 09 Oct 2024 01:16:11 GMT - Mon, 10 Nov 2025 01:16:10 GMT
GET /photo-1674490364497-ee1f32e4cb4c?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80 HTTP/1.1
Host: images.unsplash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-imgix-id: d558172b8ec1995fb38535bfa62aa7045a9512af
cache-control: public, max-age=31536000
last-modified: Sat, 26 Jul 2025 00:10:42 GMT
server: imgix
date: Sat, 02 Aug 2025 23:05:39 GMT
age: 687298
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-fra-eddf8230047-FRA, cache-hel1410033-HEL
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 8273
X-Firefox-Spdy: h2
GET gatavalen.cc/_nuxt/url.0b90d914.js
200 OK 366 B URL GET HTTPS
gatavalen.cc/_nuxt/url.0b90d914.js
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type Java source, ASCII text, with very long lines (365)
First Seen 2023-07-17
Last Seen 2025-08-08
Times Seen 7215
Size 366 B (366 bytes)
MD5 64b3327f89702a18d2440973fd274662
SHA1 f460a828cb4566abcf4ba8e295bd2ea33eb5e294
SHA256 66a2fa73c10cf8e22e709ac61a1585b8b3535d9f0e0c5fe2ae08abc88611c22a
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /_nuxt/url.0b90d914.js HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:40 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"685e267a-16e"
Expires: Sun, 03 Aug 2025 23:05:40 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
GET gatavalen.cc/payouts/
301 Moved Permanently 2.3 kB URL User Request GET HTTP
gatavalen.cc/payouts/
IP / ASN
193.233.86.34
#49392 LLC Baxet
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-08
Times Seen 5719795
Size 2.3 kB (2347 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
PhishTank phishing Phishing - Other
GET /payouts/ HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: nginx
date: Sat, 02 Aug 2025 23:05:38 GMT
content-type: text/html
transfer-encoding: chunked
location: https://gatavalen.cc:443/payouts/
GET gatavalen.cc/payouts/
200 OK 2.3 kB URL User Request GET HTTPS
gatavalen.cc/payouts/
IP / ASN
193.233.86.34
#49392 LLC Baxet
Resource Info
File type HTML document, ASCII text, with very long lines (425)
First Seen 2025-04-07
Last Seen 2025-08-08
Times Seen 6799
Size 2.3 kB (2347 bytes)
MD5 2b109838bf548038f6814f2a8759f44b
SHA1 4a0bef0c9c87f307cabced5b5f8dff2bbe1ce074
SHA256 59f7ca566cd1c2e18207e31929308863fa0414fa7371ea9eb2d7cf9fc7ddfdd6
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Vue.js (JavaScript frameworks) Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Nuxt.js (JavaScript frameworks, Web frameworks, Web servers, Static site generator) Nuxt is a Vue framework for developing modern web applications.
Node.js (Programming languages) Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
PhishTank phishing Phishing - Other
GET /payouts/ HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
GET gatavalen.cc/_nuxt/entry.4e713294.js
200 OK 3.6 MB URL GET HTTPS
gatavalen.cc/_nuxt/entry.4e713294.js
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
First Seen 2025-07-27
Last Seen 2025-08-07
Times Seen 127
Size 3.6 MB (3594295 bytes)
MD5 cbc0b0a2b6b954a29aa3a2ca9639b051
SHA1 227bcced8511ef25d008e237ecf7af8245e85589
SHA256 296536f17fd0e2c5444c34ad1323022520bb3b1b46d345a3a3f540774781fdea
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /_nuxt/entry.4e713294.js HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:38 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"685e267a-36d837"
Expires: Sun, 03 Aug 2025 23:05:38 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
GET gatavalen.cc/img/coins/bch.png
200 OK 2.7 kB URL GET HTTPS
gatavalen.cc/img/coins/bch.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced
First Seen 2023-05-02
Last Seen 2025-08-08
Times Seen 12529
Size 2.7 kB (2694 bytes)
MD5 6ad5509616a5fca9f389801052bea3fe
SHA1 5b53d204b7e6066409067fba9fce5202ff20e9d6
SHA256 6becc3abea448b67731610708852a70c3ceb99059b2dee98da3711dc0620218a
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/bch.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 2694
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-a86"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
301 Moved Permanently 91 B URL User Request GET HTTPS
get188.info/2/rr
IP / ASN
185.208.156.66
#42624 Global-Data System IT Corporation
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-08
Times Seen 5719795
Size 91 B (91 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject *.get188.info
Fingerprint 34:E6:2D:49:80:13:DA:35:16:EA:63:00:2F:A1:A7:95:37:98:99:B3
Validity Mon, 28 Jul 2025 13:53:40 GMT - Sun, 26 Oct 2025 13:53:39 GMT
Technology Fingerprints
LiteSpeed (Web servers) LiteSpeed is a high-scalability web server.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /2/rr HTTP/1.1
Host: get188.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jygigd.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 795
date: Sat, 02 Aug 2025 23:05:37 GMT
server: LiteSpeed
location: https://get188.info/new.html
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
301 Moved Permanently 480 B URL User Request GET HTTPS
getk100.cc/tt/811
IP / ASN
185.208.156.66
#42624 Global-Data System IT Corporation
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-08
Times Seen 5719795
Size 480 B (480 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject getk100.cc
Fingerprint A7:F8:04:D0:9A:03:74:1D:6D:08:27:B1:7C:C1:8B:78:1B:90:96:93
Validity Wed, 04 Jun 2025 14:17:34 GMT - Tue, 02 Sep 2025 14:17:33 GMT
Technology Fingerprints
LiteSpeed (Web servers) LiteSpeed is a high-scalability web server.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tt/811 HTTP/1.1
Host: getk100.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 795
date: Sat, 02 Aug 2025 23:05:37 GMT
server: LiteSpeed
location: https://getk100.cc/qwe.html
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
GET api.coingecko.com/api/v3/simple/price?ids=bitcoin%2Cethereum%2Ccardano%2Cbitcoin-cash%2Clitecoin%2Cdogecoin%2Cripple%2Cmatic-network%2Cpolkadot%2Cbinancecoin%2Ctether%2Csolana&vs_currencies=usd&include_24hr_change=true&precision=2&1754175939512
200 OK 741 B URL GET HTTPS
api.coingecko.com/api/v3/simple/price?ids=bitcoin%2Cethereum%2Ccardano%2Cbitcoin-cash%2Clitecoin%2Cdogecoin%2Cripple%2Cmatic-network%2Cpolkadot%2Cbinancecoin%2Ctether%2Csolana&vs_currencies=usd&include_24hr_change=true&precision=2&1754175939512
IP / ASN
104.20.41.132
#13335 CLOUDFLARENET
Requested by https://gatavalen.cc/payouts/
Resource Info
File type JSON text data
First Seen 2025-08-02
Last Seen 2025-08-02
Times Seen 2
Size 741 B (741 bytes)
MD5 748b7c84872e998c4229a902126bfe8a
SHA1 30e047a2261b973a509734a2137a194e3462f70d
SHA256 a07b123d098ea3e7488604bd5dd7725771808389d1cde367a636cc34e906eb7c
Certificate Info
Issuer Google Trust Services
Subject api.coingecko.com
Fingerprint 2E:74:37:5E:B9:00:DE:3F:68:1A:7F:06:73:41:4A:CF:78:79:56:05
Validity Mon, 14 Jul 2025 14:45:02 GMT - Sun, 12 Oct 2025 15:45:01 GMT
Technology Fingerprints
Cloudflare (CDN) Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.
GET /api/v3/simple/price?ids=bitcoin%2Cethereum%2Ccardano%2Cbitcoin-cash%2Clitecoin%2Cdogecoin%2Cripple%2Cmatic-network%2Cpolkadot%2Cbinancecoin%2Ctether%2Csolana&vs_currencies=usd&include_24hr_change=true&precision=2&1754175939512 HTTP/1.1
Host: api.coingecko.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gatavalen.cc/
Origin: https://gatavalen.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Aug 2025 23:05:39 GMT
content-type: application/json; charset=utf-8
cf-ray: 969138a67ebe5689-OSL
access-control-allow-origin: *
access-control-allow-methods: POST, PUT, DELETE, GET, OPTIONS
access-control-expose-headers: link, per-page, total
access-control-max-age: 7200
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: max-age=30, public, must-revalidate, s-maxage=60
access-control-request-method: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
vary: Accept-Encoding, Origin
content-encoding: gzip
etag: W/"fe356f157355e0852c154f7ecb659486"
x-request-id: f4ce8200-e16d-4bba-a234-2ff23915d86b
x-runtime: 0.002206
alternate-protocol: 443:npn-spdy/2
content-security-policy-report-only: script-src https://accounts.google.com/gsi/client; frame-src https://accounts.google.com/gsi/; connect-src https://accounts.google.com/gsi/;
strict-transport-security: max-age=15724800; includeSubdomains
cf-cache-status: MISS
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET gatavalen.cc/img/coins/solana.png
200 OK 1.6 kB URL GET HTTPS
gatavalen.cc/img/coins/solana.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-06
Last Seen 2025-08-08
Times Seen 7257
Size 1.6 kB (1568 bytes)
MD5 0e21c0532ba33810e3d7e30192a0dbb0
SHA1 5820cba622518979f538410e6f50445a7c5bdd60
SHA256 7e81a3a266d2d77f67c4491589ecc39712c078ce89cb37e360e8a7c88c68ef82
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /img/coins/solana.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 1568
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-620"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET www.jygigd.blogspot.com.au/
0 B URL User Request GET HTTP
www.jygigd.blogspot.com.au/
IP / ASN
0.0.0.0
#0
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-08
Times Seen 5719795
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.jygigd.blogspot.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
200 OK 91 B URL User Request GET HTTPS
get188.info/new.html
IP / ASN
185.208.156.66
#42624 Global-Data System IT Corporation
Resource Info
File type HTML document, ASCII text, with CRLF line terminators
First Seen 2025-06-12
Last Seen 2025-08-08
Times Seen 2052
Size 91 B (91 bytes)
MD5 f47a37b6b7f6c386597f6d8e0a85f3f7
SHA1 74ea7a6d539b043947f57fcfcd7fdf7c15136661
SHA256 0f36b372d623a9969179f4d12bf6a5d587d177e2356e106decc1fe0f64b9dd38
Certificate Info
Issuer Let's Encrypt
Subject *.get188.info
Fingerprint 34:E6:2D:49:80:13:DA:35:16:EA:63:00:2F:A1:A7:95:37:98:99:B3
Validity Mon, 28 Jul 2025 13:53:40 GMT - Sun, 26 Oct 2025 13:53:39 GMT
Technology Fingerprints
LiteSpeed (Web servers) LiteSpeed is a high-scalability web server.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /new.html HTTP/1.1
Host: get188.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jygigd.blogspot.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=utf-8
last-modified: Wed, 11 Jun 2025 20:25:27 GMT
accept-ranges: bytes
content-length: 91
date: Sat, 02 Aug 2025 23:05:37 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
GET gatavalen.cc/favicon.png
200 OK 1.2 kB URL GET HTTPS
gatavalen.cc/favicon.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced
First Seen 2023-05-06
Last Seen 2025-08-08
Times Seen 8191
Size 1.2 kB (1169 bytes)
MD5 d0ab0fb79e2687c9773cfa4018595dbd
SHA1 d79836a5df12dae77b9cfb0c34e382b6257bdd94
SHA256 f1cacb91db22e156f7f11cf755ab73bcaf30c058efe51b398cb425482113f411
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /favicon.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 1169
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-491"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
GET gatavalen.cc/payouts/img/bonus.png
200 OK 179 kB URL GET HTTPS
gatavalen.cc/payouts/img/bonus.png
IP / ASN
193.233.86.34
#49392 LLC Baxet
Requested by https://gatavalen.cc/payouts/
Resource Info
File type PNG image data, 453 x 452, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-06
Last Seen 2025-08-08
Times Seen 7723
Size 179 kB (179335 bytes)
MD5 cdaa7a9b79f2a5c45b869e02449e7a3b
SHA1 2162a1a083ed2e39d7095e74e5fa6af4c5118d5d
SHA256 9b63e525a10bf17284925abba402aa3fd935d24a063f1fd332a95dc925d76968
Certificate Info
Issuer Let's Encrypt
Subject gatavalen.cc
Fingerprint C9:E2:11:01:5D:38:84:D8:5C:F4:4D:C4:33:83:25:05:FB:46:8E:95
Validity Fri, 04 Jul 2025 07:40:49 GMT - Thu, 02 Oct 2025 07:40:48 GMT
Technology Fingerprints
Nginx (Web servers, Reverse proxies) Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OpenPhish phishing Phishing - Generic/Spear Phishing
GET /payouts/img/bonus.png HTTP/1.1
Host: gatavalen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gatavalen.cc/payouts/
Cookie: ofr=a%3A4%3A%7Bs%3A5%3A%22label%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22usr%22%3Bi%3A839%3Bs%3A4%3A%22nopd%22%3Bs%3A10%3A%22godprox.cc%22%3Bs%3A1%3A%22o%22%3Bi%3A1%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Aug 2025 23:05:39 GMT
Content-Type: image/png
Content-Length: 179335
Last-Modified: Fri, 27 Jun 2025 05:04:58 GMT
Connection: keep-alive
ETag: "685e267a-2bc87"
Expires: Sun, 03 Aug 2025 23:05:39 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
