{"report_id":"4927c81e-9b46-465d-b8f6-dea44cb283e8","version":6,"status":"done","tags":[],"date":"2026-04-30T14:28:40Z","url":{"schema":"http","addr":"galabet1o61.com","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":0,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"galabet1o61.com/en/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"title":"Galabet Giriş","dom":{"size":41038,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (13292)","md5":"7080099bb1a5be429138b84e5dbb0bb0","sha1":"60be01ab9c92a7dc40879659ecf1fe72a43f68e3","sha256":"bb30223c51502065bc0370620c7654a37eac21da452edc7d6b9d8bfb70a07ced","sha512":"bf1fe8e49cb1c2a2374c9614904357cd4a7c7df77da0a16d74a41307e1c291ac81a298f906034df0c445191f54610d064ca57cbe168e633e4f341ddd3c3f94f3","ssdeep":"768:XmiVD8l6U/egXpFD0YQNxAYQ0YQMxt9pzDA20suWdm:26cXe4p50lNBQ3QyDzU2Zud","tlshash":"f803c8257471a0371323659ab293eb4db6a2920bce06dce076fc83955fc1fe28d62cd5","dom_hash":"domhash38e663fe5675ba80c64434bbb9b672e4","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"galabet1o61.com","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":0,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-04T14:28:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":7}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"yatirim.galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"yatirim.galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"yatirim.galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"yatirim.galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"yatirim.galabet1o61.com","ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":1,"received_data":15274,"sent_data":418,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"galabet1o61.com","ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":396,"request_count":132,"received_data":9395349,"sent_data":62305,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2026-04-26T22:44:19.904703Z","alert_count":0,"request_count":1,"received_data":31542,"sent_data":508,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"icons.cmsbetconstruct.com","ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"domain_registered":"2016-02-17","domain_rank":0,"first_seen":"2025-10-15T16:07:15.492078Z","last_seen":"2026-04-22T17:17:27.658647Z","alert_count":0,"request_count":22,"received_data":3579661,"sent_data":11227,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]},{"fqdn":"go.cmsbetconstruct.com","ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"domain_registered":"2016-02-17","domain_rank":830446,"first_seen":"2023-05-22T12:44:49Z","last_seen":"2026-04-23T23:36:45.431766Z","alert_count":0,"request_count":17,"received_data":13122,"sent_data":9244,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.galabet1071.com","ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"domain_registered":"2024-04-26","domain_rank":0,"first_seen":"2026-04-30T14:28:46.083965Z","last_seen":"2026-04-30T14:28:46.083965Z","alert_count":0,"request_count":1,"received_data":8907,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"embed.tawk.to","ip":{"addr":"172.66.161.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":52083,"first_seen":"2014-03-19T21:03:49Z","last_seen":"2026-04-27T04:19:29.074447Z","alert_count":0,"request_count":2,"received_data":938,"sent_data":932,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"geoapi2.bcapps.org","ip":{"addr":"185.162.230.7","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"domain_registered":"2019-01-31","domain_rank":1722879,"first_seen":"2022-12-18T09:36:24Z","last_seen":"2026-04-26T01:10:33.356621Z","alert_count":0,"request_count":1,"received_data":912,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"galabet1o61.com/assets/index-D196OAK0.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"ba6c4b13fec117339338806bd8727b3e","sha1":"f03983d57d61f126ae18a3678696ac81b28ca639","sha256":"418c601ab73d36439b0fec2d2563c29a092ff0e7b51f53a2024e7e83817789df","sha512":"e193d91c7d47cf3002785d831ab125fdedc11ab8a4cf842a7e4e306e85e7a64e4a49fb6c406340b2d1acfb78499b88a38f5e2f078eea5bf9bc22a3ef2e61ea3b","ssdeep":"","tlshash":"165142c7a042d6b8bfe708e6429b10b070374d5cfe1f449092be58964998792e35bf4d","size":2923,"data":"","first_seen":"2026-04-21T19:21:57.913144Z","last_seen":"2026-04-30T14:34:08.172281Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/jackpot-jNbP6Duk.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"c4e89512f1192d8bdeb452c2cce992bc","sha1":"1d30070e7d0ed0838dbae22c81c41430fb3d0d45","sha256":"4a7f2a8747580d38cb522b361b5cc73a8ebcdb6690f3f8d92d7dded5be8a36fd","sha512":"b548c62816c00d3df156b43a8e608d5d7de55931f121ecfda4e7296e5cd65208ffaf60871ba3b035cd43b5e2aae82b0965329a8c9b5a0821de5a23fbdbc12626","ssdeep":"","tlshash":"00e068eed8c08dfb967007552bb018840e2416ca101ec9e4be2672611800b8828f8239","size":376,"data":"","first_seen":"2026-02-24T14:23:51.255604Z","last_seen":"2026-04-30T14:34:08.170604Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoJackpotPools-oN0RIPj0.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"41f2a9242ff28544ed90865c5d55bbb0","sha1":"46cbd29f346d48e10efe5e62b2cfeca5a21101b6","sha256":"7212413eba593159f4cb7bee4878a6d9a29e59601692b06d2a4e2e22da973489","sha512":"421034b5fbcba83b2becd9d4db843158930e569c7f94b37ec1e06e0848580243275c66743d5a5f0193fcf9a3e19686b6a1bcf9674eb277f4b182bfc7c7fd103a","ssdeep":"","tlshash":"f4110b8bf02ae2f8d5dc08e080a4925b073e2f38f65042c0009c1a2d96b280af639b82","size":940,"data":"","first_seen":"2026-04-21T19:21:57.925952Z","last_seen":"2026-04-30T14:34:08.15753Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/JackpotPoolsWidgetContainer-BUz-kRPc.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"200156b951fe19857aa86cb0a7ee6b0f","sha1":"39e1e8a543e1612729e40f7178c0faff1985af3b","sha256":"c21b95a0ef76795569251a8da29e6ac5051d5b4664b6f67c9b46e8e2cb424955","sha512":"78519983072a6fda149d18a720560095e8b0f3f3b7638e2d379798cb95b6c4f7423caa6d6eacdc2023c9dd1ae26e6c63784d204b07757a67195ec32d09213bcf","ssdeep":"96:k0ao/CpTBeLzTGNlTw6YakmD7+oAtPeY8ORtTzk:k0pBME6E4yoAdPPzk","tlshash":"07817417e01ab3fce8ec04e3502f910e367e0bfdd75605e8d0ae05240abd859f259b8a","size":4122,"data":"","first_seen":"2026-04-21T19:21:57.910322Z","last_seen":"2026-04-30T14:34:08.122735Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/HorizontalNavigationListItem-DfugXUII.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"76ef23c84a3020dcf23be998eb3a43c9","sha1":"7ae572ca5ea51b229dbe114c114cae95819acece","sha256":"d808fa2e9952261123ab59b99bfe927d8f9eeb53ad7cc6b6dbec885d82da78c7","sha512":"1ff802c36b548d0554d1eba0ada6740e4c0a4702fbf627512573aef64eb8677b89417a070f75baa819e15ecf39de999110d0da889bb03f01c24dbf642c6108d2","ssdeep":"","tlshash":"ad01ce12f404dbbc9a2b48dc9b4e6045b2564affdf382ce1a0f4e0011a384467a47fcd","size":835,"data":"","first_seen":"2026-04-21T19:21:58.095964Z","last_seen":"2026-04-30T14:34:08.14523Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"64eda2185a5ff2799c5ae9f0d85dcf6d","sha1":"f458661a1d6bd37318bb439299cc5b0589413110","sha256":"4bd2e374a15591721b9040ba64af8f2059a63d5f1f93c6ea6629c8e29d1091fb","sha512":"56f14e941fc647b0ecb2bbb975e4be897b6ae90f47c128d950e90bdcd80dbfd606b39bfcc3e0437671da551c549b8ff223c11c786ff6b5b20be2ed1598a77029","ssdeep":"","tlshash":"52f002bb182021295c9514c7740e1688e0722a5bbd2729b3543344053468f8b2b6ab5d","size":603,"data":"","first_seen":"2026-04-21T12:24:49.109122Z","last_seen":"2026-04-30T19:32:30.01583Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"373072aca5304373c071e10d63f48096","sha1":"29dbf32da216c99168f8ace6b22644f580c3bd33","sha256":"bbf0d22991ee5f94e71c7c11f288b7fc3f9a20191ce7f878c66c659b9914e0e0","sha512":"20a3e91694e98efb387f682cca582397950242fe365121221daf745782b8a0cf0cc096aa9ef4c26f724d3bd431a557ce82c7a5c039ec83eb8802601768bd1a80","ssdeep":"","tlshash":"f8017ba8b31dcc3b4a507bd755aaf385aabc1704ee40d08b350ace39d935f66110b5c4","size":714,"data":"","first_seen":"2026-04-30T14:28:53.804905Z","last_seen":"2026-04-30T14:34:08.181891Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1767336940c3693a0c6153e3765d9de","sha1":"cada4b403b320b5c2bfac543aa539e6a3038a1e6","sha256":"0315513595026ec36abdf2313e866a7909c453153b1940c5bf41e8d91c70e2ad","sha512":"5b3ff7597f573a44da049484c31e3e37924e12c5c0cd381bc8e190a787273117e1e9aadc84020946e691d5ed40bd6451975af971db128f9af5eee46a5e56c20c","ssdeep":"","tlshash":"7231be9938f3b06262a5707c5f6b40193136e407310ec8c9b7cc83a41f96029cbb6aca","size":1525,"data":"","first_seen":"2026-02-27T17:22:48.008337Z","last_seen":"2026-04-30T14:34:08.182518Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d055a2ae1b9c781633d3ca5523a55c6","sha1":"93b9a43593718caa4455a11f74b742be4e5270ba","sha256":"3bc9fd84e2215dc467ce5a4ed123c340a250a26f04a80e74b3521db9ba35d811","sha512":"cb00951c5c9ee2e78daf193b8addc4d83a722fc152304bbf7bc48310e89c6f0d790afdc8b9ae578c9384d8495eda01ae63f5cf6ec5f69edd1351530a8839a280","ssdeep":"","tlshash":"cf017b3fb5b6802083734846f267b646bd19370b394ae82733fdd6699fc0e0194b1598","size":713,"data":"","first_seen":"2026-04-30T14:28:53.807246Z","last_seen":"2026-04-30T14:34:08.183123Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/AppSettingsButton-DUXAWyLU.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a07633067575a8dc53d7bc1c397474d","sha1":"3f3e6c897d1266a2641250532c35711dc023409d","sha256":"0eb6fe5f84292764ee6ddc520ac8a621677f95eef27321f805066e6a56817fa6","sha512":"26562ec92bfca072c892b81b3cf9e90d8a3fc9f09c0f8a9030cf7a7994ebb3b94147d3af01d0e77eefde181a35448ad00767dc959e73db6dc8c2151a3c5a21fc","ssdeep":"","tlshash":"c9e0c0879081d3fe03d12ec1d60bc1053d166c7cc788a91240acb4617af41c6855f72b","size":385,"data":"","first_seen":"2026-04-21T19:21:58.001672Z","last_seen":"2026-04-30T14:34:08.163162Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/Tooltip-BHyVkt4V.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"ef479b7b5a28d1dd3085ff575bd01537","sha1":"d94cba56d882dce9a3c1e87f0a855910b394b2fc","sha256":"37e25536831727fe84835863adcbe4f4be728bac00acfc7823b91e844c63b822","sha512":"dd008966ad30c654e04c9626e997a20f7f788f5aa4b35552f0048e792354373d3bb5d655148e1f7668f1490ff2b61c334e1ae6d161539dc578ed6799e8283355","ssdeep":"","tlshash":"2601f656e032fbf4e17754da142d956d7153366c7e2f58f06038058f0ae4984d317b8a","size":820,"data":"","first_seen":"2026-04-21T19:21:57.923659Z","last_seen":"2026-04-30T14:34:08.167922Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/getLiveGameAdditionalInfo-1e_kccjA.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"9bb57f8ed3bf0092c1d9d7726e2c56f6","sha1":"9c7c2f10e4570ceef35878e0eb9f99034f4022bc","sha256":"999096f879252dbaccdbd4336531a29fd06f07b149c980ba1023451b1f2de803","sha512":"e97d70832bb7e44c063eb2296db51a9e828f695b7fcc8df723f934f9531b3dcacf05d475de8fc9a3dacb8399bb30a53484eaa560b0402b90ce27c48d9aa0f538","ssdeep":"","tlshash":"4c2144b2706d92bfe5c94c9457b01b31a2b1ba09380445ccbb3cc91928774c4a7e2039","size":1150,"data":"","first_seen":"2026-04-21T19:21:58.05787Z","last_seen":"2026-04-30T14:34:08.123783Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"e826a643f7ed728c6d270851dacce0c9","sha1":"f7957e32b00bfe82919f1a0d537a2fc84ac53170","sha256":"51f277b40c7ed5ce588ab0d4a7b53337b412d42adb87b298c52bbf809a597ce5","sha512":"3d3ac18f3e1c3103c6bb16ef8455f7cbb2b685bfa3f327a5f0b142e372b00a0d9e24c453bc6b210bbbcc71c8d7330922117dd020953f9b456c4358ef70e869df","ssdeep":"","tlshash":"8501f42c1291443e513774ba8d6fb345b63901172c08edc6fcac4d45ff54b2929a6fc8","size":756,"data":"","first_seen":"2026-04-30T14:28:53.808377Z","last_seen":"2026-04-30T14:34:08.183726Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/firebase-messaging-sw.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"44b92a7d10cb0970ced5798c2eb1b8ac","sha1":"819f60615624f025d1256efc408d8e576a909c7b","sha256":"a87215bfd90d96fb55335ce2b2411f38074588149c9e896505cb10b250e17e1e","sha512":"75c55da9e8afbd96b6219292c91fb88e01c15d20bafc974028763227220aa042f4b761895d44b0394baae53c225e9b0c109d2eca333aad6b382951a60448e8fe","ssdeep":"","tlshash":"5121cb124be2f8231e4104c7679f32186e290d2507b0f1de61bf56b86b0a57b206bbc5","size":1125,"data":"","first_seen":"2025-12-24T22:39:16.149326Z","last_seen":"2026-04-30T14:34:08.162701Z","times_seen":71,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/FavoriteGamesButton-Bxkpo1Wf.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"d6b5f57863a996d61fadccd2e93cfba5","sha1":"9e8bde58db1b6908863cb8d830d1bf20c527088c","sha256":"127cb14f655ee71ccc244d198580bce314386d9955ec14858a368a6ee15b17c3","sha512":"85afeb40140f71dceb17cc44bc5e5a921b973d5b790176d8d60259736260012b731a2676976afbec92013d0fd0446f77fed9adab81f6f98be08d45170ec925e4","ssdeep":"","tlshash":"92e0a34ad048d2f927421a902607c0142826a47cd79cf49040ce18543d71457891e92f","size":427,"data":"","first_seen":"2026-04-21T19:21:58.079589Z","last_seen":"2026-04-30T14:34:08.137859Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/PromotedProductsWidget-BmBBmXho.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"db57e1ae095fafa8eed311f2e263a9e1","sha1":"80ec5e717c8cbb44c7c4f387f6d112ad1d7969bd","sha256":"0885b61e7aa138a5b2aa9d4a32e2583c426aa8fa88c6d31eaa7c4cf782190ee2","sha512":"33c6d7a5d02e9799c92ace848a2c68f2f1f14154873a9d0d2e8c34069601a2552ed769548e05c4dbf00f5a201f1865352a0b39729a5ef4542f45aa78087801b5","ssdeep":"","tlshash":"7e4169c3d934a279f23e5cec114550c838257d18d965587150b77c1a913d816bb57ffc","size":2120,"data":"","first_seen":"2026-04-21T19:21:57.954388Z","last_seen":"2026-04-30T14:34:08.127455Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/useNotificationsProvider-D7YdiWNv.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"4b59975cb3f573d927a72fca9ebb77a0","sha1":"4420182d5a5f09b068a833545a7191b12bd78c04","sha256":"613811a56eeb8269fcf1d75ed126d79f68cd7a18cb6f52e493ac8d2c88392d18","sha512":"6ebe3d9a12dd505c569c8e004db35b8ab73b7d7fc8b22be5779470f6b3c523c3ea0d685a0136c7d6d0bc8865a386a1cad64f3b09f1ec45d90731d2aa853446a6","ssdeep":"","tlshash":"a4b01123288003f022020cec0220a82a0a30083c3ba28ae00228a20c22ea08a830fe0a","size":92,"data":"","first_seen":"2026-04-21T19:21:58.01625Z","last_seen":"2026-04-30T14:34:08.155343Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/FeaturedGames-CW2_S--l.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"f8b8d127944eda40e7ea9f4a712f8ddc","sha1":"0c75d6400577a2af534a1683de8090c5249daea1","sha256":"18d8b3cedb9050e048a70b1412ce358569b258a10df59218915088ec26c0fa24","sha512":"857953dd10632d3c885574e06dc65a427bec2e86cf54351cc03f876db36494016aae5551c54d9abfc8976de4720c10a436ca91f3171786816d755e1a7e2bf54f","ssdeep":"192:RE/TM3f6HEEUD+Z9y7NaoihCWOJLwL4BflgayjPi:i7MyHE2ZA7NaDh6gaCa","tlshash":"a9f1f90ae010ba7de57b45eb757f6108f87a0ad0e7190890d07f6d2919e9246733ef8b","size":7902,"data":"","first_seen":"2026-04-21T19:21:57.961775Z","last_seen":"2026-04-30T14:34:08.136896Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoJackpot-CNQNWl4L.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"1ee7513f5ccf2152df64431bc51c25e1","sha1":"480641ff449338e8210415d8dc5c9be50043b147","sha256":"5416f1ce3c21383b1b70d863005dc0c3cfc51d3b19ea03a1c430bf8d3ae1902d","sha512":"a712c2bca2e0c333d86faabd0d4101838dabdd4511399fb14ccba775aaa6fa263a23815cb2f32d72eead594ffb25b1f6ca8ce5d1394900a27ecb3d09d2a30310","ssdeep":"384:VWm6srKqqF3EjFOFEGOpOpeHMtGRxeG/PcyKx29boP8FJdr:VWmB7CEGOpyts/U2bdr","tlshash":"b4525d05f012b7edbca954f7487ee0287a5e1aa9c71808bcd1bd6c313d2c855760b7ac","size":14339,"data":"","first_seen":"2026-04-21T19:21:57.97338Z","last_seen":"2026-04-30T14:34:08.138458Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f67ea9205c3ca7c9e04582d3b9bdd1d","sha1":"d3b68ad3eb88d3db3d843211d4905143c3bff281","sha256":"4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4","sha512":"f034bbae022b026821045c28393ba371fe83f6b5ef1fcc66f0943525ad3587d417f04cd795d8accee7d86b82057ca74b50a4d3ae74855cb0e4504393ad943c42","ssdeep":"384:BXi1f+hZCIy1f84QDRuT9WKw00QmLnivMt+BERzR0c744BKJKe0620vFjOkcXo9g:+V584QlIrw6OPIJJtFjj09N","tlshash":"bce218eeb591b13603f7a072447f210b733ab56264494408e21bd6c22c78eeed257fad","size":31169,"data":"","first_seen":"2026-02-19T19:35:51.221473Z","last_seen":"2026-04-30T19:36:09.822971Z","times_seen":55514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/BetslipButton-q9-vX9A1.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"64dae9572943c6f805f83f8dad656d16","sha1":"bf81ef0b995fe85da718f7b2a3aa66af6586a80b","sha256":"c796c123af7f3731cca63889ca4d5c06dc0a758a778e5fcb402dd71e370cc5cc","sha512":"e422ab768ef675f4e78201dc1228210adace1de7eecef18376540f00bba4712e76385b3411b53b0a1a5137c84d6832ee8c4e637129b64ef64db2669bc6c74ccd","ssdeep":"","tlshash":"0be0f186c848c3fe07461d81320ac101382255bca344f5d280ee7c557e7458acc1fa2f","size":418,"data":"","first_seen":"2026-04-21T19:21:57.957253Z","last_seen":"2026-04-30T14:34:08.117208Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/InformativeWidget-DHYaBHsY.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"60fbcffeae3ed82e3c9e9d890c4641c5","sha1":"b322b3135db394bf8baf54b1975d41d928086f7b","sha256":"abb08e3ef3875fce677fe9c6eafd3a2f84ba9ed70d80c26811812d0b7f53a50f","sha512":"3e849905db3011903c7f03792daafc052757ad1396870d5ea6f389586f4870374e369dcfa92d1bc71b10b3d7a20f720f5b2ba377774cb524e74f4fbded0b6a19","ssdeep":"","tlshash":"e1117586f594d5bef0390dc44256d0946a212ee4cf38e4e999b5340ca87410bb7dbbbc","size":1087,"data":"","first_seen":"2026-04-21T19:21:57.953543Z","last_seen":"2026-04-30T14:34:08.122224Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/SmartMarketEvent-B7WtyuM0.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"e5f7f6f8087e9e7aebb653a2b2644251","sha1":"39b424ba2bf65463cbb476211c0bed629c7f8a40","sha256":"4dcdb15231b668cd76f3eff25b1aca409eff56252a0f7da334334d1287a295b2","sha512":"4bb811566e18e5e1ba25aafe78ec695948ba97fbff53298fe5310941d5a5f848b133f795344f1be6975fd935488d914ca12a54ba497a7844e2350975993f23f5","ssdeep":"","tlshash":"e611e3e6d440323e0671c8bdd1109b41415c13d7cb200269e58b86f573fd0fda34ee59","size":915,"data":"","first_seen":"2026-04-21T19:21:57.930382Z","last_seen":"2026-04-30T14:34:08.1447Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/gameDataProcessing-DwOfc3Uj.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"53ebeaf971c899fd44d4d957f8aa222b","sha1":"12308f2d893503d172f506dc33db250d64c1c55b","sha256":"36087e7e2873d250e6d01a117a73af32798a97eebe9ec5a4ed1ff4fd06214a57","sha512":"1d26a6cf1dd7a23b5cb6fbdba17513b51cd99eaad03c7079b96f1ab22f78caa39b442109a694e0f76172ccfb7f0da04d61f1d4369ea3886a7f0ff4be3aefe59a","ssdeep":"384:lwphrrZxhxlVz12awqhvTXDsB4Pzenac0aoK4A1n1:lCptXDe8Q5X1n1","tlshash":"f172750b8a024c12c97e4639c0ae15f1b9781b32e8b8cdd11a655c7bfb5fa5b31e1738","size":17258,"data":"","first_seen":"2026-04-21T19:21:58.080806Z","last_seen":"2026-04-30T14:34:08.125114Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"89e52d7776c1b49f8209c5a13155d942","sha1":"94329405640b2e4b8109dd360a89d6c06d8d00e3","sha256":"d502f0c328d0eed7b0583f05298323ee5a95d68a82d40ec1fddb0dc6169d7b81","sha512":"574fd603dce6e9f43821b40deab84f7ef8405ec12636c294da94f86291a6da5699cf1156e67f1a822345a70e1a7b9e678f4aef245b86bdc949853e899741383a","ssdeep":"","tlshash":"f6218e7534f1603a2233943f562f732ab93941563141ad693ecc5e095fe0e6936e1ad4","size":1367,"data":"","first_seen":"2026-04-30T14:28:53.809478Z","last_seen":"2026-04-30T14:34:08.18529Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/index-Ds8oq4WI.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"4062e49ba7f7fdbbf541d52e28ba6aed","sha1":"239669e952003d06fb107dff3e2982151f937667","sha256":"fe8b1ba961b373ec12e50a79ecba253f7c4d377ea708182fa245d4fc487b87d0","sha512":"c1839564f6a91900933da309088697f0aa147cd14dbbe5f960eee2a223f143ddce4c8c8b9c5a8f60f862a3fb98bf6de5669f77bfc1c18185d020ec7b110feb2c","ssdeep":"24576:V2175NVDD95cW5njLk1xROPFl2E1j3q5lZ78v8YCCia6cMgfG8:U175NVDD95cW5njLk1xROPFl2E1j3q5i","tlshash":"62358d85b049b97997b709e560af1106b1391e00f40cc860f57cddad29bd849a2bbffe","size":1143025,"data":"","first_seen":"2026-04-21T19:21:58.233382Z","last_seen":"2026-04-30T14:34:08.184517Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/usePriceChange-PEKvXa4R.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"da698c814cc47cfba0ef62b64ddcaab1","sha1":"12af8dd437172d3017115503f6095a590bef56c7","sha256":"5a3150db0638b55bd14194e3c172a0d5c294b11e4a86b778fb5d83124a98f2d5","sha512":"2c5c18ae24d55a86668c91393684dd17c4818a46bb4ffa6efd1da6bcfa5e2aac0a103e5aa867502978d9d825819da56ab62bd79954ff429014c14dc485f62b10","ssdeep":"","tlshash":"45f05cbd24901827545f0cc4c2a485571fd126e96bbdc31eb230c82d375c9af066ff6a","size":470,"data":"","first_seen":"2026-04-21T19:21:57.945823Z","last_seen":"2026-04-30T14:34:08.127942Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoGame-Y0qcIyXb.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"123e20cc03db3b6cdfd472250e18099b","sha1":"f7290676869df4f1564e719b57bdeb2213c1d8f7","sha256":"0474793e4b1ef9debe89e0ba81fb735db9abe7f787b052e86a9d25091d60e0de","sha512":"62b7275430e9b5ef5be15842460b0cf6aa686cfafb9505f6e353a18d6dd90a387276015db73c280fbb75cff48f26e893571eb80ec9d28b19b0f370aee13b9e53","ssdeep":"96:jZbpMPeMp8TE3NsZzDuoaiLNjx20ZZ9LsAyZOHasrvayHGvHvsmxIfItu:lb+PeEL3NYDJyYYAJfRmxIfItu","tlshash":"83c1b705e064ebbcb83a4cc9983f102474192fd5df298565e47da839317c11eb223b9f","size":5937,"data":"","first_seen":"2026-04-26T13:23:37.870315Z","last_seen":"2026-04-30T14:34:08.132081Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"7315775e14babe01e0fec2b19b86cc17","sha1":"6439d3e9895670dbdc57f4c7fcc7289b01c183cd","sha256":"124b719bada68ff91158d17ec0e65ac649678e1e993eaa99eea7100629642277","sha512":"91ef9c788a1e5068df3f2e6855212ec24ef8877f94f8dc70891eebf634472eee549e67ae4b7dc2713bf5a35a961762132d676971aaa927dcba2fd8d68c69df95","ssdeep":"","tlshash":"9321a01538f2203b453b942ea96b533d3d3a484335039d7d3e8c570a9f90db5a6d59ec","size":1352,"data":"","first_seen":"2026-04-30T14:28:53.811696Z","last_seen":"2026-04-30T14:34:08.186275Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"2f2b13651d9bdd0c850d495ea42bc9c3","sha1":"80a99b5f3a30be245ce53426362bde564a2eb537","sha256":"6e75094c383e04b7d804545c685908b7be23c2b358d68ab1da30a3527373e761","sha512":"fd949d62c1db5aa17a05cc9d6602501e2647e95b10cf1e86fc72d453b01c747ba51b9fd74291565c8ef6078747028ef05c2a47520febd2ed23aaa4f6446fd42f","ssdeep":"","tlshash":"2561fe993ebb3135156f5b7be66b8b8e76214007a0018c28787c52846fede721cf6ad4","size":3348,"data":"","first_seen":"2026-04-30T14:28:53.812791Z","last_seen":"2026-04-30T14:34:08.186862Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/lodash-CcEN8nAa.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"e53918cd15db0c036840a85302fffec4","sha1":"5acc494c146512d2a50960b4b330187d8f4ec1ab","sha256":"9945ca9976147e8741275c9065d17acee464bbb6a0eedf698585dd0150b6ead3","sha512":"50bca0b5b01773789b42723fd097f8d0114a694b6921ae5197f1c3d54ede439a7d1d121da65f2d631d74cc39e3698e7c9c3094e833d5dbde06c2378c991c230d","ssdeep":"3072:d/srcqn2yy41XoZhdu6oBM0hc8Uyxu0GMs:d/srp2nZ6/fayx0v","tlshash":"54f390c835d7f4a283a7287440bf084ff23dad65a84cc550e1aae0dd7db89198277e6d","size":165237,"data":"","first_seen":"2026-04-21T19:21:58.024455Z","last_seen":"2026-04-30T14:34:08.120053Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yatirim.galabet1o61.com/main.js","fqdn":"yatirim.galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"7e71a38b0363fae39c2e501cb4c8f5e3","sha1":"6db2ec49a50af45ac1e4991d97c678c62addff54","sha256":"86357bbe38cf1a60463f674b861ceb05f18a3f341dfdc792d5aaada12f6e9445","sha512":"57a21f6666046c45077c43f48b7223d436bfcc688cb92dbffd79aa3214258db061b7a75adfa1e0bc5ffa6c59feaed4ba9e197c975ff61d2bac684c5a27b71e22","ssdeep":"192:/Wxx+O4/UBA80xDeD6n65sQyfRpbtVd3RSY3qh:uxxR4/UWZeF5p0fbH4h","tlshash":"0a6284681c2600354132e3fe9bd75205e7bb62276501d2957ead87003fb4b1943aefee","size":14996,"data":"","first_seen":"2026-03-12T21:32:59.72705Z","last_seen":"2026-04-30T14:34:08.171698Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/StatisticsOnHoverContainer-Du7jPvbE.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"41d9a290f41eed73e148a2655c229e49","sha1":"166555723cb35f8f7a527693e1fbf0baa38f182f","sha256":"cfd0f488e09c4a4d87560ed5ba1e70ad4583c704200bbc32dc2917d4e91a6cd0","sha512":"9ccc41e432ef2f2817dbbcff3e3dd4ff0be5a244fdc3a04d2f2153244a51e7805f44e0cea1eb6fdc01c583ceef5ecd19af56f3419a64fa27013c7d92179a01c4","ssdeep":"192:FRn2zkXAsarXDxLwxGEE0D9AOgzmKj/e0R:XBParTxLwxGEphAdzmKj2q","tlshash":"6c12526c158e5f69f41a8240b5202e35bb3a3877958d66f8bebc441fd3ce444bb9cb18","size":9780,"data":"","first_seen":"2026-04-21T19:21:58.110752Z","last_seen":"2026-04-30T14:34:08.175918Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/JourneyAdviser-ZLeRKwPS.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"6536542721f94dc5131c6a3c0cd90007","sha1":"84fd6db1b573623b3a88733866203b40f5703ca0","sha256":"6b515ac72b2761c5bc901246cdfdfdebf620ac64fecbeacb69577fefb47648ae","sha512":"745d0da77d6fd5c7d54a28bb6b43fd66536f55c00b4b1999f99abd1436f98d155019d2c142a6925915097c5d7398fca6fba35ae3f7522d75f96eb7087bc37b7b","ssdeep":"","tlshash":"6f01cbc5e088e7fd99670889637e40213019aeb9d639e4e980bc39606b3d44ae50fb8d","size":705,"data":"","first_seen":"2026-04-26T13:23:37.917553Z","last_seen":"2026-04-30T14:34:08.124639Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/NotificationsButton-CRcMibFE.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"86ebafbe3af7146152fb0e0725a77e17","sha1":"8db7c3becb4e4e27661b02d81e7e4af6ccf88875","sha256":"69534179649ab197e86d86fd81b15d6482270fbe2b586db9e5d53d8a5afe9de6","sha512":"fd414670b32c2952dabc84d33c09eefbdd8b11f690bd281ecbece9cccb7a4368177e7b7a5fd32d0f1765a72d9223db8f5894404fbf125f485a579109de1789ed","ssdeep":"","tlshash":"2af0208be998d9f41bc20910b32bd015383ab83cef4a688000ea2c58233005a891fa4f","size":558,"data":"","first_seen":"2026-04-21T19:21:58.091812Z","last_seen":"2026-04-30T14:34:08.136415Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/AiPromotedGamesWidget-NGnvHCv9.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"a9101406907c5968e23325db9fb011fd","sha1":"223dda07cad0b02bb4bc0d38a87a7041e8455bc3","sha256":"fb0eb5b9d285171245e65eaf8c52947abb9e33c957cab4db1291a2fc0ddcbcbe","sha512":"af8d1fd01cb8cfe2bcce9bb3d3a2e2d0bdd0b9fab1aacae9a8020a7fa5f1d3ea649bdff55c153c235d50ff58e86b92aa6f99e66651cf6a0bbacc50801e4cc163","ssdeep":"","tlshash":"4f41403bb019ca7cb3ac06a49194f34564117b7dd66990e8baef6901b36809d63bdb80","size":2082,"data":"","first_seen":"2026-04-26T13:23:37.943745Z","last_seen":"2026-04-30T14:34:08.121639Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"5606f8574cc2072b9b077888dc3e88d2","sha1":"2a97d267833b924f7b3d5a3d2e5fa7d59f8a235f","sha256":"35c4debce8a133920c5d71259863a75578f603b764eb9a46f26e112777ba6dae","sha512":"9bec0ca90d3addfd78fdd4bd4693615774f71a7219f7e9aaa027db79e2283de2295d36b9b828aec11809abfaafdb626ec2ff1b63a49a55658ccaa26ee18beca5","ssdeep":"","tlshash":"8ce0ab5d25407d259163149354a7ed0c30f33514d404f4c0689f4c05271894cc019e99","size":405,"data":"","first_seen":"2026-04-30T14:28:53.813697Z","last_seen":"2026-04-30T14:34:08.187449Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"267cf25787d8329d2c0eede061b98f96","sha1":"0193d781f6623c61b656bf22e874929e0831c39b","sha256":"9390fb9f9d06e73d59f6a6f3897be1e23457095adf7a7198f0d2113dd445e146","sha512":"4d88886e3796f0f3d2fd99cc737c7e18df2fb860e1a61e71673c99ed1bd5e49760a20faea93a3e6053be182624f32c248f1d450f918c87ed8656910d38f9bc07","ssdeep":"","tlshash":"6521ce86317ba03f8873706b125f56913a2460031480da193fac527a6f8da355e62dc6","size":1194,"data":"","first_seen":"2026-04-30T14:28:53.814666Z","last_seen":"2026-04-30T14:34:08.188024Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/TabItem-CBgyJEAy.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"d79478834b00dffb7dc6de2a25faf6fc","sha1":"d40f6061f3f67e6c218f638d6427d811017f2fb6","sha256":"c95ec55021a79a8038d979692a44c38f0bdc43104ce11e17b5c48ec14f2dd43b","sha512":"49dd7eca3104b3e9b967337cc390241c8b3cfdda17e1a6da3a69c58d51e9472d24c62719f120b7bca45dbf2bb92d2cfaa11e0b555cef0e8220edf1ebbea01ae9","ssdeep":"","tlshash":"0ce02b92b010f3f9996b54d6d27ed4c776120ddcdaa688e5e0a22044432e561f74ff8e","size":423,"data":"","first_seen":"2026-04-21T19:21:57.911833Z","last_seen":"2026-04-30T14:34:08.125622Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/HorizontalSportsList-e7xvm1uO.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"c51976159718e8d7ad379c4a81caf55c","sha1":"865200d0a68f9dcb153bdcf8318b81f4ce18c793","sha256":"6761d96f570f1a5c167c509ea8bc07cc09006558d88c23fa67db293edcacf916","sha512":"6b233138c2eb1646562558b1e6bb315ee6231d0ad33a2d4184a0a8280a43713341e448f4662e60ed26346f1e98f25437b30a24f6137151f3e26637180f74b9c1","ssdeep":"","tlshash":"72e02bc2dc618af45a1e88eba99c24847012047cff566664d298a2282b7508bf72940d","size":422,"data":"","first_seen":"2026-04-21T19:21:57.914525Z","last_seen":"2026-04-30T14:34:08.129025Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"31e03ccb341c28cfe30228af1bbc2667","sha1":"2582c35e7533edcbc2d0bd6c5144717a2c5e887f","sha256":"1773bc2947957c28043401062abab954c857a512a1486c35737638630c7f14fa","sha512":"fd28529a704e06f9dee353585fc5793fd7ec4e3633503216013fb137212a793158f218a0306d7e7f80b98719b09878dbad6616402846a0ca83903fa9cb026a27","ssdeep":"","tlshash":"e161338ba09aa0f30766303a9f9fb5417f2699023c06d6917d9cc2749f1162e4372fc9","size":3345,"data":"","first_seen":"2026-04-30T14:28:53.815596Z","last_seen":"2026-04-30T14:34:08.188551Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"3c9381de9b31eb306e2371de747d5715","sha1":"20f394434cc4c279f1be9e60be6c23c5508a5dd4","sha256":"0e10cd59fac74553f0b8ab4b06f721383c3359855b3e4dfbd5f9c50e9c7d3cd6","sha512":"c2cf63fda88227a25e2e5eb637227afa4e18163e5048ddc164229371394a47b3d9a9071140d23368caafcd3a87ec08a79fa6805110ee65aaaf7a45a33463930d","ssdeep":"","tlshash":"67f02b6e0aa4883e0777908b1a27f702b73200073808c0f8338d081bbf8036809e60c0","size":440,"data":"","first_seen":"2026-04-30T14:28:53.816544Z","last_seen":"2026-04-30T14:34:08.189082Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"1e05306f3a1bd5ccc4a04e1117a44733","sha1":"5e86bf2607b30acad1cf376ec339aad6714beaa4","sha256":"11c9ab872d0843dce408d9593a81f703f6137ea948b3fec79412138fd8839902","sha512":"74057596e1609d49aaaab7a632731c8db3aff8c9fa3324d45adfa3fc7b74a757e452d6f4aa808f355a037f7fb941bb6b1d8bcc211aaca162515859852ef6e939","ssdeep":"","tlshash":"b5f0dc660b6a8a3a2b33e18e080bb94077b520433c08c0d2711f8b0dafd083ae5434e4","size":473,"data":"","first_seen":"2026-04-30T14:28:53.817621Z","last_seen":"2026-04-30T14:34:08.189998Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/FavoriteGamesContent-CvJnpx-t.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"c2255a154e0ff0a1a2396567c13b5ed8","sha1":"7b73a0249c20f7880bc714a49758f2b2ba3b54c6","sha256":"4b836bd494d297c00e0f349545888b5600fc7e701b03bad65499ab450f2ff377","sha512":"90bb2514a027872224687101b8279bf50989139a70fd05e797da98bd152d1734ee8707a013c7bebc2aa2380f1ac6b6b64e8955fc46699994430cebc7e3d1e0ca","ssdeep":"","tlshash":"bf51941040445ffcab9eade61f27c0540976038c6241c13e6d795e3d3429a41723bffa","size":2785,"data":"","first_seen":"2026-04-21T19:21:57.949436Z","last_seen":"2026-04-30T14:34:08.143369Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/useJackpot-3DH8fx3i.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"d3d26efe2576b892629abe8c8a229db0","sha1":"9da0acc3a7c171b6cdda65e7d2ff3df0c16dee0f","sha256":"8747e1b7489190be9da95a00f2b8cb5f7257135fc5ce049979b42bab5e8819b6","sha512":"17c3009b92708ec21cd0954a1c4d7e9e38647e8fe25d6d34c062a2c0ddbc859426427fab48cf4693276f42839a4a5e9b6322b4e4f8f6fc95548e499e35f14651","ssdeep":"","tlshash":"3321ce85c059e5f8f5cd8ca10167d72a1b383f797440a0a0a0be5ebda7a8d45b6a0f93","size":1419,"data":"","first_seen":"2026-04-21T19:21:58.055922Z","last_seen":"2026-04-30T14:34:08.160465Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/DisabledMarketEvent-FWjdbj0n.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"50a2a8cc9d6ca650a99c9fda804b660c","sha1":"3b80913ed8920aecdc4ca04431d023324b9cbab1","sha256":"0e7c8e782ba6769acca5bbe1ad0579a62501cd1efcff863bed92710e0c3ad503","sha512":"f8c660756fafb1ed63a3a9176e80e4938c6b16c899596afec0dd998a8f5c8f3df15101001ecf320bbeaa49537c64c7becac3cc18070ce34926bb6a2483736bac","ssdeep":"","tlshash":"6c51866df290fa3d993600dcd27b1f1f201a17a2d6560592d0be8c29155c0dd366ffd9","size":2717,"data":"","first_seen":"2026-04-21T19:21:57.965296Z","last_seen":"2026-04-30T14:34:08.145724Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/UnavailableMarketEvent-DRNaHNkz.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"9870fec54e5fbcb85135c1a8cd743a95","sha1":"a2023b32efe069251bc3753d5e054da8ff49440f","sha256":"5ed254bfd9b4190d52f6890adf0e654d076d2d030f4d0065361e2443a2e4ddf8","sha512":"64a42a339ae62c76cf34425f0616dac05ed9e60e1a0be8b85a7664db68acfd13024b3339b53f0841a0a106344311d64b93e46be7d78bc2bd01eae7c3390085da","ssdeep":"","tlshash":"0ce07d0db004bffac0251cccce398b0d600307b8c7e945c391a920282b34235360ae9a","size":308,"data":"","first_seen":"2026-04-21T19:21:57.974603Z","last_seen":"2026-04-30T14:34:08.128431Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/Odometer-CVXFbm9Z.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"6286b6eec63e664202f79f9fbfcf1ce1","sha1":"312ecaa6d62d1cc9682ccc45b82f94b24d2fcbc5","sha256":"623b83e237aa8bc47bf2ae68d3a3d8af3caa348efa0f4b53f908742fb1176706","sha512":"7435bce30bf7b5e985aa1bb4d5e0055634e1a1bc44ddf8911439da67dbe6c287cc312256d7bc58b0dcb2c048e44ca909ce60d56c5f99eabf8de2cf71001ef583","ssdeep":"192:uAd7+NJtQaM1S0KCL529Xskmkjm6H/I7kauLPH7BNeSYpkYaSBpC7Tl+ea4PFD:iVQaM19K0khm6m6H/LPyFtX3HeNPZ","tlshash":"de622a89752272344393b2a055bb0609773f5d6a3809405db67caedabe32c19d12bff1","size":15624,"data":"","first_seen":"2026-04-21T19:21:57.981447Z","last_seen":"2026-04-30T14:34:08.163675Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"aa4608974d0177aa5e4c823f9f7dd797","sha1":"66337da9cdd7108f71d2934fe320638d33a46ce1","sha256":"869bc8fd029571ea38b1bfc076f467ea942bbd403a5e31b55a942978b7a63958","sha512":"5e19866d64d882ae6f72dd162b62ec89b33404396c0eafe926cf953afcc4c72f605edf14edbded683a9a5ff104b49a8609bad35ed14d5f94d66dbddd1b198ffb","ssdeep":"","tlshash":"8121718d5473b1e671e46016068bf484b77ada239e4cdec6346887007f56527c263999","size":1288,"data":"","first_seen":"2026-04-30T14:28:53.818571Z","last_seen":"2026-04-30T14:34:08.190558Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/LiveChatAdviser-rT6Ygk8F.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"cd8ad8ddbe0141aa7f26e2e2abfe85fa","sha1":"10a5043540898bef005950ef967dbb317bb7bfbd","sha256":"be2be9c6b4ce6017079f7d0ee19b82ab9dc28bb1a48cd08688dc1dcbf9431a28","sha512":"29fc2b9c466510861c8cf41ea92fb2986518c9004dc0e0a44389174028441cd309869653504daeba7ff35e221f6ce63525a229915ba103b4ddca6b30988ca78c","ssdeep":"","tlshash":"a31156d5f0c7a3fd6667244cd35a704330064fb4c13d1d75407b15645a6ce0aa30eed4","size":862,"data":"","first_seen":"2026-04-21T19:21:58.034133Z","last_seen":"2026-04-30T14:34:08.121161Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/withPanelButton-aAeMPmmR.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"00390da6d74e90c2dd3d0e554dfd3f70","sha1":"7d21d701c458157eec85163c3a2f9c934f81a530","sha256":"5a3735e14ff299003e3c8ab9cda80cd0c065eee8cca7ec4adbe61af665dd04cb","sha512":"e39954547caf1efaf4e91f5d6c23374b7e455a2582e877c40953ec72b27de752b4d10264776a71671e06c63fe072c1962a69e5c7d4150aa77fe8c187d0b48275","ssdeep":"","tlshash":"4f11f0e4f5c4adb1e0c40188577b2cb6719a32d9dce1149021b6c8da5fa90489a1e9ae","size":1089,"data":"","first_seen":"2026-04-21T19:21:58.107547Z","last_seen":"2026-04-30T14:34:08.118317Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"galabet1o61.com/assets/AiPromotedGamesWidget-NGnvHCv9.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/AiPromotedGamesWidget-NGnvHCv9.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"822-Ij3aB8rQsCu0vA04qHpwQehFW8M\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":2082,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2081)","md5":"a9101406907c5968e23325db9fb011fd","sha1":"223dda07cad0b02bb4bc0d38a87a7041e8455bc3","sha256":"fb0eb5b9d285171245e65eaf8c52947abb9e33c957cab4db1291a2fc0ddcbcbe","sha512":"af8d1fd01cb8cfe2bcce9bb3d3a2e2d0bdd0b9fab1aacae9a8020a7fa5f1d3ea649bdff55c153c235d50ff58e86b92aa6f99e66651cf6a0bbacc50801e4cc163","ssdeep":"","tlshash":"4f41403bb019ca7cb3ac06a49194f34564117b7dd66990e8baef6901b36809d63bdb80","first_seen":"2026-04-26T13:23:37.943745Z","last_seen":"2026-04-30T14:34:08.121639Z","times_seen":3,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoGame-Y0qcIyXb.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/CasinoGame-Y0qcIyXb.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/AiPromotedGamesWidget-NGnvHCv9.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1731-9ykGdoad9PFWTnGbV73rIhPB2Pc\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":5937,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5662)","md5":"123e20cc03db3b6cdfd472250e18099b","sha1":"f7290676869df4f1564e719b57bdeb2213c1d8f7","sha256":"0474793e4b1ef9debe89e0ba81fb735db9abe7f787b052e86a9d25091d60e0de","sha512":"62b7275430e9b5ef5be15842460b0cf6aa686cfafb9505f6e353a18d6dd90a387276015db73c280fbb75cff48f26e893571eb80ec9d28b19b0f370aee13b9e53","ssdeep":"96:jZbpMPeMp8TE3NsZzDuoaiLNjx20ZZ9LsAyZOHasrvayHGvHvsmxIfItu:lb+PeEL3NYDJyYYAJfRmxIfItu","tlshash":"83c1b705e064ebbcb83a4cc9983f102474192fd5df298565e47da839317c11eb223b9f","first_seen":"2026-04-26T13:23:37.870315Z","last_seen":"2026-04-30T14:34:08.132081Z","times_seen":3,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/favicon.ico?version=1776759160364","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:10.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /favicon.ico?version=1776759160364 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"310f-+jgV6NkPpEWZz6iS7HlTxMhsphU\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":12559,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"MS Windows icon resource - 1 icon, 256x256, 32 bits/pixel","md5":"b8ae7db4382e93f8f111ea6b4dd4b6e3","sha1":"fa3815e8d90fa44599cfa892ec7953c4c86ca615","sha256":"ce89da1584d022c621be5343c5b81825f1c807c05cc84c3a060e70bd0772e50f","sha512":"6697fd920ec4671e4cf3e693158278c8804c3d6ca388ec5d63c2e83a5008d58a724019fe8a7efee5dd78e058ee88f61563ea087a324d1838944dc22fe120c512","ssdeep":"192:Fvxo1OCTbExNp9KD3ljkIHmE/B6de3wtMCo7Z66NBWuYoXgK35OM:Z1CQ0Tl4BE/kxuCQZLbSRQ","tlshash":"16422bb7d5f8625e6764a28ba4fc9e2772e2334441a3541c36153f2506f6ece0b422f4","first_seen":"2026-04-30T14:28:53.654201Z","last_seen":"2026-04-30T14:34:08.142122Z","times_seen":2,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Regular.woff?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Regular.woff?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 174088\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"2a808-2kj1NeNOOHi+wU/o2KRxtLYEDhA\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":174088,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format, TrueType, length 94703, version 28143.-16451","md5":"10ec4d5f7081ebe643bf2312272368a1","sha1":"010d805f0bf4b179cd2bd8e4700f7dedfdecf984","sha256":"7786fddb9d327c190eb9776dd02f462d18f0ec5f96d0b4d16651c48be9f0e3dc","sha512":"8cc62d6347ec44ba973f35584190e9189fb49b3fba04d5632df26b40a7e774e778e8d803c77a2d99db8a60e3d5adbf6f6ba911dfc35d49709c55614a19f11922","ssdeep":"1536:DeGcZlM3ghPKCT789yRaqzv0czQ2oF4CZ4UjrZPfcLR3SZ46nynvIxdJLnNd5RvV:lGFPKCXfpvfzQtZ4UXZHcLBWgwZvfvtz","tlshash":"e4146c3bdca1136c9bb1819b75ac1eee6096f64b92d35f1cf05433c54ea56cd0b22ca8","first_seen":"2026-04-30T14:28:53.657079Z","last_seen":"2026-04-30T14:28:53.657079Z","times_seen":1,"resource_available":false,"data":null}},"time_used":734,"timings":{"blocked":43,"dns":1,"connect":21,"send":0,"wait":580,"receive":58,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_19617_751_f28c0116997dd7bf874d44bee531ad89.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.984Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_19617_751_f28c0116997dd7bf874d44bee531ad89.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 171990\r\nserver: cloudflare\r\nlast-modified: Tue, 16 Dec 2025 12:12:26 GMT\r\nset-cookie: __cf_bm=c5Kz8MDelTfWrYxECTI_30ypVNx2iwBmRPZEmQ8_ldk-1777559292.010683-1.0.1.1-G7iulmOCvGABsP4SkwaCDnYTTIfW9xwJvN46KxSM_eFnd3Tp_gTBQyn34KHjE1chi0y3Tl1tT7nK7D0rJqzO8qjHCXU8_vZ6sl0qFEQQYqOZ7eV8I9GbIDzHySQ13oPI; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\netag: \"69414caa-29fd6\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a72568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":171990,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"da60fd95ea206628b2eddf131edaebfc","sha1":"4b44a8bda8168634115edeebac413e097a4a2023","sha256":"d97d9efa41adf3c1c87fae16ba199810f815340d63812c080ecc15b01c57b810","sha512":"b2853552b5f0d94d1ffca92f3bc61a3328b926a88261807e59b6bd419ab9fb8d9bc7ca073e432102828ba2604c5a6155f7e4e908cdf8a751c547c0a8372afdcc","ssdeep":"3072:rTlwE9EWc1hp7QhEWbLkPLCpcLOB+yvGRmg/1NWg71BdPK9rBtg:rTyE9vce/vmLOB+uGRmgtNWW/P4rU","tlshash":"11f312ba37c8e66b488e651a2003e4c429d78188e74ffdf50649f48d4fe90cd59fa4b6","first_seen":"2026-04-26T13:23:37.881835Z","last_seen":"2026-04-30T14:28:53.659987Z","times_seen":2,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":22,"dns":0,"connect":0,"send":0,"wait":81,"receive":115,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/useJackpot-3DH8fx3i.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/useJackpot-3DH8fx3i.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/JackpotPoolsWidgetContainer-BUz-kRPc.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"58b-naCsw6fBcbbN2mXn0v898MFt7g8\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1419,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1418)","md5":"d3d26efe2576b892629abe8c8a229db0","sha1":"9da0acc3a7c171b6cdda65e7d2ff3df0c16dee0f","sha256":"8747e1b7489190be9da95a00f2b8cb5f7257135fc5ce049979b42bab5e8819b6","sha512":"17c3009b92708ec21cd0954a1c4d7e9e38647e8fe25d6d34c062a2c0ddbc859426427fab48cf4693276f42839a4a5e9b6322b4e4f8f6fc95548e499e35f14651","ssdeep":"","tlshash":"3321ce85c059e5f8f5cd8ca10167d72a1b383f797440a0a0a0be5ebda7a8d45b6a0f93","first_seen":"2026-04-21T19:21:58.055922Z","last_seen":"2026-04-30T14:34:08.160465Z","times_seen":17,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Medium.eot?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:13.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Medium.eot?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"4663e-spN6+p6T4l0ueI2m5hBAzAO4LQ8\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":288318,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"d105571918aa7cd1d84ded2b0e79dc6b","sha1":"4bed5248f355a8f9ac992f365c5cc90644b3bfa5","sha256":"303f9cde80f62e76c822ef573a39992b01e556f15077973537644461740305a2","sha512":"0c72d8189fe7c73d1901ad13c06090504e135955b5b98da129d437e52cc33154f5b23a2b8092d89a92396e482f948cc7ca97acf27c2c0d4cf2aae95a358e044d","ssdeep":"6144:jVnJRxgEHt5PTBF28O8eaGBPMQceWQIOZs5MAnKOA6tcEMkUji:jVnJDHt5PTBF28O8eVPMQceF5kU2","tlshash":"9a54203bf66f992ec38d9a77e2a4cd131b60f554623fd9453b927e24a18d0cc063472a","first_seen":"2026-04-17T00:46:18.542077Z","last_seen":"2026-04-30T14:34:08.171127Z","times_seen":3,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":129,"dns":0,"connect":0,"send":0,"wait":35,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Regular.woff2?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Regular.woff2?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:09 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 117559\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"1cb37-lWKfcouDwV2lyFmEm30K0OrHWJk\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":117559,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 61375, version -16451.0","md5":"ee42b1d5df224d06f70fc723574cc5d5","sha1":"c7b1150037a94ae7de1bed3970b40c3528df2082","sha256":"0184507992b2e4071a292aedc21ac5826c5652c1895d006f44beeb04cff739d4","sha512":"1272a597ce09f74ea7bef32ebdbb9f6baf80257838cde03f116bca9a4d8dc881172b56900a793a8ac9674d6fc3fcab5e29bbee0abddd5c37a4b2619817f59fd2","ssdeep":"768:POF1J+mTeo7BWNo/jPyiwthl06reFqTFja7fGRUTpwsTV+nTy5g1JGoe7ke7mxPT:Keo7Iik06rR8nNVKMAeDg941oPuE","tlshash":"b2b38ebbc8a2636e9f90939b64d8ae7292e33748e3939d1c1590338947d56cd0f521f8","first_seen":"2026-04-17T00:46:18.453423Z","last_seen":"2026-04-30T14:34:08.153902Z","times_seen":3,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":352,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/logo.png?v=1773142319","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /logo.png?v=1773142319 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-30T19:35:18.687432Z","times_seen":14438163,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_17246_751_8387fc48b9cdd4efaf2b07b07cfc123d.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_17246_751_8387fc48b9cdd4efaf2b07b07cfc123d.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 177081\r\nserver: cloudflare\r\nset-cookie: __cf_bm=EN0lJAG8JCC1PuNI58VsCmY1HFztFpe1.vx1e2F9MB0-1777559292.0024576-1.0.1.1-_s5rzZ_04Jsnqc.wjdc2F7Ae40diOp62pWmSLVUmLsKNFeiBaZa6P39XIZm9h7VC1aoRXAAyWrHf_CxyMPuh_cNRW_gECxCYiKLrSXjpKKgkCwbQtGbVzWRhch1AwAlE; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Fri, 06 Mar 2026 13:37:50 GMT\r\netag: \"69aad8ae-2b3b9\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b46fa5b568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":177081,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"f50eceb7ee3b9608a4a1118bfea622fb","sha1":"105072d350f5314e0a7c314aca40ff82f15509e9","sha256":"27ef08a937edf02eb4644983b7960b33ca1e0ee84d21bfeafff2b28bede6e274","sha512":"c99c78da639e44abe8da59785c3c6eeee4ebff3b0473ef1882bb633016248624cc445c7e5c4552689a02f21c65ce5c655cce6dafb627a33e42dabd18aa302b66","ssdeep":"3072:reniMsMDF6jIvnwdy8YmcnCq8kcUbou4TOElPMT0i5GH3PHQqVS7g6:ivsMDQIIy8YW4lEP20iM3fxSj","tlshash":"c40423529452a627d29e9066b820a11bc31836de7086f9c71fc7fd84f6694c4ca7ce73","first_seen":"2026-04-26T13:23:37.854046Z","last_seen":"2026-04-30T14:28:53.670824Z","times_seen":2,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":59,"dns":0,"connect":0,"send":0,"wait":186,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/HorizontalSportsList-e7xvm1uO.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/HorizontalSportsList-e7xvm1uO.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/FeaturedGames-CW2_S--l.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 422\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1a6-hlIA0KaPncsVO9z4MYuB9M4Yx5M\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":422,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (421)","md5":"c51976159718e8d7ad379c4a81caf55c","sha1":"865200d0a68f9dcb153bdcf8318b81f4ce18c793","sha256":"6761d96f570f1a5c167c509ea8bc07cc09006558d88c23fa67db293edcacf916","sha512":"6b233138c2eb1646562558b1e6bb315ee6231d0ad33a2d4184a0a8280a43713341e448f4662e60ed26346f1e98f25437b30a24f6137151f3e26637180f74b9c1","ssdeep":"","tlshash":"72e02bc2dc618af45a1e88eba99c24847012047cff566664d298a2282b7508bf72940d","first_seen":"2026-04-21T19:21:57.914525Z","last_seen":"2026-04-30T14:34:08.129025Z","times_seen":17,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-RegularItalic.woff?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:13.023Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-RegularItalic.woff?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 173509\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"2a5c5-nYEXHedig5pzlPAH1FgDTTlH7LE\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":173509,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format, TrueType, length 94732, version 0.0","md5":"3c629cdf322effc6f944c11bb3111678","sha1":"b5097dc1a2e21e2989482401ecf92708e095557d","sha256":"58210fdf232fe5f611a1d549e5bd57425fe51c5b043fbc522507a817180d274a","sha512":"e6ca155f5c7c265f6cd789dff417995de906356cc86efe1bffbfa28fbd37179c57890119e07d1f460cc928438163fc3e082f0c8017a182d9c3c9121c0172a2fe","ssdeep":"3072:Px+Ph0K/KE8M+W/EYpPbK70K+COR29TSn67:Px+PCzBM+2X80K+k9Tf7","tlshash":"0cf36dbbd8e2135e9e90935f54acafb291e37748d3939e1c148433894ba59ce0f511f8","first_seen":"2026-04-30T14:28:53.674626Z","last_seen":"2026-04-30T14:28:53.674626Z","times_seen":1,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":6,"dns":0,"connect":0,"send":0,"wait":25,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/InformativeWidget-DHYaBHsY.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/InformativeWidget-DHYaBHsY.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"43f-syKzE12zlL+Lr1Sxl11B2SgIb3s\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1087,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1086)","md5":"60fbcffeae3ed82e3c9e9d890c4641c5","sha1":"b322b3135db394bf8baf54b1975d41d928086f7b","sha256":"abb08e3ef3875fce677fe9c6eafd3a2f84ba9ed70d80c26811812d0b7f53a50f","sha512":"3e849905db3011903c7f03792daafc052757ad1396870d5ea6f389586f4870374e369dcfa92d1bc71b10b3d7a20f720f5b2ba377774cb524e74f4fbded0b6a19","ssdeep":"","tlshash":"e1117586f594d5bef0390dc44256d0946a212ee4cf38e4e999b5340ca87410bb7dbbbc","first_seen":"2026-04-21T19:21:57.953543Z","last_seen":"2026-04-30T14:34:08.122224Z","times_seen":17,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/JackpotPoolsWidgetContainer-BUz-kRPc.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/JackpotPoolsWidgetContainer-BUz-kRPc.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"101a-OeHopUPhYScp5A9xeMD6/xmFrzs\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":4122,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4121)","md5":"200156b951fe19857aa86cb0a7ee6b0f","sha1":"39e1e8a543e1612729e40f7178c0faff1985af3b","sha256":"c21b95a0ef76795569251a8da29e6ac5051d5b4664b6f67c9b46e8e2cb424955","sha512":"78519983072a6fda149d18a720560095e8b0f3f3b7638e2d379798cb95b6c4f7423caa6d6eacdc2023c9dd1ae26e6c63784d204b07757a67195ec32d09213bcf","ssdeep":"96:k0ao/CpTBeLzTGNlTw6YakmD7+oAtPeY8ORtTzk:k0pBME6E4yoAdPPzk","tlshash":"07817417e01ab3fce8ec04e3502f910e367e0bfdd75605e8d0ae05240abd859f259b8a","first_seen":"2026-04-21T19:21:57.910322Z","last_seen":"2026-04-30T14:34:08.122735Z","times_seen":17,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":58,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Regular.eot?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:13.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Regular.eot?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"462fa-0MEsRKAI+p3kbJbi7N36CZrGHkY\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":287482,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"1c77650085a310e11ed136cbcb7b8412","sha1":"f7180629268f3c0ac2c21a8c8417f9890c8ce2fd","sha256":"295c8c13ab7b2ea5b88ac89d133b22f70ded6c769215e0c87aa198575fd0a88d","sha512":"a86ea2881f4365b6e50a8760309ca272d17d249208b0d68ad936182dc115075f1410814c0dc8569f2ddc6346ba0cdff0d5a81158db169cfebf31517b81e0c0bf","ssdeep":"6144:QcRFMbcYNeaQZ/PMQc/qgYOQwBLsgsc+ksyJ5pC:QcRMNePPMQc/p3svksyJ5E","tlshash":"91541f3be22f4b2ec3994637b1648dcf0710f55512ebe695baa53fe42d8d08c0660b79","first_seen":"2026-04-30T14:28:53.680783Z","last_seen":"2026-04-30T14:34:08.175286Z","times_seen":2,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":117,"dns":0,"connect":0,"send":0,"wait":34,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/menus/app_menu?platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/menus/app_menu?platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:11 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=s0DIwSBOLInZYgz1jVKftNGY3nqtYC8hDe3GWiYxkk8-1777559291.4336636-1.0.1.1-zmTNzg7cYVM5Z3LolWFrK4ORla5QpFU_yDQvc8xmY8kc6VKMtmVe6MjdA0yhf8HyZSzoyC3pfeHk23hOhIRqTLhKi8E_zgbrlmLL5iZZXjYCyQ07OIVSPBJnwQH1CxDu; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:11 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b437ba956c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":71,"dns":44,"connect":3,"send":0,"wait":107,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.galabet1071.com/logo.png?v=1754487258","fqdn":"www.galabet1071.com","domain":"galabet1071.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet1071.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Apr 2026 10:30:57 GMT","end":"Wed, 22 Jul 2026 11:30:54 GMT"},"fingerprint":{"sha1":"06:4D:6A:E6:01:E1:31:3B:7E:98:F8:CC:17:BE:37:D5:27:6A:AE:5B","sha256":"1D:C5:EB:55:40:91:CD:12:4B:19:48:48:BC:4A:84:37:9F:3E:4C:6F:1D:09:A6:D5:C7:C3:9A:38:D4:61:44:7C"}}},"request":{"raw":"GET /logo.png?v=1754487258 HTTP/1.1\r\nHost: www.galabet1071.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:11 GMT\r\ncontent-type: image/png\r\ncontent-length: 7738\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Apr 2026 08:14:03 GMT\r\netag: \"69e731cb-1e3a\"\r\nexpires: Thu, 30 Apr 2026 15:28:11 GMT\r\ncache-control: max-age=3600\r\nx-frame-options: SAMEORIGIN\r\ncontent-security-policy: frame-ancestors 'self' https://*.galabet1071.com\r\nx-domain-activation: 1\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: BYPASS\r\nset-cookie: SERVERID=s2; path=/\n__cf_bm=a2w.nMYsr5cXOMQ6.z2pVIuCSlcDgHwLiijciqTEz0c-1777559291.8347967-1.0.1.1-kIZW9Yi55kXnJxSMGOQ13vr.NR3pnKtFeuf72t69n9A.jfO7D3w1NJzKw97evYbctGzGkTqbS7tyyAqAd3Mbe8Ze970i9hEwF0YLhw4SfdRwRWrC45JVaIn8nc2t7PDu; HttpOnly; Secure; Path=/; Domain=galabet1071.com; Expires=Thu, 30 Apr 2026 14:58:11 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ihno5nYedtQy2eFcA9VKMGbbNWDWuEHKqLGzy2%2BZVQ8YY9zbyBH5bsr0qnN8g6Z47YAA0eKzSSn1AgL%2FPfi7our4t5gsqKw5tYBJOGDFO90W%2BPm5GCEPeph4sOO1roRJdlC7FQ5M\"}]}\r\ncf-ray: 9f473b45fccc56c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7738,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 360 x 120, 8-bit/color RGBA, non-interlaced","md5":"60c432b2e1f44042e6831b308a2fcd28","sha1":"a0092dc780b9c15f23421dedf670462258e4bfea","sha256":"45f7ccf0315aa2e44a658598ba76a0993ffdb4ea7dbfbb569ddba207929a7461","sha512":"f4a8c1c80e4cb91a70a4801ca5e7efcc5e4cc742f4939f805cb65969d34a896b1bf2f82c5f2bc2869b8e6be0439157f84b1365dfc3c76584ff2cd983e97d5eba","ssdeep":"192:yLexi5CqFsyyyjU7Bmu3n/0Hw+mvTZHOpoNI2kAZKqn:yyUVmoCVFvTBhIGZKqn","tlshash":"69f19fa70753e811ad00922f841e0285bfc412e5f36bafce13b3df19862515475a96e1","first_seen":"2026-03-21T17:26:39.532964Z","last_seen":"2026-04-30T19:32:29.984429Z","times_seen":40,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":34,"dns":5,"connect":1,"send":0,"wait":76,"receive":1,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_3193_751_0a9602257bf1e3aa0de32fc2087e6200.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_3193_751_0a9602257bf1e3aa0de32fc2087e6200.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 181370\r\nserver: cloudflare\r\nset-cookie: __cf_bm=537TBdP7wiKALRT3gaUF88I0Te4yQtJBjvKJ13bZd4M-1777559292.0123334-1.0.1.1-xeSxyHrozgUxGzmX6YYVpR4yBO.b2dft7dbKU1Yc8fQqCskgSjodoxOYCvtRwcFN3uI.ZDJw9vo5jGX.iqgFuBoYpEv9PdgcnKLxzrXVQVcf_VzghXJxHOQP6Yt6zs7B; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Sun, 15 Mar 2026 12:19:42 GMT\r\netag: \"69b6a3de-2c47a\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a79568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":181370,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"d46b06863dbe07011883fbf8467ceb7d","sha1":"e84f3f94d0a49e37681fe5f5e06422e52057cf8e","sha256":"c1e7b5418931c9c55600067004d4e3abba2241713730f3eed5b3f661a7d990f5","sha512":"fdebc26eb327afa48824c7ec3ccaf5d01a936113680a5ae106fa553f7136509886f7fedae60cc22a430ed2f69ea989bee941a58e513f9c81381805e7bcb37213","ssdeep":"3072:5WSbhUXRnIFQLTK4DSYrPy2nNKfHbFqf8LEeppphA0pJ5gsRhOxD1iF8Gdfi:8S1UBnIq5Dnrq2neHbFVhA0pgsrOjiFS","tlshash":"b10412b0e3945c7bc150ced0cd9bb7bdb5ad9a807b94e05ce96b373256947ac00b2c29","first_seen":"2026-04-26T13:23:37.941761Z","last_seen":"2026-04-30T14:28:53.684827Z","times_seen":2,"resource_available":false,"data":null}},"time_used":343,"timings":{"blocked":75,"dns":14,"connect":1,"send":0,"wait":158,"receive":4,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/useJackpot-3DH8fx3i.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/useJackpot-3DH8fx3i.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"58b-naCsw6fBcbbN2mXn0v898MFt7g8\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1419,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1418)","md5":"d3d26efe2576b892629abe8c8a229db0","sha1":"9da0acc3a7c171b6cdda65e7d2ff3df0c16dee0f","sha256":"8747e1b7489190be9da95a00f2b8cb5f7257135fc5ce049979b42bab5e8819b6","sha512":"17c3009b92708ec21cd0954a1c4d7e9e38647e8fe25d6d34c062a2c0ddbc859426427fab48cf4693276f42839a4a5e9b6322b4e4f8f6fc95548e499e35f14651","ssdeep":"","tlshash":"3321ce85c059e5f8f5cd8ca10167d72a1b383f797440a0a0a0be5ebda7a8d45b6a0f93","first_seen":"2026-04-21T19:21:58.055922Z","last_seen":"2026-04-30T14:34:08.160465Z","times_seen":17,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":43,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoJackpot-CNQNWl4L.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/CasinoJackpot-CNQNWl4L.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"3803-SAZB/0STOOghBBXY3Fyb5QBDsUc\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":14339,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (14338)","md5":"1ee7513f5ccf2152df64431bc51c25e1","sha1":"480641ff449338e8210415d8dc5c9be50043b147","sha256":"5416f1ce3c21383b1b70d863005dc0c3cfc51d3b19ea03a1c430bf8d3ae1902d","sha512":"a712c2bca2e0c333d86faabd0d4101838dabdd4511399fb14ccba775aaa6fa263a23815cb2f32d72eead594ffb25b1f6ca8ce5d1394900a27ecb3d09d2a30310","ssdeep":"384:VWm6srKqqF3EjFOFEGOpOpeHMtGRxeG/PcyKx29boP8FJdr:VWmB7CEGOpyts/U2bdr","tlshash":"b4525d05f012b7edbca954f7487ee0287a5e1aa9c71808bcd1bd6c313d2c855760b7ac","first_seen":"2026-04-21T19:21:57.97338Z","last_seen":"2026-04-30T14:34:08.138458Z","times_seen":17,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":43,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Regular.ttf?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:13.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Regular.ttf?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"4621c-bnyEhc5Cxq5UPMU6E4XzaZDiW8w\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":287260,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"TrueType Font data, 16 tables, 1st \"FFTM\", 7681 names, language 0x13b, type 306 string","md5":"3e3999709239be8be1a40a6c00c1d590","sha1":"72c627a960d5e53253822829603e744ca223a124","sha256":"5afd25b3aceface9f474c72677a0049a8cace58bad816a4f2f1a0071e520fd3b","sha512":"31c0d7a03f96e989f23610e56eb3ef5475c09efe6308799891a67a2b2a44038fd4ecc02136b703b57f1e9e436cbfcc838d582b3f7a5d44ccb6f4e02213b964a4","ssdeep":"6144:ccRFMbcYNeaQZ/PMQc/qgYOQKBLsXsc+ksyJ5pC:ccRMNePPMQc/pNsSksyJ5E","tlshash":"32541f3be22f4b2ec3994637b1648dcf0710f55512ebe695baa53fe42d8d08c0660b79","first_seen":"2026-04-17T00:46:18.423098Z","last_seen":"2026-04-30T14:28:53.68867Z","times_seen":3,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":41,"dns":0,"connect":0,"send":0,"wait":42,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/6995ca3273d8cb1c357e525e/1jhohrlor","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"172.66.161.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 06 Mar 2026 09:33:33 GMT","end":"Thu, 04 Jun 2026 10:33:27 GMT"},"fingerprint":{"sha1":"F0:6C:DC:32:63:CD:34:E3:15:CD:7F:77:F5:A3:64:E0:9B:36:95:83","sha256":"B6:7F:6E:A3:69:3E:0D:3B:04:3E:8B:65:86:7E:1D:5F:82:84:18:16:8D:AD:72:D5:51:E3:46:BC:BD:CD:BC:38"}}},"request":{"raw":"GET /6995ca3273d8cb1c357e525e/1jhohrlor HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Thu, 30 Apr 2026 14:28:09 GMT\r\ncontent-type: application/x-javascript\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, s-maxage=2592000\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 906\r\ncf-cache-status: HIT\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9f473b363ba0712a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/x-javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-30T19:35:18.687432Z","times_seen":14438163,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":43,"dns":10,"connect":1,"send":0,"wait":11,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/localConf.json?v=1777559400000","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /localConf.json?v=1777559400000 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"1177-VN35mVLPmw+r2CmSgSUCavRXJAw\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":4471,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"b406e9c7fcaf80e5ab91f27ea0f0294c","sha1":"54ddf99952cf9b0fabd829928125026af457240c","sha256":"a327cfe81199467e7773a331449db596ff5a5da012ace64d4ae1889c757bdf15","sha512":"50bb2149cb4177578ffd52d275d2f399922cf5dc4fe93ec9e32b840532d1dc7cbf148a136fc965a7e353fab249d5849f33dba3146a47b9f8053a574661b71f4d","ssdeep":"48:YuTyTbGhzyQnA8qA+9nIok/we+NPhwxbwPAjgCfk/wWp3Copi279lMFDQJSLhHan:xu2ByQA8qAHTwAsAjgCuE56szUn","tlshash":"7391cc9d31458cfec75eeac3788b679f3042811387982c06c27cef4c5676f19650a2ab","first_seen":"2025-12-24T22:39:16.189594Z","last_seen":"2026-04-30T19:32:29.97035Z","times_seen":71,"resource_available":false,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/dynamicallyStructuredPages.json?v=1777559400000","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /dynamicallyStructuredPages.json?v=1777559400000 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":441,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":441,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_17477_751_f846abb92869652b4dae7539d0bc770d.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_17477_751_f846abb92869652b4dae7539d0bc770d.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 180120\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Apr 2026 12:56:50 GMT\r\nset-cookie: __cf_bm=qNrZ9DqYl0eRKihApzM317slVoEZtxgbxk0dUSp06Xg-1777559292.0114346-1.0.1.1-sYLtKlg33S0uAzyrckb.X9.j1Wf.djuWB9gSCnXqcmrMs6DNUaKH_t4SX2j6GWboNsw0qFU7xDR8As69Ui1zE_uthMeirmMBp0SLvc1X0bMqbo8OvdUIVPvhdMZk7S2J; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\netag: \"69e77412-2bf98\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a75568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":180120,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"2ee031648370d0cb5e91dbd54a70aa0d","sha1":"94e5594a7de5b511786ef9915984123f3dd1946d","sha256":"8e83cafaa2e6d4e5a1f953a99b52dcd3c11ffa31742c896a60b74aa73416de9b","sha512":"f22591f0d26e1b405cef65f2216f9b2a1e61168acb9818e493ef97c78e1d04362fe0d25034cef2376f54eb890e3f44b8d45cf476f4c9939a0273298501b90698","ssdeep":"3072:KpbR8YN7r2jt0I7c1UNfXOFqbjauMZxgMF/IAJOjuqRRFmlDqd:0iaHuQ2n16xgMFwAJrqRRuDu","tlshash":"e6041291e4181a782120c90b1975dfb649c1ef14345e9d693cd3ffea06cf988ae9af13","first_seen":"2026-04-26T13:23:37.862206Z","last_seen":"2026-04-30T14:28:53.693493Z","times_seen":2,"resource_available":false,"data":null}},"time_used":389,"timings":{"blocked":68,"dns":12,"connect":7,"send":0,"wait":88,"receive":130,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/components/header_info/contents?use_webp=1\u0026platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/components/header_info/contents?use_webp=1\u0026platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=iN9J6rMTYpcho2ryaVOq4tYp3ZoyMBaob5qfGeAYT8g-1777559292.0374856-1.0.1.1-q04ByoUSXDT_AHsVPxUNPl3r2ZwMfY3h7LzE9v0aX7IJBqBeBD3EpwndYHlByl5.I1gfCRs_VSB5LlAeh4Qxsk3fbppu5HDLaBYzckzjaiTXbnGvWnKrlaQUm6Gdsm04; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b47380f56c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Regular.woff?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Regular.woff?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 174088\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"2a808-2kj1NeNOOHi+wU/o2KRxtLYEDhA\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":174088,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format, TrueType, length 94703, version 28143.-16451","md5":"55269aa2aa499230a72cebc69c44363f","sha1":"d9d0b2b56a0cbbe48be3855cdfa9d85732674fc3","sha256":"e54e15ae7c6fdb64ef5b67459f881fede8725191035251c410df525b29e50478","sha512":"cf08627b14ec6b42d9cbb720a7bb4393ef8a58342f9d4365f669d03189cee1c5ae2b5594e82cd58ac3e98a39f09c5b9797c25d3960de4a5d33889f13d0176f70","ssdeep":"3072:lGFP3bZKv+BzQtZ4UXZHcLBWgn0Kk5vfvtz:lGFPtmGzQtCUXZ8LBv0Kk5XvF","tlshash":"d9f37dbbdcf213adaba4929b589caf7361e3774cd3535d0c1054338a4aa5acd0f511b8","first_seen":"2026-04-17T00:47:10.186315Z","last_seen":"2026-04-30T14:34:08.164671Z","times_seen":3,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":13,"dns":0,"connect":0,"send":0,"wait":23,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Bold.ttf?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:13.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Bold.ttf?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":19,"dns":0,"connect":0,"send":0,"wait":149,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/menus/footer_menu?platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/menus/footer_menu?platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:11 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=NVAquuTB_2ktQ9CvCjY5OhFsAST3RhMNTBW.0l5W4To-1777559291.4517841-1.0.1.1-1zQSnpdry6kxH5z4mgrgIlaasZ6Wc17w8pXTi2hFr73zICgV7DK1C.43DKxOmfiRJf33ZFjsIWRlITAn5Ef_pQhlKrrtc7Ch_c4HuQBLsGM9Deg92mi2ikFK6B8MkdwV; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:11 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b439bc956c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/TabItem-CBgyJEAy.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/TabItem-CBgyJEAy.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/FavoriteGamesContent-CvJnpx-t.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 423\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1a7-1A9gYfP2fmwhj2ONZCfYEQF/L7Y\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":423,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (422)","md5":"d79478834b00dffb7dc6de2a25faf6fc","sha1":"d40f6061f3f67e6c218f638d6427d811017f2fb6","sha256":"c95ec55021a79a8038d979692a44c38f0bdc43104ce11e17b5c48ec14f2dd43b","sha512":"49dd7eca3104b3e9b967337cc390241c8b3cfdda17e1a6da3a69c58d51e9472d24c62719f120b7bca45dbf2bb92d2cfaa11e0b555cef0e8220edf1ebbea01ae9","ssdeep":"","tlshash":"0ce02b92b010f3f9996b54d6d27ed4c776120ddcdaa688e5e0a22044432e561f74ff8e","first_seen":"2026-04-21T19:21:57.911833Z","last_seen":"2026-04-30T14:34:08.125622Z","times_seen":17,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoPromotedGamesWidget.C4EXhwOE.css","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/CasinoPromotedGamesWidget.C4EXhwOE.css HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"afd-CkeK2gVfA+RXSJTY/WuG7TDVMk0\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2813,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2812)","md5":"09fc6c8eb905c21c7a4d044090184cd9","sha1":"0a478ada055f03e4574894d8fd6b86ed30d5324d","sha256":"d1f596a53ce4b0c43d20611ff931c0858b5d6c4c987b2b546269e639543dc878","sha512":"6811084eefb8629224c5ae7d6806c7f2b220d131a02f0c1a0c44067d684da4c1676d4aaccf513bcca338af6608ba085696056a3b70ebd6274ca6992035c3772d","ssdeep":"","tlshash":"6451250f445b273af1134e60a2bd5ed66acb491bca3b4b7cacd86157c3096c2607397a","first_seen":"2025-12-25T01:12:57.08487Z","last_seen":"2026-04-30T14:34:08.157035Z","times_seen":254,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":47,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Bold.woff?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:13.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Bold.woff?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 174834\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"2aaf2-ATejSMfiqbvmCzH9eTO4Rl6KBvw\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":174834,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format, TrueType, length 95520, version -16451.0","md5":"a71a3b0125c427fdae86b8ffb87d3b44","sha1":"e948c3807224bc9d1750c03dfe576bbb1bb12fb3","sha256":"006a0f28b61bd3a0a6302a8211ae09e6374223f0a4212eebb8f5a50fb71778d9","sha512":"8f19ddccf0c930ae5c6b752ab99fb0cfef702094b1a07c92c4dbb4a6a10f0541d64aeeef4fb86e7b182ec2719792de3964f608ac0176c703193782d608541300","ssdeep":"1536:TDBQo2mgMsW9zxuqTv0PPop//bSTjDi1Wz+OoHcXKR5+6KsJxagSggggpECyELb4:TH5sWpgqQPwd/b4Des6RA6Ks9EyEfmM4","tlshash":"63144a37d8a2136d9ab0829b74989efda192f647a1d35f1cf49833d60fa45cd0f11ca8","first_seen":"2026-04-30T14:28:53.699267Z","last_seen":"2026-04-30T14:28:53.699267Z","times_seen":1,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":35,"dns":0,"connect":0,"send":0,"wait":22,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/FavoriteGamesButton-Bxkpo1Wf.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/FavoriteGamesButton-Bxkpo1Wf.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 427\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1ab-noveWNsbaQiGPLjYMNG/IMUnCIw\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":427,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (426)","md5":"d6b5f57863a996d61fadccd2e93cfba5","sha1":"9e8bde58db1b6908863cb8d830d1bf20c527088c","sha256":"127cb14f655ee71ccc244d198580bce314386d9955ec14858a368a6ee15b17c3","sha512":"85afeb40140f71dceb17cc44bc5e5a921b973d5b790176d8d60259736260012b731a2676976afbec92013d0fd0446f77fed9adab81f6f98be08d45170ec925e4","ssdeep":"","tlshash":"92e0a34ad048d2f927421a902607c0142826a47cd79cf49040ce18543d71457891e92f","first_seen":"2026-04-21T19:21:58.079589Z","last_seen":"2026-04-30T14:34:08.137859Z","times_seen":17,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":20,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_20053_751_edf14899a5b0cb48146cfce374e11d2c.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_20053_751_edf14899a5b0cb48146cfce374e11d2c.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 182161\r\nserver: cloudflare\r\nset-cookie: __cf_bm=5ocUbKK.iPgjz9aSOpC1oSf9.u8FyKwuTEDKN1EwAJ0-1777559292.0019054-1.0.1.1-iyGrXTsodpgn4YJ0uD9BhC_Ml0oyS2mAAq97EzQk8ECWb9KxnxRJ4vIfb2GEOZKwEkvHvjWoDZWc.NK_ns3FmSRugb2TEj7q_FeJsklBOL.gUS3xTYwUMifRxkD0CdNa; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Mon, 02 Mar 2026 14:17:05 GMT\r\netag: \"69a59be1-2c791\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b46fa58568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":182161,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"605a29a8e64c8e00703d2a602b576451","sha1":"8a08a0257f333cd282741db6a6bc40921c6d5a85","sha256":"c2e9449dceec603639a6efdd29217259526932e86900f0a5dcbc53b1112798ff","sha512":"a40c18612b0e58e41d0184525435932f2ae5e147b9c538f8a894c5f0894ad561d3693e6731078c8832e7e34c564b315f0d5526c8e4544ae48b84e47162cea217","ssdeep":"3072:qikiMclwKq9O4OU8v9kE55ETmIQa1s4lck520RBXZ/WAlpDxHG4jIwuxbqx+P:qiRM9mVv9ka0mIvxZRXOA0Ou8W","tlshash":"fb0412642effe07b9d91cfc948d86cbc56f1f019289422a586ff91cd5bf8509683ac01","first_seen":"2026-04-26T13:23:37.946161Z","last_seen":"2026-04-30T14:28:53.702008Z","times_seen":2,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":60,"dns":0,"connect":0,"send":0,"wait":213,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/casino/partners/0/platforms/0/games?limit=12","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/casino/partners/0/platforms/0/games?limit=12 HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=YEg07HFULIwePyY5UYemIThcX_joaVSS_nKRvDsn9HU-1777559292.446914-1.0.1.1-pUSgAGA8AFHSr4PSkehza1KwmAIe6mdQeZseQbXkW03gtXf1LaTsFPSWxhnOJkttFksRwR_P_W9RxyY_vEi36d4rEkj1sH8oeqVbe9q.M_ruhgnYZL3t72VIlCasA9Aq; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b49caaa56c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/firebase-messaging-sw.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /firebase-messaging-sw.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:09 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"465-gZ9gYVYk8CXRJW78QI2OV2qQnHs\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1125,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"44b92a7d10cb0970ced5798c2eb1b8ac","sha1":"819f60615624f025d1256efc408d8e576a909c7b","sha256":"a87215bfd90d96fb55335ce2b2411f38074588149c9e896505cb10b250e17e1e","sha512":"75c55da9e8afbd96b6219292c91fb88e01c15d20bafc974028763227220aa042f4b761895d44b0394baae53c225e9b0c109d2eca333aad6b382951a60448e8fe","ssdeep":"","tlshash":"5121cb124be2f8231e4104c7679f32186e290d2507b0f1de61bf56b86b0a57b206bbc5","first_seen":"2025-12-24T22:39:16.149326Z","last_seen":"2026-04-30T14:34:08.162701Z","times_seen":71,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":62,"dns":1,"connect":18,"send":0,"wait":26,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/JourneyAdviser-ZLeRKwPS.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/JourneyAdviser-ZLeRKwPS.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"2c1-hP1tsbVzYjs6iHM4ZiA7QPVwPKA\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":705,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (704)","md5":"6536542721f94dc5131c6a3c0cd90007","sha1":"84fd6db1b573623b3a88733866203b40f5703ca0","sha256":"6b515ac72b2761c5bc901246cdfdfdebf620ac64fecbeacb69577fefb47648ae","sha512":"745d0da77d6fd5c7d54a28bb6b43fd66536f55c00b4b1999f99abd1436f98d155019d2c142a6925915097c5d7398fca6fba35ae3f7522d75f96eb7087bc37b7b","ssdeep":"","tlshash":"6f01cbc5e088e7fd99670889637e40213019aeb9d639e4e980bc39606b3d44ae50fb8d","first_seen":"2026-04-26T13:23:37.917553Z","last_seen":"2026-04-30T14:34:08.124639Z","times_seen":3,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_13286_751_3ad2871d18830b360e7e231bb5b12eb6.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_13286_751_3ad2871d18830b360e7e231bb5b12eb6.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 172837\r\nserver: cloudflare\r\nset-cookie: __cf_bm=DbhQHvJuuHFZuUEhm5JVDC.KNFPZW6szvCqAyi0yyqc-1777559291.99971-1.0.1.1-sgEDx2ytz8WBkn2vyu7CeDkZJK4hvUBZf0lQbJ87grsZAWQBRRPeL535RHZEsCSoo4Teyg5FWgDxhQLU4ID9CrXQy_DYYko0fyL7NX5oGfXeJVaVGlST86npZhIx7H1W; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Fri, 12 Dec 2025 07:22:57 GMT\r\netag: \"693bc2d1-2a325\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b46fa4e568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":172837,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"5f6caf2d584a2770494a26e49a240f70","sha1":"8b5e2080aaba67deb91e9c67944320126553005c","sha256":"98fd8283befda356ead238730651238dd2fccfe43be88b9e9008cf564ee9173d","sha512":"b689943f694ae70326765c53e12748897d6163fdfea4f4d7d098bf517de9b480e6b6114157d5dcca38131b9a88e4bac2ff0d7575f8193b77cb450a110b30bec4","ssdeep":"3072:CHJ9KOLR42pJXZkmj2zJReoYdJXGUASlyGYVY0rER16yX+Ic2MzvjDL:CHJQODRjwwdJWrGyfY0r216yXzSjP","tlshash":"29f312b7acb8823bb6e24d7b41395fbd63f5d575a95425ecd0638273c0fa400784aa23","first_seen":"2026-04-26T13:23:37.892667Z","last_seen":"2026-04-30T14:28:53.707271Z","times_seen":2,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":193,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/PromotedProductsWidget-BmBBmXho.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/PromotedProductsWidget-BmBBmXho.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"848-gOxecXyMu0THxPOH9tESrR15ab0\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2120,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (2119)","md5":"db57e1ae095fafa8eed311f2e263a9e1","sha1":"80ec5e717c8cbb44c7c4f387f6d112ad1d7969bd","sha256":"0885b61e7aa138a5b2aa9d4a32e2583c426aa8fa88c6d31eaa7c4cf782190ee2","sha512":"33c6d7a5d02e9799c92ace848a2c68f2f1f14154873a9d0d2e8c34069601a2552ed769548e05c4dbf00f5a201f1865352a0b39729a5ef4542f45aa78087801b5","ssdeep":"","tlshash":"7e4169c3d934a279f23e5cec114550c838257d18d965587150b77c1a913d816bb57ffc","first_seen":"2026-04-21T19:21:57.954388Z","last_seen":"2026-04-30T14:34:08.127455Z","times_seen":17,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":63,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/components/4273/contents?use_webp=1\u0026platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/components/4273/contents?use_webp=1\u0026platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=U6Aavo.yy_YuV2AL5GB.qt_tz59DONX06403VSmMSiA-1777559292.4442012-1.0.1.1-tF8PoMnus6kLncw0mJSE5F9PCHOLOsSv7IARfXLfdHkZSTZ0dNd.BXrUUxbKkxP1yZQM8MI0vyzQHB85T8uWZ1QXhtjaPSIu3ri12shufuz9jGvbnowflDr9G6CR9wQt; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b49caa656c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/components/6713/contents?use_webp=1\u0026platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/components/6713/contents?use_webp=1\u0026platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=jYJSeYUAVxylBq8EYgR6OwySSiS_5xvcf4z8UkvIq94-1777559292.5118434-1.0.1.1-M.9Gd7Ylw46VZST6SbqyqwyQZO4Ai6IepSIAaaW4BJ4ACIyu0T1pmyH.N1OFIH6tfn_OXGYSBpbytdPTuEffhTEmdt19T9XKJ2m20WTRsqy0qLoPbpaegGH0_mBiilo6; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b4a3b2256c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoJackpot-CNQNWl4L.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/CasinoJackpot-CNQNWl4L.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/JackpotPoolsWidgetContainer-BUz-kRPc.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"3803-SAZB/0STOOghBBXY3Fyb5QBDsUc\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":14339,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (14338)","md5":"1ee7513f5ccf2152df64431bc51c25e1","sha1":"480641ff449338e8210415d8dc5c9be50043b147","sha256":"5416f1ce3c21383b1b70d863005dc0c3cfc51d3b19ea03a1c430bf8d3ae1902d","sha512":"a712c2bca2e0c333d86faabd0d4101838dabdd4511399fb14ccba775aaa6fa263a23815cb2f32d72eead594ffb25b1f6ca8ce5d1394900a27ecb3d09d2a30310","ssdeep":"384:VWm6srKqqF3EjFOFEGOpOpeHMtGRxeG/PcyKx29boP8FJdr:VWmB7CEGOpyts/U2bdr","tlshash":"b4525d05f012b7edbca954f7487ee0287a5e1aa9c71808bcd1bd6c313d2c855760b7ac","first_seen":"2026-04-21T19:21:57.97338Z","last_seen":"2026-04-30T14:34:08.138458Z","times_seen":17,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Medium.woff2?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Medium.woff2?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 119597\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"1d32d-IRtqibFKPVK3WJkOsSWyK1mW+8w\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119597,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 65612, version -16913.-16451","md5":"fc876518eafe055b1bf4cebf57ddee17","sha1":"770245d4e23383a4551b6700aa9acb4b9932724a","sha256":"c16e664410cf2612481b466c9bed1b2425d26431e1b37faeb47a644954b01791","sha512":"e685e89e9887a7e37d6bfbfedf7662fe36b9b3418cfe66a356c2e94f35ac57f25a853eb5425af47c7d4a24591d633eae8c47603a4a6664562b9e81420767a466","ssdeep":"1536:6iRt/nPsIp7/WuFg+PmtJr7aWjSV760H07qo5++/4i2sAIlEB:6iRtfkIZWuFgm+Oqlg07qo5++/D2SM","tlshash":"7eb37dbbd8a2636d9f94d35b51dcbeb2a2e33748e2935d1c0584339946e6acd0f110f8","first_seen":"2026-04-17T00:46:18.554768Z","last_seen":"2026-04-30T14:28:53.710956Z","times_seen":2,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Regular.ttf?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:10.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Regular.ttf?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"4621c-bnyEhc5Cxq5UPMU6E4XzaZDiW8w\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":287260,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"TrueType Font data, 16 tables, 1st \"FFTM\", 48436 names, language 0x3527, type 3855 string","md5":"7c8aab3355791e706994b1027f20ed5f","sha1":"a1c5c909792bf696109a0e3b9a3b82266bff4032","sha256":"f28b81b8b3227209f3fcf36d1233249b20a5860a453580521459fd7122cac526","sha512":"1f83264a580a1074f086e590bda3648326510ed3f25ebe7545b5f6a4fdf36adb7ce4d8531ccb4487b2328979d1d7b941217fb8b542ad2b529308d356b1ade1e1","ssdeep":"6144:ccRFRC4hHUpNeaQZ/PMQc/qgYOQs5MAnKOA6vHl1xsc+ksyJ5EE:ccRNHUpNePPMQc/pR1AksyJ5j","tlshash":"df64303be62f472ec3a94637b1608dde4710f54522eb9b84b6a67fe42d8d0cc4530b69","first_seen":"2026-04-30T14:28:53.713052Z","last_seen":"2026-04-30T14:28:53.713052Z","times_seen":1,"resource_available":false,"data":null}},"time_used":612,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":575,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/logo.png?v=1773142319","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /logo.png?v=1773142319 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-30T19:35:18.687432Z","times_seen":14438163,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_3521_751_22783f633fa6e24d57c2585682336845.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_3521_751_22783f633fa6e24d57c2585682336845.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 178242\r\nserver: cloudflare\r\nlast-modified: Wed, 04 Feb 2026 15:36:29 GMT\r\nset-cookie: __cf_bm=3_SSZvtGac8Kyh8wSSK8SzRZEp11Hp_MwivInarpbK4-1777559292.00014-1.0.1.1-XeNcau0_kNPQhCCRJ2prOt3pOpsi7P_c5dBmcfmfg6QYAl_so51oVfXj5RMAL53Gdzy2NGl.Fvj4JJrO0vVYmg.SqQ5VLUl8hcayMMV7DNl_CNXXGYyXyKxhYuT11_0Q; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\netag: \"6983677d-2b842\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncf-ray: 9f473b46fa51568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":178242,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"c46e4ebdd6a57769c62d79c1c0800914","sha1":"e6d8b2c7b97ccba7d6241c7cb7fb3474dc96546a","sha256":"ba1ef4e2469242ee9e14ca40ef883ac884a414c77a32e93eeb83e05114b7b862","sha512":"a027fdf0975db653f269f62bc5aa380ee9e29add770904add939cc39e7d6e3868fec9d5a072dd3ec994ab75e47862b7327e5e7931691a00aa74d2e54b7928b9f","ssdeep":"3072:K+yN2tzzJ8JsKms38fb6j9WYYuELLD4r+z7qnP5mqE2Zm/s2iofkOKKTsvqiFpkI:H0238JQlfbsYtf4r+z7+P5BTMU2iCnTE","tlshash":"1b0412765160995f2d5d871704ab6f2609708fb823e1b3c5db3194bc9cabf89b020b4f","first_seen":"2026-04-26T13:23:37.920484Z","last_seen":"2026-04-30T14:28:53.715017Z","times_seen":2,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":61,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-RegularItalic.woff2?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-RegularItalic.woff2?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Regular.woff2?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Regular.woff2?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 117559\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"1cb37-lWKfcouDwV2lyFmEm30K0OrHWJk\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":117559,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 61375, version -16451.0","md5":"848fcc4bae5c375802b8a1f406bad364","sha1":"72253a9cbe6eac2b429afbe265f4610dbd5f9f69","sha256":"34eac43c8f8e74e20cdc544eeac5ef543ba066d589bcd83c877168dc7183b982","sha512":"7272b1fde9c5bd37522ab2e1b6c3436819bc01833475d2ae0be76e4007ac067d3e52143abca27385d415df54b135119e47e6698a26c69dda634d978e411ee5e6","ssdeep":"768:POF1J+mTeo7BWNo/jPyiwqfX2tK2Zk1xIB3s+mIIErnZu5VhIK8p1uD9W8s8e0uT:Keo7IiB8uelBnwIziJW8PYpgLZdP1ql","tlshash":"c5045a37e840237c9b7280a7b6281edc5049f9a361d74f68f5a23be24fb52cd4766c58","first_seen":"2026-04-30T14:28:53.717063Z","last_seen":"2026-04-30T14:28:53.717063Z","times_seen":1,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-RegularItalic.eot?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:13.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-RegularItalic.eot?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"442e1-eICV8QQlYAf1cDROGoNh4x1Vb5k\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":279265,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"41cffac866f7580eb5ca2538b4e7be19","sha1":"ffe89c297b5b3d9b37b6546e7d9d17d2dd9b27ef","sha256":"6c8c64ec5c384a7a7a5565380b1ade2f0715f0b001aad2b233875f5a7e8b3a60","sha512":"767399a2fc466f470fffc10c4dd76114b40ab3c38c105aabf07be4e0f852df5a16d5ed67917c8e13c7a3558ff66475c5f4f040338ed59d73aef8192322527add","ssdeep":"6144:whN0kekkKYP7wheaHOcQ5MAleOXUb4jaSxiYLHi:wokekkKswhe2OjaSxiYO","tlshash":"96543d7bf72e882ec3898637a2b0cd175720f659252fd9d43b967e34618d5cc0a3076a","first_seen":"2026-04-17T00:46:18.46864Z","last_seen":"2026-04-30T14:28:53.71839Z","times_seen":2,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":312,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/menus/header_menu?platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/menus/header_menu?platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:11 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=ucwnqcZEEuYqOff9twsX9SAkYgSs5XD9kEmJQHrZCRs-1777559291.6037526-1.0.1.1-lR3uvrl1mAGT6ImUp_HmTiXnOholB43RujZjyPzHFoR52h5LMRJ8YOJXViNhUm8iBsrx8lkcvioF_KJi4dhSSmo99K8dbxH.pvWx.W1mQ6WafM_i0E_turQPgy5DzuJi; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:11 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b448d1d56c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/LiveChatAdviser-rT6Ygk8F.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/LiveChatAdviser-rT6Ygk8F.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"35e-EKUENUCJi+8AWVDvln27MXu3v70\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":862,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (861)","md5":"cd8ad8ddbe0141aa7f26e2e2abfe85fa","sha1":"10a5043540898bef005950ef967dbb317bb7bfbd","sha256":"be2be9c6b4ce6017079f7d0ee19b82ab9dc28bb1a48cd08688dc1dcbf9431a28","sha512":"29fc2b9c466510861c8cf41ea92fb2986518c9004dc0e0a44389174028441cd309869653504daeba7ff35e221f6ce63525a229915ba103b4ddca6b30988ca78c","ssdeep":"","tlshash":"a31156d5f0c7a3fd6667244cd35a704330064fb4c13d1d75407b15645a6ce0aa30eed4","first_seen":"2026-04-21T19:21:58.034133Z","last_seen":"2026-04-30T14:34:08.121161Z","times_seen":17,"resource_available":true,"data":null}},"time_used":52,"timings":{"blocked":31,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/jackpot-jNbP6Duk.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/jackpot-jNbP6Duk.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 376\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"178-HTAHDn0O0IONuuIsgcQUMPs9DUU\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":376,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (375)","md5":"c4e89512f1192d8bdeb452c2cce992bc","sha1":"1d30070e7d0ed0838dbae22c81c41430fb3d0d45","sha256":"4a7f2a8747580d38cb522b361b5cc73a8ebcdb6690f3f8d92d7dded5be8a36fd","sha512":"b548c62816c00d3df156b43a8e608d5d7de55931f121ecfda4e7296e5cd65208ffaf60871ba3b035cd43b5e2aae82b0965329a8c9b5a0821de5a23fbdbc12626","ssdeep":"","tlshash":"00e068eed8c08dfb967007552bb018840e2416ca101ec9e4be2672611800b8828f8239","first_seen":"2026-02-24T14:23:51.255604Z","last_seen":"2026-04-30T14:34:08.170604Z","times_seen":66,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":51,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Medium.ttf?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Medium.ttf?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/DisabledMarketEvent-FWjdbj0n.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/DisabledMarketEvent-FWjdbj0n.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/FeaturedGames-CW2_S--l.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"a9d-O4CRPtiSCuzcTKBEMdAjMkucurE\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":2717,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2716)","md5":"50a2a8cc9d6ca650a99c9fda804b660c","sha1":"3b80913ed8920aecdc4ca04431d023324b9cbab1","sha256":"0e7c8e782ba6769acca5bbe1ad0579a62501cd1efcff863bed92710e0c3ad503","sha512":"f8c660756fafb1ed63a3a9176e80e4938c6b16c899596afec0dd998a8f5c8f3df15101001ecf320bbeaa49537c64c7becac3cc18070ce34926bb6a2483736bac","ssdeep":"","tlshash":"6c51866df290fa3d993600dcd27b1f1f201a17a2d6560592d0be8c29155c0dd366ffd9","first_seen":"2026-04-21T19:21:57.965296Z","last_seen":"2026-04-30T14:34:08.145724Z","times_seen":17,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/pageBuilder/pageBuilderCssConfig.json?v=1777559400000","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /pageBuilder/pageBuilderCssConfig.json?v=1777559400000 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 277\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"115-7YWr0eAynx1LOnZPzjRSWr9oD/k\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":277,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"b384bef633c4dad28cb58c0ed626c676","sha1":"ed85abd1e0329f1d4b3a764fce34525abf680ff9","sha256":"efaa340e7652864fcef70fdb10125f60ec395fa732325cff6606c9d8446493ad","sha512":"0b6f27ab057be8f03ac22f0ddd42677644ff77a325f6972b4a665eee859b0637a78f6b1cd6a4d8f7a41f71f76bafa85978497a74a418dce33aa0082838b7ca3a","ssdeep":"","tlshash":"32d02ba19675cf1126d210a302872ce56c6dd247b1808a876485e2f670c92881953f36","first_seen":"2026-04-11T13:31:58.704895Z","last_seen":"2026-04-30T19:32:29.760169Z","times_seen":27,"resource_available":false,"data":null}},"time_used":484,"timings":{"blocked":41,"dns":1,"connect":19,"send":0,"wait":392,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/menus/app_menu_0_eng.json","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /menus/app_menu_0_eng.json HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"5785-XeoEHbrEM9Rsj2usyH8HsCKAzdI\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":22405,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (712)","md5":"29f7f99e439d4f4fb3befa418176b921","sha1":"5dea041dbac433d46c8f6bacc87f07b02280cdd2","sha256":"b789107b4eda5badb76eb1d4eeada369f3b7f4b94d348c036aa536c6ab78e4a2","sha512":"af5c629c5d2349c505b2cb0305d258a22e828ffba599d224c7c048a5f0152cac18c248e6a93e70f57442c04dc43ba9f6530176c865615b532fc20b9ec8235d64","ssdeep":"384:krTT6JeD8l6UIh/ik0egXpFD0xba7DwNx0SA2XEsuWdG5:YHVD8l6U/egXpFD0YQNxXA20suWd+","tlshash":"d4a2b75a38f2b03a0227607f6a6bf24d7f3554036905dc9579dc87586f80f798ab3ac8","first_seen":"2026-04-30T14:28:53.725546Z","last_seen":"2026-04-30T14:34:08.132624Z","times_seen":2,"resource_available":true,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_15091_751_7782fb2fef69cef9d04bf1cb4aaa427c.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_15091_751_7782fb2fef69cef9d04bf1cb4aaa427c.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 179115\r\nserver: cloudflare\r\nset-cookie: __cf_bm=ZH.IRI6ewGnlfcz.2gjjGf3StlP1_aZDcDhXnhZw8MU-1777559292.008688-1.0.1.1-Rghvnj_yT.A6YPF8Gm53_ABz2IakH4WfEUUAZG34c8iLAFxowV9SdAmv._zl6RdLv1hCzcrjfcfmUcIpxUYczOhxC6mx7FJ8zsrx.zz0lrzlmiWszrhBYFsQXbWlnBy1; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Thu, 05 Feb 2026 10:40:04 GMT\r\netag: \"69847384-2bbab\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a6b568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":179115,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"908ab32b9df50262238ecabf294b4416","sha1":"8fb97150439022af511eab96d731100710b408a4","sha256":"15b00d00fd5bc1c715f6b7ddb4e9b2675be801dbd381ceda3013f6c4877bf971","sha512":"a4a3e8ba5268c08db584dae7cfe6d3b5468835a2a961b2d64f766a396dfee2da5d763e5c0022dd9e2cd86bea50587686c8264b976c6b502e6aa287f0aa6bf6c4","ssdeep":"3072:qJvP0K+mT4R6LcUpQu4yftkQg/aDJPfyfMQ2E/GgGYNRiSbFp:+P/1MRLUpQu4yftzQaAkQ2E/GgGY9/","tlshash":"5d04128cd5e365337d64264d18a0ec73a7d2a95e86051dec11cbf866acf0eb2c8a9770","first_seen":"2026-04-26T13:23:37.885774Z","last_seen":"2026-04-30T14:28:53.727352Z","times_seen":2,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":152,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/jackpot-jNbP6Duk.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/jackpot-jNbP6Duk.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/JackpotPoolsWidgetContainer-BUz-kRPc.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 376\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"178-HTAHDn0O0IONuuIsgcQUMPs9DUU\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":376,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (375)","md5":"c4e89512f1192d8bdeb452c2cce992bc","sha1":"1d30070e7d0ed0838dbae22c81c41430fb3d0d45","sha256":"4a7f2a8747580d38cb522b361b5cc73a8ebcdb6690f3f8d92d7dded5be8a36fd","sha512":"b548c62816c00d3df156b43a8e608d5d7de55931f121ecfda4e7296e5cd65208ffaf60871ba3b035cd43b5e2aae82b0965329a8c9b5a0821de5a23fbdbc12626","ssdeep":"","tlshash":"00e068eed8c08dfb967007552bb018840e2416ca101ec9e4be2672611800b8828f8239","first_seen":"2026-02-24T14:23:51.255604Z","last_seen":"2026-04-30T14:34:08.170604Z","times_seen":66,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Medium.ttf?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:13.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Medium.ttf?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"46554-7mPou+fbf0ME+PRLXOUQtwKV2wU\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":288084,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"TrueType Font data, 16 tables, 1st \"FFTM\", name offset 0x75efbfbd","md5":"16979378d35bcf8fb744931125866ede","sha1":"7432d91fde232dbd9a552ddba41c0d7606a9c624","sha256":"67b2ab24cd880c0f29152255354089875b27d1fef1f700065ad33f654066e050","sha512":"38e8cc9899aa81dbafe32342e300f41a70306e740107fd66e06da41daf1776e77f100552b4b4dcaeb9b794d3130f64e1c934ce4454a794e9c8cb73f46cdb381a","ssdeep":"6144:pVnJRxgEHt5PTBF28O8eaGBPMQceWQIOZs5MAnKOA6tcEMkUji:pVnJDHt5PTBF28O8eVPMQceF5kU2","tlshash":"d054203bf66f992ec38d9a77e2a4cd131b60f554623fd9453b927e24a18d0cc063472a","first_seen":"2026-04-17T00:46:18.533035Z","last_seen":"2026-04-30T14:34:08.174645Z","times_seen":3,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":23,"dns":0,"connect":0,"send":0,"wait":397,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets.json?v=1777559400000","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets.json?v=1777559400000 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 108\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"6c-rLoNYJIMYaJJnEJdD6jW/NBrU+E\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":108,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"4ee89984d6fb4aad941e7cf6cc639d8b","sha1":"acba0d60920c61a2499c425d0fa8d6fcd06b53e1","sha256":"adc12bf71cfc37b9889de5d878c36ef74224dd986fcbec05656adb2d12016e22","sha512":"998b96b1f3fd723a177521a6a54616931aa2e0fce8dc23940f0fa573b14a711d210dc1dccc67e69db74abd89413badacfb21edfc081f3fbcb642c1a20ca98b9e","ssdeep":"","tlshash":"95b092885a6dc80033c0e08822856b04f304f1ce8ea7025e201701a88af0b268ae080e","first_seen":"2026-03-21T17:26:39.627607Z","last_seen":"2026-04-30T19:32:29.815134Z","times_seen":42,"resource_available":false,"data":null}},"time_used":482,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":482,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/loader.png?v=1773142319","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:10.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /loader.png?v=1773142319 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"337-SUS+6/43KB2RKEJWFea9rx3S45Q\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":823,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"832617f424fbff98428ebe104d1b493d","sha1":"4944beebfe37281d9128425615e6bdaf1dd2e394","sha256":"c96096e28a7ae4154e0298a17920f40ae3c0534919c699dd4281fdf1f22166ee","sha512":"d84c1e0ff51646f64b34a73bd79e95da55e434f02a12d0ace900656af03752b946fcc35f6e598b0766a888bdb6dda78200347127865fcabf6d8d41ecb726bd85","ssdeep":"","tlshash":"eb0120b3d7a0523cae4be39b447a8fb1442030c5522f810c640b3101443206c0968a6b","first_seen":"2026-04-30T14:28:53.731096Z","last_seen":"2026-04-30T14:34:08.161061Z","times_seen":2,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_3192_751_88b2ec4aeb9b41f9f7131ef17ef2b0e5.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_3192_751_88b2ec4aeb9b41f9f7131ef17ef2b0e5.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 183432\r\nserver: cloudflare\r\nlast-modified: Wed, 11 Feb 2026 12:05:40 GMT\r\nset-cookie: __cf_bm=nCSf7X5T9M_6wir9sKIhALHh0t95fPpp4RGMEtSbbmE-1777559292.0041783-1.0.1.1-DhgdoqJc8Hj7cJ9l8vB_I727fxUn4JKu4VyOfZ861fcESgfoWLeVXm1OJpz8AYppDK0ojq8k5OCfZKuwR48Nq9SDL80avN9QGbySPHWWGmszdm8INtYMReSGFj1reJ07; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\netag: \"698c7094-2cc88\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a60568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":183432,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"1b65a0e3d39468da0320cd4f0525c5cc","sha1":"e780f97051a5133d192a8e07a0e23bdb83d0fb9c","sha256":"79ca9ea776ef4987c0fdec4c970fbca8c2086ae5f97ea80be9c42d73b4d34fec","sha512":"8f9dd0b35c1d15d0ecb43001a541dc5e643000f0edc2fe77a27ff1f0d5fa7b56b9df2b08efed8bf5161b78bc36c15a792c2d69c1a40a05271f968c07cdea95b7","ssdeep":"3072:Ke5vchPGm2Ut4878rfOQf8IUwNoypusj3DuUgvcVm4UZZJqwYZ1C:l+Gm2UtRDQf8IzNo+i/vym4UZZJqe","tlshash":"e904129e1667d7ff6268d8fa0d50730d42dbee813d9284c1eec01417a621a8d6cb8db3","first_seen":"2026-04-26T13:23:37.867268Z","last_seen":"2026-04-30T14:28:53.732208Z","times_seen":2,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":57,"dns":0,"connect":0,"send":0,"wait":51,"receive":107,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/InformativeWidget-DHYaBHsY.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/InformativeWidget-DHYaBHsY.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"43f-syKzE12zlL+Lr1Sxl11B2SgIb3s\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1087,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1086)","md5":"60fbcffeae3ed82e3c9e9d890c4641c5","sha1":"b322b3135db394bf8baf54b1975d41d928086f7b","sha256":"abb08e3ef3875fce677fe9c6eafd3a2f84ba9ed70d80c26811812d0b7f53a50f","sha512":"3e849905db3011903c7f03792daafc052757ad1396870d5ea6f389586f4870374e369dcfa92d1bc71b10b3d7a20f720f5b2ba377774cb524e74f4fbded0b6a19","ssdeep":"","tlshash":"e1117586f594d5bef0390dc44256d0946a212ee4cf38e4e999b5340ca87410bb7dbbbc","first_seen":"2026-04-21T19:21:57.953543Z","last_seen":"2026-04-30T14:34:08.122224Z","times_seen":17,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoJackpotPools-oN0RIPj0.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/CasinoJackpotPools-oN0RIPj0.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/JackpotPoolsWidgetContainer-BUz-kRPc.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"3ac-RsvSnzRtSOEO/l5iss/spaIRAbY\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":940,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (939)","md5":"41f2a9242ff28544ed90865c5d55bbb0","sha1":"46cbd29f346d48e10efe5e62b2cfeca5a21101b6","sha256":"7212413eba593159f4cb7bee4878a6d9a29e59601692b06d2a4e2e22da973489","sha512":"421034b5fbcba83b2becd9d4db843158930e569c7f94b37ec1e06e0848580243275c66743d5a5f0193fcf9a3e19686b6a1bcf9674eb277f4b182bfc7c7fd103a","ssdeep":"","tlshash":"f4110b8bf02ae2f8d5dc08e080a4925b073e2f38f65042c0009c1a2d96b280af639b82","first_seen":"2026-04-21T19:21:57.925952Z","last_seen":"2026-04-30T14:34:08.15753Z","times_seen":17,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Medium.eot?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Medium.eot?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"4663e-spN6+p6T4l0ueI2m5hBAzAO4LQ8\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":288318,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"d105571918aa7cd1d84ded2b0e79dc6b","sha1":"4bed5248f355a8f9ac992f365c5cc90644b3bfa5","sha256":"303f9cde80f62e76c822ef573a39992b01e556f15077973537644461740305a2","sha512":"0c72d8189fe7c73d1901ad13c06090504e135955b5b98da129d437e52cc33154f5b23a2b8092d89a92396e482f948cc7ca97acf27c2c0d4cf2aae95a358e044d","ssdeep":"6144:jVnJRxgEHt5PTBF28O8eaGBPMQceWQIOZs5MAnKOA6tcEMkUji:jVnJDHt5PTBF28O8eVPMQceF5kU2","tlshash":"9a54203bf66f992ec38d9a77e2a4cd131b60f554623fd9453b927e24a18d0cc063472a","first_seen":"2026-04-17T00:46:18.542077Z","last_seen":"2026-04-30T14:34:08.171127Z","times_seen":3,"resource_available":false,"data":null}},"time_used":367,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":364,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/index-Ds8oq4WI.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:08.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/index-Ds8oq4WI.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:09 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1170f1-I5Zp6VIAPQb7EH3/PimCFR+Tdmc\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1143025,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (24370)","md5":"0d324990c8129e03182cc8f21402fd48","sha1":"44956d962deffde7659878a1d3ccefc1bb84bba6","sha256":"21c73a02cad68aaeca8d3624cb73129219e272a3725c3bcb575e212e501842ea","sha512":"af0b190ed70261c1f3d371b116a6fe347ccea6b33717b8f96026066ab0361e4c7ec2f920d2ebd2e8c3f7e9870f7c93209d3713516933f9e6a946f13ff9b8245f","ssdeep":"24576:V2175NVDD95cW5njLk1xROPFl2E1j3q5lZ78v8YCC+:U175NVDD95cW5njLk1xROPFl2E1j3q5N","tlshash":"d4257d85b055b97997b709e564af1101b2351e00f44cc860f57cedae39b9808a2bbffe","first_seen":"2026-04-21T19:21:57.964279Z","last_seen":"2026-04-30T14:34:08.134776Z","times_seen":14,"resource_available":false,"data":null}},"time_used":348,"timings":{"blocked":63,"dns":2,"connect":19,"send":0,"wait":147,"receive":66,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"geoapi2.bcapps.org/?type=json","fqdn":"geoapi2.bcapps.org","domain":"bcapps.org","tld":"org"},"ip":{"addr":"185.162.230.7","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:10.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bcapps.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 16 Apr 2026 14:59:47 GMT","end":"Wed, 15 Jul 2026 15:59:45 GMT"},"fingerprint":{"sha1":"83:C2:58:4A:14:3D:DF:6E:68:C4:DC:BD:FC:25:2C:67:AD:37:5F:89","sha256":"6A:98:07:62:07:02:8E:08:92:16:9F:12:E9:95:31:9E:E1:E9:DE:2F:17:8E:45:0D:FC:67:5A:AB:F3:EF:4C:B3"}}},"request":{"raw":"GET /?type=json HTTP/1.1\r\nHost: geoapi2.bcapps.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:10 GMT\r\ncontent-type: application/json; charset=utf8\r\ncontent-length: 194\r\nserver: cloudflare\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nset-cookie: __cf_bm=vYT1ZRm4ErGimYhggeFnIZfYLc1jhw4jQRK0lxnfZH8-1777559290.4128947-1.0.1.1-Q3pIaK_STcMxnkMnzB02A8d8kj.DAoM.ioDm7ulm1FhoUxq4OdzdMVUMPeU6a_JNVf0xJI9bcXG1vCImmB_GUyWd57a3kHZihNaOuLmfGKY4ufvJ9xSpD6dtqtwFbNyK; HttpOnly; Secure; Path=/; Domain=bcapps.org; Expires=Thu, 30 Apr 2026 14:58:10 GMT\r\ncf-ray: 9f473b3d1c4256a8-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":267,"size_decoded":0,"mime_type":"application/json; charset=utf8","magic":"JSON text data","md5":"c2f32dc05ab37b33279caffb933b6458","sha1":"9aed3ffc73768785e2d761cc284c6b1d27ce55d6","sha256":"d06b623c0052cb374eaddee582d3d8607763ba094f53a3bc15b15cf2b14f6a04","sha512":"aff58dddf945f5d9a4cc42a7066ec0d1adce01f7621868fcebf3bd8ce0a7b50d30fbdf779cdd7381035cebdea8aa50550d1f2a4e2fb45df2b96567a414a69727","ssdeep":"","tlshash":"bdd02b3d0c4d8f0d7b6d61d8834ed21713761185c3cb59d146c6dd70c1c47997040440","first_seen":"2026-04-13T13:13:16.365723Z","last_seen":"2026-04-30T14:34:08.135949Z","times_seen":69,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":53,"dns":35,"connect":1,"send":0,"wait":45,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/NotificationsButton-CRcMibFE.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/NotificationsButton-CRcMibFE.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"22e-jbfDvstOTidmGwLYHn5K9sz4iHU\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":558,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (557)","md5":"86ebafbe3af7146152fb0e0725a77e17","sha1":"8db7c3becb4e4e27661b02d81e7e4af6ccf88875","sha256":"69534179649ab197e86d86fd81b15d6482270fbe2b586db9e5d53d8a5afe9de6","sha512":"fd414670b32c2952dabc84d33c09eefbdd8b11f690bd281ecbece9cccb7a4368177e7b7a5fd32d0f1765a72d9223db8f5894404fbf125f485a579109de1789ed","ssdeep":"","tlshash":"2af0208be998d9f41bc20910b32bd015383ab83cef4a688000ea2c58233005a891fa4f","first_seen":"2026-04-21T19:21:58.091812Z","last_seen":"2026-04-30T14:34:08.136415Z","times_seen":17,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":64,"dns":1,"connect":19,"send":0,"wait":21,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/content/images/payments/default/20129.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /content/images/payments/default/20129.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nset-cookie: __cf_bm=sTph2.p0vnBIo3M4QU9S.9hIoIx2F9xEJ54LYRPAp1s-1777559292.0010276-1.0.1.1-lx7QaJndHriY5GTAoHv4UYM7pUuF5kXGSP5u_zhOZuNMyekr4vNBGqnEQO0nv0tX1xCCYNET1IALlsNZsPdOeG7_e5_sMPBlZmtwNhcReXODQ6ZwFgHtegmhlXmVSEEK; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9f473b46fa55568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-30T19:35:18.687432Z","times_seen":14438163,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":24,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/Casino.BjyJcCbk.css","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/Casino.BjyJcCbk.css HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"8bc1-J3GVrgfl5ea7tLZzLDoE1BrwTrM\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35777,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (35770)","md5":"f113b1c9638ce76e385e727e0ea46694","sha1":"277195ae07e5e5e6bbb4b6732c3a04d41af04eb3","sha256":"5365ca88751244c00948d0275a580d625398578985219c10ab31efd9f8289c35","sha512":"768492a4bdec3871cd5e1eba328330f381846d86c3d9a9f85adf02e49f6d53042c1846be971b332a5f73702b2351f4a048a799744993e32b65ee9e4321439c15","ssdeep":"384:Rpo8j6E4sa1Hk9eeGKtNyGG6PwPJwWzY8IwgrOl009Hkz7qQXFDpNDF6:RZj6E7Ie3uIIEz1XN96","tlshash":"6cf28673961923bd75b796523ac0de9ce81c48b9da232641ec967237c3c79992c307ec","first_seen":"2026-03-01T06:34:53.940522Z","last_seen":"2026-04-30T14:34:08.153411Z","times_seen":58,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-RegularItalic.ttf?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-RegularItalic.ttf?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/conf.json?v=1777559400000","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /conf.json?v=1777559400000 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"5bde-uCGbNTEu05LUYaQ7OREwU7LzrrE\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23518,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"33e0f65483b89ffd0b6e071c5065b28d","sha1":"b8219b35312ed392d461a43b39113053b2f3aeb1","sha256":"164206e8de11e8693ad30d3c24b97a86e052ca4dd525e99d98fcce81541e68c5","sha512":"614f0e2039b4ca5897d554b69cb669c1fef177ce072e4008491f71c98beb660702be6cd9868c8b5a0ddde91aef7fe8b4bd72873daa78309e34704edb2a89bfc5","ssdeep":"384:tiodO1z2PEn+LoU4rWmnzl8mAAtrfSn32VkrN/Sm36:tOz2PEn+LoU4rWmnzl8m3trfSn5/B6","tlshash":"0cb21028d5744db302c661b4a8ae6147f534948b4e98bc293f4c826c0f5da2f29bb7dd","first_seen":"2026-04-30T14:28:53.736659Z","last_seen":"2026-04-30T14:34:08.120579Z","times_seen":2,"resource_available":false,"data":null}},"time_used":463,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":462,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/homepage.json?v=04/21/2026-12:12","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /homepage.json?v=04/21/2026-12:12 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"938-QlkLW346b2vIVRB346mLDK+Fnkg\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2360,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"675b507b70f39e07be8925f75058608a","sha1":"42590b5b7e3a6f6bc8551077e3a98b0caf859e48","sha256":"947b6764624290fda0991b5e06f0cc8ec17f469fa6ea3abd374cebd9a25fdf93","sha512":"a11bbe53280dbad32c58212b454a474a02a254a4704964cda44d191e82e32cf6dbf79afb0329eb54200f9b07a4d89a5342b62c726bbe3aa8fb0888cfccfdadaa","ssdeep":"","tlshash":"39415d3d6c10deb8b3a08a23d28267c16546d968c7d44c5c1cedea6ad3ed29d1484fbf","first_seen":"2025-12-24T22:39:16.115426Z","last_seen":"2026-04-30T14:34:08.174115Z","times_seen":30,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_10423_751_8beb054b29ce4e760148d673aebb878e.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_10423_751_8beb054b29ce4e760148d673aebb878e.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 181535\r\nserver: cloudflare\r\nset-cookie: __cf_bm=IlwvCTa7F73wKB2po.ZMjNnX1pKrRPjeSNAxrvjev7M-1777559292.0032306-1.0.1.1-IdyuLoxXdgKc.cx_WI5G3TTKbDTHJDiwBsZXH9x6Qk.Fc255bpuwOZVf40IIVwIr7T31KaTE9OAIEDjsU99HcVd2Lm4mWkW6_pp2qiLqvCpU6BZUkw_ZcJLnnocWp3ff; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Tue, 21 Apr 2026 12:55:27 GMT\r\netag: \"69e773bf-2c51f\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a5c568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":181535,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"1411843b084ca5211e82e54d68a53d9d","sha1":"3c6383e836db133072f0bafd631f988a0d041826","sha256":"aaefb2c5e871d72be78c0699495871ae8f171f3aee058b8794e9da3abe44b6ad","sha512":"6ab4c4c9fc6d8363ff223056fd21e061d5c5b3f302c28a32e7735d4c44b30577d4fd6d362c749c8db471e7856545a53ce98172466e481581747a257244d7bf19","ssdeep":"3072:Knp0pjbHYdHClxIaztzm538yl9fvDfFSNCcJbfzUW9rcQtyM2GKWXJt2S1mFbdC2:sef4AvFzsai9HpgCc5gEmGDz2FhFeA","tlshash":"120423def496cc6b9e13cad40d91b073ae82d1792b95e3e901d1a086f0065a7b771e0f","first_seen":"2026-04-26T13:23:37.927294Z","last_seen":"2026-04-30T14:28:53.738796Z","times_seen":2,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":58,"dns":0,"connect":0,"send":0,"wait":250,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/index.6hr6LgI6.css","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/index.6hr6LgI6.css HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"4e4-6s/qza/fhzjzJcukzZNSutKCmk0\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1252,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1251)","md5":"d03ad7d634db584e4aed770123954f9b","sha1":"eacfeacdafdf8738f325cba4cd9352bad2829a4d","sha256":"7dc01c1d9e89862143b3c4cc81a2255e63cdb8412bf7421061819919fc2c6bf5","sha512":"e4641ddc5f100aec535f0f87f4b4cf617ff4fe450de4ed993b3681bec62023646689f9f12edc7b03c4dbf21e0b98081e4e8dd5b0b0a13970fd25946f953bde37","ssdeep":"","tlshash":"f0218ad7190b14feba73a6bf454346ebe5238c5bce63114ab6c21729c4827a2422245c","first_seen":"2025-10-29T09:08:38.623149Z","last_seen":"2026-04-30T14:34:08.133693Z","times_seen":1024,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Medium.woff?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.280Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Medium.woff?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":170,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/SmartMarketEvent-B7WtyuM0.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/SmartMarketEvent-B7WtyuM0.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"393-ObQkuiv2VGPLtHYhHAvtYpx/ikA\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":915,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (914)","md5":"e5f7f6f8087e9e7aebb653a2b2644251","sha1":"39b424ba2bf65463cbb476211c0bed629c7f8a40","sha256":"4dcdb15231b668cd76f3eff25b1aca409eff56252a0f7da334334d1287a295b2","sha512":"4bb811566e18e5e1ba25aafe78ec695948ba97fbff53298fe5310941d5a5f848b133f795344f1be6975fd935488d914ca12a54ba497a7844e2350975993f23f5","ssdeep":"","tlshash":"e611e3e6d440323e0671c8bdd1109b41415c13d7cb200269e58b86f573fd0fda34ee59","first_seen":"2026-04-21T19:21:57.930382Z","last_seen":"2026-04-30T14:34:08.1447Z","times_seen":17,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":118,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/casino/partners/0/platforms/0/games?category=406\u0026limit=12","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/casino/partners/0/platforms/0/games?category=406\u0026limit=12 HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=F_su6aIKtlLH8Jusytl0zzD6fRAor0zpmvZ_1FS.rHs-1777559292.4557226-1.0.1.1-xf7bEaRbe4013h4PuzvPQfbTJCHUQWcvaDDMKgWLdwrtCZfC8ZLLFU1pKVzgYfQ8rqqz2W1i6yuD7fO4Qlwgaswx2RidFS7Cv4fpEf6y4KayN3nS40Y3.grwndfw2b.u; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b49dabb56c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/cdn-cgi/rum?","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:15.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 421\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":421,"data":"{\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":2679,\"startTime\":1777559288669,\"versions\":{\"fl\":\"2024.11.0\",\"js\":\"2026.2.0\",\"timings\":1},\"pageloadId\":\"67d97064-8a3e-49d7-98dd-211fdab83420\",\"location\":\"https://galabet1o61.com/en/\",\"nt\":\"navigate\",\"timingsV2\":{\"nextHopProtocol\":\"http/1.1\",\"transferSize\":6621,\"decodedBodySize\":22405},\"siteToken\":\"f62e8b03fbc24ef0827be60d0a72291c\",\"st\":2}"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:16 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":301,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/6995ca3273d8cb1c357e525e/1jhohrlor","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"172.66.161.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 06 Mar 2026 09:33:33 GMT","end":"Thu, 04 Jun 2026 10:33:27 GMT"},"fingerprint":{"sha1":"F0:6C:DC:32:63:CD:34:E3:15:CD:7F:77:F5:A3:64:E0:9B:36:95:83","sha256":"B6:7F:6E:A3:69:3E:0D:3B:04:3E:8B:65:86:7E:1D:5F:82:84:18:16:8D:AD:72:D5:51:E3:46:BC:BD:CD:BC:38"}}},"request":{"raw":"GET /6995ca3273d8cb1c357e525e/1jhohrlor HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Thu, 30 Apr 2026 14:28:09 GMT\r\ncontent-type: application/x-javascript\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, s-maxage=2592000\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 906\r\ncf-cache-status: HIT\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9f473b393e5b712a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/x-javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-30T19:35:18.687432Z","times_seen":14438163,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/index.C0U6OaZb.css","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/index.C0U6OaZb.css HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:09 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"7e275-CqWawD0QmdxI/38P9JFTjSBS6vM\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":516725,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (62128), with no line terminators","md5":"9d1ca664fc24466f1378adc92dcb702e","sha1":"f7bb6bf88ce3d1558974060383dff8f0444e1838","sha256":"54bf25fad702aac6fcca3b0316753f2558c2380dc231ea5d16509addd5e8d7ee","sha512":"0534c8fd0a8a205def6f51327ed676c240ac7f38718127a90ba8971e161745980634407edfa9b6750d536acc8154573b02206e1f31203bc8ec31f74a61be193c","ssdeep":"3072:HT1qmID/L6Zt4llM9bkoHhIZpbnj0tseBrxSaQFv:HJqmID/L6Zt4llM9bVhNVRA","tlshash":"4fb4c8a2968822f87b33d61f93d5b38cb014f071d9621d6ff19a612dc6d66900263f7e","first_seen":"2026-04-21T19:21:58.049878Z","last_seen":"2026-04-30T14:34:08.139873Z","times_seen":16,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":47,"dns":1,"connect":19,"send":0,"wait":60,"receive":23,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/BetConstruct-Icons.Dy6tH3mM.woff2?6reyr0","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/BetConstruct-Icons.Dy6tH3mM.woff2?6reyr0 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":43,"dns":0,"connect":0,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_3578_751_7fbfb335b813b47f763e24b4e5d9065f.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_3578_751_7fbfb335b813b47f763e24b4e5d9065f.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 172391\r\nserver: cloudflare\r\nset-cookie: __cf_bm=7frcM574PHbPvQDrdG9Rps8eze5CIgPy0DYe56111b4-1777559291.9977741-1.0.1.1-CHQleNGULzCwmg6puzcL5Fl2NuIq0eMysbDWFz51Bk9V9WxAkTEKY12M2_TgkTIMwSo84_4jtLuqqplThTd4.ZsFi_B0GPAwyp_d7PRTFh.oK1GHdEjku00SJCwStc0S; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Fri, 12 Dec 2025 07:17:35 GMT\r\netag: \"693bc18f-2a167\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b46fa45568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":172391,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"5ed2fdbf4ac79d3ce0acdf5b3999b591","sha1":"754241b902585ca511e7574aeedaf128dcd2a23a","sha256":"1dbf7019d127f4ce116068b3c726a876d2e0212879631bf71d9ee7bbc5bd572c","sha512":"71429482016a6cde57e6eb1f9a189e8350499dd22355e417fec066d1c692c77b83d5680770fe4e6b0178b9c49615dee51ad95454ab3b929435a1b7e1eb73743e","ssdeep":"3072:TJaz7wCR+9PcWWRtLuPlhGbZ01ZZt5C3otj8BUBp70g2TKCeJ4hC6W0irgfdLC50:VW7+9+fuPuub04B8WBp0DGJWVW0irgJD","tlshash":"0bf3125335e092becfc81535151989aecaf750c69a1df299c2b35253ae8e053ffc21e2","first_seen":"2026-04-26T13:23:37.9384Z","last_seen":"2026-04-30T14:28:53.741562Z","times_seen":2,"resource_available":false,"data":null}},"time_used":325,"timings":{"blocked":30,"dns":11,"connect":7,"send":0,"wait":201,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_17478_751_34c5eb0b02c3cdf119051792532fddaf.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_17478_751_34c5eb0b02c3cdf119051792532fddaf.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 174366\r\nserver: cloudflare\r\nset-cookie: __cf_bm=X9zVPoYdy7IjaIs_7YkCYRtE7RZvJXOlJsoNGZV44uE-1777559291.9991395-1.0.1.1-Fze4gtwWhmTY2KoYkNgzE2k07RxGsTU7YH0ys.gOfBMXUZ441c2l3YNx4AMIHOnccukLIuQFBOSnNfW_0yw8pxPDGbhSpZZQPMzAVqpzRyyM1R7ehwOX5iv5zIAyxfjD; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Sat, 13 Dec 2025 10:25:44 GMT\r\netag: \"693d3f28-2a91e\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b46fa4a568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":174366,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"091813f336f3886b700f5b31779805ce","sha1":"6a146115ba52c6e11f2abac2ebb13f6f0807f910","sha256":"0d44b46801d61b1528f90e76e38324f32ad912c830c10523b04ce6db7ad2744d","sha512":"3618ac3e2cfded010cc0ffb3ce36ef9a941b7b383a4301299df77b3fb3394719feb84a8cdde5c2cf0b11411815b27123a915710545166824f0ead06b9ad66ce8","ssdeep":"3072:b6ggZgBe6yRbHztvOwFdQz4V24kUkWyO00O/A3ZRli4bAF7o0y/HpRcg9OV9tp:xXvyRbJOVz4V2WyeOWRI4cEnh9Ortp","tlshash":"8304129109dc497395fcae88163a986c0bd3f0864fc49b0ce396af939dde644fc25ac5","first_seen":"2026-04-26T13:23:37.916392Z","last_seen":"2026-04-30T14:28:53.742477Z","times_seen":2,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":28,"dns":0,"connect":0,"send":0,"wait":209,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/withPanelButton-aAeMPmmR.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/withPanelButton-aAeMPmmR.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"441-fSHXAcRYFX7shRY8Oi+ck0+BpTA\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1089,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1088)","md5":"00390da6d74e90c2dd3d0e554dfd3f70","sha1":"7d21d701c458157eec85163c3a2f9c934f81a530","sha256":"5a3735e14ff299003e3c8ab9cda80cd0c065eee8cca7ec4adbe61af665dd04cb","sha512":"e39954547caf1efaf4e91f5d6c23374b7e455a2582e877c40953ec72b27de752b4d10264776a71671e06c63fe072c1962a69e5c7d4150aa77fe8c187d0b48275","ssdeep":"","tlshash":"4f11f0e4f5c4adb1e0c40188577b2cb6719a32d9dce1149021b6c8da5fa90489a1e9ae","first_seen":"2026-04-21T19:21:58.107547Z","last_seen":"2026-04-30T14:34:08.118317Z","times_seen":17,"resource_available":true,"data":null}},"time_used":137,"timings":{"blocked":50,"dns":1,"connect":18,"send":0,"wait":25,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_17501_751_7bdff02f1995ef1c23d1de2d364d43a5.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_17501_751_7bdff02f1995ef1c23d1de2d364d43a5.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 177666\r\nserver: cloudflare\r\nset-cookie: __cf_bm=T0XhCPK3MzzTLXJAg1t2OSeW.g4f6xZvkkwV1idEO7c-1777559291.9987373-1.0.1.1-zecTw8l4k6JkD3BkfFhxVFeZpQv_92IDpOWSIV36B6Zd7NruT28J3JnGF79.1yQqo7VN4Uhd7qFVjsIdDDlPcfxTm4g2CEPaoaLBHIeyd_Wf6UQMnsIV0ZFSKZHLP6Ok; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Sat, 13 Dec 2025 10:24:24 GMT\r\netag: \"693d3ed8-2b602\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b46fa49568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":177666,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"ec419124c74c2fe25e558431280e987a","sha1":"5dea566218e761709bbd29e57ef3c56c128567a6","sha256":"c96258f6e3ecea86be3e0fd7b1b8b2cd141ecf3ee42548db0832db4bed9c0c95","sha512":"69f096d5d77df54d3885fc7a96c090c4b1a527ca83fc09c201cdea687f3a40a353e91db4e3c8aa82a9739e25abe9085f95d6571d9e0010a2998c63096a9f1e1a","ssdeep":"3072:Hsx60nyV5+RCZUEYL6rur6bmPnpqIkHSMsx8kdxyxUzrVpP:Hl0nyVsgZUNL6K+bm5AGOky+JB","tlshash":"540423d47f7f506f98573c9b908de489988b5c040e2c40d429be736f2f7fe861a65226","first_seen":"2026-04-26T13:23:37.846767Z","last_seen":"2026-04-30T14:28:53.744081Z","times_seen":2,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":29,"dns":0,"connect":0,"send":0,"wait":256,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_15092_751_4d8f13bc2f50b6d112ee5f78f765e90c.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.976Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_15092_751_4d8f13bc2f50b6d112ee5f78f765e90c.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 178679\r\nserver: cloudflare\r\nset-cookie: __cf_bm=odp_WMiWepJFEzR4Ie2ODh6G3BnHuCVngPbXWVk5K1k-1777559292.0045137-1.0.1.1-nA2Ae37J9eon_RhlwLNI71M0l0P1Y7fguhjtPsDGwC6DOevB51UHdi8ejgHqsiNStz6O16oQieTWcR1bnWRj5leaRgbo9sVRvFiUHni1_Vxsm.BVduFw8LOAdptW6bHj; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Sat, 21 Feb 2026 13:08:36 GMT\r\netag: \"6999ae54-2b9f7\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a62568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":178679,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"5893b5ad9a524f6b6bf2f41ab4af1581","sha1":"14b907626c973a0fe353e4cb66033f387e99937c","sha256":"ee802e6e7dad2ca5229e95aa996988b734fcb79cef6a5a6970c9d3fc38564429","sha512":"9970c2d1bad7c55e2bea98138684971cfe624f3b6e49ac4f42ac51903c24cd759f2f74845466408244ad7fc691b83fea20f1ee0f3c401494b6b322f98c24f23c","ssdeep":"3072:ZVSmpQiUVRcy8hvndWOOJJBrpybu/kLckV3aOaYx9AVWWmH:XpQisRwvd5OJJl4bEkLdpHx9A6","tlshash":"41041298464a47f1dea1ecac34705c4017fb16ed18b09293a79d1ecfe4c9d6d0edaa0b","first_seen":"2026-04-26T13:23:37.855609Z","last_seen":"2026-04-30T14:28:53.745284Z","times_seen":2,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":22,"dns":0,"connect":0,"send":0,"wait":237,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/DisabledMarketEvent-FWjdbj0n.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/DisabledMarketEvent-FWjdbj0n.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"a9d-O4CRPtiSCuzcTKBEMdAjMkucurE\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2717,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2716)","md5":"50a2a8cc9d6ca650a99c9fda804b660c","sha1":"3b80913ed8920aecdc4ca04431d023324b9cbab1","sha256":"0e7c8e782ba6769acca5bbe1ad0579a62501cd1efcff863bed92710e0c3ad503","sha512":"f8c660756fafb1ed63a3a9176e80e4938c6b16c899596afec0dd998a8f5c8f3df15101001ecf320bbeaa49537c64c7becac3cc18070ce34926bb6a2483736bac","ssdeep":"","tlshash":"6c51866df290fa3d993600dcd27b1f1f201a17a2d6560592d0be8c29155c0dd366ffd9","first_seen":"2026-04-21T19:21:57.965296Z","last_seen":"2026-04-30T14:34:08.145724Z","times_seen":17,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":107,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Bold.ttf?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Bold.ttf?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"467d5-uOfEuCM7RqoHGxQeCnGoH0B4iME\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":288725,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"TrueType Font data, 16 tables, 1st \"FFTM\", name offset 0xbfbdefbf","md5":"f4a6b1b2a22278a6dceac5246b064069","sha1":"78cd2cea6781e8a23443ae70d2f4094748102576","sha256":"cced5852d416c72363c1fd72a502c0e55314a9c16e8992504635a5fd9fb2bb08","sha512":"1eba010bf065ce0df13c410881d96fb05353790c9b00a66028f7ff1b35f6a8fe00a97f155e0e3aea20984e99d8b9a510fac542a7d70a65beafe4ef20287301eb","ssdeep":"6144:x8otGaKnTV6NzkSkbn79NH+71qP4/4ZROQ+eaDxvPMQcyNo4OZs5MAnKOA6AHAlD:x81aKB6NzkSkbn79NH+71qA/4ZROQ+e0","tlshash":"5f54303bf62f992ed3898a77d6a0cd031b20f554213fe9593b927e24a58d1cc067077a","first_seen":"2026-04-17T00:46:18.421342Z","last_seen":"2026-04-30T14:34:08.134234Z","times_seen":3,"resource_available":false,"data":null}},"time_used":547,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":511,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/LiveChatAdviser-rT6Ygk8F.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/LiveChatAdviser-rT6Ygk8F.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"35e-EKUENUCJi+8AWVDvln27MXu3v70\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":862,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (861)","md5":"cd8ad8ddbe0141aa7f26e2e2abfe85fa","sha1":"10a5043540898bef005950ef967dbb317bb7bfbd","sha256":"be2be9c6b4ce6017079f7d0ee19b82ab9dc28bb1a48cd08688dc1dcbf9431a28","sha512":"29fc2b9c466510861c8cf41ea92fb2986518c9004dc0e0a44389174028441cd309869653504daeba7ff35e221f6ce63525a229915ba103b4ddca6b30988ca78c","ssdeep":"","tlshash":"a31156d5f0c7a3fd6667244cd35a704330064fb4c13d1d75407b15645a6ce0aa30eed4","first_seen":"2026-04-21T19:21:58.034133Z","last_seen":"2026-04-30T14:34:08.121161Z","times_seen":17,"resource_available":true,"data":null}},"time_used":139,"timings":{"blocked":54,"dns":1,"connect":20,"send":0,"wait":21,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_17473_751_f56468091fe29f823a1b31dbf7efc8cf.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.970Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_17473_751_f56468091fe29f823a1b31dbf7efc8cf.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 176912\r\nserver: cloudflare\r\nset-cookie: __cf_bm=McBWZv8gbF5Gpy_UlEy9Q1FrAtr.L94ECuuPO8Sv4Pk-1777559292.0007143-1.0.1.1-5rBIkPQlJSPVLkVmDoS7vCQkDXaoasn19.ik.fh_4RfBuPiXBGIYqa7BUIbUnPZWWmb70tTGK1zt3Seb4NO0Rr0VvZ2Uzw03bStEpliLEnrwPMiqI_QEG2mmK2mvGFJ_; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Mon, 05 Jan 2026 08:03:11 GMT\r\netag: \"695b703f-2b310\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b46fa54568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":176912,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"9aefd170161b112bb3c0076344a125ec","sha1":"00a9bc74493f4552777d447aa1bcc7f92d1ad7c8","sha256":"74b67b8a0da108acbf28501b18c7c402d268c3d53c09a939c1b6cf02271c3bec","sha512":"207ee7e8c2572242166d56098feaf991dfcd2a80e34aacbadbc25b0c0ba522474446d0d02e661c331ace4570f79d8fb0137694203b1306d6d19ac75a7a7f6607","ssdeep":"3072:t58TdM5apmYXWTe+BC+t3xjrO7AOcvG69Dy8jGh3+dvb21hLl1tRW+xd1Co:v8JMkDXWTeIC+vjrO+G69Q+dj21ZlLRl","tlshash":"0f042228617864cf8c77092149cff4ed2dc6fa05f990d964c2e99033846ffa62b79d06","first_seen":"2026-04-26T13:23:37.863364Z","last_seen":"2026-04-30T14:28:53.750387Z","times_seen":2,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":24,"dns":0,"connect":0,"send":0,"wait":236,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_13141_751_0aa76ee4b1e2c815f999cb1c19a87dd3.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_13141_751_0aa76ee4b1e2c815f999cb1c19a87dd3.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 180436\r\nserver: cloudflare\r\nset-cookie: __cf_bm=FwaxRqu8aZ7QKPKNPLF1_R4Q8fcC47aJw_iDNM4DOIw-1777559292.0094957-1.0.1.1-q3YvOqV9YP4XboJt4t54SVIjKevalSDOnd3LsP_a6M2ueII6RYno0klF.uPsdc_pPBQIwlTWtMjTG6vtFWHXV4pS_JIU1AqWJ4k3fWSHIWtj35CeKZ2TWLM03bWdk1UF; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Mon, 12 Jan 2026 13:37:15 GMT\r\netag: \"6964f90b-2c0d4\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a6e568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":180436,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"8960fc42ef92fc053307cce9e31e267a","sha1":"1030013fc2735960fa102a3ee156bccfbda1ff6d","sha256":"ab03c008173e6ae0c3ea3d02ec043afc168e736d6774354578e0ed93dff6e152","sha512":"cf4605f28cbf37657354e6856bd2e26a2ef6f54dc0d79b200446c99734955b16eb62818709b552bb541e6e29f36b9de64b3948232de87c7c8a99e9d517bd2381","ssdeep":"3072:KOu1/cnuIiK/5W2Jk6e05c1HvR9FF6wOtc7YE43iGO/5cMHjxJi2gIV659pZeG3j:FuanuIiKR/JTe05cVtgEt4SGO/59Ji3v","tlshash":"b0041253c799d89e11b0fb20343c407669fdcf179a36e14a862c3ef9491b0fa85b9267","first_seen":"2026-04-26T13:23:37.851874Z","last_seen":"2026-04-30T14:28:53.751654Z","times_seen":2,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":25,"dns":0,"connect":0,"send":0,"wait":234,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/getLiveGameAdditionalInfo-1e_kccjA.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/getLiveGameAdditionalInfo-1e_kccjA.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"47e-nHwvEORXDO7zWHjg65+ZA09AIrw\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1148)","md5":"9bb57f8ed3bf0092c1d9d7726e2c56f6","sha1":"9c7c2f10e4570ceef35878e0eb9f99034f4022bc","sha256":"999096f879252dbaccdbd4336531a29fd06f07b149c980ba1023451b1f2de803","sha512":"e97d70832bb7e44c063eb2296db51a9e828f695b7fcc8df723f934f9531b3dcacf05d475de8fc9a3dacb8399bb30a53484eaa560b0402b90ce27c48d9aa0f538","ssdeep":"","tlshash":"4c2144b2706d92bfe5c94c9457b01b31a2b1ba09380445ccbb3cc91928774c4a7e2039","first_seen":"2026-04-21T19:21:58.05787Z","last_seen":"2026-04-30T14:34:08.123783Z","times_seen":17,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":95,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/casino/partners/0/platforms/0/games?category=28\u0026limit=12","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/casino/partners/0/platforms/0/games?category=28\u0026limit=12 HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=E4RwxeXe7BjzHCbKUTy9cuDcV4B3gNcJku4N.PORSB4-1777559292.4507825-1.0.1.1-7oeJ1zaxLOWCGglzDeo.7gqaBPj5wUl2X7_eeUE4mJGHDc_GvwkjKbULenL4HEMiyfgSNcA7YpQTxDbMj.HHrHoU67czgv5Npn6uxwivVsDTUFuSLwhGwfQIb9ShlZhA; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b49cab256c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-30T14:28:08.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:08 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"5785-XeoEHbrEM9Rsj2usyH8HsCKAzdI\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":22405,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (712)","md5":"29f7f99e439d4f4fb3befa418176b921","sha1":"5dea041dbac433d46c8f6bacc87f07b02280cdd2","sha256":"b789107b4eda5badb76eb1d4eeada369f3b7f4b94d348c036aa536c6ab78e4a2","sha512":"af5c629c5d2349c505b2cb0305d258a22e828ffba599d224c7c048a5f0152cac18c248e6a93e70f57442c04dc43ba9f6530176c865615b532fc20b9ec8235d64","ssdeep":"384:krTT6JeD8l6UIh/ik0egXpFD0xba7DwNx0SA2XEsuWdG5:YHVD8l6U/egXpFD0YQNxXA20suWd+","tlshash":"d4a2b75a38f2b03a0227607f6a6bf24d7f3554036905dc9579dc87586f80f798ab3ac8","first_seen":"2026-04-30T14:28:53.725546Z","last_seen":"2026-04-30T14:34:08.132624Z","times_seen":2,"resource_available":true,"data":null}},"time_used":127,"timings":{"blocked":50,"dns":1,"connect":18,"send":0,"wait":26,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/FavoriteGamesButton-Bxkpo1Wf.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/FavoriteGamesButton-Bxkpo1Wf.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 427\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1ab-noveWNsbaQiGPLjYMNG/IMUnCIw\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":427,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (426)","md5":"d6b5f57863a996d61fadccd2e93cfba5","sha1":"9e8bde58db1b6908863cb8d830d1bf20c527088c","sha256":"127cb14f655ee71ccc244d198580bce314386d9955ec14858a368a6ee15b17c3","sha512":"85afeb40140f71dceb17cc44bc5e5a921b973d5b790176d8d60259736260012b731a2676976afbec92013d0fd0446f77fed9adab81f6f98be08d45170ec925e4","ssdeep":"","tlshash":"92e0a34ad048d2f927421a902607c0142826a47cd79cf49040ce18543d71457891e92f","first_seen":"2026-04-21T19:21:58.079589Z","last_seen":"2026-04-30T14:34:08.137859Z","times_seen":17,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":6,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/JourneyAdviser-ZLeRKwPS.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/JourneyAdviser-ZLeRKwPS.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"2c1-hP1tsbVzYjs6iHM4ZiA7QPVwPKA\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":705,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (704)","md5":"6536542721f94dc5131c6a3c0cd90007","sha1":"84fd6db1b573623b3a88733866203b40f5703ca0","sha256":"6b515ac72b2761c5bc901246cdfdfdebf620ac64fecbeacb69577fefb47648ae","sha512":"745d0da77d6fd5c7d54a28bb6b43fd66536f55c00b4b1999f99abd1436f98d155019d2c142a6925915097c5d7398fca6fba35ae3f7522d75f96eb7087bc37b7b","ssdeep":"","tlshash":"6f01cbc5e088e7fd99670889637e40213019aeb9d639e4e980bc39606b3d44ae50fb8d","first_seen":"2026-04-26T13:23:37.917553Z","last_seen":"2026-04-30T14:34:08.124639Z","times_seen":3,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":40,"dns":1,"connect":19,"send":0,"wait":20,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/TabItem-CBgyJEAy.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/TabItem-CBgyJEAy.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 423\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1a7-1A9gYfP2fmwhj2ONZCfYEQF/L7Y\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":423,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (422)","md5":"d79478834b00dffb7dc6de2a25faf6fc","sha1":"d40f6061f3f67e6c218f638d6427d811017f2fb6","sha256":"c95ec55021a79a8038d979692a44c38f0bdc43104ce11e17b5c48ec14f2dd43b","sha512":"49dd7eca3104b3e9b967337cc390241c8b3cfdda17e1a6da3a69c58d51e9472d24c62719f120b7bca45dbf2bb92d2cfaa11e0b555cef0e8220edf1ebbea01ae9","ssdeep":"","tlshash":"0ce02b92b010f3f9996b54d6d27ed4c776120ddcdaa688e5e0a22044432e561f74ff8e","first_seen":"2026-04-21T19:21:57.911833Z","last_seen":"2026-04-30T14:34:08.125622Z","times_seen":17,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/notifications/whats_new?platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/notifications/whats_new?platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=C1uj21e2SRPnI.b8dYk5mJmiRKm5zYrNTfBkApebPOg-1777559292.1904607-1.0.1.1-DJOXixSypRfqrQvSdQvbn875qP8oPJFXC43iBGcqmn6OCzk5sTcU463.CAPreUJmR6MNiVG4JfOmycCvIxjWFcEH5laPmM4ksGHpvb3auMqYLcQ4axuLYG1pqtYFdGik; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b48291c56c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/FeaturedGames-CW2_S--l.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/FeaturedGames-CW2_S--l.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1ede-DHXWQAV3oq9TShaD3oCQxSSdrqE\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":7902,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (7901)","md5":"f8b8d127944eda40e7ea9f4a712f8ddc","sha1":"0c75d6400577a2af534a1683de8090c5249daea1","sha256":"18d8b3cedb9050e048a70b1412ce358569b258a10df59218915088ec26c0fa24","sha512":"857953dd10632d3c885574e06dc65a427bec2e86cf54351cc03f876db36494016aae5551c54d9abfc8976de4720c10a436ca91f3171786816d755e1a7e2bf54f","ssdeep":"192:RE/TM3f6HEEUD+Z9y7NaoihCWOJLwL4BflgayjPi:i7MyHE2ZA7NaDh6gaCa","tlshash":"a9f1f90ae010ba7de57b45eb757f6108f87a0ad0e7190890d07f6d2919e9246733ef8b","first_seen":"2026-04-21T19:21:57.961775Z","last_seen":"2026-04-30T14:34:08.136896Z","times_seen":17,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Medium.woff?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Medium.woff?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":20,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/payments.json?v=04/21/2026-12:12","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:10.313Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /payments.json?v=04/21/2026-12:12 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:10 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"177eb-gXFdyJlZUElc7ZV2wAA+ePfN7UU\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96235,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"3ddd30afc164bb68545c14549c99e060","sha1":"81715dc8995950495ced9576c0003e78f7cded45","sha256":"a09207f3037c9ee0c360776c721f6d3dfd6cc5f1ba39dd0c8fea3e8285b9bfff","sha512":"37494dd24a88619d62442a12f7d0edf4fa7af73f467bf205c4cee2a778c84839a222e6fe41e278cac8650f05fc02aaaddf4bb34996d2adf86a98763e8fa5abfa","ssdeep":"384:SuQirsZJGtBM29V/6QhiEL9ztQX3tS7cf7t5tJirHIxiqaUiox4n7qbaci8Y6unV:zrp6zELrtfNsP/R6b","tlshash":"0f93f1a4d8690ce7198572e468bf9207766046478e2dbd4eb75cc82d0fdec0fadb426c","first_seen":"2026-04-23T13:18:15.351757Z","last_seen":"2026-04-30T19:32:29.864255Z","times_seen":19,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/menus/header_menu_0_eng.json","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /menus/header_menu_0_eng.json HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"5785-XeoEHbrEM9Rsj2usyH8HsCKAzdI\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}],"data":{"size":22405,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (712)","md5":"29f7f99e439d4f4fb3befa418176b921","sha1":"5dea041dbac433d46c8f6bacc87f07b02280cdd2","sha256":"b789107b4eda5badb76eb1d4eeada369f3b7f4b94d348c036aa536c6ab78e4a2","sha512":"af5c629c5d2349c505b2cb0305d258a22e828ffba599d224c7c048a5f0152cac18c248e6a93e70f57442c04dc43ba9f6530176c865615b532fc20b9ec8235d64","ssdeep":"384:krTT6JeD8l6UIh/ik0egXpFD0xba7DwNx0SA2XEsuWdG5:YHVD8l6U/egXpFD0YQNxXA20suWd+","tlshash":"d4a2b75a38f2b03a0227607f6a6bf24d7f3554036905dc9579dc87586f80f798ab3ac8","first_seen":"2026-04-30T14:28:53.725546Z","last_seen":"2026-04-30T14:34:08.132624Z","times_seen":2,"resource_available":true,"data":null}},"time_used":180,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/FeaturedGames.BqGfbibX.css","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/FeaturedGames.BqGfbibX.css HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1baa-UnbJe3DzrIMb4Ue9nTGE64Uyotw\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":7082,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7081)","md5":"b9d344659eda7f84d59b2ca785922590","sha1":"5276c97b70f3ac831be147bd9d3184eb8532a2dc","sha256":"e89b502316316e94643e2b764cf5688400f9359a0dce35ddb32f4d1b6025e20c","sha512":"56e9d6058b85b8fd878993b2ee6e6ed7f5acfe624e013631471f889e36f34543c3ec77987f452bd46ec2e5c5d93266f4e01a5f80662867760c46463fe4c7235d","ssdeep":"192:TYFnOFceEDvCElpcFpgZFcV3r90CCkPaifKLwp2xA:sFnOFceGrcFp+FcVRWg","tlshash":"cee13115710e3a387a23a1ff26905b8ef4dac0f1de2a2d3ea490272bcad63560535d58","first_seen":"2026-01-23T19:25:36.430155Z","last_seen":"2026-04-30T14:34:08.164107Z","times_seen":391,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":30,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/gameDataProcessing-DwOfc3Uj.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/gameDataProcessing-DwOfc3Uj.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"436a-EjCPLYk1A9Fy9QbcM9slDWTBxVs\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":17258,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (17257)","md5":"53ebeaf971c899fd44d4d957f8aa222b","sha1":"12308f2d893503d172f506dc33db250d64c1c55b","sha256":"36087e7e2873d250e6d01a117a73af32798a97eebe9ec5a4ed1ff4fd06214a57","sha512":"1d26a6cf1dd7a23b5cb6fbdba17513b51cd99eaad03c7079b96f1ab22f78caa39b442109a694e0f76172ccfb7f0da04d61f1d4369ea3886a7f0ff4be3aefe59a","ssdeep":"384:lwphrrZxhxlVz12awqhvTXDsB4Pzenac0aoK4A1n1:lCptXDe8Q5X1n1","tlshash":"f172750b8a024c12c97e4639c0ae15f1b9781b32e8b8cdd11a655c7bfb5fa5b31e1738","first_seen":"2026-04-21T19:21:58.080806Z","last_seen":"2026-04-30T14:34:08.125114Z","times_seen":17,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/usePriceChange-PEKvXa4R.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/usePriceChange-PEKvXa4R.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 470\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1d6-Eq+N1DcXLTAXEVUD9glaWQvvVsc\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":470,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (469)","md5":"da698c814cc47cfba0ef62b64ddcaab1","sha1":"12af8dd437172d3017115503f6095a590bef56c7","sha256":"5a3150db0638b55bd14194e3c172a0d5c294b11e4a86b778fb5d83124a98f2d5","sha512":"2c5c18ae24d55a86668c91393684dd17c4818a46bb4ffa6efd1da6bcfa5e2aac0a103e5aa867502978d9d825819da56ab62bd79954ff429014c14dc485f62b10","ssdeep":"","tlshash":"45f05cbd24901827545f0cc4c2a485571fd126e96bbdc31eb230c82d375c9af066ff6a","first_seen":"2026-04-21T19:21:57.945823Z","last_seen":"2026-04-30T14:34:08.127942Z","times_seen":17,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":111,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-RegularItalic.eot?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-RegularItalic.eot?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":140,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-RegularItalic.ttf?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:13.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-RegularItalic.ttf?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"44207-fyJL+Bypji0D6oghHSM1Q5k73CE\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":279047,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"TrueType Font data, 16 tables, 1st \"FFTM\", name offset 0xbfbd0002","md5":"d855f0672c97eaba6dfc4d49d29d6621","sha1":"a07e14affc4fce712e1d6077ea723c42cba7b544","sha256":"5e3e650d78183c8924d35e04c6228ec60d7e538307188ab675e9f7df9d508feb","sha512":"20232a780ced9d8d90252db651ef816cc7f5a71bff09d713f85e3784da8274110386e9adb8b5ed0b6c74c4edbb64ede6bbc7e9e5444f7a9648de92b3f7e3fb89","ssdeep":"6144:TN0kekkKYP7wheaHOcQ5MAleOXUb4jaSxiYLHi:CkekkKswhe2OjaSxiYO","tlshash":"a1443d7bf72e982ec3898637a2b0cd175720f658252fd9d43b967e34618d5cc0a3076a","first_seen":"2026-04-17T00:46:18.432835Z","last_seen":"2026-04-30T14:28:53.759104Z","times_seen":2,"resource_available":false,"data":null}},"time_used":400,"timings":{"blocked":17,"dns":0,"connect":0,"send":0,"wait":354,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/menus/footer_menu_0_eng.json","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /menus/footer_menu_0_eng.json HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"5785-XeoEHbrEM9Rsj2usyH8HsCKAzdI\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":22405,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (712)","md5":"29f7f99e439d4f4fb3befa418176b921","sha1":"5dea041dbac433d46c8f6bacc87f07b02280cdd2","sha256":"b789107b4eda5badb76eb1d4eeada369f3b7f4b94d348c036aa536c6ab78e4a2","sha512":"af5c629c5d2349c505b2cb0305d258a22e828ffba599d224c7c048a5f0152cac18c248e6a93e70f57442c04dc43ba9f6530176c865615b532fc20b9ec8235d64","ssdeep":"384:krTT6JeD8l6UIh/ik0egXpFD0xba7DwNx0SA2XEsuWdG5:YHVD8l6U/egXpFD0YQNxXA20suWd+","tlshash":"d4a2b75a38f2b03a0227607f6a6bf24d7f3554036905dc9579dc87586f80f798ab3ac8","first_seen":"2026-04-30T14:28:53.725546Z","last_seen":"2026-04-30T14:34:08.132624Z","times_seen":2,"resource_available":true,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yatirim.galabet1o61.com/main.js","fqdn":"yatirim.galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yatirim.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:44:32 GMT","end":"Mon, 27 Jul 2026 08:44:31 GMT"},"fingerprint":{"sha1":"E8:9F:98:C4:EA:54:9A:03:48:82:E7:DD:50:F5:57:5C:A5:1B:25:0B","sha256":"9A:3D:96:BC:4D:52:CA:1A:37:BD:19:0D:15:32:65:3E:EC:9B:D0:4A:30:6C:A4:50:87:6F:D1:62:B4:67:62:F6"}}},"request":{"raw":"GET /main.js HTTP/1.1\r\nHost: yatirim.galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:09 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 14 Apr 2026 16:28:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69de6b38-3a94\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14996,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"7e71a38b0363fae39c2e501cb4c8f5e3","sha1":"6db2ec49a50af45ac1e4991d97c678c62addff54","sha256":"86357bbe38cf1a60463f674b861ceb05f18a3f341dfdc792d5aaada12f6e9445","sha512":"57a21f6666046c45077c43f48b7223d436bfcc688cb92dbffd79aa3214258db061b7a75adfa1e0bc5ffa6c59feaed4ba9e197c975ff61d2bac684c5a27b71e22","ssdeep":"192:/Wxx+O4/UBA80xDeD6n65sQyfRpbtVd3RSY3qh:uxxR4/UWZeF5p0fbH4h","tlshash":"0a6284681c2600354132e3fe9bd75205e7bb62276501d2957ead87003fb4b1943aefee","first_seen":"2026-03-12T21:32:59.72705Z","last_seen":"2026-04-30T14:34:08.171698Z","times_seen":5,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":63,"dns":1,"connect":18,"send":0,"wait":18,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"yatirim.galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"yatirim.galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"yatirim.galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"yatirim.galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/lodash-CcEN8nAa.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/lodash-CcEN8nAa.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:09 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"28575-WsxJTBRlEtKlCWC0szAYfY9Owas\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":165237,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (35298)","md5":"e53918cd15db0c036840a85302fffec4","sha1":"5acc494c146512d2a50960b4b330187d8f4ec1ab","sha256":"9945ca9976147e8741275c9065d17acee464bbb6a0eedf698585dd0150b6ead3","sha512":"50bca0b5b01773789b42723fd097f8d0114a694b6921ae5197f1c3d54ede439a7d1d121da65f2d631d74cc39e3698e7c9c3094e833d5dbde06c2378c991c230d","ssdeep":"3072:d/srcqn2yy41XoZhdu6oBM0hc8Uyxu0GMs:d/srp2nZ6/fayx0v","tlshash":"54f390c835d7f4a283a7287440bf084ff23dad65a84cc550e1aae0dd7db89198277e6d","first_seen":"2026-04-21T19:21:58.024455Z","last_seen":"2026-04-30T14:34:08.120053Z","times_seen":17,"resource_available":true,"data":null}},"time_used":178,"timings":{"blocked":53,"dns":1,"connect":20,"send":0,"wait":37,"receive":34,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/gameDataProcessing-DwOfc3Uj.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/gameDataProcessing-DwOfc3Uj.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/FeaturedGames-CW2_S--l.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"436a-EjCPLYk1A9Fy9QbcM9slDWTBxVs\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":17258,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (17257)","md5":"53ebeaf971c899fd44d4d957f8aa222b","sha1":"12308f2d893503d172f506dc33db250d64c1c55b","sha256":"36087e7e2873d250e6d01a117a73af32798a97eebe9ec5a4ed1ff4fd06214a57","sha512":"1d26a6cf1dd7a23b5cb6fbdba17513b51cd99eaad03c7079b96f1ab22f78caa39b442109a694e0f76172ccfb7f0da04d61f1d4369ea3886a7f0ff4be3aefe59a","ssdeep":"384:lwphrrZxhxlVz12awqhvTXDsB4Pzenac0aoK4A1n1:lCptXDe8Q5X1n1","tlshash":"f172750b8a024c12c97e4639c0ae15f1b9781b32e8b8cdd11a655c7bfb5fa5b31e1738","first_seen":"2026-04-21T19:21:58.080806Z","last_seen":"2026-04-30T14:34:08.125114Z","times_seen":17,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/useNotificationsProvider-D7YdiWNv.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/useNotificationsProvider-D7YdiWNv.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/FeaturedGames-CW2_S--l.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 92\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"5c-RCAYLVpfCbBoqDNUWnGRsSvXjAQ\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":92,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text","md5":"4b59975cb3f573d927a72fca9ebb77a0","sha1":"4420182d5a5f09b068a833545a7191b12bd78c04","sha256":"613811a56eeb8269fcf1d75ed126d79f68cd7a18cb6f52e493ac8d2c88392d18","sha512":"6ebe3d9a12dd505c569c8e004db35b8ab73b7d7fc8b22be5779470f6b3c523c3ea0d685a0136c7d6d0bc8865a386a1cad64f3b09f1ec45d90731d2aa853446a6","ssdeep":"","tlshash":"a4b01123288003f022020cec0220a82a0a30083c3ba28ae00228a20c22ea08a830fe0a","first_seen":"2026-04-21T19:21:58.01625Z","last_seen":"2026-04-30T14:34:08.155343Z","times_seen":17,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/flags.png","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/flags.png HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"172fe-w5wJfXBMdUKU4/vtI7gOUCBUOW4\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":94974,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 66 x 17960, 8-bit colormap, non-interlaced","md5":"02c3b5af3d0ec1f21c51bf21a22241e9","sha1":"c39c097d704c754294e3fbed23b80e502054396e","sha256":"1c0578c469db9a3da5c0b6fa0258f99b2a2ac602d0027ab6fcb7b218c3acbb75","sha512":"bb097e3532e83aa4db8e8dd7cd16d95d83ae77f4cc19207f04f3b929ca695ebcd7f5730e9ea888763108c95028f40f81490a03093ef8d57665c6f4393091dc63","ssdeep":"1536:wxq8h3gUrI89XxfLcduXa08ucH+te2RIr8T8hKdPzgkjM+PDRzSKR2JLDpzm5NLX:Sq8h3e85FquXPAeExk8odPFg+tzSKe3M","tlshash":"509302ab06de36c6e10b2e9408902d3c720f65fdcba545ad497cc743d8e5a68d48feb4","first_seen":"2025-12-12T09:55:43.277784Z","last_seen":"2026-04-30T19:32:29.776047Z","times_seen":593,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":13,"dns":0,"connect":0,"send":0,"wait":48,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/Odometer-CVXFbm9Z.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/Odometer-CVXFbm9Z.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/JackpotPoolsWidgetContainer-BUz-kRPc.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"3d08-MS7KptYtHMloLMxFuC+Usk0vy8U\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15624,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (15623)","md5":"6286b6eec63e664202f79f9fbfcf1ce1","sha1":"312ecaa6d62d1cc9682ccc45b82f94b24d2fcbc5","sha256":"623b83e237aa8bc47bf2ae68d3a3d8af3caa348efa0f4b53f908742fb1176706","sha512":"7435bce30bf7b5e985aa1bb4d5e0055634e1a1bc44ddf8911439da67dbe6c287cc312256d7bc58b0dcb2c048e44ca909ce60d56c5f99eabf8de2cf71001ef583","ssdeep":"192:uAd7+NJtQaM1S0KCL529Xskmkjm6H/I7kauLPH7BNeSYpkYaSBpC7Tl+ea4PFD:iVQaM19K0khm6m6H/LPyFtX3HeNPZ","tlshash":"de622a89752272344393b2a055bb0609773f5d6a3809405db67caedabe32c19d12bff1","first_seen":"2026-04-21T19:21:57.981447Z","last_seen":"2026-04-30T14:34:08.163675Z","times_seen":17,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/DisabledMarketEvent.BUY5t_rR.css","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/DisabledMarketEvent.BUY5t_rR.css HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"2c4-BlCcUkj/wUUFtw/bsj+lE5hutQw\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":708,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (707)","md5":"c0742f5af30b5e1ab1e9e3184a8d4adb","sha1":"06509c5248ffc14505b70fdbb23fa513986eb50c","sha256":"4b6712623061506cf21b8296602cd61def3d0a81b5cee16bd0d245e7275715df","sha512":"7050ab375c9e4b209bda0bd7ce449e76da69f00d56d7a9504a52eef1e36fabfb8b36f9f560d810edb4522247e15d17cf736e929f40503802df2035007d1494ab","ssdeep":"","tlshash":"4701d4c4f98a25344c3a9d0c9abc8fee560a93705ca15d33789a113a4bce08a4a20d26","first_seen":"2026-01-18T14:34:50.585531Z","last_seen":"2026-04-30T14:34:08.180699Z","times_seen":360,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":13,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/menus/app_menu?platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/menus/app_menu?platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:11 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=i1GvRZIt_oQz6Fait4v8plzF6YpGKcfToPVEf9YmFz8-1777559291.6067407-1.0.1.1-U8_Y.UP0l7s_2.Erx.N2Dls.db54wizHWaLrDtCcBFeHPkkTt7G4Oi2eA9RKHzJw_.L5fA2PpqfguEsdPj7BE4oejpDqLXbWu23g6.nPZ9SsbmvmYxFZHySHhgaJ7UEv; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:11 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b448d2456c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/NotificationsButton-CRcMibFE.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/NotificationsButton-CRcMibFE.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"22e-jbfDvstOTidmGwLYHn5K9sz4iHU\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":558,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (557)","md5":"86ebafbe3af7146152fb0e0725a77e17","sha1":"8db7c3becb4e4e27661b02d81e7e4af6ccf88875","sha256":"69534179649ab197e86d86fd81b15d6482270fbe2b586db9e5d53d8a5afe9de6","sha512":"fd414670b32c2952dabc84d33c09eefbdd8b11f690bd281ecbece9cccb7a4368177e7b7a5fd32d0f1765a72d9223db8f5894404fbf125f485a579109de1789ed","ssdeep":"","tlshash":"2af0208be998d9f41bc20910b32bd015383ab83cef4a688000ea2c58233005a891fa4f","first_seen":"2026-04-21T19:21:58.091812Z","last_seen":"2026-04-30T14:34:08.136415Z","times_seen":17,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":16,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/BetslipButton-q9-vX9A1.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/BetslipButton-q9-vX9A1.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 418\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1a2-v4HvC5lf6F2nGPeyo6pmr2WGqAs\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":418,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (417)","md5":"64dae9572943c6f805f83f8dad656d16","sha1":"bf81ef0b995fe85da718f7b2a3aa66af6586a80b","sha256":"c796c123af7f3731cca63889ca4d5c06dc0a758a778e5fcb402dd71e370cc5cc","sha512":"e422ab768ef675f4e78201dc1228210adace1de7eecef18376540f00bba4712e76385b3411b53b0a1a5137c84d6832ee8c4e637129b64ef64db2669bc6c74ccd","ssdeep":"","tlshash":"0be0f186c848c3fe07461d81320ac101382255bca344f5d280ee7c557e7458acc1fa2f","first_seen":"2026-04-21T19:21:57.957253Z","last_seen":"2026-04-30T14:34:08.117208Z","times_seen":17,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":34,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_5508_751_e96421b701b3f69112a746717ea035c7.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_5508_751_e96421b701b3f69112a746717ea035c7.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 176211\r\nserver: cloudflare\r\nlast-modified: Sat, 13 Dec 2025 10:28:22 GMT\r\nset-cookie: __cf_bm=RPQuww7eVP_4JUVVfc9mnDg8VuzKmt5ktmQmZ8POzXE-1777559292.003627-1.0.1.1-4KUKYiGZgdQfl2vHn1.ELLDUQuOFLjRCnFExGjzOAwQ6TMN7ssTHspZvOR_1lZm4ohFJZ1K61Y3TkTEAPHs5484kc4cd5bPALnH.NwNd4FGVr.sNVOuLvTSRNQcsu1w5; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\netag: \"693d3fc6-2b053\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a5e568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":176211,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"f1212014e5699308c1c9e36414522a6c","sha1":"6686192c6f51d02b570f022747ca11e76cb71843","sha256":"ad205ad304bc4efb5e095f954dd3df6533329a0d3068d81f449cbcfac0444353","sha512":"a691c461bf92956c68170c36eabefc0f32e8cc40388a7f7a40501277ec6937b0d240601f487fa400b11f7a40b9f539fbf428923a830ba40b5208c91772d7279d","ssdeep":"3072:eLXa9mINHafex8qEiKj5dx06zWVX7lazGBv836tL+rir:ka9mIL+/iflVZvBJ3r","tlshash":"0004127018b478638151ddf3a80a65d52cdbf6c8bc67847058a2d0ba59bf2c7472733b","first_seen":"2026-04-26T13:23:37.934309Z","last_seen":"2026-04-30T14:28:53.770039Z","times_seen":2,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":57,"dns":0,"connect":0,"send":0,"wait":55,"receive":122,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/index-D196OAK0.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/index-D196OAK0.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"b6b-8DmD1X1h8SauGKNnhpasgbKMpjk\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2923,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (2922)","md5":"ba6c4b13fec117339338806bd8727b3e","sha1":"f03983d57d61f126ae18a3678696ac81b28ca639","sha256":"418c601ab73d36439b0fec2d2563c29a092ff0e7b51f53a2024e7e83817789df","sha512":"e193d91c7d47cf3002785d831ab125fdedc11ab8a4cf842a7e4e306e85e7a64e4a49fb6c406340b2d1acfb78499b88a38f5e2f078eea5bf9bc22a3ef2e61ea3b","ssdeep":"","tlshash":"165142c7a042d6b8bfe708e6429b10b070374d5cfe1f449092be58964998792e35bf4d","first_seen":"2026-04-21T19:21:57.913144Z","last_seen":"2026-04-30T14:34:08.172281Z","times_seen":17,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/SmartMarketEvent-B7WtyuM0.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/SmartMarketEvent-B7WtyuM0.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/FeaturedGames-CW2_S--l.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"393-ObQkuiv2VGPLtHYhHAvtYpx/ikA\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":915,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (914)","md5":"e5f7f6f8087e9e7aebb653a2b2644251","sha1":"39b424ba2bf65463cbb476211c0bed629c7f8a40","sha256":"4dcdb15231b668cd76f3eff25b1aca409eff56252a0f7da334334d1287a295b2","sha512":"4bb811566e18e5e1ba25aafe78ec695948ba97fbff53298fe5310941d5a5f848b133f795344f1be6975fd935488d914ca12a54ba497a7844e2350975993f23f5","ssdeep":"","tlshash":"e611e3e6d440323e0671c8bdd1109b41415c13d7cb200269e58b86f573fd0fda34ee59","first_seen":"2026-04-21T19:21:57.930382Z","last_seen":"2026-04-30T14:34:08.1447Z","times_seen":17,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/usePriceChange-PEKvXa4R.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/usePriceChange-PEKvXa4R.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/FeaturedGames-CW2_S--l.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 470\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1d6-Eq+N1DcXLTAXEVUD9glaWQvvVsc\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":470,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (469)","md5":"da698c814cc47cfba0ef62b64ddcaab1","sha1":"12af8dd437172d3017115503f6095a590bef56c7","sha256":"5a3150db0638b55bd14194e3c172a0d5c294b11e4a86b778fb5d83124a98f2d5","sha512":"2c5c18ae24d55a86668c91393684dd17c4818a46bb4ffa6efd1da6bcfa5e2aac0a103e5aa867502978d9d825819da56ab62bd79954ff429014c14dc485f62b10","ssdeep":"","tlshash":"45f05cbd24901827545f0cc4c2a485571fd126e96bbdc31eb230c82d375c9af066ff6a","first_seen":"2026-04-21T19:21:57.945823Z","last_seen":"2026-04-30T14:34:08.127942Z","times_seen":17,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/translations/eng.json?v=1777559400000","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:10.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /translations/eng.json?v=1777559400000 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"36ca3-NKnNoWgDuJplN7HxIwrQZWa/O8A\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":224419,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"34e95dfd633bf6c3359c2bb268189dde","sha1":"34a9cda16803b89a6537b1f1230ad06566bf3bc0","sha256":"412a86fd9a8df196ce0512c2143a2af260335fb302b2e558c84d2975e17d223a","sha512":"b4b660730ebda31d427226b47051eb3756119bdac8707b14320bd35087c73ce63f078dd7cd22f4bcb7e3846f32abf0ab2084770596e4d0c14b5a549ab007a7a8","ssdeep":"3072:zyMINWtUPo2MiJUe477tZJ/HJaYimEISfV9BSZsu52Y26fbgx+B2DKid56F:Z0o2Mw477dJ/EISC2Y2wbgK2n56F","tlshash":"ab24f70b960a2cf78bd243c678db6d9772f40091a2e14865ecdd891c03dda9ae73f58d","first_seen":"2026-04-30T14:28:53.772162Z","last_seen":"2026-04-30T14:34:08.123259Z","times_seen":2,"resource_available":false,"data":null}},"time_used":503,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":484,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/StatisticsOnHoverContainer-Du7jPvbE.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/StatisticsOnHoverContainer-Du7jPvbE.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"2634-FmVVcjyzX496UnaT4fvwuqOPGC8\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9780,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (9539)","md5":"41d9a290f41eed73e148a2655c229e49","sha1":"166555723cb35f8f7a527693e1fbf0baa38f182f","sha256":"cfd0f488e09c4a4d87560ed5ba1e70ad4583c704200bbc32dc2917d4e91a6cd0","sha512":"9ccc41e432ef2f2817dbbcff3e3dd4ff0be5a244fdc3a04d2f2153244a51e7805f44e0cea1eb6fdc01c583ceef5ecd19af56f3419a64fa27013c7d92179a01c4","ssdeep":"192:FRn2zkXAsarXDxLwxGEE0D9AOgzmKj/e0R:XBParTxLwxGEphAdzmKj2q","tlshash":"6c12526c158e5f69f41a8240b5202e35bb3a3877958d66f8bebc441fd3ce444bb9cb18","first_seen":"2026-04-21T19:21:58.110752Z","last_seen":"2026-04-30T14:34:08.175918Z","times_seen":17,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Bold.woff2?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Bold.woff2?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 119328\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"1d220-BHIY2fwArZ48Q9WycfEre1AF7BU\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":119328,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 65775, version 1.239","md5":"55a1e8a0f075a8fcb54d06295c78aa26","sha1":"267630872ca4592b2382eb632b3940c9d48d5af1","sha256":"29c75c0771c639221eec340101a156dbdb057eda5dc3c3ea35069700698f27e1","sha512":"5b36abe65f68054ac8cd050a04eadc97541506c339420247e05cf12bcfd9a819af89bafe8f8f82d2724177c9a7747cf8ef91ac689603be41da255c6413f8f1dd","ssdeep":"1536:1L+A5F8ZIFb8GMEhIlEbWfhw8rEa9km8EqT/WXM6Oh7fJKJKkbUnD9Ct0:1/n57FIaghw8rEGED56OtfJKUkgnBCt0","tlshash":"36e38d73e881632d9b7082bb75ac2edd5065f617a2d34f1cf49937d50ea85dc0b22ca8","first_seen":"2026-04-30T14:28:53.774052Z","last_seen":"2026-04-30T14:28:53.774052Z","times_seen":1,"resource_available":false,"data":null}},"time_used":413,"timings":{"blocked":31,"dns":0,"connect":0,"send":0,"wait":344,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/content/images/payments/default/20128.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /content/images/payments/default/20128.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nset-cookie: __cf_bm=V_exH1HPE.LtE0fQRP05shtemhxVjhycLtEM40evwwo-1777559292.0014522-1.0.1.1-LUSixo8G2B1hVzN199r5r.Le4AfuY3y6uwugGHR4iCuuLveR37tdsv52.enXi0HL2TtlL5OrtqtS0ms4TpQr4mQGRF612uAsHl6iK9t.HWxEDVhFHxh0xwO8EDReahdo; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9f473b46fa56568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-30T19:35:18.687432Z","times_seen":14438163,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":23,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/AiPromotedGamesWidget-NGnvHCv9.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/AiPromotedGamesWidget-NGnvHCv9.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"822-Ij3aB8rQsCu0vA04qHpwQehFW8M\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":2082,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2081)","md5":"a9101406907c5968e23325db9fb011fd","sha1":"223dda07cad0b02bb4bc0d38a87a7041e8455bc3","sha256":"fb0eb5b9d285171245e65eaf8c52947abb9e33c957cab4db1291a2fc0ddcbcbe","sha512":"af8d1fd01cb8cfe2bcce9bb3d3a2e2d0bdd0b9fab1aacae9a8020a7fa5f1d3ea649bdff55c153c235d50ff58e86b92aa6f99e66651cf6a0bbacc50801e4cc163","ssdeep":"","tlshash":"4f41403bb019ca7cb3ac06a49194f34564117b7dd66990e8baef6901b36809d63bdb80","first_seen":"2026-04-26T13:23:37.943745Z","last_seen":"2026-04-30T14:34:08.121639Z","times_seen":3,"resource_available":true,"data":null}},"time_used":125,"timings":{"blocked":103,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Apr 2026 18:57:25 GMT","end":"Thu, 16 Jul 2026 19:57:22 GMT"},"fingerprint":{"sha1":"AB:25:45:8F:55:B6:2B:26:B5:B1:EF:90:E0:60:64:9C:56:47:0F:B5","sha256":"47:83:31:CC:5E:02:0E:51:A7:52:AC:83:1B:8A:A8:4C:74:11:A5:F1:61:8D:C5:6D:29:3C:9D:6A:C9:29:AF:7F"}}},"request":{"raw":"GET /beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:09 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2026.2.0\"\r\nlast-modified: Thu, 19 Feb 2026 17:45:24 GMT\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9f473b348a4c49c5-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31169,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31169), with no line terminators","md5":"4f67ea9205c3ca7c9e04582d3b9bdd1d","sha1":"d3b68ad3eb88d3db3d843211d4905143c3bff281","sha256":"4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4","sha512":"f034bbae022b026821045c28393ba371fe83f6b5ef1fcc66f0943525ad3587d417f04cd795d8accee7d86b82057ca74b50a4d3ae74855cb0e4504393ad943c42","ssdeep":"384:BXi1f+hZCIy1f84QDRuT9WKw00QmLnivMt+BERzR0c744BKJKe0620vFjOkcXo9g:+V584QlIrw6OPIJJtFjj09N","tlshash":"bce218eeb591b13603f7a072447f210b733ab56264494408e21bd6c22c78eeed257fad","first_seen":"2026-02-19T19:35:51.221473Z","last_seen":"2026-04-30T19:36:09.822971Z","times_seen":55514,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":40,"dns":0,"connect":2,"send":0,"wait":10,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/menus/header_menu?platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.362Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/menus/header_menu?platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:11 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=eNEiLltaOy.Lo8_TBc591OJrt_OztxYBTvRNBbInni4-1777559291.426096-1.0.1.1-Mul6AUfALKM_I0suzlvFjUK91nqGsRr30yxJLHl3_lt.hipkPJKnrxzdcwciJDSAzDM68WEutDJ_Wk4Na_fvrL0awWBWmy2qkmY05TA1S9fEuua__5XYU6pqXcLdGFXX; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:11 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b436b9756c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":60,"dns":40,"connect":1,"send":0,"wait":111,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/AppSettingsButton-DUXAWyLU.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/AppSettingsButton-DUXAWyLU.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 385\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"181-Pz5siX0SZqJkElBTLDVxHcAjQJ0\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":385,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (384)","md5":"4a07633067575a8dc53d7bc1c397474d","sha1":"3f3e6c897d1266a2641250532c35711dc023409d","sha256":"0eb6fe5f84292764ee6ddc520ac8a621677f95eef27321f805066e6a56817fa6","sha512":"26562ec92bfca072c892b81b3cf9e90d8a3fc9f09c0f8a9030cf7a7994ebb3b94147d3af01d0e77eefde181a35448ad00767dc959e73db6dc8c2151a3c5a21fc","ssdeep":"","tlshash":"c9e0c0879081d3fe03d12ec1d60bc1053d166c7cc788a91240acb4617af41c6855f72b","first_seen":"2026-04-21T19:21:58.001672Z","last_seen":"2026-04-30T14:34:08.163162Z","times_seen":17,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":55,"dns":1,"connect":20,"send":0,"wait":19,"receive":0,"ssl":45},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/FavoriteGamesContent-CvJnpx-t.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/FavoriteGamesContent-CvJnpx-t.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"ae1-e3OgJJwg94gLxxSkl1jysro7VMY\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2785,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1707)","md5":"c2255a154e0ff0a1a2396567c13b5ed8","sha1":"7b73a0249c20f7880bc714a49758f2b2ba3b54c6","sha256":"4b836bd494d297c00e0f349545888b5600fc7e701b03bad65499ab450f2ff377","sha512":"90bb2514a027872224687101b8279bf50989139a70fd05e797da98bd152d1734ee8707a013c7bebc2aa2380f1ac6b6b64e8955fc46699994430cebc7e3d1e0ca","ssdeep":"","tlshash":"bf51941040445ffcab9eade61f27c0540976038c6241c13e6d795e3d3429a41723bffa","first_seen":"2026-04-21T19:21:57.949436Z","last_seen":"2026-04-30T14:34:08.143369Z","times_seen":17,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":8,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/JackpotPoolsWidgetContainer.C5xbwG7T.css","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/JackpotPoolsWidgetContainer.C5xbwG7T.css HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1e9f-X8f0bU2nb7KkLFIAc5HSF5fWBsE\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7839,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7838)","md5":"e5810a6dc4d39ef75c921489cfd463c7","sha1":"5fc7f46d4da76fb2a42c52007391d21797d606c1","sha256":"152eaf9db05e66e0b7e8ad6961a68ed2bacc25204acec7a0cc81547e002b278e","sha512":"07eb19ac6e96b910645b4e77b14840bc99ed3c4be03c78a7d8af8449906dff08791eb2701c710245c329b38281b118d422921cb1a3272c97fa5ea1d1de06bcbb","ssdeep":"96:Xnxo6ZIBmmohvoDxTTFQPHf9bzsV/bV/YgV/FxV/QV/OV/tV/IV/EVSVqV0VOVB2:XnX1Xx3erZg+L8Pyw","tlshash":"bbf1651352ab33ac6eee6937a170e31c7b7c083dc7131559adaf124a4e9aef1061971c","first_seen":"2026-03-17T07:58:07.338795Z","last_seen":"2026-04-30T14:34:08.156505Z","times_seen":52,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":14,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/FeaturedGames-CW2_S--l.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.378Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/FeaturedGames-CW2_S--l.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1ede-DHXWQAV3oq9TShaD3oCQxSSdrqE\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7902,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (7901)","md5":"f8b8d127944eda40e7ea9f4a712f8ddc","sha1":"0c75d6400577a2af534a1683de8090c5249daea1","sha256":"18d8b3cedb9050e048a70b1412ce358569b258a10df59218915088ec26c0fa24","sha512":"857953dd10632d3c885574e06dc65a427bec2e86cf54351cc03f876db36494016aae5551c54d9abfc8976de4720c10a436ca91f3171786816d755e1a7e2bf54f","ssdeep":"192:RE/TM3f6HEEUD+Z9y7NaoihCWOJLwL4BflgayjPi:i7MyHE2ZA7NaDh6gaCa","tlshash":"a9f1f90ae010ba7de57b45eb757f6108f87a0ad0e7190890d07f6d2919e9246733ef8b","first_seen":"2026-04-21T19:21:57.961775Z","last_seen":"2026-04-30T14:34:08.136896Z","times_seen":17,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":63,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/HorizontalSportsList-e7xvm1uO.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/HorizontalSportsList-e7xvm1uO.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 422\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1a6-hlIA0KaPncsVO9z4MYuB9M4Yx5M\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":422,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (421)","md5":"c51976159718e8d7ad379c4a81caf55c","sha1":"865200d0a68f9dcb153bdcf8318b81f4ce18c793","sha256":"6761d96f570f1a5c167c509ea8bc07cc09006558d88c23fa67db293edcacf916","sha512":"6b233138c2eb1646562558b1e6bb315ee6231d0ad33a2d4184a0a8280a43713341e448f4662e60ed26346f1e98f25437b30a24f6137151f3e26637180f74b9c1","ssdeep":"","tlshash":"72e02bc2dc618af45a1e88eba99c24847012047cff566664d298a2282b7508bf72940d","first_seen":"2026-04-21T19:21:57.914525Z","last_seen":"2026-04-30T14:34:08.129025Z","times_seen":17,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":83,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/HorizontalNavigationListItem-DfugXUII.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/HorizontalNavigationListItem-DfugXUII.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/FeaturedGames-CW2_S--l.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"343-euVyyl6lGyKdvhFMEUyulYGazs4\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":835,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (834)","md5":"76ef23c84a3020dcf23be998eb3a43c9","sha1":"7ae572ca5ea51b229dbe114c114cae95819acece","sha256":"d808fa2e9952261123ab59b99bfe927d8f9eeb53ad7cc6b6dbec885d82da78c7","sha512":"1ff802c36b548d0554d1eba0ada6740e4c0a4702fbf627512573aef64eb8677b89417a070f75baa819e15ecf39de999110d0da889bb03f01c24dbf642c6108d2","ssdeep":"","tlshash":"ad01ce12f404dbbc9a2b48dc9b4e6045b2564affdf382ce1a0f4e0011a384467a47fcd","first_seen":"2026-04-21T19:21:58.095964Z","last_seen":"2026-04-30T14:34:08.14523Z","times_seen":17,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Regular.eot?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Regular.eot?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"462fa-0MEsRKAI+p3kbJbi7N36CZrGHkY\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":287482,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"f30b403253737ff6cc0a6ce7c3381f6b","sha1":"6cd4d8f790544b54f7b6f56afffb8efd5f1b41d7","sha256":"b5ea634616ade3fcfbef5ecd6e24e5144af2e8ff6673b7f6f17c620ecc1abf43","sha512":"9413573c16b3e42e4ed9090fc5870d465f54e20c65e6b23ca2ab80909c3eccaffe6204eaf8a799e3484b4505b9f8a1e89971f44f0aa8c59d1a2e1aaaa11eb6cc","ssdeep":"6144:QcRFMbcYNeaQZ/PMQc/qgYOQs5MAnKOA6vHl1xsc+ksyJ5tE:QcRMNePPMQc/pR1AksyJ5C","tlshash":"e3542b7bf62f8a2ec3894a37a2b08d571720f555226fd9d53a963f74258d0cc0a3077a","first_seen":"2026-04-30T14:28:53.780523Z","last_seen":"2026-04-30T14:28:53.780523Z","times_seen":1,"resource_available":false,"data":null}},"time_used":636,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":600,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_16871_751_a8613be7f785945302c7be2e03d61e99.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_16871_751_a8613be7f785945302c7be2e03d61e99.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 177249\r\nserver: cloudflare\r\nlast-modified: Wed, 25 Mar 2026 10:51:29 GMT\r\nset-cookie: __cf_bm=DNEMz8qEZHtFKXNOWg0GKmH9YujBXM2_Idn7juOTDLA-1777559292.011154-1.0.1.1-u23BhwrNTp0vFkS7X3fn7JmL1JPHHBfXKtgvIyx7YTDbPcXgbrcaKy_hM_5SXP5iVck58wrh.erpReUC8smmLiRLP_E9hGw16tJyV2wrtSbkle3Sg7BZU4TaK0oZPoxI; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\netag: \"69c3be31-2b461\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a74568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":177249,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"877ea9426ec2765fb8481bc5e43f5dfa","sha1":"10aa950ba17b03c97950d36ff6ee0ed3584b0027","sha256":"e3d9375913134964f41b88db5f58d9af53188f81876d6a0449fe280b083821b5","sha512":"3322f57353930305f544215a8b38a59202181cdfc74fc6b35b70f258ab1b0cf805665b8540b43b88a7a9c1e51bb6cdf1a9818b7d8ac22b76eb672263988ab731","ssdeep":"3072:YIIIIIIIlGXfdvtHnyKCrALUCNDSMW7QSVSVHUu0u2za1PpPO8/6NA2YIoz1gBFq:YIIIIIIIlGX1vt5CGRNDcIHUuh2z0pP5","tlshash":"740412f0cd4b0cba50be667296909e3c5e94afd782d3c2583e583b15ddb794940bca32","first_seen":"2026-04-26T13:23:37.910446Z","last_seen":"2026-04-30T14:28:53.781752Z","times_seen":2,"resource_available":false,"data":null}},"time_used":396,"timings":{"blocked":72,"dns":10,"connect":7,"send":0,"wait":90,"receive":133,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_13143_751_b06af318990894f28bc8400df09d6793.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.983Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_13143_751_b06af318990894f28bc8400df09d6793.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 177978\r\nserver: cloudflare\r\nset-cookie: __cf_bm=OtNGEy.Kkyu4PsKbslYxVUxfT8DapI6fP_4Bqk9gqKk-1777559292.0101519-1.0.1.1-8FjBDq1vNtrtcNMq58Ni_YCMjo508v9PVYfLGZrVPlAJ5nQmRXpmCML69vuK6U.fg_XbExbDbbmkGx_CkaWRpwjOZllHb3qKZZqWl2PpQEQ.m86RsF4dI0OwC1540kHX; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Fri, 26 Dec 2025 14:00:27 GMT\r\netag: \"694e94fb-2b73a\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a70568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":177978,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"3e1e0455ae8e87edf5990bd2984cdc43","sha1":"de9ebaf0b3016a8c4f180060ba7feacfa654ee69","sha256":"1034ce49b89750df60c0a86f8fcb202060d7308cc716d366e51b48a8db1a4946","sha512":"ee29363357d48ff0502d7a3f85248c595a854f26587fa12f2686273b41b02d62d5de4e78ab3deb9bfac18c2caa1468251df1da707e81ab682d1237a59d08be12","ssdeep":"3072:/J+QxMnJixeORUbgUa8vVfHdFYgeFfwUrx2xDfyVcwQ4TLyCs4CTvrvXMcTUu7ap:QQxMnMxewUUUaylFjswjxDfJgLHuvrEF","tlshash":"9c0412e716b1824f0158dc22ca11e3dbd9e2d448a5066932d3e2336be7ac5d3f235b79","first_seen":"2026-04-26T13:23:37.921635Z","last_seen":"2026-04-30T14:28:53.783324Z","times_seen":2,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":22,"dns":0,"connect":0,"send":0,"wait":208,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-RegularItalic.woff?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-RegularItalic.woff?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 173509\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"2a5c5-nYEXHedig5pzlPAH1FgDTTlH7LE\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":173509,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format, TrueType, length 94732, version 0.0","md5":"3c629cdf322effc6f944c11bb3111678","sha1":"b5097dc1a2e21e2989482401ecf92708e095557d","sha256":"58210fdf232fe5f611a1d549e5bd57425fe51c5b043fbc522507a817180d274a","sha512":"e6ca155f5c7c265f6cd789dff417995de906356cc86efe1bffbfa28fbd37179c57890119e07d1f460cc928438163fc3e082f0c8017a182d9c3c9121c0172a2fe","ssdeep":"3072:Px+Ph0K/KE8M+W/EYpPbK70K+COR29TSn67:Px+PCzBM+2X80K+k9Tf7","tlshash":"0cf36dbbd8e2135e9e90935f54acafb291e37748d3939e1c148433894ba59ce0f511f8","first_seen":"2026-04-30T14:28:53.674626Z","last_seen":"2026-04-30T14:28:53.674626Z","times_seen":1,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":262,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/PromotedProductsWidget-BmBBmXho.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/PromotedProductsWidget-BmBBmXho.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"848-gOxecXyMu0THxPOH9tESrR15ab0\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2120,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (2119)","md5":"db57e1ae095fafa8eed311f2e263a9e1","sha1":"80ec5e717c8cbb44c7c4f387f6d112ad1d7969bd","sha256":"0885b61e7aa138a5b2aa9d4a32e2583c426aa8fa88c6d31eaa7c4cf782190ee2","sha512":"33c6d7a5d02e9799c92ace848a2c68f2f1f14154873a9d0d2e8c34069601a2552ed769548e05c4dbf00f5a201f1865352a0b39729a5ef4542f45aa78087801b5","ssdeep":"","tlshash":"7e4169c3d934a279f23e5cec114550c838257d18d965587150b77c1a913d816bb57ffc","first_seen":"2026-04-21T19:21:57.954388Z","last_seen":"2026-04-30T14:34:08.127455Z","times_seen":17,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":8,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/Tooltip-BHyVkt4V.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/Tooltip-BHyVkt4V.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/JackpotPoolsWidgetContainer-BUz-kRPc.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"334-2Uy6VtiC3Omjweh/CoVZELOUsvw\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":820,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (819)","md5":"ef479b7b5a28d1dd3085ff575bd01537","sha1":"d94cba56d882dce9a3c1e87f0a855910b394b2fc","sha256":"37e25536831727fe84835863adcbe4f4be728bac00acfc7823b91e844c63b822","sha512":"dd008966ad30c654e04c9626e997a20f7f788f5aa4b35552f0048e792354373d3bb5d655148e1f7668f1490ff2b61c334e1ae6d161539dc578ed6799e8283355","ssdeep":"","tlshash":"2601f656e032fbf4e17754da142d956d7153366c7e2f58f06038058f0ae4984d317b8a","first_seen":"2026-04-21T19:21:57.923659Z","last_seen":"2026-04-30T14:34:08.167922Z","times_seen":17,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/getLiveGameAdditionalInfo-1e_kccjA.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/getLiveGameAdditionalInfo-1e_kccjA.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/FeaturedGames-CW2_S--l.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"47e-nHwvEORXDO7zWHjg65+ZA09AIrw\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (1148)","md5":"9bb57f8ed3bf0092c1d9d7726e2c56f6","sha1":"9c7c2f10e4570ceef35878e0eb9f99034f4022bc","sha256":"999096f879252dbaccdbd4336531a29fd06f07b149c980ba1023451b1f2de803","sha512":"e97d70832bb7e44c063eb2296db51a9e828f695b7fcc8df723f934f9531b3dcacf05d475de8fc9a3dacb8399bb30a53484eaa560b0402b90ce27c48d9aa0f538","ssdeep":"","tlshash":"4c2144b2706d92bfe5c94c9457b01b31a2b1ba09380445ccbb3cc91928774c4a7e2039","first_seen":"2026-04-21T19:21:58.05787Z","last_seen":"2026-04-30T14:34:08.123783Z","times_seen":17,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-RegularItalic.woff2?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-RegularItalic.woff2?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 119786\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"1d3ea-7s33P/A6HHOtO99/Qzjh+SP25nQ\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":119786,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 66096, version -16451.1","md5":"44aed58266663025216648d170dcab9f","sha1":"2d99e04821dd1856bb08c713aca1b6de807a748e","sha256":"45214eb5f20cc0367259fd6e3d45b7441212fc7129b26428393a119485428569","sha512":"91efc54bbb0370dcb3407fc0dbc3198690805982f27756f0a5649fe638e1b99bb9522e5edd3a12d106bd8038a45bc2e77daa89980a55c667929b23fe86e4d274","ssdeep":"1536:aslJZjw0PwJkcdW2sOvQIAtJvccrZYTmIBbzHXyAaih2xrjA/9AxCuNPW+:asqJRp7o+TBzCAaE2W/9AxCuNPV","tlshash":"93c35bbbd8a2135e4eb0935b7458befe52d2f20692d38b1cf49433c64e659cc0b51da4","first_seen":"2026-04-30T14:28:53.7864Z","last_seen":"2026-04-30T14:28:53.7864Z","times_seen":1,"resource_available":false,"data":null}},"time_used":409,"timings":{"blocked":76,"dns":0,"connect":0,"send":0,"wait":313,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/seo/page?platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/seo/page?platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:11 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=_VHRKZW0bsJVFPI3Ycw...ApODcr67y9A9t_Nz6YknM-1777559291.7395048-1.0.1.1-cqPjCE5N6_k5Ua4HuzWUjRd_Cq0Vta7nd3hSTszAoJQa2GhWM7Jfim2M0xO5aP3vCLwTnimkvunSQXrDd119WrAjswaELbdzCVxhehs3T0POK3eGJPJRnl020bO5MXkG; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:11 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b455e0956c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/popups?type=per_page\u0026platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/popups?type=per_page\u0026platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:11 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=jaYltd8TYGVem.LnClh32ezgDMv96uFDabogW81eTxc-1777559291.7419043-1.0.1.1-l_JbXZ3zX_M1Va7Tt0MTle_Gqgq33aFrDL_01hLa8dcqd3C6xHL48G8f5nisZJmn2zivBIonm51lYQXxFqHkMpU.wu5gKlUOT6731pWZytDBg1ZORIUbpdsTsEKOxDzT; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:11 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b456e0e56c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/index-D196OAK0.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/index-D196OAK0.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"b6b-8DmD1X1h8SauGKNnhpasgbKMpjk\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2923,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (2922)","md5":"ba6c4b13fec117339338806bd8727b3e","sha1":"f03983d57d61f126ae18a3678696ac81b28ca639","sha256":"418c601ab73d36439b0fec2d2563c29a092ff0e7b51f53a2024e7e83817789df","sha512":"e193d91c7d47cf3002785d831ab125fdedc11ab8a4cf842a7e4e306e85e7a64e4a49fb6c406340b2d1acfb78499b88a38f5e2f078eea5bf9bc22a3ef2e61ea3b","ssdeep":"","tlshash":"165142c7a042d6b8bfe708e6429b10b070374d5cfe1f449092be58964998792e35bf4d","first_seen":"2026-04-21T19:21:57.913144Z","last_seen":"2026-04-30T14:34:08.172281Z","times_seen":17,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":14,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/useNotificationsProvider-D7YdiWNv.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/useNotificationsProvider-D7YdiWNv.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 92\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"5c-RCAYLVpfCbBoqDNUWnGRsSvXjAQ\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":92,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text","md5":"4b59975cb3f573d927a72fca9ebb77a0","sha1":"4420182d5a5f09b068a833545a7191b12bd78c04","sha256":"613811a56eeb8269fcf1d75ed126d79f68cd7a18cb6f52e493ac8d2c88392d18","sha512":"6ebe3d9a12dd505c569c8e004db35b8ab73b7d7fc8b22be5779470f6b3c523c3ea0d685a0136c7d6d0bc8865a386a1cad64f3b09f1ec45d90731d2aa853446a6","ssdeep":"","tlshash":"a4b01123288003f022020cec0220a82a0a30083c3ba28ae00228a20c22ea08a830fe0a","first_seen":"2026-04-21T19:21:58.01625Z","last_seen":"2026-04-30T14:34:08.155343Z","times_seen":17,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/UnavailableMarketEvent-DRNaHNkz.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/UnavailableMarketEvent-DRNaHNkz.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 308\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"134-ogI7Mu/gaSUbw3U9XgVNqP9JRA8\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":308,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (307)","md5":"9870fec54e5fbcb85135c1a8cd743a95","sha1":"a2023b32efe069251bc3753d5e054da8ff49440f","sha256":"5ed254bfd9b4190d52f6890adf0e654d076d2d030f4d0065361e2443a2e4ddf8","sha512":"64a42a339ae62c76cf34425f0616dac05ed9e60e1a0be8b85a7664db68acfd13024b3339b53f0841a0a106344311d64b93e46be7d78bc2bd01eae7c3390085da","ssdeep":"","tlshash":"0ce07d0db004bffac0251cccce398b0d600307b8c7e945c391a920282b34235360ae9a","first_seen":"2026-04-21T19:21:57.974603Z","last_seen":"2026-04-30T14:34:08.128431Z","times_seen":17,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":77,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoGame-Y0qcIyXb.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/CasinoGame-Y0qcIyXb.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1731-9ykGdoad9PFWTnGbV73rIhPB2Pc\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":5937,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5662)","md5":"123e20cc03db3b6cdfd472250e18099b","sha1":"f7290676869df4f1564e719b57bdeb2213c1d8f7","sha256":"0474793e4b1ef9debe89e0ba81fb735db9abe7f787b052e86a9d25091d60e0de","sha512":"62b7275430e9b5ef5be15842460b0cf6aa686cfafb9505f6e353a18d6dd90a387276015db73c280fbb75cff48f26e893571eb80ec9d28b19b0f370aee13b9e53","ssdeep":"96:jZbpMPeMp8TE3NsZzDuoaiLNjx20ZZ9LsAyZOHasrvayHGvHvsmxIfItu:lb+PeEL3NYDJyYYAJfRmxIfItu","tlshash":"83c1b705e064ebbcb83a4cc9983f102474192fd5df298565e47da839317c11eb223b9f","first_seen":"2026-04-26T13:23:37.870315Z","last_seen":"2026-04-30T14:34:08.132081Z","times_seen":3,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":77,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/custom.css","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:08.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /custom.css HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:09 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"46f1-ogEWlMYgU7anQ8Ha9LVwfPEJekE\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18161,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"15feb83ba45ed37736553d1fbc8af41e","sha1":"0f534457ac161a4c3c34685433df18c1a77a2070","sha256":"ff4a5fe3665c7f382fdc37bdb1c91f1d2847e3e7ae97b399e9b059f87f8b4663","sha512":"16f4bf4794d05cdd401592d1347705be14481b03d2025b1aee7c3b7542910ad4cbaec2a738410a801abb11917a543b8d7d05ce8189ee84d9b504b9b8d840490d","ssdeep":"192:52SyYVVLN2Ns2hamJqKbEiExkouE20u62UYx6lY9qywNKVh4P02pHnNfX8VQIClN:wYUrhaJhW6jLpHT5D/","tlshash":"fb829553fee31989716a81985a67b3fc7e7d404387098d787b94b3748f877e28431a88","first_seen":"2026-04-30T14:14:09.228997Z","last_seen":"2026-04-30T14:34:08.173017Z","times_seen":3,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/BetslipButton-q9-vX9A1.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/BetslipButton-q9-vX9A1.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 418\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"1a2-v4HvC5lf6F2nGPeyo6pmr2WGqAs\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":418,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (417)","md5":"64dae9572943c6f805f83f8dad656d16","sha1":"bf81ef0b995fe85da718f7b2a3aa66af6586a80b","sha256":"c796c123af7f3731cca63889ca4d5c06dc0a758a778e5fcb402dd71e370cc5cc","sha512":"e422ab768ef675f4e78201dc1228210adace1de7eecef18376540f00bba4712e76385b3411b53b0a1a5137c84d6832ee8c4e637129b64ef64db2669bc6c74ccd","ssdeep":"","tlshash":"0be0f186c848c3fe07461d81320ac101382255bca344f5d280ee7c557e7458acc1fa2f","first_seen":"2026-04-21T19:21:57.957253Z","last_seen":"2026-04-30T14:34:08.117208Z","times_seen":17,"resource_available":true,"data":null}},"time_used":134,"timings":{"blocked":51,"dns":1,"connect":18,"send":0,"wait":19,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/Odometer.Dtmtuu8d.css","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/Odometer.Dtmtuu8d.css HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"ac6-Ca9TICZiffJinxqYoEnujFAZRjE\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":2758,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2757)","md5":"e60bd0b6b84d162ff84ef731b11ed036","sha1":"09af532026627df2629f1a98a049ee8c50194631","sha256":"8d2a9d2617a60055e91c6b16f4cabd14851836edec7bf90fc8760e1d31a39df3","sha512":"a85638b5f89d49c50da5f9dc0cfaceec033c45f524a51bbf266fe9cf67f9ce63ef157745964b9ab7c1811f8e2f2d2c5d6348efebe6818d6fa5beb8291e36c725","ssdeep":"","tlshash":"2451e1154f910364633a7906b5c81b51bfece5415223c58e7329a447cf83db9e398e1b","first_seen":"2025-05-18T15:21:59.195484Z","last_seen":"2026-04-30T14:34:08.117748Z","times_seen":214,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/Tooltip-BHyVkt4V.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/Tooltip-BHyVkt4V.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"334-2Uy6VtiC3Omjweh/CoVZELOUsvw\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":820,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (819)","md5":"ef479b7b5a28d1dd3085ff575bd01537","sha1":"d94cba56d882dce9a3c1e87f0a855910b394b2fc","sha256":"37e25536831727fe84835863adcbe4f4be728bac00acfc7823b91e844c63b822","sha512":"dd008966ad30c654e04c9626e997a20f7f788f5aa4b35552f0048e792354373d3bb5d655148e1f7668f1490ff2b61c334e1ae6d161539dc578ed6799e8283355","ssdeep":"","tlshash":"2601f656e032fbf4e17754da142d956d7153366c7e2f58f06038058f0ae4984d317b8a","first_seen":"2026-04-21T19:21:57.923659Z","last_seen":"2026-04-30T14:34:08.167922Z","times_seen":17,"resource_available":true,"data":null}},"time_used":68,"timings":{"blocked":41,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Bold.eot?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:13.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Bold.eot?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nETag: W/\"a-f34v68ez88cdhVtPbafvGxXEi5g\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ac6e77507475ffabfdcaee423fa99df4","sha1":"7f7e2febc7b3f3c71d855b4f6da7ef1b15c48b98","sha256":"db32ff848f4fcd712f9aa0756f58debbdab6e145f2b65e9573c2d854c9642d41","sha512":"5a19c697e5ce2d412294194d01a917febd5a598991430f4e9509e5d0e684291dedb65ed2581afcb1a787d522c6b29fcfe23a68eb484a37426bac0a0e752c00c6","ssdeep":"","tlshash":"2a50000c00000003003300300c0000000c000cf00030c00000000000c300c000c003c0","first_seen":"2026-02-27T17:22:47.826665Z","last_seen":"2026-04-30T14:34:08.119469Z","times_seen":4,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/BetConstruct-Icons.ByN1DvLb.ttf","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:15.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/BetConstruct-Icons.ByN1DvLb.ttf HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:15 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 797260\r\nLast-Modified: Sun, 09 Nov 2025 00:11:58 GMT\r\nConnection: keep-alive\r\nETag: \"690fdc4e-c2a4c\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":797260,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 11 tables, 1st \"OS/2\", 14 names, Macintosh, type 1 string, BetConstruct-Icons","md5":"651c2fb622600da6821d0f9cff5792e6","sha1":"867cc194c744689e621663c3ed71f66a502f39d9","sha256":"6fc4842fe617a572cecb9f4a8cacfcad4940a4b5e984cd81b9443861e028cbd4","sha512":"be05ccfc6a8b20bbc9ff10333b7d9dad79685f4aabff144df72aafa0e0b2a0b387ffed3ea5ec35716e107f6aaf36c4ba65466082fa9abc9f6334ec8b9bad9a5e","ssdeep":"24576:+MyN42S4YtdOEoF52XCpHVOj9yQcCL6LLM:DB45nEYM","tlshash":"9c054b0b630edbcf909265d30c56a01b4dd2e1095f3f9722bacead24d1156e48d3a7af","first_seen":"2025-11-07T16:53:33.671836Z","last_seen":"2026-04-30T14:34:08.168448Z","times_seen":19,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icons.cmsbetconstruct.com/storage/medias/galabet10/payment_17866_751_13e3bf6a78a85cd2ff6e6936c8e0d4fd.png","fqdn":"icons.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /storage/medias/galabet10/payment_17866_751_13e3bf6a78a85cd2ff6e6936c8e0d4fd.png HTTP/1.1\r\nHost: icons.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 183902\r\nserver: cloudflare\r\nset-cookie: __cf_bm=K20vcw9rPHELYYA7A8nMAPiRXtUTS9UMGQzJj_CNrGM-1777559292.0118916-1.0.1.1-TH2BmvUbEOFmv45So8FoN931.Kw02QZsPg_nJyYZtbkAR8OcXVFroQ.UnZeobEeNp38bBqS1pGWqKvWzC8YiysN7b6SMMAWMMhTawDF7d5uyqb3GNwNh00LRC65PbyGy; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\nlast-modified: Tue, 21 Apr 2026 12:55:43 GMT\r\netag: \"69e773cf-2ce5e\"\r\nexpires: Thu, 07 May 2026 14:28:12 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\npragma: cache\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nvary: accept-encoding\r\ncf-ray: 9f473b470a77568a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":183902,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 200, 8-bit/color RGBA, non-interlaced","md5":"d9677c3b4551f6e802d6303db2c2b5cc","sha1":"2fb0764af22e994d44b10055e079af8f404e2cb2","sha256":"efe1a4a4c35e4b7a7d5027fe509e506d098951c00b541ed766f8bcb6f374a992","sha512":"6349a5f20f3a59c527d4c9bfbbc50cbe554ef0f7ccac69969c4920ccc3ea08ce0a72a3adc4944bbcd4da9c489e6e5014ace8aefe3567bacdfa94708a8049a4c8","ssdeep":"3072:K65DV/bVOOMl9OMa3a0+UFZt/nKR+96ZA5LiF6cR9uK/d8dI4cDyXe9iDhewwp:3dbVOOMHfaa0+UFvKR+SAtiF6cuKKaVb","tlshash":"37041385852bd2ef0e07523e3f790917a662c68e5af9c98d152f219880950fff1dce27","first_seen":"2026-04-26T13:23:37.907929Z","last_seen":"2026-04-30T14:28:53.792792Z","times_seen":2,"resource_available":false,"data":null}},"time_used":355,"timings":{"blocked":77,"dns":13,"connect":1,"send":0,"wait":167,"receive":6,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/BetConstruct-Icons.DgH8mwDE.woff?6reyr0","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/BetConstruct-Icons.DgH8mwDE.woff?6reyr0 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:15 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 988991\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"f173f-8UcXQ7cEiaIHGBm8Dwp/5rGfvVU\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":988991,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format, TrueType, length 930616, version -16451.1","md5":"ca394cebc68e61099b83f43a189588ac","sha1":"6baad002bd0fdba20309e9d0f3bc224a298bfab4","sha256":"a2b5f22898cef9aed8fd7daf7312b046f8e4fd3f037b5d92bf86a8a624fdf092","sha512":"ee0570b0e5e4ba8aa57e801553b604272f16d0163df49c295e294d89ee5dc7945e13d6b5003e43f6850c7401e9d0924bde8cf40db6198af2f6af9caaaaf815bf","ssdeep":"24576:nAoPWBJZ+wUelHIkLLfAFWKUIPUQcrFehzKixi43IhffffffhQQ7:JP5wUel93pQ+rhffffffhQQ7","tlshash":"aa25093b631edf8e5041a1934c51e81b8ed2f2045b3b9655bfceae24d250aec4d2936f","first_seen":"2026-04-30T14:28:53.794335Z","last_seen":"2026-04-30T14:28:53.794335Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3689,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3578,"receive":111,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Bold.woff?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Bold.woff?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 174834\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"2aaf2-ATejSMfiqbvmCzH9eTO4Rl6KBvw\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":174834,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format, TrueType, length 95520, version -16451.0","md5":"c73c307f51e2b6c4eed2df104f380e1f","sha1":"c28669dabe704456e47cadf05c545592807ecb8b","sha256":"d6e01be31946c8bca176098e5eadb4121a2e7b9f429fc9df185ca3feade28229","sha512":"5f5263b08b2adf6cb4639b79979ecfaabe5b3230cde9f2697acf1d7b7866f09c9cc8a5bb2bb378d79d303d000f3fae240a0a0cd7931863b67142abb79224649b","ssdeep":"3072:TH5sWpgqQPwd/b4Des6RA6Ks9dVyOGaZM4:+WCnKb4yZUsXgav","tlshash":"8e046c7bd8f6636e9f90c29f5498efb6a2e33348a6535d0c148433864bb5acd0f511b8","first_seen":"2026-04-30T14:28:53.796179Z","last_seen":"2026-04-30T14:34:08.118851Z","times_seen":2,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":341,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/components/1974/contents?use_webp=1\u0026platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/components/1974/contents?use_webp=1\u0026platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=15jO_0zf58BbfP9VZOZTzVbY3_w3WXmgiIpWpBNptcw-1777559292.4423542-1.0.1.1-PsGHKv8jhNdYhZf5UnEH3rOxB359Lp_bGiIzSd89zFIeIo3iL9BAV8Ml..Yqdo5dVmWiYmjnrevrOzYP4ylOPWt4.QsyCT_QMGnG9XV5Jkci8uTsXY1NeVmh4RHJ4qfB; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b49caa356c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/JackpotPoolsWidgetContainer-BUz-kRPc.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.488Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/JackpotPoolsWidgetContainer-BUz-kRPc.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"101a-OeHopUPhYScp5A9xeMD6/xmFrzs\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":4122,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4121)","md5":"200156b951fe19857aa86cb0a7ee6b0f","sha1":"39e1e8a543e1612729e40f7178c0faff1985af3b","sha256":"c21b95a0ef76795569251a8da29e6ac5051d5b4664b6f67c9b46e8e2cb424955","sha512":"78519983072a6fda149d18a720560095e8b0f3f3b7638e2d379798cb95b6c4f7423caa6d6eacdc2023c9dd1ae26e6c63784d204b07757a67195ec32d09213bcf","ssdeep":"96:k0ao/CpTBeLzTGNlTw6YakmD7+oAtPeY8ORtTzk:k0pBME6E4yoAdPPzk","tlshash":"07817417e01ab3fce8ec04e3502f910e367e0bfdd75605e8d0ae05240abd859f259b8a","first_seen":"2026-04-21T19:21:57.910322Z","last_seen":"2026-04-30T14:34:08.122735Z","times_seen":17,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/components/6714/contents?use_webp=1\u0026platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/components/6714/contents?use_webp=1\u0026platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:12 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=rgNDIO1Tlh0.vN8.6BwHOqA6OT89WuBolcaf4s8afus-1777559292.5125718-1.0.1.1-MlkJOv.YKD5DmhsNZbEMPATkthHUHl_Sa6m7oNJLxvi.QKdqhxT2_6zJofLrXp.1fZugjQHnZnwAzJi111fCfAM.BV.n6RMcPqJA0BbDIEg_ndom5OxVGaMxDDHY5jw7; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:12 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b4a3b2656c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/UnavailableMarketEvent-DRNaHNkz.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/UnavailableMarketEvent-DRNaHNkz.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/FeaturedGames-CW2_S--l.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 308\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"134-ogI7Mu/gaSUbw3U9XgVNqP9JRA8\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":308,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (307)","md5":"9870fec54e5fbcb85135c1a8cd743a95","sha1":"a2023b32efe069251bc3753d5e054da8ff49440f","sha256":"5ed254bfd9b4190d52f6890adf0e654d076d2d030f4d0065361e2443a2e4ddf8","sha512":"64a42a339ae62c76cf34425f0616dac05ed9e60e1a0be8b85a7664db68acfd13024b3339b53f0841a0a106344311d64b93e46be7d78bc2bd01eae7c3390085da","ssdeep":"","tlshash":"0ce07d0db004bffac0251cccce398b0d600307b8c7e945c391a920282b34235360ae9a","first_seen":"2026-04-21T19:21:57.974603Z","last_seen":"2026-04-30T14:34:08.128431Z","times_seen":17,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":13,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Bold.woff2?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Bold.woff2?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 119328\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"1d220-BHIY2fwArZ48Q9WycfEre1AF7BU\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119328,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 65775, version 1.239","md5":"72c5ce69ec6be829c264a83da64a2e52","sha1":"1d41672b48f709c38551a90af4e595042c2b5004","sha256":"787ede3c32fae4c0aaa517a688c880563d2b9b5cd73ae5b64cdd6761be123e97","sha512":"eaaf7d8e65d29d17cf34e3e9338eb0d6e4a417ef26b3716bbe12a93f42b7148047f43fd5bd12085de77df375b4b6ea694ec2dbcc8b5ea112914381c17cea63d1","ssdeep":"1536:1L+A5F8ZIFb8GMEhIlRXHN3cEiS0NMy4iV8cJKkbUnD9Ct0:1/n57FITXZcEiLN7V3UkgnBCt0","tlshash":"39b37cbbe8b3636e9ea4d39f18acfe72a1b33708d293890c1494335946a49dd0f511f4","first_seen":"2026-04-17T00:46:18.487333Z","last_seen":"2026-04-30T14:34:08.179132Z","times_seen":3,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":80,"dns":0,"connect":0,"send":0,"wait":25,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/lodash-CcEN8nAa.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:09.535Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/lodash-CcEN8nAa.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:09 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"28575-WsxJTBRlEtKlCWC0szAYfY9Owas\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165237,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (35298)","md5":"e53918cd15db0c036840a85302fffec4","sha1":"5acc494c146512d2a50960b4b330187d8f4ec1ab","sha256":"9945ca9976147e8741275c9065d17acee464bbb6a0eedf698585dd0150b6ead3","sha512":"50bca0b5b01773789b42723fd097f8d0114a694b6921ae5197f1c3d54ede439a7d1d121da65f2d631d74cc39e3698e7c9c3094e833d5dbde06c2378c991c230d","ssdeep":"3072:d/srcqn2yy41XoZhdu6oBM0hc8Uyxu0GMs:d/srp2nZ6/fayx0v","tlshash":"54f390c835d7f4a283a7287440bf084ff23dad65a84cc550e1aae0dd7db89198277e6d","first_seen":"2026-04-21T19:21:58.024455Z","last_seen":"2026-04-30T14:34:08.120053Z","times_seen":17,"resource_available":true,"data":null}},"time_used":56,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/logo.png?v=1773142319","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /logo.png?v=1773142319 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-30T19:35:18.687432Z","times_seen":14438163,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/pageBuilder/pageBuilderHeaderInfo.json?v=04/21/2026-12:12","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.729Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /pageBuilder/pageBuilderHeaderInfo.json?v=04/21/2026-12:12 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 283\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"11b-hSFLhM7PHcrTZvhH8p8Hnkf6T2s\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":283,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"a073ab68d03cc285a2ea057683b697bd","sha1":"85214b84cecf1dcad366f847f29f079e47fa4f6b","sha256":"22f8711fa180f3491a16949412c0f771411db6102c183564c592ae3bcc59dac9","sha512":"526285a76199b4a6719d986101a3ebc29b0ba3457af765836b38ce24ec8170528f62c647e3b7acc85f323b23634f3ee1dd05032de06798ec969cd0c7c4dbcc1b","ssdeep":"","tlshash":"26d02b3aac00ed7473d4d413d29067802040a409d744485c9cdd9f6fd3ed3851091b57","first_seen":"2026-03-07T12:53:25.048544Z","last_seen":"2026-04-30T19:32:29.859734Z","times_seen":45,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/AppSettingsButton-DUXAWyLU.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/AppSettingsButton-DUXAWyLU.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 385\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"181-Pz5siX0SZqJkElBTLDVxHcAjQJ0\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":385,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (384)","md5":"4a07633067575a8dc53d7bc1c397474d","sha1":"3f3e6c897d1266a2641250532c35711dc023409d","sha256":"0eb6fe5f84292764ee6ddc520ac8a621677f95eef27321f805066e6a56817fa6","sha512":"26562ec92bfca072c892b81b3cf9e90d8a3fc9f09c0f8a9030cf7a7994ebb3b94147d3af01d0e77eefde181a35448ad00767dc959e73db6dc8c2151a3c5a21fc","ssdeep":"","tlshash":"c9e0c0879081d3fe03d12ec1d60bc1053d166c7cc788a91240acb4617af41c6855f72b","first_seen":"2026-04-21T19:21:58.001672Z","last_seen":"2026-04-30T14:34:08.163162Z","times_seen":17,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":23,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/fonts/rubik/Rubik-Medium.woff2?v=505","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /fonts/rubik/Rubik-Medium.woff2?v=505 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index.C0U6OaZb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 119597\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: MISS\r\nETag: W/\"1d32d-IRtqibFKPVK3WJkOsSWyK1mW+8w\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":119597,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 65612, version -16913.-16451","md5":"e1d66943b13153cdb1527353c0e45afe","sha1":"a9515ac5e6bd7e7102f6bfb96b4563cdfdbb36e3","sha256":"d91486a1491eb038b6dd35b492a1141aa34ffae6d0b03233c8bde0688ee445eb","sha512":"cfe47c98025f0b03e2993a9a5557e08f494e811de0384b8891358ace6c1125e1253621fd354c7748757e4837753d584fac24c4c6ff2f8e00a43754206601bc80","ssdeep":"1536:6iRt/nPsIp7/WuFg+P74UVWVhJ+PR2dfdqzaOOMVjec1C2v4+veA:6iRtfkIZWuFgmrVWVhpdfdNNMVK/A","tlshash":"2af36b37e845236d8b71c5abb1782ddc61a4f62361e35f28f4a637e10fa51cd0b52ca8","first_seen":"2026-04-30T14:28:53.799941Z","last_seen":"2026-04-30T14:28:53.799941Z","times_seen":1,"resource_available":false,"data":null}},"time_used":376,"timings":{"blocked":38,"dns":0,"connect":0,"send":0,"wait":316,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/withPanelButton-aAeMPmmR.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/withPanelButton-aAeMPmmR.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/NotificationsButton-CRcMibFE.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"441-fSHXAcRYFX7shRY8Oi+ck0+BpTA\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1089,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1088)","md5":"00390da6d74e90c2dd3d0e554dfd3f70","sha1":"7d21d701c458157eec85163c3a2f9c934f81a530","sha256":"5a3735e14ff299003e3c8ab9cda80cd0c065eee8cca7ec4adbe61af665dd04cb","sha512":"e39954547caf1efaf4e91f5d6c23374b7e455a2582e877c40953ec72b27de752b4d10264776a71671e06c63fe072c1962a69e5c7d4150aa77fe8c187d0b48275","ssdeep":"","tlshash":"4f11f0e4f5c4adb1e0c40188577b2cb6719a32d9dce1149021b6c8da5fa90489a1e9ae","first_seen":"2026-04-21T19:21:58.107547Z","last_seen":"2026-04-30T14:34:08.118317Z","times_seen":17,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/Odometer-CVXFbm9Z.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/Odometer-CVXFbm9Z.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"3d08-MS7KptYtHMloLMxFuC+Usk0vy8U\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":15624,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (15623)","md5":"6286b6eec63e664202f79f9fbfcf1ce1","sha1":"312ecaa6d62d1cc9682ccc45b82f94b24d2fcbc5","sha256":"623b83e237aa8bc47bf2ae68d3a3d8af3caa348efa0f4b53f908742fb1176706","sha512":"7435bce30bf7b5e985aa1bb4d5e0055634e1a1bc44ddf8911439da67dbe6c287cc312256d7bc58b0dcb2c048e44ca909ce60d56c5f99eabf8de2cf71001ef583","ssdeep":"192:uAd7+NJtQaM1S0KCL529Xskmkjm6H/I7kauLPH7BNeSYpkYaSBpC7Tl+ea4PFD:iVQaM19K0khm6m6H/LPyFtX3HeNPZ","tlshash":"de622a89752272344393b2a055bb0609773f5d6a3809405db67caedabe32c19d12bff1","first_seen":"2026-04-21T19:21:57.981447Z","last_seen":"2026-04-30T14:34:08.163675Z","times_seen":17,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":46,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoJackpot.LKSeTzHB.css","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/CasinoJackpot.LKSeTzHB.css HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"36a6-ztoXkRTnlyGcFzPM0s6mU8BNOr4\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":13990,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13989)","md5":"60eb6ddf76d9a756f395ba7e73eebaa9","sha1":"ceda179114e797219c1733ccd2cea653c04d3abe","sha256":"c725a658c393efb947422c925ce2f83c4f547dcade0b93b44fdeb871deb0d6e1","sha512":"c1be903e5060da80437133d36928bb0183d1e65cd511d2a0f34a748435c8df315dc13916241fbe769c14e46e8247e9bf599e1c9a3b5261d93315130562cbbb01","ssdeep":"192:5aKQrrxX/YyrspdNl3qLq/1R9z7g6mbftDxzNfDFDfhf3fOfNf5flt/1ttTpFVFF:9UVwVELPhoEDaLDRiQ/","tlshash":"0e52dd07656f33b829ef653726f0f7cc9a3c4879c7126564a8d2a2194bcf9b006617ec","first_seen":"2026-04-21T12:24:49.084502Z","last_seen":"2026-04-30T14:34:08.150736Z","times_seen":24,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"go.cmsbetconstruct.com/api/public/v1/eng/partners/0/menus/footer_menu?platform=0\u0026country=NO","fqdn":"go.cmsbetconstruct.com","domain":"cmsbetconstruct.com","tld":"com"},"ip":{"addr":"185.162.229.2","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cmsbetconstruct.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Apr 2026 14:11:26 GMT","end":"Mon, 27 Jul 2026 15:11:23 GMT"},"fingerprint":{"sha1":"BC:B7:02:26:5C:2D:64:49:BA:9F:9E:02:54:44:E7:CB:83:44:B1:63","sha256":"86:F3:BA:F6:B3:CC:FF:4C:0B:4C:CE:A1:84:79:CC:8B:88:64:2F:77:4E:49:43:E7:6D:4B:2D:E7:0E:92:1B:33"}}},"request":{"raw":"GET /api/public/v1/eng/partners/0/menus/footer_menu?platform=0\u0026country=NO HTTP/1.1\r\nHost: go.cmsbetconstruct.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet1o61.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 30 Apr 2026 14:28:11 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: X-Requested-With,Content-Type,Origin,Accept,Accept-Encoding,Accept-Response\r\ncache-control: max-age=600\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=9hT6T4lirIHjI5qn6vbJYyOoIgyoRamgQ2n_5COT7bI-1777559291.6072717-1.0.1.1-xzy9n3DRwC9Nh4tvBYX.Ch1hwGwfnukPRVJUnM1Sc.5G2mOyCL0lUQ7EiCIfN2hr5Cwd07z754mJRr3tOcxeSj8QVT7dsGW0ld8g9khcOgcdAEychoCA7hZUCQsgvEDU; HttpOnly; Secure; Path=/; Domain=cmsbetconstruct.com; Expires=Thu, 30 Apr 2026 14:58:11 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f473b448d2756c1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":87,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ebc83ff8fcd1734747dd56030cd65ebc","sha1":"9f0c1144f04af583cae471450ac6553de1858935","sha256":"b601edea94680941aa0d853c35a234dd964f8eb58ec719504fa96c13c69de488","sha512":"955d1daa54a4fad2ee6fafb4373300efa01ecfaccbe21d09592e87a8b0d38951c2377ca8ff4aa40c86f8706b792b87ff8d448caf5b760d4394c801649fe0541e","ssdeep":"","tlshash":"b2b01205020624b90b11a5a5b0ac181011e1854060303062c949422943004482493008","first_seen":"2026-02-26T00:19:40.755654Z","last_seen":"2026-04-30T14:34:08.116582Z","times_seen":5,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/header.json?v=04/21/2026-12:12","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:11.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /header.json?v=04/21/2026-12:12 HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/en/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 225\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nX-Cache: HIT\r\nETag: W/\"e1-o5bX8SfuIDtHHxp+UHGEMY50Fj0\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":225,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"4fbc119c5c8514e3587fdfa01f205866","sha1":"a396d7f127ee203b471f1a7e507184318e74163d","sha256":"10279aa2fbd66a0c0140d4b4cf9a39b0c9bd14b18bb35f1bd6eb26eab355b9d9","sha512":"9eef97111b2474b705b496860ecd29c7c591ddcb79887d755e5ea7bcf2d578a68bbecdc54ce4f11954f679ff2b8b5cf060da8cd4287a78a1fc3a92fdfc6125b7","ssdeep":"","tlshash":"cdd0a73aec10da7073a0c413c18067801140e514d644485c9cddea5a93dd7891180b67","first_seen":"2025-12-24T22:39:16.192168Z","last_seen":"2026-04-30T19:32:29.919895Z","times_seen":64,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/FavoriteGamesContent-CvJnpx-t.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/FavoriteGamesContent-CvJnpx-t.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet1o61.com/assets/index-Ds8oq4WI.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"ae1-e3OgJJwg94gLxxSkl1jysro7VMY\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2785,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1707)","md5":"c2255a154e0ff0a1a2396567c13b5ed8","sha1":"7b73a0249c20f7880bc714a49758f2b2ba3b54c6","sha256":"4b836bd494d297c00e0f349545888b5600fc7e701b03bad65499ab450f2ff377","sha512":"90bb2514a027872224687101b8279bf50989139a70fd05e797da98bd152d1734ee8707a013c7bebc2aa2380f1ac6b6b64e8955fc46699994430cebc7e3d1e0ca","ssdeep":"","tlshash":"bf51941040445ffcab9eade61f27c0540976038c6241c13e6d795e3d3429a41723bffa","first_seen":"2026-04-21T19:21:57.949436Z","last_seen":"2026-04-30T14:34:08.143369Z","times_seen":17,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/CasinoJackpotPools-oN0RIPj0.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/CasinoJackpotPools-oN0RIPj0.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"3ac-RsvSnzRtSOEO/l5iss/spaIRAbY\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":940,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (939)","md5":"41f2a9242ff28544ed90865c5d55bbb0","sha1":"46cbd29f346d48e10efe5e62b2cfeca5a21101b6","sha256":"7212413eba593159f4cb7bee4878a6d9a29e59601692b06d2a4e2e22da973489","sha512":"421034b5fbcba83b2becd9d4db843158930e569c7f94b37ec1e06e0848580243275c66743d5a5f0193fcf9a3e19686b6a1bcf9674eb277f4b182bfc7c7fd103a","ssdeep":"","tlshash":"f4110b8bf02ae2f8d5dc08e080a4925b073e2f38f65042c0009c1a2d96b280af639b82","first_seen":"2026-04-21T19:21:57.925952Z","last_seen":"2026-04-30T14:34:08.15753Z","times_seen":17,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":62,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet1o61.com/assets/HorizontalNavigationListItem-DfugXUII.js","fqdn":"galabet1o61.com","domain":"galabet1o61.com","tld":"com"},"ip":{"addr":"176.116.0.153","port":443,"asn":199152,"as":"Virtual Data Center Inc","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://galabet1o61.com/","date":"2026-04-30T14:28:12.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.galabet1o61.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Apr 2026 08:41:58 GMT","end":"Mon, 27 Jul 2026 08:41:57 GMT"},"fingerprint":{"sha1":"D6:88:49:D1:30:D8:2D:66:10:E2:4B:DD:F0:E6:42:02:B6:C6:E6:0F","sha256":"57:54:F6:CD:5B:5D:1E:74:6D:D8:B0:AE:F0:A7:19:D6:D4:D8:BE:E2:D2:1A:84:02:0B:B4:2B:6E:00:3F:12:22"}}},"request":{"raw":"GET /assets/HorizontalNavigationListItem-DfugXUII.js HTTP/1.1\r\nHost: galabet1o61.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet1o61.com/en/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.3\r\nDate: Thu, 30 Apr 2026 14:28:12 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nContent-Security-Policy: frame-ancestors *\r\nCache-Control: public, max-age=86400, immutable\r\nETag: W/\"343-euVyyl6lGyKdvhFMEUyulYGazs4\"\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":835,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (834)","md5":"76ef23c84a3020dcf23be998eb3a43c9","sha1":"7ae572ca5ea51b229dbe114c114cae95819acece","sha256":"d808fa2e9952261123ab59b99bfe927d8f9eeb53ad7cc6b6dbec885d82da78c7","sha512":"1ff802c36b548d0554d1eba0ada6740e4c0a4702fbf627512573aef64eb8677b89417a070f75baa819e15ecf39de999110d0da889bb03f01c24dbf642c6108d2","ssdeep":"","tlshash":"ad01ce12f404dbbc9a2b48dc9b4e6045b2564affdf382ce1a0f4e0011a384467a47fcd","first_seen":"2026-04-21T19:21:58.095964Z","last_seen":"2026-04-30T14:34:08.14523Z","times_seen":17,"resource_available":true,"data":null}},"time_used":107,"timings":{"blocked":83,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-30","alert":"Sinkholed","trigger":"galabet1o61.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-30","alert":"Phishing Block","trigger":"galabet1o61.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}