{"report_id":"09856f48-ec10-4773-b529-ea0e125e20e3","version":6,"status":"done","tags":[],"date":"2026-04-24T08:38:34Z","url":{"schema":"http","addr":"api.galaxusag.com/","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":0,"asn":0,"as":"","country":"Canada","country_code":"CA"},"final":{"url":{"schema":"https","addr":"api.galaxusag.com/","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"title":"Apache Tomcat/8.5.81","dom":{"size":11154,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"22eee7fa026a708cced00a40d3d22c27","sha1":"b5e2eec91af1dc71a0e8083015dce7e78e4e8fe4","sha256":"dcc978d5fc095262775f9392f9ca3db6a694ae5cc270d484f3476ab3abbf149a","sha512":"db02093bd4631a295f537769a6935bdc55507a8b3d3fd3a72104f554e215a66698c6d8e0e32b709415b58c3d8f51e5b974b81f0029a2df9609ac5e8c6bcbf0d2","ssdeep":"96:nEXRH0/Nu1TKWyxteqGjz6EPiCSuUtLs85z8KTFxIM:EXRHweKWoAjz6NLsQz8+xIM","tlshash":"7332df7b41f910370353958f3c992b2e2e63d15bcaca1e09b2ac5e9caf93e45d90354b","dom_hash":"domhash2ac9d76668f960e9e568803e7761a2e3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"api.galaxusag.com/","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":0,"asn":0,"as":"","country":"Canada","country_code":"CA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-29T08:38:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"api.galaxusag.com","ip":{"addr":"109.110.170.82","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":18,"request_count":9,"received_data":142901,"sent_data":4065,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"api.galaxusag.com/bg-nav.png","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://api.galaxusag.com/","date":"2026-04-24T08:38:12.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.galaxusag.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Mar 2026 12:34:04 GMT","end":"Sun, 14 Jun 2026 12:34:03 GMT"},"fingerprint":{"sha1":"94:CF:99:E8:85:26:9F:CC:49:EA:E5:54:A6:9D:AA:01:75:37:0A:CC","sha256":"7B:C2:DC:70:B2:6A:EE:37:DE:3A:5C:B2:7F:48:67:AC:6D:EA:9C:A1:AC:84:90:0B:05:B7:7E:20:07:E2:9C:42"}}},"request":{"raw":"GET /bg-nav.png HTTP/1.1\r\nHost: api.galaxusag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://api.galaxusag.com/tomcat.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Fri, 24 Apr 2026 08:38:13 GMT\r\netag: W/\"1401-1654723815000\"\r\nlast-modified: Wed, 08 Jun 2022 21:30:15 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1429\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1401,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 10 x 50, 8-bit/color RGBA, non-interlaced","md5":"7b761b2689b869d6de79aec52a94141a","sha1":"5638c96dd1777d55e8cbec09d2e36b1ce879a9fe","sha256":"a66793441ab6918ff3abedf7dc5d7f3af1c88160b759afc6801d4083146a9d3c","sha512":"9bcea84b4bafa14659f368e66436314429fd584dea32944b0f1f4a1111d8c60fd7f410f13ed3c9059892736a85b926c340df161386ae173de51f025ecc68070e","ssdeep":"","tlshash":"2721080bdc8d7eadc7c60020a30c31d84c054ecb1a125ace07e05e5c7d4f9caf829636","first_seen":"2023-05-11T21:55:33Z","last_seen":"2026-04-24T08:38:40.522468Z","times_seen":163,"resource_available":false,"data":null}},"time_used":429,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":425,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.galaxusag.com/asf-logo-wide.svg","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://api.galaxusag.com/","date":"2026-04-24T08:38:12.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.galaxusag.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Mar 2026 12:34:04 GMT","end":"Sun, 14 Jun 2026 12:34:03 GMT"},"fingerprint":{"sha1":"94:CF:99:E8:85:26:9F:CC:49:EA:E5:54:A6:9D:AA:01:75:37:0A:CC","sha256":"7B:C2:DC:70:B2:6A:EE:37:DE:3A:5C:B2:7F:48:67:AC:6D:EA:9C:A1:AC:84:90:0B:05:B7:7E:20:07:E2:9C:42"}}},"request":{"raw":"GET /asf-logo-wide.svg HTTP/1.1\r\nHost: api.galaxusag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://api.galaxusag.com/tomcat.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Fri, 24 Apr 2026 08:38:13 GMT\r\netag: W/\"27235-1654723815000\"\r\nlast-modified: Wed, 08 Jun 2022 21:30:15 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27235,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f46030f779cad6854d6d8978908819a3","sha1":"3375de122a161b5b4966ea27ff1f8307b00dff12","sha256":"f113c975a5b789ed2b3036a17981376c6fa2a1e25dc0c0a8679e38cf5afd178d","sha512":"0803648026511ca9113bee810be3dd366ca1cb4d22c549197d57407b0103decbe5464b6f6e8f9dbbe87de285aabe7c2d4def71cc0328d76485cfd1e76715ea1d","ssdeep":"384:ovOFWhod4yCs5Z2e88Xtuy2zifJsk9hGkL0IuiPLomyMXEMNnM0aN9NoKsJ9OXKQ:o2Uhod7Cs6TyfJhGkzuiKZx","tlshash":"f4c29352d366abb39c81822c46a578f930968dea7130f3d4bc9f695be50c8d2114c7eb","first_seen":"2023-05-11T21:55:33Z","last_seen":"2026-04-24T08:38:40.52378Z","times_seen":106,"resource_available":false,"data":null}},"time_used":421,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":421,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.galaxusag.com/bg-upper.png","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://api.galaxusag.com/","date":"2026-04-24T08:38:12.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.galaxusag.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Mar 2026 12:34:04 GMT","end":"Sun, 14 Jun 2026 12:34:03 GMT"},"fingerprint":{"sha1":"94:CF:99:E8:85:26:9F:CC:49:EA:E5:54:A6:9D:AA:01:75:37:0A:CC","sha256":"7B:C2:DC:70:B2:6A:EE:37:DE:3A:5C:B2:7F:48:67:AC:6D:EA:9C:A1:AC:84:90:0B:05:B7:7E:20:07:E2:9C:42"}}},"request":{"raw":"GET /bg-upper.png HTTP/1.1\r\nHost: api.galaxusag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://api.galaxusag.com/tomcat.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Fri, 24 Apr 2026 08:38:13 GMT\r\netag: W/\"3103-1654723815000\"\r\nlast-modified: Wed, 08 Jun 2022 21:30:15 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 3131\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3103,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 10 x 250, 8-bit/color RGBA, non-interlaced","md5":"695c7fb0408de1cd066b81c5513671f6","sha1":"114d1de81d0844e180ca2794ea7f5770de022d63","sha256":"d55804555b409577a64e159c0b248e94d8dec4ce6814382daf5938f2b3671c30","sha512":"b724e6d643fb8f1387c43d28c41f5560587f564c95b332b1ba7bbf40eb4f72f1dc8ae9fece5186a84c1d85f13b2db72ecaadba5f1255a1852360da2ab0791b70","ssdeep":"","tlshash":"da515d11f1d094759f5f25b2610df7e5e0351e7f42368a9c2194272406b7042fa981b6","first_seen":"2023-05-11T21:55:33Z","last_seen":"2026-04-24T08:38:40.525869Z","times_seen":162,"resource_available":false,"data":null}},"time_used":425,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":424,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.galaxusag.com/","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T08:38:11.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.galaxusag.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Mar 2026 12:34:04 GMT","end":"Sun, 14 Jun 2026 12:34:03 GMT"},"fingerprint":{"sha1":"94:CF:99:E8:85:26:9F:CC:49:EA:E5:54:A6:9D:AA:01:75:37:0A:CC","sha256":"7B:C2:DC:70:B2:6A:EE:37:DE:3A:5C:B2:7F:48:67:AC:6D:EA:9C:A1:AC:84:90:0B:05:B7:7E:20:07:E2:9C:42"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: api.galaxusag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html;charset=UTF-8\r\ndate: Fri, 24 Apr 2026 08:38:12 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: MISS\r\ncontent-length: 2104\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11210,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"8e1549c8ad4ed133e3b35863295bd2bf","sha1":"a065f635a52f4f1d1c08f0b14e9707c132fbfa5c","sha256":"08e9dd5e1440741c79304699df4a27bc9456b170d694618ed527a0f358a1b737","sha512":"157f065708f6870e73fd01df768c44b847c1f4758d3aeb8b44efd5e355d0d67b3c94f52ecf24b0e88f247b79f83edd5c985536e0aab589891236187117f24705","ssdeep":"96:k2RH0/e51TKWyxteq/Hz6EPiCSuUtLf/5o8KTFxhIu:k2RHTbKWodHz6NLfBo8+xhIu","tlshash":"f632ef7b40f910370353918f2c992b2e2e73d15bcaca1e09b2ac5e9caf93e45d94354b","first_seen":"2026-04-24T08:38:40.526571Z","last_seen":"2026-04-24T08:38:40.526571Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1542,"timings":{"blocked":560,"dns":509,"connect":20,"send":0,"wait":418,"receive":3,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.galaxusag.com/tomcat.svg","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://api.galaxusag.com/","date":"2026-04-24T08:38:12.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.galaxusag.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Mar 2026 12:34:04 GMT","end":"Sun, 14 Jun 2026 12:34:03 GMT"},"fingerprint":{"sha1":"94:CF:99:E8:85:26:9F:CC:49:EA:E5:54:A6:9D:AA:01:75:37:0A:CC","sha256":"7B:C2:DC:70:B2:6A:EE:37:DE:3A:5C:B2:7F:48:67:AC:6D:EA:9C:A1:AC:84:90:0B:05:B7:7E:20:07:E2:9C:42"}}},"request":{"raw":"GET /tomcat.svg HTTP/1.1\r\nHost: api.galaxusag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://api.galaxusag.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Fri, 24 Apr 2026 08:38:12 GMT\r\netag: W/\"67795-1654723815000\"\r\nlast-modified: Wed, 08 Jun 2022 21:30:15 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67795,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"77cf728c0794e7d94cd21a7a25a1b2be","sha1":"b2848a4ad1f5f886e0ad9cca33f0a291565d042d","sha256":"a2cd980030f48a26f0b72ca4eb5dfaa62402f1a2fcc79913dd82e901dfef906a","sha512":"83a73ca527dbb9c0558e957f5895972e3ae1e9eb7e3ecddfa2b5eb576c523eaeb0398f9b8619153e39efae4f24b76aadaf56920bd77376de7d1a3226299f1da7","ssdeep":"1536:nl8S93p5fozmYTSrJ7H3LYPJLweJN1qCT2R+083f5UoN:n5BP2m6Zlq1+086oN","tlshash":"2a63d0726abc18cc9594059239e47054aa30b0d7e236464cffecb5560f029923bfafad","first_seen":"2023-05-27T06:33:18Z","last_seen":"2026-04-24T08:38:40.528326Z","times_seen":86,"resource_available":false,"data":null}},"time_used":626,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":626,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.galaxusag.com/tomcat.css","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://api.galaxusag.com/","date":"2026-04-24T08:38:12.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.galaxusag.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Mar 2026 12:34:04 GMT","end":"Sun, 14 Jun 2026 12:34:03 GMT"},"fingerprint":{"sha1":"94:CF:99:E8:85:26:9F:CC:49:EA:E5:54:A6:9D:AA:01:75:37:0A:CC","sha256":"7B:C2:DC:70:B2:6A:EE:37:DE:3A:5C:B2:7F:48:67:AC:6D:EA:9C:A1:AC:84:90:0B:05:B7:7E:20:07:E2:9C:42"}}},"request":{"raw":"GET /tomcat.css HTTP/1.1\r\nHost: api.galaxusag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://api.galaxusag.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Fri, 24 Apr 2026 08:38:12 GMT\r\netag: W/\"5542-1654723815000\"\r\nlast-modified: Wed, 08 Jun 2022 21:30:15 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1724\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5542,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3b1a30cadb69eb3f0cf7f0675b4440b6","sha1":"49d4f3fba97ba1a1b20b8865b4dfd83b7abdb68b","sha256":"feefc80706101506318dcb8f279eba034cdd86979d621732e8c849534c57db38","sha512":"9db3f9c6473cbfb18ba6c7ae5799e118d1290a47959cbb4811d8ba027ccecf6a28cd3f7164aa37a98a28a2fb2da54ffdad95a333da49722f8e1cc8e22a3d85a0","ssdeep":"96:VQO/mM3HFSv+Q/QFQNh+SPPvnsZNEIWknDEb/BET1Naq4UPEpAMRq:Bv3H+3ISPPvnszEI1DEbpEJNaq4UI/q","tlshash":"5eb11f5667e31a15f81f44aabf6ee3a4331ec003660fce787b59b3609f094a5817238d","first_seen":"2023-04-26T18:19:55Z","last_seen":"2026-04-24T08:38:40.530086Z","times_seen":60,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.galaxusag.com/favicon.ico","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://api.galaxusag.com/","date":"2026-04-24T08:38:12.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.galaxusag.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Mar 2026 12:34:04 GMT","end":"Sun, 14 Jun 2026 12:34:03 GMT"},"fingerprint":{"sha1":"94:CF:99:E8:85:26:9F:CC:49:EA:E5:54:A6:9D:AA:01:75:37:0A:CC","sha256":"7B:C2:DC:70:B2:6A:EE:37:DE:3A:5C:B2:7F:48:67:AC:6D:EA:9C:A1:AC:84:90:0B:05:B7:7E:20:07:E2:9C:42"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: api.galaxusag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://api.galaxusag.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Fri, 24 Apr 2026 08:38:12 GMT\r\netag: W/\"21630-1654723815000\"\r\nlast-modified: Wed, 08 Jun 2022 21:30:15 GMT\r\nserver: nginx\r\nx-cache: UPDATING\r\ncontent-length: 21630\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21630,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 9 icons, 16x16, 16 colors, 16x16","md5":"4644f2d45601037b8423d45e13194c93","sha1":"dcfdc7b05cb629f3b91a7267c7f304306f461724","sha256":"64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08","sha512":"1c300f2a8c71615ab8b4df72801a3c77b245ca6199fee3ff3775553e1418d895ca336326ae687a4584a8f68645f9938e4de76511062d260a66818959c952deee","ssdeep":"192:yH0NZsp7JpVPpmcClKs+OzR16MwEyOX/tz7:K0K7J3PpCvR1VyQ/tX","tlshash":"dba272d1b030c959c6999673cfe6deec26697c22ac405c1b32d27f5f3a31bc168127a6","first_seen":"2023-05-08T20:15:29Z","last_seen":"2026-04-24T08:38:40.531217Z","times_seen":1413,"resource_available":false,"data":null}},"time_used":450,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":233,"receive":217,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.galaxusag.com/bg-middle.png","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://api.galaxusag.com/","date":"2026-04-24T08:38:12.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.galaxusag.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Mar 2026 12:34:04 GMT","end":"Sun, 14 Jun 2026 12:34:03 GMT"},"fingerprint":{"sha1":"94:CF:99:E8:85:26:9F:CC:49:EA:E5:54:A6:9D:AA:01:75:37:0A:CC","sha256":"7B:C2:DC:70:B2:6A:EE:37:DE:3A:5C:B2:7F:48:67:AC:6D:EA:9C:A1:AC:84:90:0B:05:B7:7E:20:07:E2:9C:42"}}},"request":{"raw":"GET /bg-middle.png HTTP/1.1\r\nHost: api.galaxusag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://api.galaxusag.com/tomcat.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Fri, 24 Apr 2026 08:38:13 GMT\r\netag: W/\"1918-1654723815000\"\r\nlast-modified: Wed, 08 Jun 2022 21:30:15 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1941\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1918,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 10 x 100, 8-bit/color RGBA, non-interlaced","md5":"86723de8efaed1ed3b12236128b3198b","sha1":"a1a8b6de0a69d1085b098930df984a7e296c5e5d","sha256":"48f4b63166452d3ea35d9678ec95b75e8c38d6eb2ad59456b1b3445c36a4b1fd","sha512":"f921f32e905b9505cc1bd08030e747904dd8fc026d3125a54f67f126ec6171cd41b796a1b245ddb1e8e39d131573a635bc43b77ed2639e1137a18d10ac930ae0","ssdeep":"","tlshash":"df411b02e5daae99d6dc2a660e0806499463078907a2e7de40b71d38796f0da28a9652","first_seen":"2023-05-11T21:55:33Z","last_seen":"2026-04-24T08:38:40.531766Z","times_seen":163,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":420,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.galaxusag.com/bg-button.png","fqdn":"api.galaxusag.com","domain":"galaxusag.com","tld":"com"},"ip":{"addr":"109.110.170.82","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://api.galaxusag.com/","date":"2026-04-24T08:38:12.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.galaxusag.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Mar 2026 12:34:04 GMT","end":"Sun, 14 Jun 2026 12:34:03 GMT"},"fingerprint":{"sha1":"94:CF:99:E8:85:26:9F:CC:49:EA:E5:54:A6:9D:AA:01:75:37:0A:CC","sha256":"7B:C2:DC:70:B2:6A:EE:37:DE:3A:5C:B2:7F:48:67:AC:6D:EA:9C:A1:AC:84:90:0B:05:B7:7E:20:07:E2:9C:42"}}},"request":{"raw":"GET /bg-button.png HTTP/1.1\r\nHost: api.galaxusag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://api.galaxusag.com/tomcat.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Fri, 24 Apr 2026 08:38:13 GMT\r\netag: W/\"713-1654723815000\"\r\nlast-modified: Wed, 08 Jun 2022 21:30:15 GMT\r\nserver: nginx\r\nx-cache: UPDATING\r\ncontent-length: 713\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":713,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 136 x 30, 8-bit/color RGBA, non-interlaced","md5":"743c4028bcf5223910a5f3bb45b6bf64","sha1":"6eaf210ee44bc1e0af0d51d8d2c41358fc910ec5","sha256":"3c1c7209f4149919826cde2002db38e65edaab67c512ea43f5c89ff25229321f","sha512":"e2084376f6ecf2191338129b605dcc03858c46aa9d1920e2dd4a5d094e912e220a2d1af9a5b84abea5b2f9f1aec18609c6ab6ac5d76b2ccaccafbae6ec7aaadd","ssdeep":"","tlshash":"8a0199d17745ca54cd3553721545944098e5ae06daf3522c3d7cf8f07cb03c89d8034a","first_seen":"2023-05-11T21:55:33Z","last_seen":"2026-04-24T08:38:40.532486Z","times_seen":163,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":419,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"api.galaxusag.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}