{"report_id":"0a124665-e668-4d8c-ba60-81228615999a","version":6,"status":"done","tags":[],"date":"2026-04-22T12:45:21Z","url":{"schema":"http","addr":"galabet-mobil-br.com","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"104.21.84.189","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"galabet-mobil-br.com/","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"title":"Galabet Brasil – Apostas Esportivas e Cassino Online | Bônus de Boas-Vindas","dom":{"size":39854,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (481)","md5":"15a878ddac76875e09d2b8018918756f","sha1":"323d34a76c3a1e569bee61caac9ae18ee7a0520e","sha256":"b9667306bfd44b332c220bcd24658f24db0ddf12ee9bc34e4d605cd96565b866","sha512":"df86cc8b1bc86deadfe2eee84ce2cf448e9269261d056e5e4b04d8807934ef01d84e52d6b598dede808961f0f108794f2671addc4ecf1dd830ddee6cbc2612ae","ssdeep":"768:EVyVIIVAvJgI5fEs3fDiIf2ugQRf+hK/MZPsLmJleCtu4opLy2VgKm/7PAyM:1VII0kgK4SECtu4VAg7LA7","tlshash":"7b034231a5f96573039396c2a692ab2b9fd0d107ce4b8601b6bd4fcc5fead91d81320d","dom_hash":"domhash41a87b467ac51e941120d01e230857f4","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"galabet-mobil-br.com","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"104.21.84.189","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-27T12:45:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"galabet-mobil-br.com","ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":30,"request_count":10,"received_data":7425946,"sent_data":4505,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"galabet-mobil-br.com/assets/script.js","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"03bba39187635bd1c4f7151ad4a9158c","sha1":"7a22d5200e6282fad6a9030c35ffc46dbe14da94","sha256":"8739abc386339d2af6492292053f84cb5ea2d976e9903174e166e82e8d7caca9","sha512":"76f27682430e8ebce5cfea0e273c135bb3082004d87ff8f142b2b774334663b92a79b4231d06a952473ea37b443fc8298f7c7b7e851c390234f2f2207a4fd97e","ssdeep":"192:nxJjTi/Mu/Mec3MbD/PKGQtvj3Ul+KASAeEK+HM:nEEe4Ez8vYceOM","tlshash":"8fe1b81ea8e33577107722b9a7efa61837255007464ace113e6ccb891f90b781ab1edd","size":7096,"data":"","first_seen":"2026-04-22T12:45:28.122191Z","last_seen":"2026-04-22T21:53:07.912155Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"galabet-mobil-br.com/assets/script.js","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet-mobil-br.com/","date":"2026-04-22T12:45:03.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet-mobil-br.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 17:20:45 GMT","end":"Wed, 17 Jun 2026 17:20:44 GMT"},"fingerprint":{"sha1":"2F:9E:01:AE:B5:4A:E7:C1:00:A0:51:B1:3C:5B:A6:11:86:8A:D0:46","sha256":"B5:AF:D4:F5:B6:BE:58:86:E4:2B:9F:16:74:BE:8F:FD:1B:87:11:71:7A:2B:E8:93:29:19:B8:21:2A:38:77:A0"}}},"request":{"raw":"GET /assets/script.js HTTP/1.1\r\nHost: galabet-mobil-br.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet-mobil-br.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Apr 2026 12:45:03 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Mon, 30 Mar 2026 05:24:51 GMT\r\netag: \"1bb8-64e3711f39f65-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncontent-length: 2137\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: text/javascript\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LcW3hL9wR%2BWPRceA8TGRfld4WhPni50OlTBzbtxU5FSeXaxfS4SikYJkyU3xY7OV8HPVGkKcPNTAbGLV2i03gzAYuyMx0c1NEZINkKB9zfamq%2FnYuRLpYyhtxrq%2BtQg1n%2BVDwkEu9A%3D%3D\"}]}\r\ncf-ray: 9f04b92e8b10569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7096,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"03bba39187635bd1c4f7151ad4a9158c","sha1":"7a22d5200e6282fad6a9030c35ffc46dbe14da94","sha256":"8739abc386339d2af6492292053f84cb5ea2d976e9903174e166e82e8d7caca9","sha512":"76f27682430e8ebce5cfea0e273c135bb3082004d87ff8f142b2b774334663b92a79b4231d06a952473ea37b443fc8298f7c7b7e851c390234f2f2207a4fd97e","ssdeep":"192:nxJjTi/Mu/Mec3MbD/PKGQtvj3Ul+KASAeEK+HM:nEEe4Ez8vYceOM","tlshash":"8fe1b81ea8e33577107722b9a7efa61837255007464ace113e6ccb891f90b781ab1edd","first_seen":"2026-04-22T12:45:28.122191Z","last_seen":"2026-04-22T21:53:07.912155Z","times_seen":3,"resource_available":true,"data":null}},"time_used":482,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":482,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet-mobil-br.com/Example1.png","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet-mobil-br.com/","date":"2026-04-22T12:45:03.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet-mobil-br.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 17:20:45 GMT","end":"Wed, 17 Jun 2026 17:20:44 GMT"},"fingerprint":{"sha1":"2F:9E:01:AE:B5:4A:E7:C1:00:A0:51:B1:3C:5B:A6:11:86:8A:D0:46","sha256":"B5:AF:D4:F5:B6:BE:58:86:E4:2B:9F:16:74:BE:8F:FD:1B:87:11:71:7A:2B:E8:93:29:19:B8:21:2A:38:77:A0"}}},"request":{"raw":"GET /Example1.png HTTP/1.1\r\nHost: galabet-mobil-br.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet-mobil-br.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Apr 2026 12:45:03 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Mon, 30 Mar 2026 05:24:44 GMT\r\netag: \"1b9dc7-64e3711873955\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 1809863\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u6Zwd8ZXlVqjubInlX08TnhTBJXrHKUYM96t5ZbQqmKNiNjzL6rW7v99YzUzCt4t1PxRgSRH6D4UZyq6JG%2BVePCJbDbRoxLmUBXOy1qTEYZ5z9pu%2BwIRlXY9El0MBicY5FSM3mkvOQ%3D%3D\"}]}\r\ncf-ray: 9f04b92e9b12569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1809863,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2818 x 732, 8-bit/color RGBA, non-interlaced","md5":"f4322dfd940dd64975dc6a5b3c6eda9f","sha1":"2c79d43f211ffa373e14953b008c2b7428d15339","sha256":"fab89ccbde0312f34a313dc05ffd217809ca9723872f87d9f2ed8da831cb81b7","sha512":"d76d4b57c3807f1b9a9ff2a21b22b9c7b6c27366a122e630353af72098fb4345f7b564f5986fffc361cadaaf933b70593551c3a5ed162f42b9110e84302d7297","ssdeep":"24576:xMDPK9/movOPavCJMSEXfMsFxRANbEQWl+o:xMDPSvK9EXfjubbAr","tlshash":"b125238274c4eabb0d43ec788d422f857e9b717a12e09b317b0ddef8e60f9615d41629","first_seen":"2026-04-22T12:45:28.123185Z","last_seen":"2026-04-22T21:53:07.913151Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":557,"receive":599,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet-mobil-br.com/Example3.png","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet-mobil-br.com/","date":"2026-04-22T12:45:03.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet-mobil-br.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 17:20:45 GMT","end":"Wed, 17 Jun 2026 17:20:44 GMT"},"fingerprint":{"sha1":"2F:9E:01:AE:B5:4A:E7:C1:00:A0:51:B1:3C:5B:A6:11:86:8A:D0:46","sha256":"B5:AF:D4:F5:B6:BE:58:86:E4:2B:9F:16:74:BE:8F:FD:1B:87:11:71:7A:2B:E8:93:29:19:B8:21:2A:38:77:A0"}}},"request":{"raw":"GET /Example3.png HTTP/1.1\r\nHost: galabet-mobil-br.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet-mobil-br.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Apr 2026 12:45:03 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Mon, 30 Mar 2026 05:24:46 GMT\r\netag: \"154e86-64e3711a252d9\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 1396358\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WIL3ca9mIPWy9wOZZXo6bECCiVSxARum3ftV2RMO9gwo7WWlrRCLXM7WuJ%2BrxT4gVBCJGUuA2LYehCnmQmcCsgWtP41GK6GEqrzqaSOIkUmQJO0vYJAYhFBE6%2Bw%2BkYDl1nPCmOtZ9A%3D%3D\"}]}\r\ncf-ray: 9f04b92e9b14569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1396358,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1732 x 488, 8-bit/color RGBA, non-interlaced","md5":"970d0b56906bb5512cd0505117ca122b","sha1":"c8693f225c16e11545a4365e723eda7e0e340ed2","sha256":"579471557cd1a5dcce1a4499c79bf39880d2e2fc921bd8d1c92b883a4adbe742","sha512":"7e0a88d440f044e49d64ab17f65f220d16acea3de4b1d251f8b951ad6054e13ce90933b852472253b1c8c3c7a4e5fd254aa09adba9776e80d269e2e028bcd8f9","ssdeep":"24576:QfaG+3JEA6bN9t4QgrBcK0sICJx1sPjuFFppU+OnR8yqcWXxS:O+3JEAkX+QgryK7IYFFp2+E8yqlhS","tlshash":"e22533ff5900c4e6c5a49053f4a20e050d7930a7dfe16986bbf4c9b47a86e12dfa347a","first_seen":"2026-04-22T12:45:28.124614Z","last_seen":"2026-04-22T21:53:07.914188Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":541,"receive":1098,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet-mobil-br.com/apple-touch-icon.png","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet-mobil-br.com/","date":"2026-04-22T12:45:04.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet-mobil-br.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 17:20:45 GMT","end":"Wed, 17 Jun 2026 17:20:44 GMT"},"fingerprint":{"sha1":"2F:9E:01:AE:B5:4A:E7:C1:00:A0:51:B1:3C:5B:A6:11:86:8A:D0:46","sha256":"B5:AF:D4:F5:B6:BE:58:86:E4:2B:9F:16:74:BE:8F:FD:1B:87:11:71:7A:2B:E8:93:29:19:B8:21:2A:38:77:A0"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: galabet-mobil-br.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet-mobil-br.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Apr 2026 12:45:07 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Mon, 30 Mar 2026 05:24:42 GMT\r\netag: \"22f0-64e37116e8132\"\r\naccept-ranges: bytes\r\npriority: u=6,i=?0\r\ncontent-length: 8944\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W9UGAz4etzbbNuH2fsxhrnUxqOi%2BBdkYWH0nYFk6GJU1dHzEp9o0BO9qkIvkArfa1Mf%2BNLSS7QhzQtSxmcMRv09LVdnFbrPQZTyECp5wL5yzbXgoEmo%2Fn9vb8VfiyfaUyyt81H5SHg%3D%3D\"}]}\r\ncf-ray: 9f04b935db5f569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8944,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"4fc94c91eaa88426304d749b5b5334e2","sha1":"8883a512cc1773cb09d8dff9e53f92bf6756b9e5","sha256":"a3cb359679e9a2cd4de548e05f56134fd808708fefc6ea93112288d29a402f25","sha512":"37ec28f8c44ad77590604dee0aee3609e98f18fa3970f2dc9a41f0f6c56f275e70b453cf7f1826e85ded4eea2b6a107058d5ca16f55b889ec0cff7a747ed3207","ssdeep":"192:YwCxs0SlfcU4nDXR1X9AeVAxSwJUyEVmFU0TbI388G:YalfcU4nDh1AA7lmJI388G","tlshash":"83029ea8c7b9651def1482f1b5d0a7d0570a9f803847732d7475ac3218daae1b12ff81","first_seen":"2026-04-22T12:45:28.125567Z","last_seen":"2026-04-22T21:53:07.910346Z","times_seen":3,"resource_available":false,"data":null}},"time_used":3723,"timings":{"blocked":19,"dns":0,"connect":0,"send":0,"wait":3704,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet-mobil-br.com/","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T12:44:59.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet-mobil-br.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 17:20:45 GMT","end":"Wed, 17 Jun 2026 17:20:44 GMT"},"fingerprint":{"sha1":"2F:9E:01:AE:B5:4A:E7:C1:00:A0:51:B1:3C:5B:A6:11:86:8A:D0:46","sha256":"B5:AF:D4:F5:B6:BE:58:86:E4:2B:9F:16:74:BE:8F:FD:1B:87:11:71:7A:2B:E8:93:29:19:B8:21:2A:38:77:A0"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: galabet-mobil-br.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 12:45:02 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Mon, 30 Mar 2026 05:24:48 GMT\r\ncf-cache-status: DYNAMIC\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T2Q%2FS1WTRzmEllMCi69B5quIE8wLKMX417OWvKnxrQ50YBjuWnTzG3Q8MFw9EQdwWj3tCuilFUYOU356VwcfdHyO%2BvhH2hVWVEZc7oMmznYcmAMyeu1itd%2FgjWpQJrBn0uAXW3MxIA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9f04b917185b0afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39532,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (481)","md5":"37fae4f39edf8de1dcb921e193962ae8","sha1":"47957571a771bf57e3857140c14daef8fdb6e8ca","sha256":"04de75cdcace0d3df9d8f86a7ba1557d3a9effde79bf2466bec873c463d13adf","sha512":"5b6c810570158ebaea6843943ad8d0d2e1f3c9dd1f8550d2514431b54162c692051b66f71a657ae34b4d6a261dc9708877ca8501a5c29ec72ea0c9a9d84a7f07","ssdeep":"768:M6VIIKJP5fEs3fDiIf2ugQRf+h9SMmJc2lKwpy0gf/7PAE:zVIIKQzSMSc2lKwk0gfLAE","tlshash":"47034231a5f96573039396c2a692ab2b9fd0d107ce4b8601b6bd4fcc5fead91c91320d","first_seen":"2026-04-22T12:45:28.126519Z","last_seen":"2026-04-22T21:53:07.911284Z","times_seen":3,"resource_available":true,"data":null}},"time_used":3615,"timings":{"blocked":32,"dns":15,"connect":1,"send":0,"wait":3551,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet-mobil-br.com/assets/styles.css","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet-mobil-br.com/","date":"2026-04-22T12:45:03.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet-mobil-br.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 17:20:45 GMT","end":"Wed, 17 Jun 2026 17:20:44 GMT"},"fingerprint":{"sha1":"2F:9E:01:AE:B5:4A:E7:C1:00:A0:51:B1:3C:5B:A6:11:86:8A:D0:46","sha256":"B5:AF:D4:F5:B6:BE:58:86:E4:2B:9F:16:74:BE:8F:FD:1B:87:11:71:7A:2B:E8:93:29:19:B8:21:2A:38:77:A0"}}},"request":{"raw":"GET /assets/styles.css HTTP/1.1\r\nHost: galabet-mobil-br.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet-mobil-br.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Apr 2026 12:45:03 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Mon, 30 Mar 2026 05:24:51 GMT\r\netag: \"93f8-64e3711f56486-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncontent-length: 6507\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: text/css\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Lo%2BvHFZFUtwcrX351WzK89kSEs5HfpIjU5WwJBPCkQmZ8D8sY9E3rEgQG%2BD4KQfp%2B9%2Fh5c90LY11%2FfbzddVAZmy4fUauBv3jtzlauZEFIU0XtwplaxnDEvo7DfJeIoqW8arYvHVy2g%3D%3D\"}]}\r\ncf-ray: 9f04b92e8b0f569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37880,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"0e0b6e209af6f2f29e7cc96af193488e","sha1":"c5bb7e4e0992e171df72c52a5158c8213025444a","sha256":"57ab46053fafc1fa3fa18d3caaf734a7a31ffc13a1723ea8dbfc840e7f37709c","sha512":"28ab70c28cff44e063b3216d90281ca0aac70f9d528dda942ce190d3aac80a599292e74f059bc8ee01f52ee59fa6dfe73e9501d0734f32d903d6548b11e7fa28","ssdeep":"768:oQ117moLedL4xFOdF03IqJhWTXmUsLigDPqAwR5:z22edL4xFOdF03LJhWTXnsLi8CAwR5","tlshash":"770330456a309570783be578a7cb9b99336cd042dd0ecd78abe4210c9ec93f86562f8d","first_seen":"2026-04-22T12:45:28.12763Z","last_seen":"2026-04-22T21:53:07.906703Z","times_seen":3,"resource_available":false,"data":null}},"time_used":485,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":485,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet-mobil-br.com/logo.png","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet-mobil-br.com/","date":"2026-04-22T12:45:03.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet-mobil-br.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 17:20:45 GMT","end":"Wed, 17 Jun 2026 17:20:44 GMT"},"fingerprint":{"sha1":"2F:9E:01:AE:B5:4A:E7:C1:00:A0:51:B1:3C:5B:A6:11:86:8A:D0:46","sha256":"B5:AF:D4:F5:B6:BE:58:86:E4:2B:9F:16:74:BE:8F:FD:1B:87:11:71:7A:2B:E8:93:29:19:B8:21:2A:38:77:A0"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: galabet-mobil-br.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet-mobil-br.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Apr 2026 12:45:03 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Mon, 30 Mar 2026 05:24:48 GMT\r\netag: \"31e3-64e3711c674df\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 12771\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GCb2Ih18eZSnII7CmOIWT8N9wix8XafpNmZFouKmj6yZtLD5yE%2FBltK%2FQhfzgGG8tD7EtLQ8aNn%2BeX9Di9lBz84z6LrLYR4FyIEXPl7s%2B5AsHXRTBq2oZSkc%2Bly20qUV6fDlY8J02A%3D%3D\"}]}\r\ncf-ray: 9f04b92e9b11569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12771,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 472 x 114, 8-bit/color RGBA, non-interlaced","md5":"e03557ebb894cf17976f336e91b6f285","sha1":"870741e08cf932c8a425d394d3aa7a8b03c89d4c","sha256":"c34d80ef651ff70f889edb2338750cec7d6487c567b26e80733f28c214ebc026","sha512":"9abe8fc1835e80a343a69b4514664b90a31fdebf0a4c456adfab9b96810f1725a9c69379a66d351693ffb916ab9fbfe742b952a5b7aa878d1d7d4ad2f5235647","ssdeep":"192:W+OYmNOmRU82aVMA5QIMQzhEPKvtwEjQM4fsQfPLpA61UmysVCA4xWkMdT:jOjAR82aGA5QIMnPKveEjQzEQlAFxr+T","tlshash":"e842c090b560523bd84ebf302cd6884bc55f0a44bace1999751f0eda4f7a56b3d33a4c","first_seen":"2026-04-22T12:45:28.128578Z","last_seen":"2026-04-22T21:53:07.907694Z","times_seen":3,"resource_available":false,"data":null}},"time_used":512,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":466,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet-mobil-br.com/Example2.png","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet-mobil-br.com/","date":"2026-04-22T12:45:03.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet-mobil-br.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 17:20:45 GMT","end":"Wed, 17 Jun 2026 17:20:44 GMT"},"fingerprint":{"sha1":"2F:9E:01:AE:B5:4A:E7:C1:00:A0:51:B1:3C:5B:A6:11:86:8A:D0:46","sha256":"B5:AF:D4:F5:B6:BE:58:86:E4:2B:9F:16:74:BE:8F:FD:1B:87:11:71:7A:2B:E8:93:29:19:B8:21:2A:38:77:A0"}}},"request":{"raw":"GET /Example2.png HTTP/1.1\r\nHost: galabet-mobil-br.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet-mobil-br.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Apr 2026 12:45:03 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Mon, 30 Mar 2026 05:24:44 GMT\r\netag: \"74e8e-64e371180a1d4\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 478862\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RKP%2BGfJnDeLQ3fNOwzNaNU99uDUx%2FC4vD%2BLwEpjNzEbQGt6UsKkA%2FTtMfAOxjogx7l2wbviFUb4KCIxfYRiFipEGL20%2FP4pCwfE4LeZJLv4mK9norW%2Bxkjkhpwz5nOrJIuQ1L1yM7Q%3D%3D\"}]}\r\ncf-ray: 9f04b92e9b13569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":478862,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1122 x 422, 8-bit/color RGBA, non-interlaced","md5":"1f055a5223f6cc7064244f73bfd71041","sha1":"d0ab7d36a6720420f83490cbde8165835e8c9ec8","sha256":"7446df66b7000f3780dfda611536827c981d66dc42f779f32d5c3ebc686115b4","sha512":"287bdcd4d5bdfac1edd1e8b90ae806c481799518b372b9a38420032ca9f792f58cec4e61b290493a74b39d7763be0ab5ede34c39b9edfc91028bbd10e20cfd0b","ssdeep":"12288:gllOQnZw7/ijAADN9lrbUwuBWsnkqtDlOOYxUlbFD7ul:IQQZu12rbEXnkmlOOKUbl7ul","tlshash":"88a423746f483af7424ced48c6e3e8ea0427add65fa23549d831c1db5ab03cea188d17","first_seen":"2026-04-22T12:45:28.129555Z","last_seen":"2026-04-22T21:53:07.90894Z","times_seen":3,"resource_available":false,"data":null}},"time_used":837,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":558,"receive":279,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet-mobil-br.com/Example4.png","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet-mobil-br.com/","date":"2026-04-22T12:45:03.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet-mobil-br.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 17:20:45 GMT","end":"Wed, 17 Jun 2026 17:20:44 GMT"},"fingerprint":{"sha1":"2F:9E:01:AE:B5:4A:E7:C1:00:A0:51:B1:3C:5B:A6:11:86:8A:D0:46","sha256":"B5:AF:D4:F5:B6:BE:58:86:E4:2B:9F:16:74:BE:8F:FD:1B:87:11:71:7A:2B:E8:93:29:19:B8:21:2A:38:77:A0"}}},"request":{"raw":"GET /Example4.png HTTP/1.1\r\nHost: galabet-mobil-br.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet-mobil-br.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Apr 2026 12:45:03 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Mon, 30 Mar 2026 05:24:47 GMT\r\netag: \"3720f3-64e3711b6677c\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 3612915\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tUJqSNWlxRX9BUJGPFJa1pOCKTNmZgL0SqJnOQrqetgME8rpHwcG3e2c8w7EZxCh2tJ5m%2FFLfgy%2BpbFaWEXOHTW5%2FlckkxGJwieA4rDckZkAB3gux3RCkrZLfdhpr3RjTS3wBAo1AA%3D%3D\"}]}\r\ncf-ray: 9f04b92e9b15569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3612915,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2798 x 822, 8-bit/color RGBA, non-interlaced","md5":"35cf9195f1f2086366796c72093055f9","sha1":"3037f0e4213c0e9050bfbbde9e07176edcd75197","sha256":"1d96ce14c93a42069e8f11dad9c08edd727bef6e9d4ad0aaf01630edb48fbc62","sha512":"8dd92bd240662d5a624736b3b099bc077523204f0393ab498a109419041b4343bee33a03b1363f1412ae488f305f1caae93a1b9333e7032a7a04ff9517535e1d","ssdeep":"24576:0oYT1FCLHvva4GU8aEHcx2ROSFqnQhXV+9V2Ocq:QTOXaRUkHMHSFqnaV+9VT5","tlshash":"632533ac1656df32e77fcc7079473004baf76af8e5aa60509a38401de195df018a87eb","first_seen":"2026-04-22T12:45:28.130875Z","last_seen":"2026-04-22T21:53:07.909475Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1469,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":596,"receive":873,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet-mobil-br.com/favicon.svg","fqdn":"galabet-mobil-br.com","domain":"galabet-mobil-br.com","tld":"com"},"ip":{"addr":"172.67.196.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet-mobil-br.com/","date":"2026-04-22T12:45:04.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet-mobil-br.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 17:20:45 GMT","end":"Wed, 17 Jun 2026 17:20:44 GMT"},"fingerprint":{"sha1":"2F:9E:01:AE:B5:4A:E7:C1:00:A0:51:B1:3C:5B:A6:11:86:8A:D0:46","sha256":"B5:AF:D4:F5:B6:BE:58:86:E4:2B:9F:16:74:BE:8F:FD:1B:87:11:71:7A:2B:E8:93:29:19:B8:21:2A:38:77:A0"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: galabet-mobil-br.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet-mobil-br.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Apr 2026 12:45:04 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Mon, 30 Mar 2026 05:24:48 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A8sOF0t2c3wUWPtzlCra2Y7rBO424ENlI12NAmxKH6Mcu5KI%2BqV4DvYcNAPXQ6UUTxz6UhPWUBC05a%2FuEg8bVMu0eOfpsJruj8mucSCxs%2F1dX%2B%2FoYEeMq%2FScZq6OOpOVlCeM1HshiA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\netag: W/\"32ca-64e3711bd5cbd\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: 9f04b935db60569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13002,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"75e8a143806ccd3d2f9371645f24b5b0","sha1":"39593ba0424068611406ee09f90ae70600f6643f","sha256":"74dcd60e8873856cffa2f4f77d3003a7f1e452bb0115b3412fcb1c20d08a9dba","sha512":"055b408fd7811d1969180a753eb503afe92d8db23823f5cacc820e195db4746750cc1a4ed7bf93e732ff45d1592a6ca2cd3d80a4a66de9e0ca74a7188fa7cb7d","ssdeep":"384:jaGthiUGQt64/enf8T1E2kA0M1IPAskUsJ8:+GthiIEVfalkdMok78","tlshash":"9e42bfd4012bf440b2e18c13a3aa548dd9172e4ee8b8fce2e9d1664657f6bc35de285c","first_seen":"2026-04-22T12:45:28.131879Z","last_seen":"2026-04-22T21:53:07.904806Z","times_seen":3,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":17,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"galabet-mobil-br.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}