{"report_id":"224a25d1-fd47-46b7-b227-95947c43cc51","version":6,"status":"done","tags":[],"date":"2026-04-20T10:36:00Z","url":{"schema":"http","addr":"galabet388.org","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"galabet388.org/","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"title":"Galabet388 | Galabet 388 Bintang Kemenangan Galaksi Hoki","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"galabet388.org","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-25T10:36:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"galabet388.org","ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-06-21","domain_rank":0,"first_seen":"2026-04-20T10:05:57.78301Z","last_seen":"2026-04-20T10:05:57.78301Z","alert_count":375,"request_count":75,"received_data":1593239,"sent_data":36196,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"WordPress:6.9.4","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]}]},{"fqdn":"cdn.ampproject.org","ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2015-08-31","domain_rank":3289,"first_seen":"2015-10-09T04:27:01Z","last_seen":"2026-04-13T11:11:59.825186Z","alert_count":0,"request_count":3,"received_data":249169,"sent_data":1371,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.ampproject.org/v0.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe1b81f958d86c98e88b86960a4dc246","sha1":"eb7c9593cf4980bd7774efec7f9579a9227d021f","sha256":"958c3f227881fbb4eebfe70f950f16384382a519ac0b708a073ae809205e312d","sha512":"bd2a0e6ce8551a58f83c095f7c1c071b061ac495337f58fda6b7e175344003a4687de1185d9ec87b1bfd4dd44fab2d6d54a6081b884c034bca5d6dac989a45da","ssdeep":"3072:dHxofahpFRKNAtM0sK8NQgU9SutUvDK3p9Pd+g3:XofahpF+At5s2gU9SutSDK3p9F","tlshash":"f524c5a53296b03247e154f5d4774002e3296998340b816cf8bceecb7ca9d86b1b6f7d","size":228175,"data":"","first_seen":"2026-03-18T09:15:17.810072Z","last_seen":"2026-04-21T10:15:24.363499Z","times_seen":431,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/rtv/012603032146000/v0/amp-loader-0.1.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7fcfc2dad8a5a21597675f84c0a2cec","sha1":"b43be391d0a3bf209b3f01cf0f29b68311c03ab7","sha256":"44c1a7b71b2869d83d2f5198514dfb2e60b49c51b1edad87daa2af977842b045","sha512":"cd2e09e595efa89578bc1b4358d69798fa62e91e52eb29ae72999b4136eb6a4d66a0a897d43ad136cb3070303e197a1c5421762c1348e6fff712ba30a49c8b30","ssdeep":"384:Eo39KdedznnHXcxZgulqaa5F4g5A4WR2vCk:F39KMdT3cLgulDa5F4g5A4WR2vCk","tlshash":"1a429360a50be2ac530342b488f5b956757ccd4fb8104075f0604eeedb8ae54bdbba6e","size":12361,"data":"","first_seen":"2026-03-18T09:15:17.817764Z","last_seen":"2026-04-21T05:39:20.95071Z","times_seen":367,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/v0/amp-anim-0.1.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"55b12ea4a5e5ddcefab1d262fbc0d8b2","sha1":"bcc63b9b719ee9ec94c0859d4e9876f05cef77a7","sha256":"e8a02555e6fe00cf4382691d569b602f62a67b6fffa922334f4348f2782b61e7","sha512":"bf62b120d5b5ad6b8dfb44e98ed42b9cf9f04719b18433aff98fa4b4e079f4a9c2bcfd3dc5d611710d184f32cba77187a56370ab76815ca4c7f8e680db0f7281","ssdeep":"","tlshash":"4971b8b872c5b5365bd63cd2446b5405fa3964363407c868b168dfcf293a85624b6f3c","size":3802,"data":"","first_seen":"2026-03-18T09:15:17.862394Z","last_seen":"2026-04-21T01:36:37.551139Z","times_seen":226,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/sexygaming.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/sexygaming.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 5313\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":5313,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"c5aee88302f1236b8cc069d281a05905","sha1":"048d3123ca73c3f9f4e432378ea4cfcf467de417","sha256":"ab8a18edde422524883a5beb8842c4008f032de7f45601c2b37d7e40be19ac98","sha512":"7a18e0b8691f451f47dd0cd7a91052abddc353e332a9a19fd00dd2e01ea45a2565bf23eb170fd940e989f12adfb78a18cc8cb9ce9d8c136665eebf3e7611fa7a","ssdeep":"96:aqQqwG/92LyPMnYMuvdjEnGg4aD4Hn468sZTbZCzN6idRw:aqNrwyUYTdjCg468vdO","tlshash":"22b17d99eb1b58817e6aeca23cdb0bc385069082a415768b3ff784af1ca5155074f9ca","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.588576Z","times_seen":1186,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/bjb.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/bjb.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2801\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":2801,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"0c352bba8c9f63f53360785ea6b0b89f","sha1":"b69681d8e5dc381c3c716a0eff800c194865ba29","sha256":"cd619749431bdcb7d09e5a62bc4cd4ed17119e8ae6fe783cfe2b4ceb43d95993","sha512":"bea94e91a2dbb8cd33273be1222ebea8bfe1db00febe2d055a436fc5f5a5ecbdb23d2a61ff6e377215684024a8d2fae9b254c1cdc88835b002639c40d0780863","ssdeep":"","tlshash":"0f517c0de5853e079418c6927dfe60221c228980c6c0ea57281fcc06bb701c94f7bcef","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T11:25:43.005247Z","times_seen":1017,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Daily%20Wins/Gates%20of%20Gatot%20Kaca.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Daily%20Wins/Gates%20of%20Gatot%20Kaca.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 14856\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":14856,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"b6d941c49e93465afc57ee4abdd1899f","sha1":"f325aa4ac4e810c389665bf96931e46032e22766","sha256":"f30f08084ce92b0b1970d93f068845a6dc6c855f51d722cd4fdd842c2cdd3c76","sha512":"13cc45d9cad03a5ee2f33bad9071691964f0b5875983a895868f4e2afd854708678000e23641375c3771d95a24a2fedbf9735a48588ea3c664508e042019dcd4","ssdeep":"384:WIVEwXoukElguieoxkIrbtht/l8OmtMEki:WILoluieWPtz/mNtMM","tlshash":"4f62d00b3f226ed2f368607c6632432d5b5e4d70ae42817d1046ab0e97b0ef31a72156","first_seen":"2023-06-16T01:19:13Z","last_seen":"2026-04-21T01:36:37.554082Z","times_seen":593,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Popular%20Games/Mahjong%20Ways.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.578Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Popular%20Games/Mahjong%20Ways.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 36181\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":36181,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Macintosh), datetime=2021:10:21 18:50:58], baseline, precision 8, 200x200, components 3","md5":"540e5241cdea133a269685d02ed68e9f","sha1":"d00610e7eb188d7443a4628be6f5abcdb7a05d44","sha256":"1b07c49de746084a404bf269f5a352d28732b5b2da9581505f96a591653cca33","sha512":"dd376d627e63a80e092c9d27012f7008ef54d86c41bb24be60d905514be37a19bd9428866c7a3318a382a523c8219afc74c038d429ca8bd9ec7326123cebdf70","ssdeep":"768:BYyPQcWCGuOxPOHorvnQDi+W12uZyST0WHWBpLEeKnokJii:BMyXiOHoii+W12uZmWHWBpLRKok5","tlshash":"59f2e115fa219c22efd0ccb859eec2ab6383579137e38db5f9ec980163508b44c4a64b","first_seen":"2023-08-28T19:14:53Z","last_seen":"2026-04-20T10:36:02.830805Z","times_seen":577,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-telegram.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-telegram.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 332\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":556,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"193daadedfb7fb6a571634dee8c819f1","sha1":"8d5cf7a9247264f324a01fa1d29b6ce6581a2622","sha256":"b1ddff6d40894a418ca2c4742a6e467562d92162fe293cc72e227063f6def10a","sha512":"ba10d810af36d70c542d5e23257f03eab91eeb11acdf8308a0da23e9c0cbc60d7d42f0289978639ff6fb4bdcfdc38b1b34898de36ebae5b1ec933c4ab770878c","ssdeep":"","tlshash":"71f08b29d2080a33a74f06b96bc0b9a524c4d589e8d83594b0572972b42efe1702b3ad","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.552128Z","times_seen":1054,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-beranda.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-beranda.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 443\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":817,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ae4748bb18effb78dc6d98f8d909790d","sha1":"fafd86eed959576a9175425578568aaccc0b4a71","sha256":"e674d994d3f0106f9d9603e4649fcd1927778b37542752c43f087c01b21fb008","sha512":"dd72ef50dbf2156f2b976b4b478e018d92d88c0005b6fdc394ca443fa3feb8aec149d10c28808442673d58e2c9326fd8cf04eca38372da27180c305524f785a7","ssdeep":"","tlshash":"4c01ab3343c90e39c9681718d5f419513189ccfae2b0a5e8ea83681ad94dd6120626be","first_seen":"2024-05-01T03:50:06Z","last_seen":"2026-04-21T01:36:37.552574Z","times_seen":1334,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/slider/slider.webp","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.568Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/slider/slider.webp HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/webp\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 102024\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":102024,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c4a2f9e72ed311d028c785099baf3960","sha1":"7ee676df25ee0a931808eef0eed4ad103f7a38b3","sha256":"47ebb2485930f714adaac6752a3cd7cd78cae980a8ce345f226869fe8e2cd58b","sha512":"2a4bc9ba6de11875d5232b938700ed5df9d2c75387b12d4692958b2a95a9d7a06757fb867f5f97f608c078c78f8b6604befd010ed0998df8a81682243f1606f9","ssdeep":"3072:tUnssucx06Aglxh71HABkA7ZuwlkC3c9vcA:tUcg06blxbX4ZdM9X","tlshash":"fba30295ab805d00e185617ef456d0a7a67567a3bf839048b8fc887b2f113f8c753c8b","first_seen":"2025-11-11T02:58:30.875448Z","last_seen":"2026-04-20T10:36:02.832626Z","times_seen":15,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Hot%20Games/Wild%20Bandito.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Hot%20Games/Wild%20Bandito.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 37995\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":37995,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Macintosh), datetime=2021:10:21 18:51:02], baseline, precision 8, 200x200, components 3","md5":"cdaebe9c8be4086ddc5ee2d93c1a63bb","sha1":"ce8617450b7e8d7678d8bc303cd0e771b801f93b","sha256":"62bd30ab434a0ee6d0dbe6cf21099083c195681c70acc29b19407339ffcfe0dd","sha512":"7fc4234bc8ffd6777660755ee6bdec59e661b66c688a996df9453e585f036041b3f918ff3cfd28b42d8fba2dedb3d3d45d7eb9c0f9480fc1c87e7273e4d0ca85","ssdeep":"768:BYyF3s3x/O1Wn9oQwlP4Oq5aWNL/R8yjslJsZ9fEj:BR3s3x/O+9oQk4T9/Bs3sjEj","tlshash":"7503e13f433bae21f6d19a7c59dbe5b11363d712a3e61b10742d5a322770df0ae8a250","first_seen":"2023-10-19T09:39:50Z","last_seen":"2026-04-21T01:36:37.537596Z","times_seen":557,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-whatsapp.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-whatsapp.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 680\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1281,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"20b4ab5a4777e715525f59915120cc49","sha1":"e2433d4b70dd2c1636c613fe5d8e9c019423ef29","sha256":"0db788251d2558d029d2873096b3faebb0d5c8381d23e67b12926fe4032b2751","sha512":"c155bebea1e2e02d911e68d27130833473e493df80aa74261a43e449af53b36bf2d362f23644a07010e16996caa2049809ccbc34ca952034d7a8e4b1d5f7e440","ssdeep":"","tlshash":"aa21bb59c3550b32abae075454d4186435848dcc64e835fceb2b84a1f46cff960563ae","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.574663Z","times_seen":1054,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-slots.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-slots.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 843\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2162,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ef0e4e782cc54cb0d60cf0527e048f93","sha1":"c500e4073082982156fa0be7ad7bec3bfdad87ef","sha256":"8815a05be68a8b3badb9c9249133856d872cd28732fb31f413281d4fac259aa9","sha512":"49a3ef902d5bae46b6a7a99d60fad3a021ee03b3104e8463ccd8fd4509400a3a73f8427168a7d0fae46363285d71ea819898ea8e328ff072fbc0e426acd45d2e","ssdeep":"","tlshash":"fc414a3b03039ddaa99a8f605a39258875e0dccbf87595d4ef1b3826e18c8c27d6c394","first_seen":"2024-05-01T03:50:06Z","last_seen":"2026-04-21T01:36:37.555554Z","times_seen":1335,"resource_available":false,"data":null}},"time_used":150,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":150,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/habanero.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/habanero.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2924\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2924,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"6fdcf2c4077e1a01c1387becb47eab76","sha1":"9e644b73bbfbd059798cb3f38a50afbb6d51c947","sha256":"063b0b0af325dd011bb3cd4f69e62c3ebb3e2a8033a9f255552a1ee6a47cc842","sha512":"0519f574e77eeb96f2b534b554d6e52300fdaa50c27711e3674e8b22400534ddf89a3a2e2d029b3e455f98423d4a1433964cfc05abb7ba29d32425256e1fa9b1","ssdeep":"","tlshash":"8c513e4cbb83da0ca18c7b521cf65106a71385869c81b8b4ed4fe40f4c70aeb5d5c9cb","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.578744Z","times_seen":1192,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/cq9.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/cq9.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3806\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3806,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"bf1d52938982261ddcc79fb95c2a67f4","sha1":"f51ff53053d641f7cf4bde754fc958e48d682656","sha256":"c919e7e1680f99113b1a2d673dd57218002ba9ca1b020c51d5aa035778038ff7","sha512":"0d5e74d3d48092626a8c2cee6fea119b29efab3fdf5aebcfa3a61c26dc02cd7ccdbf9e7655cfef3b9effa0fb9497338516bd8e03a85680f100bc286aab7eae7f","ssdeep":"","tlshash":"85716b68e6422841968cf5d6a4a81c637d2f00400b90e930c4dfc46a3eb6ab14b9d6cf","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.579503Z","times_seen":1190,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/idnlive.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/idnlive.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2538\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2538,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"57238310e793f343a2749339be32a3ac","sha1":"95bb671a06008427ede2e08a5463dcca1562a644","sha256":"620a982845b3e7a490990f96b64c2c594bb4d418058873c2a3691e2d86b0cb07","sha512":"233da09c46f08c7b3c28d84317b19761490a6f28aebded877ac5941638cff99a7ec7ab61dcf2de28e71904a131a3333d1f4a8eee2e1f07fc80be9b90cf5a1ef4","ssdeep":"","tlshash":"4d512cce9a129a428aa9e54724e80011862b0a414860afdcf54bdc972d7617f416b7de","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.540788Z","times_seen":1087,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/webfonts/digital_sans_ef_medium.woff2","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.559Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/webfonts/digital_sans_ef_medium.woff2 HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet388.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: font/woff2\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 18996\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":18996,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18996, version 1.0","md5":"dc2a66f13fdf60d43127df9801e9df85","sha1":"095f2d59c90b4a635288ba3079da4fc50fcb1e9f","sha256":"3815eba1b61f8c9bc806b74b1c58330e07fd1e5f4c31b13785348e0a6ce4c03d","sha512":"e816142e560817e32011e8d8e3474dc35e430f830214599f1cd07358d7d6ca7d07a55cf777970e2db9b5d4bec5790212caf824ec096e7a5a1beec8ea5e770cb0","ssdeep":"384:p9QVF9GZORJSxgl/w9lCfUEVuccPVDQtBANYGPXxtwS03diYXH5XIg:p9QVF9GAJSM/w98fUEVeV0tmxiH3d9Xz","tlshash":"f782d0945e483b0ebce5d941c65706f2a9bc5f480a0f56358ea9ee9c8deac6802f1854","first_seen":"2023-04-17T17:56:06Z","last_seen":"2026-04-21T06:29:47.677754Z","times_seen":868,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Daily%20Wins/Aztec%20Gems.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Daily%20Wins/Aztec%20Gems.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 12140\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12140,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"d5430d981259a0543e11deab7e627669","sha1":"a54fddaf8962dfb31027f79b618c5e6aaf4b1d16","sha256":"2e43afdc85f332c514a301ca09da50f19a8acba41618971c1c1ef9c8d627114f","sha512":"ebe3479fd65dda21055b9ceddf8277b79ced7139ca91c21329dd98226bfd8e5f8ae10a7ca13102b609c22837229e3db4841ea37bae874a4374d468ee4b5b96bd","ssdeep":"192:WfZ6y7yjxJYgcFkZQen+cX09gDCLm0c09IRYcQeFm041H0yPOZzTY6OUWAfEw6c:WMcg0k7X+gDyCRY1jLH0nZttExc","tlshash":"f042aedb238b6c80b7c9503476a2256015894572c785c3b5741d9318dca8ff59afeeec","first_seen":"2023-06-15T15:03:24Z","last_seen":"2026-04-21T01:36:37.589207Z","times_seen":571,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Hot%20Games/Fortune%20Tiger.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Hot%20Games/Fortune%20Tiger.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 14616\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":14616,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"9e8d4155d97acde9934130823474a3a1","sha1":"806e4333d093f4c1f95d2183f6a334a5e07993c5","sha256":"090d0d06a07e6bcb16e627ab4108bc7431e1de273faca628c300154b39937600","sha512":"be2babc3dac132dcda6fbfdefb52540cb160ca22f7c231d9220102f47b3171cbbc65e9969f27610b5e9350904fa1fcf91ef5a4f0d53fb839841a248a46fc68a2","ssdeep":"384:WFhRJSrO6BHc20xf7QY+8VQMe7Yqfc6ZL:WPRkKb209H+8VQMCYqzN","tlshash":"0362d09b9a51f969dbd6c9d6aaac231fc5036654ae60e4ff5410c9c4ac30cf8600e2b7","first_seen":"2023-11-01T07:44:49Z","last_seen":"2026-04-21T01:36:37.551662Z","times_seen":551,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Hot%20Games/Treasures%20of%20Aztec.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Hot%20Games/Treasures%20of%20Aztec.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 36283\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":36283,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Macintosh), datetime=2021:10:21 18:51:02], baseline, precision 8, 200x200, components 3","md5":"5b52d1c6a105910c3561a861290b0d31","sha1":"08e6184833a6f5ffb9694a5e6d6b6f9911f6039a","sha256":"fe74b914911ce1a3606028aa46a68b776add2f48375710ad2c019ebb850aabe2","sha512":"4b516fda8690f9d1b07c9c6a1d9fd435b48d57d286e8f43137b857777b9f8fbdf9fa03c104697349d69b5ca178d71097b75b85a4714b71aaac3844314294ab78","ssdeep":"768:BYyOOjj1b1enHm9NWW4qmDAKUm0dTfyPEqmKzsoy:BCO/B13NWzzz70dT6Pzsoy","tlshash":"96f2d02bbf76ae00ebf5e93550d9a3f2f61663c4c32159a438de92223764ef00d8d185","first_seen":"2023-11-01T07:44:49Z","last_seen":"2026-04-21T01:36:37.591378Z","times_seen":557,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/bni.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/bni.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2408\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2408,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"f974c6e54d22a2874c8bd0a5e0dd6280","sha1":"c155e13074e0908eebceaebed81db17d3e67f366","sha256":"1c0d8f733026c0d9d8ea471bee766e2398937de1b9c02d023c015757a425cea2","sha512":"2db584e2104003fc6ade26feaf40e73661cfa04128071ce9627865e57006b7514a025ffa7265a6d206aa53d44c39e9d7ff7bb2e8345dc31b9dafd6b26a9e924e","ssdeep":"","tlshash":"df410a4cb786a480e1cda69310ea4223c9154540ced6f56b541ee80b89681f8ddee5cf","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-20T17:49:56.198394Z","times_seen":1067,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/tri.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/tri.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2116\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2116,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"a9332787c6c2381c0a4a5d6211e61883","sha1":"8b7837da9a9f5ac5a05479d256620f6c106e8235","sha256":"86a466018abf53f7175f4909de0826d5a8d405082ac2355b55d7d196fd47d2dd","sha512":"b7493b3a7b53cca8e2f63e5d6788d26b3b8c5af4adedc51d9db25fdfcff9a84d44af024762596b98e0ebd79278bf1d653cfa1e70b5eee6cf2c2ac3b1622b8f1b","ssdeep":"","tlshash":"2941e998d5631c41578ae98b28e14b278a0249c0d5b0c55771bbc04f87341fda8ae4db","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T21:11:29.542816Z","times_seen":1074,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/telkomsel.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/telkomsel.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2728\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2728,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"ccfef8b817b38862ea38cd51ad5eda48","sha1":"7bc6d8db79a495b725ad203aa9228e9178b8ac0b","sha256":"1efc5dce3145bdeabd5c9549aa768207802f3d94f85af872e74e936dc6c6e32d","sha512":"dcb90a21a291fb3d2bafb121ecadd54cae3dbc1972a5058f943c9e3335fe40efd0684adce586a469094a3e9bbeb73f89942c2da48a363ff6e9ea8351cf168002","ssdeep":"","tlshash":"ab510ac8f9856811b2556d9728f86037ce095880cdf0e09669d7f122687c1fdddadcf6","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T21:11:29.534556Z","times_seen":1078,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Daily%20Wins/Gates%20of%20Olympus.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Daily%20Wins/Gates%20of%20Olympus.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 14369\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":14369,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"2a5270b2b2f24c3d1b996491a7226b24","sha1":"3d4eafbcb6b4d2ef4ad254e9175b38e414ef7bea","sha256":"55c23f1ac60f17d62b6b4792be068e222369eb47c82af2c9333eaaa35798e57d","sha512":"527ba9f3abe91148e227d89d6ee95a99e5b5b2065d2cf84e518da94334d9a563b3caac6e286934e788b9e3b8c6d3d87d77fe295e10f10829778e989d34c95257","ssdeep":"384:W86hX+IN+2mCKmrvPf33tiaVp8hZ92Ie/wK7R/rw:WbhOIY2mCxHvHp8N2Iex7Rc","tlshash":"0e52c006e91358502fc0c5f4b21914372e4d260e6cd2b87c3fe7995fab89ebd563c896","first_seen":"2023-05-11T11:12:18Z","last_seen":"2026-04-21T01:36:37.582524Z","times_seen":686,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Popular%20Games/Gold%20Blitz.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.578Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Popular%20Games/Gold%20Blitz.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 14626\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":14626,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"4c7255718b06a51c8238ef68edaed5f0","sha1":"9b730c37ddeab014ee45199590c7a0727b3dd921","sha256":"ee073babb86b14964185344465e2e8d4c90c89d0b46333544612cbda093e7f94","sha512":"d9be52ef404761100967c4bbab3e7ba33c483a31653ab88c2a759261069be4d5f63c376c3b4ceb3041809901cb11f03795b0dd2faa7a8739cc4d00dcb1ac9a14","ssdeep":"384:W3wVwYxzWEfsJPs7z57sVPFnk4Pexm44b:W3wyYxzWgsJP+z5Yzk42xeb","tlshash":"a662cfdda63e8419ef3fdf0186f21a720783046425b9d8252db6d54fa2b0c33e4a12e7","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.586173Z","times_seen":536,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":193,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Hot%20Games/Rooster%20Rumble.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.587Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Hot%20Games/Rooster%20Rumble.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 15690\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":15690,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"5e43e0a77b2fb0ad323d2451a12720cd","sha1":"2cacebfe6f62a24727a46f52f1f58ec345573c92","sha256":"6c382bd48464e937b1106be97eb08093ef901d579fac6258f19ba0d3ab2cb4cf","sha512":"046784eba95cf9470b78132e6bc2462d913d291df90598d7080a5ad503ed6b00fd43953285a2fdfd124c904d67abe840620567c525e9622f4b3f8e595acdca18","ssdeep":"384:W4A2OUMo82n2jZm3jB9b9vZY2JLV8ppWcsUI3E:W4A2HMoYjsjv9hH8ppWcsvE","tlshash":"9e62d15ea7820547eb1c6b30abfb24552b748861e5b988bf48bd213b6431cfb1f14047","first_seen":"2023-07-13T17:43:13Z","last_seen":"2026-04-21T01:36:37.555016Z","times_seen":603,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-sports.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-sports.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1290\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":3348,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0de92a71fbcd1cfe5594f9b569c655a1","sha1":"17f920aaff1dfd8bc5ed654dc95e881ec9885439","sha256":"bb0b9d56610645ce9c731054fbe64f5ef0d5a7925e5b7ba2ba954954ed61f5aa","sha512":"8e4d110ae80609974b584c7d2439a0a96ae2ca0710bcf0625a79fadd14a81e640a820e339ef583ad869b4e6d45017e7b8d00903d9ffffd6de01e8f95743e9441","ssdeep":"","tlshash":"1b61ccbb13fd511daf8f4304895a1683179d94ea3269e9f5be0df830e0239b0d16be94","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.58397Z","times_seen":1304,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/sabasports.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/sabasports.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4713\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4713,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"1f3020b661a06afe96a458859c3c7cff","sha1":"1a2bdc2e90543265d04d42670522c53105f5acbf","sha256":"ff82fe6d37d4c0a8714b16d18ce5d08f75968e686e1b71c30a783124f7dedc59","sha512":"2da36480856b22b46cc5b39f81ce86787b0ba260b9ebece4a715075c9bb48dbb90acd45b524ed317564f3f9060071ed0ff1ed454aa86a3ca935d018e015541eb","ssdeep":"96:aqQ+8/tARsjA+dRXr2zC0kyUh/jIDuseHh46WMy8HOM9TORnAy:aqz8/OejA+bXrO3ky0/jseCZMy8HOMmh","tlshash":"c1a17d0cf75eac09354268c230f9914399500df4c86a902af504ecdb2ab83f9ca9e5ef","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-20T21:11:29.510995Z","times_seen":1170,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/danamon.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/danamon.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2368\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2368,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"3838d4b8102304883356ccf668653507","sha1":"65c93b99f83f22c41e339cfee892f80d6a0c1294","sha256":"73b1a331ae0d571fdfd8fd37b2d8b61d7bc40b7d5da1cfcedc36bcde48483f75","sha512":"edd8c2d85ed9345f153ba92047cc995fb15c720a6f7e7d8caee162e70c519d021abddf5abf988c5ba54c66702fa8fcb64397b9bac1c01223f555ca8052fd5099","ssdeep":"","tlshash":"b54108acd562d801964fad4030fbc33d8a614b409de1e10ae8adc16625a40ff6c5f0c7","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-20T17:49:56.231578Z","times_seen":1067,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/webfonts/fa-solid-900.woff","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/webfonts/fa-solid-900.woff HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet388.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: font/woff\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 98020\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":98020,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 98020, version 330.15794","md5":"11ab924cd3a31049313c1fa6a0a8b148","sha1":"df1c5d66f19e27560872a92c8e5983c7e115faa7","sha256":"b614d12e82c153e54802675a5202ae8bd0be748a34f6b5815b77f2c9f3207e7a","sha512":"22616a1b54e281da4c80385e620c35f66762583117a5a1dae55296b7baa35fffb0562bd4f352b4db1d297c439c1bb49f4fe49bf6b803bc0a34fc6c305108a1fd","ssdeep":"1536:rJaqmnUz6+weA2j3iwd82gYuDM+Xh/GAm4UIJYSKw1tKzkwQZCkUCphlq37PRTD:cqmnUOTMj3td8bYunh/XUIlF1SJQZeCc","tlshash":"ffa3134167366ac08e9cff41c2f9076fbd976d9c04a0abc8afd1ce664db4901359b48d","first_seen":"2025-05-06T13:29:15.252787Z","last_seen":"2026-04-20T10:36:02.842628Z","times_seen":201,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":127,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/v0/amp-anim-0.1.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:35:49 GMT","end":"Mon, 22 Jun 2026 08:35:48 GMT"},"fingerprint":{"sha1":"64:36:03:BA:E6:36:1D:72:CB:98:C7:11:D9:8E:7C:1F:6A:03:40:33","sha256":"76:A3:36:B6:E9:D6:FC:48:B6:5F:E5:E8:12:BA:E2:18:57:74:80:40:92:BD:73:3F:C0:FA:D2:FF:77:5C:20:44"}}},"request":{"raw":"GET /v0/amp-anim-0.1.mjs HTTP/1.1\r\nHost: cdn.ampproject.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet388.org\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncontent-type: text/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"amphtml-china-available\"\r\nreport-to: {\"group\":\"amphtml-china-available\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/amphtml-china-available\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 1675\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nexpires: Mon, 20 Apr 2026 10:35:38 GMT\r\ncache-control: private, max-age=604800, stale-while-revalidate=604800\r\netag: \"abff27f00e178db5\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3802,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (3688)","md5":"55b12ea4a5e5ddcefab1d262fbc0d8b2","sha1":"bcc63b9b719ee9ec94c0859d4e9876f05cef77a7","sha256":"e8a02555e6fe00cf4382691d569b602f62a67b6fffa922334f4348f2782b61e7","sha512":"bf62b120d5b5ad6b8dfb44e98ed42b9cf9f04719b18433aff98fa4b4e079f4a9c2bcfd3dc5d611710d184f32cba77187a56370ab76815ca4c7f8e680db0f7281","ssdeep":"","tlshash":"4971b8b872c5b5365bd63cd2446b5405fa3964363407c868b168dfcf293a85624b6f3c","first_seen":"2026-03-18T09:15:17.862394Z","last_seen":"2026-04-21T01:36:37.551139Z","times_seen":226,"resource_available":true,"data":null}},"time_used":569,"timings":{"blocked":262,"dns":0,"connect":21,"send":0,"wait":18,"receive":0,"ssl":266},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Daily%20Wins/Starlight%20Princess.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.574Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Daily%20Wins/Starlight%20Princess.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 14743\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":14743,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"7c1218ff87b647bf07765c7fefaf7225","sha1":"a68efd7fcca23220e95ba69821767e70df60bd0e","sha256":"e8d03230cca4042abc8dcb206eac74de2411b5208f73bd10c37e9bc1e95b9931","sha512":"c940268ae7fa266d74d396f8ee46d2cf41c238a14b55a5ef331e23f63aa7c22fb2ce89a0767564776e10caece960fbfa109a4ab2e02477fe626efd7fc8bdf0ea","ssdeep":"192:WTZsOCnUhrK9slgWaApEw/KhxpAHt/+sEMAtwbgrpS82EuD5nNF9ctac1gdGvCcF:W6OHhKKzS8LVAycrpUEuVNQ12GC8JTD1","tlshash":"0762d004db47a5001f615de7609df21e6f96cc0248eaa875c4de54cfba21cf2dab88cd","first_seen":"2023-05-11T11:12:19Z","last_seen":"2026-04-21T01:36:37.584697Z","times_seen":630,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/logo.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/logo.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:34:55 GMT\r\naccept-ranges: bytes\r\ncontent-length: 12680\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12680,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 99, 8-bit/color RGBA, non-interlaced","md5":"52bb0ffe92efba4c16fdd15d3b233f00","sha1":"8c9773c9089ed62d6b985aca3004934b5977476f","sha256":"cfdf583b3563bb8020e3d8da7e6143d63ad23190905a6869e59e4d74e7a50c0d","sha512":"fc9baeda41b9e5c518c9c6a004d42ab61f924e2550f46da47985d82438552a763706b994239ec4fd28460d211cb781849dd8632fa035ab0bffd123b9acf55422","ssdeep":"192:YNxDIcc2ihSuevEyaSU4dfJrrh2ibGmCZgvjRcoyVk5IzDMfrBjSiVDZQAk:YZcVCvfLdfJrrhZGmPLhp4ojVVFQN","tlshash":"e142bf6577627c418f99d7b865008520f08e694956d27ac4ff8f86f35a470f813ed34e","first_seen":"2026-04-20T10:06:02.600509Z","last_seen":"2026-04-20T10:36:02.844075Z","times_seen":2,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/mandiri.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/mandiri.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2442\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2442,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"e81bd4992f0fe10cad81a83263d92ef7","sha1":"08b015eb1504581d3b9c858fd6770047b3698f70","sha256":"6b00a56d5961243a4cf2e0c59cfae414a8b3b528c7778eb3fae99e52a64913f9","sha512":"f9654ae9fb05790b84233d161227d0838eddb5225e3ea730dbdf67f15c1b2762cd06217e51faafb769c3f1fc38dbced9cb982f015cd6f5fb7a8037cfc4e329b8","ssdeep":"","tlshash":"b4510b8bc1d78d4147e5ca9131f2505f0d5246a0d7f5d029f98fd051a6f82f92a148d7","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-20T17:49:56.248557Z","times_seen":1065,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/dana.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/dana.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2386\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2386,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"0ac7748e31189f27ac5971efcd30a7eb","sha1":"dd29489b4fcd79567d7c278c3eaf6388a76c77a8","sha256":"5c92696fd590f184864bf00db29cb20da1b443dfc93f8377f14461f35b09f547","sha512":"b62c34f57eefae9fd1754964e314dfc792c7466baef2b08c7331889b47a222f0d981f8a03de2db56fa97083e90bed1d011cd9c655fffe7e5f0d84ea82057a3a6","ssdeep":"","tlshash":"2b410ac9f512bd2166587c825dcb81378531808448f1f922989ef04dbe782eabd3cde3","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T21:11:29.539424Z","times_seen":1082,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Popular%20Games/Fiery%20Sevens.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Popular%20Games/Fiery%20Sevens.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 27163\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":27163,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=11, height=300, bps=146, orientation=upper-left, width=300], baseline, precision 8, 200x200, components 3","md5":"10e8279bf8c431e23989b966538d6240","sha1":"f02738b684b862addfe313d8b0443613f2c00363","sha256":"3e6b98125978d8987a5baf20fc7318504967be092124f2ce73c7a05239086c97","sha512":"4050d19660f0665ad1fb77671e3d370ba8d0058e3dd40fbb1df71e4c2d96efd686c86ce73df15d02a6ae84e34be1250d0196b892be446753703448c89b46face","ssdeep":"384:4lgo7WgeoVYUcREr+do9thnrrYRxszlTDZvBLDqa6im1MtJKzUqEt7Nb2q:c6ho5cW+dAh3YRxsHvBKijv77B","tlshash":"1cc2d026fc612c21dba255f2b961d6679603477c8983d9f778dd0a633f308f20e18da2","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.539248Z","times_seen":536,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Popular%20Games/Koi%20Gate.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Popular%20Games/Koi%20Gate.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 38115\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":38115,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Macintosh), datetime=2021:10:21 18:44:43], baseline, precision 8, 200x200, components 3","md5":"b6bdad4cfd8dc937a21656947fbcf9e0","sha1":"4cca04b10743b1327fcf87576ac69b6376eac02c","sha256":"b189e4557c803ad30a184bd9bdffa493b22b3d1edf7f801334cf846f21fa6576","sha512":"406bbe5c0244f078664cf28c1e3d8f98ed33feead15d8e3bc6ad1c58475ab98340cc91161c92820b0ee215796007e2df345b4a94824074252e6c79fc1082a7df","ssdeep":"768:BYyaFehe0FXvvQJmkqB8b2k9gADvxBBlzngPvjs7mj5guWVVElr:BWFeAIvsmF8bX9gExBj8Pvw7mjHSVElr","tlshash":"3e03e135d225fc52eea1e878a0f96b673796e368f2231533f44c88033ba54f1850ea46","first_seen":"2023-10-19T09:39:50Z","last_seen":"2026-04-21T01:36:37.549196Z","times_seen":531,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/favicon.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/favicon.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 148803\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":148803,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"866292960d552de6709ff0d6d881c167","sha1":"98d86faddf5f6fc69c70feaa247902f1d4a84542","sha256":"728274c2d4c88e26975754e7d965451829c41d6ab6db151d75473ecfa5474e0b","sha512":"c27de2396c6b8cad941d2cb0277278754ae455e4742ebdcf281f6220d332bde2f0c4fa0b70932fa2f870ad459730c886b8e418940cbaaa7e26397a5d7a4be6e4","ssdeep":"3072:lO3kEMsmAVfhs5L6I3TDU+r4uCzatOZQ1F5EWcY76wV8bj3rjzNP+5+KF:lhEMsf1hjIDI+r4StOwTBWG8bL5P+/","tlshash":"d3e323d13b697d6ceeaf69ab18d58693cf08154d631131317f1f10f0752319a908edab","first_seen":"2025-11-11T02:58:30.863407Z","last_seen":"2026-04-20T10:36:02.846953Z","times_seen":15,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/pgsoft.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/pgsoft.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4565\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":4565,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"07fdf68f6b80703be8dff396a5a89029","sha1":"20f259c2d1d5d61f611079cf2a0b9d15166208b4","sha256":"9c318ff5d70915d892c4f289c1e2e8c7008341feca61bb191df37cbfcb43a28d","sha512":"1e3dd3c89973d138ea3706b02b76f9e8c1450b01b01a9c6e51b055b445cfdcd154be5080004028b53a6ac3d7e629aa54ee74e12191081d287620e89cda2c96e1","ssdeep":"96:aqQ5GZ6y9rpNUfJRttoj7YA9IF9s/IPqeW+ygQdnvW:aq3p7YkkAqF9QIPi+y/e","tlshash":"1d915c4df002842536c6ea93c4d3f026a8d34dc1a5d5e72602ab881aaeb71a75d5dbe3","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.571161Z","times_seen":1191,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/ioncasino.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/ioncasino.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3220\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":3220,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"f52b79a28e4fe23c2d7034200ec49243","sha1":"9e7090b05b1e04a59609aaa74023d254829c9b86","sha256":"2f413a04bfddefa9057a4a1c09ffebb389b048bff9a62717f64a292f2257d288","sha512":"a869da32caf575eed45a705779742b96901ea431bc4722131c930c0909359141abaf346ae6d43bf29a67235d8f8ff3f4c2d8a6eb86932aa52671175129dfa8fa","ssdeep":"","tlshash":"1b611a5e9e119c0d785ad94138f8a09bc632c144a870e905bad29d2bbd342fb9495cff","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.581072Z","times_seen":1184,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/webfonts/fa-regular-400.eot#iefix","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.562Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/webfonts/fa-regular-400.eot HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet388.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/vnd.ms-fontobject\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 34394\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":34394,"size_decoded":0,"mime_type":"application/vnd.ms-fontobject","magic":"Embedded OpenType (EOT), Font Awesome 5 Free Regular family","md5":"08021f07892f7751f2b8e7700043e8ea","sha1":"3bd6db7b3e30cc0061fc8ee5899d36c7e25bb9d6","sha256":"68fb3b23507a108a2509ddb7217716b83dfdcd02c8b002b497b084e715778b31","sha512":"bab56788f145d7591260698b9d243cdb647b030f5cd8101534d4d21ac053d3378b50f71f469de64f580f170a7fdac192d4948b9bf5fedce002ba1950c34df20e","ssdeep":"384:MIILltPRwpXUazLuDULbN1TH/uOlrk4jx3I+89AyI6WcRwkVcQUp:MbLDPXy6DO7/uOtx29uc5VcQUp","tlshash":"98f2196db3be8f5bc087d73e7a51e442b1726a15324366c1da8a7a4a3153bc98df020d","first_seen":"2023-11-07T05:16:27Z","last_seen":"2026-04-20T10:36:02.848915Z","times_seen":562,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-livechat.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-livechat.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 460\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":813,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c0af3bfd49ffc5ae11ba860786cda75d","sha1":"c598e7d6678d0fc928d2c6eaeff83f0b5311daff","sha256":"d1e72ffd39a829fe41c1a53795d8418fea166a070252308ea1098b0b7c2f74aa","sha512":"c65e0fcccaabf7def73e8618cfaed9eeecaf4a47698b732c3d185fc7397c9572d1375600545deddf2bd57aba69ef1049ff28142d2aeb861a3774ad0a0072f356","ssdeep":"","tlshash":"e8011ea8cb38cab0e14c1b004be8271335b10422daba9c0c43297d85e853e902005cae","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.553547Z","times_seen":1217,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-gacor.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-gacor.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 5154\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7663,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b9ac3698353188323aca1e72b0b415da","sha1":"c28c2c237808f3f960aa78f35880123679e14084","sha256":"f80d635418113fa7972b15027e670b2706ee2820163b62b2f27145f9073ac0b0","sha512":"7aa2bf1158e6546e9e8dd9784f7f67f95cab57d65d918b0598d781f26b5f973776929af9976112d7cf0d0bdb187dad6ea59bd15d126f0d7b2718dfe4802c8cc8","ssdeep":"192:1opYUslj6GuF9Tf9kLkAPEj18y2Ysi4My8O+:1oSlmNF9Tf99AEJaY348l","tlshash":"10f16c19a178ec2fdbf4817270a740546f1a5093f3b357c44ea203b38a0da55049aefc","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.590123Z","times_seen":1243,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-populer.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-populer.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 43234\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":57328,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f8f5f25769046146ae42b17a41c0a16a","sha1":"80e7bba523210c58296f8de4a6fa6a22e913382f","sha256":"dafd7d97d8675bb8ea10eede4680abba88a04c54242a3333a291d66dc91c6e27","sha512":"fbc4ffe351d868e0bc7742724578a558932d9f17c423039657c3150f3adae2e0c5f2dcc3559e94e5d4349e24e8cab31e708cfd982b5ee5419455db9802ad9b87","ssdeep":"1536:JWAHKFFqtSQd1JZjfknvKi05k1QnwqR1FmRQv+qP:JWAyYtS21JVfWXLi1IQvNP","tlshash":"e743f1423f407f7c4976d289916cd15fec26a88f6580ab5f7ef38895b27e6080ca50ad","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.556027Z","times_seen":1247,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/pragmatic.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/pragmatic.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3952\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":3952,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"2b7c9803856443d10c0ec7ba404448c3","sha1":"02dd3b31dd3934519bbf7f06335e556c66d3b3b9","sha256":"63aca758fa264a3c3ef204bac37c08e30dd8d06a308bd77194884a343a086dbb","sha512":"ca1492e4fc6743741ae13ced3558bc2d4d136021ccb39d425d0ce73f42ae27fb9715960c740b98ae643c7068f022262c349c231cebda78c2991d050250a0a6ba","ssdeep":"","tlshash":"c1815c29f2c05f059194996258fd293791f25e50d5a08e3e8bebc47408282fa897ccff","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.550623Z","times_seen":1191,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/allbet.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/allbet.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 6202\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6202,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"65385a0b00807c78e9ee11e5e845f395","sha1":"856fc5558ff9ab52c6393ae0cbf830cae288d13f","sha256":"9339336ebd83063c8f03b0572ed4a5c91f3c12452145115387cb78d51980ac37","sha512":"452b8c645cbd6a457b2da98743b2de9e07b022e67f503f716946bf5bdeca3a5ab37b7ec759593679485d22ecee3747f48616324fcfec1e8ed569e7eeffc7dca7","ssdeep":"192:aq/ECTu1GWg09EuSqUrf6RxlO8not0Ww66P7g40Hv:aq/nu1GWRaORrLj9L0Hv","tlshash":"bad1af25ef83053188a9ecb095b226b7003fc7841d30d63579eadc995d319bae4fe5c9","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.580279Z","times_seen":1183,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/bca.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/bca.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2597\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2597,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"7218454f8ed20e47c89c49f43dc865a8","sha1":"b3fe2c42a0ef40da7db91efd05fb16be761bbc7c","sha256":"a0effe9a2c5b748a827c592cff324be42a330b94f053bd596dbe4b45f2c18152","sha512":"843f06f1b1bfaad41cb112a544753066f22c40738164e790231f0e4bc10c1f1a0e9b804a15149a538779556a00dd303098ded75d9892e7c246219aecc694104e","ssdeep":"","tlshash":"2e51198ce8525d40b61ee1a03ac2057f92128dc0cfd1e90df8adc80e13353e497288d3","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-20T17:49:56.224914Z","times_seen":1066,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/maybank.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/maybank.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2895\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2895,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"ca7aee98071b2d3880f94ca3dc8842d4","sha1":"eee1e7f874e610c4facdd9a8e3002b31a90af582","sha256":"77173f10f7b5dad589d402a81d207260826935ab02ae7cc52f7d9298f6a38eb1","sha512":"6a4850a3964c179cb5b567ed7e616330dd83581f2da688c8345274a25f93d195607f104da1cd8f6f10e3ecf1f3b5856fc33ec05d31ae454300ce89955a2aa583","ssdeep":"","tlshash":"43512aaceb10ac44936dd54019caa63eba334ac0cae9e1da314fcc045b911fce41f2c3","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T17:49:56.246625Z","times_seen":1064,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Daily%20Wins/Sweet%20Bonanza.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Daily%20Wins/Sweet%20Bonanza.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 14158\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":14158,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"c9669b43e7dd564b79c530890a4182b2","sha1":"bb0398471d2f566689e7695a58d104f4b8271aa0","sha256":"530c8e9067055058faecbcf6ea9b56dd6948fcb3adf56d31d71f8247d11d16ab","sha512":"19d09e3a3499b9b3ac937039e19ffda0c8c07536a1896ea48996995ef956d6ec64d1750c96591ec3d99580f8def7ef5cde02e2ed34e2301c4bb8bbb70b69c50b","ssdeep":"384:W64nVSBXyixIUD129gbfDjNKNAZc4J8isyjW/7/tyiH9:WT0BX/69EPNdZc6rfM7VyiH9","tlshash":"9a52bf18e957bb13cf401ee40fbd922f41424870ea15ac3cb2ce069a7995cf2187478e","first_seen":"2023-06-14T10:25:54Z","last_seen":"2026-04-21T01:36:37.585405Z","times_seen":605,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/spadegaming.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/spadegaming.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3154\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":3154,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"320cfbe4a80279d60708101c0b0e43f4","sha1":"944fff69fc23e6acf1abeada1854e9234805f5e4","sha256":"5737cdb9d5e20e199690ce65b1477bf50e6d76e6ff3af2ae1a3916eb52277f6b","sha512":"cd06cd28bcdbf5a094d9bd2650e182cead0348ae5e904529ade137b00e57261b3b48b4de5ec2801cf5f2ff3e820e2764b9b83d7e3e057e4b3a2ea42f13e83aef","ssdeep":"","tlshash":"99514d5ac712dd80508e8d0738e1e976e53574004b71a938bed98dde391c6e3cc68ee7","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.549696Z","times_seen":1190,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/permata.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/permata.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2623\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":2623,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"806f1354ac8e117d1752f9b2e317c551","sha1":"a989006a1c24fd9c5c5cc8eaf48be64a9eabcffe","sha256":"71eb5481c8ca4c22d6723f161b36d8a333ff30bdd2c90018b2b3cd2f5a5ce315","sha512":"b7633840558abf2a4145b874c4c00e4b57c3f9eb3043a0ec2d5b4b94b4ea426c8a6bb661808c86565090f03185aae964fc0584059d54beb12eead460f1a8766d","ssdeep":"","tlshash":"61512b01f9044c01e489ae8134e38569d83b5582e7f5f036b19ae8672b645ba4e7e9c7","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-20T17:49:56.253279Z","times_seen":1068,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/panin.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/panin.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2517\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2517,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"c73d8ac115c9d42d48b2a3184c198271","sha1":"d86449166ea1fa2d8581516a68f1d720ff16233f","sha256":"cf7cf632c75859639c5e47534b6760c9ac44013dcd5d7bfe4c045cca5414432a","sha512":"cf89a4ed50cc1a7cbdf02c6589df7e55b7c49eb3f31208d41e288fe46cee5de39379808280ccae7052fefe9a892cb1d78cbfc54576f0a2981b67e2a352a4e4fb","ssdeep":"","tlshash":"2f5109cbf842ad11a24e848624e741398f07c960a9e4fc71714ec42e1b386f6e96c9df","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T17:49:56.227807Z","times_seen":1066,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/axis.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/axis.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1909\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":1909,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"8a33ceba37cba67565691bad0b376d11","sha1":"524d0127ba8fb90930c258d1f6dccc2e021596d4","sha256":"da7d51e54f2ec453b76dde1951be25a7e76d2cbd19ceb53b07bca4a09d950c94","sha512":"a3ecb95fc952a21271163c09059df357a3b3b0e94dfdd98f676b5edd4fcc20456e26f384b796acf63f6fe925919c8056b479a95833b1bd6962881993f1298d82","ssdeep":"","tlshash":"6641f9cbc0c3ac01f5aa951028f711229d1249449fd1e46ab9dfd81625b45f59d28dd7","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T21:11:29.54321Z","times_seen":1076,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/linkaja.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/linkaja.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2467\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2467,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"aa19546f0fa57ec054f592623dde7e62","sha1":"19fa186480ac2121f2647bfa6446c6a9a88f3fdd","sha256":"800b3f95f81e845bc3bc92ecf7880f2c7f57a15e0dc3f855bfd3e591b783c7ec","sha512":"13c85136e6887167c1be424dc4b18b1f4773a67c4495e3f83884c6bc1fb143d02c9b0609940661a6e1f26f953f581e1fa128437b0a314bc00533fd9549065af7","ssdeep":"","tlshash":"7b512b14fd116c42829ceca544dbd2a289175b44dad8e47bb4ffd01209f12b98b311c7","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T21:11:29.591634Z","times_seen":1082,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Daily%20Wins/Power%20of%20Thor%20Megaways.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Daily%20Wins/Power%20of%20Thor%20Megaways.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 13611\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13611,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"7c4baaab845322f1442aa1915d560dca","sha1":"3b5c1a6a71bda9d697dd73983bfc53104db8fd8a","sha256":"d10061715b007ffb80ea25f54895e800979cc23296ef6138718fa945858a6b33","sha512":"b2d81c7b281a78e2c64684b901c6a6888741d90430666e67148ad5afecdf42b4816d074c267d4c426c019426bbedd07651de0009e1929d003b29bdf7cd849a08","ssdeep":"384:WQKztbsLdQVwY3veVyARi9RO6ppfAb/C5xI6:WTdcdQVwkzRMu5O6","tlshash":"b552cf4ce51338818f9a769a01e91b435f5a0b0ce187e4fe8d8ac842d890df784269ea","first_seen":"2023-06-15T15:03:24Z","last_seen":"2026-04-21T01:36:37.542769Z","times_seen":581,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/ttg.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/ttg.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3158\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3158,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"f177a8c24f7d00627f779b1544f26d7b","sha1":"1f88ae42b70427e917294beb790bda84321cd08c","sha256":"2c7aa701640a5b7503e3ace14124357537d5698ad832c1217a7c3290ccb64372","sha512":"dc8232386fc9dc22e3cebe562d6c708aa078294ea16f30b4d0d8bf1349e0fe743d9a8b3a7f287732f46e8eae0a60e2f2b4674298bcbf78b7fbbe20d4eb5d02b2","ssdeep":"","tlshash":"66511b52f65a6c4255eda08478f294338a3305120a54f0a5d67b484b8d8b3ea77cdaee","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.538202Z","times_seen":1184,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/shopeepay.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/shopeepay.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2585\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2585,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"410210f0e9a527ac10a6edce706a3e52","sha1":"41ac0fbaf4e303490de0da44bbcc2ddf0957d93a","sha256":"b546d30527e6237059995da8fa60d0ee5b99a8a1beaf0d9ca885323926d9dbf2","sha512":"7e6134ee07e54cd0800c5302d78a289b304b13641649ca46f4faad5df1966a49aa0202390cc06398a7c7a740fc84bf41b17b26a098d11b2d19424412241703e6","ssdeep":"","tlshash":"a3513acef606a90263dfed0834d79413c9036ec4d3f6e072d58ad44614a82f9a9e99d3","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T21:11:29.544044Z","times_seen":1084,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-20T10:35:38.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlink: \u003chttps://galabet388.org/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://galabet388.org/wp-json/wp/v2/pages/151\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\", \u003chttps://galabet388.org/\u003e; rel=shortlink\r\ncontent-type: text/html; charset=utf-8\r\nserver-timing: amp_sanitizer;dur=\"98.8\",amp_style_sanitizer;dur=\"28.2\",amp_tag_and_attribute_sanitizer;dur=\"41.1\",amp_optimizer;dur=\"93.6\"\r\netag: \"326-1776666157;br\"\r\nx-litespeed-cache: hit\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 11644\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"WordPress:6.9.4","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]}],"data":{"size":93625,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (20460)","md5":"dd4d744bbffb3f2523aaba3deaaaf65c","sha1":"fa297bb33ce827bc3e775ad33748b5b40fb2ec80","sha256":"583cdb87991f1ab87a7ab8c7d88bdfa8c2cea0fc3e913eeb5d222ba5bb9f2526","sha512":"9975543e81d3838f9c5a58c73486623562d49f77b85f9bd1a659260bf3d7e1e6bc761d243869ffce7788742ce746d2cb3bed799943ee1f259960bf877973bc1d","ssdeep":"768:HYWCcZa/wmZqaKeMC77IG6XhFUfQMeqI7mSgKT:4tcZIqDej6ireOSgKT","tlshash":"0b939473644d106f6216874520b5b2afad5acc3ace72cd89f67bbf9ec390e117532214","first_seen":"2026-04-20T10:06:02.594919Z","last_seen":"2026-04-20T10:36:02.858401Z","times_seen":2,"resource_available":true,"data":null}},"time_used":318,"timings":{"blocked":118,"dns":1,"connect":22,"send":0,"wait":81,"receive":1,"ssl":92},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-togel.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-togel.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 670\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1746,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b7dd23ca632225a90b6125dbcba400e0","sha1":"1938013a08d268e18e53fbe0529e0753445d1765","sha256":"452d0d167be6ebc49bbd48f064efd89fe8e47c5e153df1fb0689264f46ed90e7","sha512":"2ff7a8a2e3bd2de789f7b36e3700d533b5edd89b8fc1888391fafde5396536f429ca0b3a4df1a859ed0fef25a2893780c1c274a05159950a1e39247892cdf202","ssdeep":"","tlshash":"0331543aebaef5cd5b8fc7040a57524007cec1fa3276e5b28e4e9934c1539b2d2a7940","first_seen":"2024-05-01T03:50:06Z","last_seen":"2026-04-21T01:36:37.543819Z","times_seen":1337,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-new.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-new.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 23783\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":31905,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"524d091d4759569c313dd81aab7d521d","sha1":"95b068a7e8847a60803b33fd7b051292be42303a","sha256":"4609cea657d57c84eb55546dd797d3098185421efb86ef0cf25e3e8d1447655a","sha512":"3172c7104d69254d1c7b6e7c5ba7c82c6ae2a18312bc9531b8b0ee8756e3a554c94184f7a44bbb8cffb76795c2447111ae27500d426f0758d9bbee8355bfeca9","ssdeep":"768:1SiFxD6THNhWHpmolBwPP0KB2j75lcTrwyl/K:siD6TtheBGPpw7QA","tlshash":"f6e2e01fce8ea7ac8516426c303bfdea0dcc6e4d80487aedb9c1b5ab15a655140b2715","first_seen":"2024-05-01T03:50:06Z","last_seen":"2026-04-21T01:36:37.540257Z","times_seen":1503,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/jackpot.gif","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/jackpot.gif HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/gif\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 34005\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":34005,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 944 x 152","md5":"cef538d6f6cbd160f76f164a72af2a95","sha1":"433ea9aa454a9744af5b8db155d09efc0f995286","sha256":"af343b2e2fd9319e2a1e64c5b632489869bfddcafe5f7afd198294489547e104","sha512":"3bccaf4047ae041423d366f8a7ca4b36c0cd2a0ddd90efa11abf7749eb74afb537bd2ac532c9f5e7f57974954221d4e32b0d7b772d78935eb007d4f5fa67471f","ssdeep":"768:vbWgikSIqdvwo1eSVipe0sF2FbM5Q3BtTQlbr1g3sybQ:vbWgdqdY6t32FRBtTq28n","tlshash":"ade2f1c8e518529af82ffa3e28ad1a5c31c614a970e812155ef0229f1d312fd44cdc78","first_seen":"2025-11-11T02:58:30.826781Z","last_seen":"2026-04-20T10:36:02.860147Z","times_seen":14,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/webfonts/Lato-Regular.woff2","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/webfonts/Lato-Regular.woff2 HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet388.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: font/woff2\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 182708\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":182708,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 182708, version 2.983","md5":"bd03a2cc277bbbc338d464e679fe9942","sha1":"cbff48bce12e71565156bb331b0c9979746a5680","sha256":"983b0caf336e8542214fc17019a4fc5e0360864b92806ca14d55c1fc1c2c5a0f","sha512":"a8fbc47aca9c6875fc54983439687323d8e8db4ca8f244ed3c77ca91893a23d3cfbd62857b1e6591f2bc570c47342eed1f4a6010e349ef1ac100045ef89cbfd0","ssdeep":"3072:a+zq/3zkl+ciohnxbjroiZ/XPHi8Mo/Oqh/J41RZ7E/Aur2mmxuN/y424XqtjiJy:aYq/IlDfcipXf9h/sTE9lwuN524Xq9i4","tlshash":"c0041258a194dee5fe761a3a03b7c540ea8e7ab041dbc6f6f0b994497e211210fcd5cc","first_seen":"2023-04-13T01:33:41Z","last_seen":"2026-04-21T17:43:50.589215Z","times_seen":4294,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":127,"receive":76,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/v0.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.565Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:35:49 GMT","end":"Mon, 22 Jun 2026 08:35:48 GMT"},"fingerprint":{"sha1":"64:36:03:BA:E6:36:1D:72:CB:98:C7:11:D9:8E:7C:1F:6A:03:40:33","sha256":"76:A3:36:B6:E9:D6:FC:48:B6:5F:E5:E8:12:BA:E2:18:57:74:80:40:92:BD:73:3F:C0:FA:D2:FF:77:5C:20:44"}}},"request":{"raw":"GET /v0.mjs HTTP/1.1\r\nHost: cdn.ampproject.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet388.org\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncontent-type: text/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"amphtml-china-available\"\r\nreport-to: {\"group\":\"amphtml-china-available\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/amphtml-china-available\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 63621\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nexpires: Mon, 20 Apr 2026 10:35:38 GMT\r\ncache-control: private, max-age=3000, stale-while-revalidate=1206600\r\netag: \"1fb0813db2f9ea66\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":228175,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64621)","md5":"fe1b81f958d86c98e88b86960a4dc246","sha1":"eb7c9593cf4980bd7774efec7f9579a9227d021f","sha256":"958c3f227881fbb4eebfe70f950f16384382a519ac0b708a073ae809205e312d","sha512":"bd2a0e6ce8551a58f83c095f7c1c071b061ac495337f58fda6b7e175344003a4687de1185d9ec87b1bfd4dd44fab2d6d54a6081b884c034bca5d6dac989a45da","ssdeep":"3072:dHxofahpFRKNAtM0sK8NQgU9SutUvDK3p9Pd+g3:XofahpF+At5s2gU9SutSDK3p9F","tlshash":"f524c5a53296b03247e154f5d4774002e3296998340b816cf8bceecb7ca9d86b1b6f7d","first_seen":"2026-03-18T09:15:17.810072Z","last_seen":"2026-04-21T10:15:24.363499Z","times_seen":431,"resource_available":true,"data":null}},"time_used":194,"timings":{"blocked":65,"dns":0,"connect":8,"send":0,"wait":20,"receive":18,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/microgaming.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/microgaming.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 39421\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":39421,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 600, 8-bit/color RGBA, non-interlaced","md5":"c553716d56f7133dea04aa6c637d914a","sha1":"266c9f6f7a7f4510b31a2a6f1e237a5ab69fbf30","sha256":"5e8dabba1c832d5ad2c961cdac28466933fc04e0485120d6733fc28f6abb6fca","sha512":"47f8564d40006a86a0097e40917ce92f7c6835556e8f708acb7556ffbca858f4d53c65a9c57c83a5b790ef075c3d1dd766bf3777d66dddd7d7fd6cba35094e52","ssdeep":"768:uTY3U0Uy9aNXd4N5a+Ng880I01G7uuyM/l4waOVe7fMO1MPK:uTX0Uy9apqPNg8KqerXez9MPK","tlshash":"4d03cf6ecc53f84cc8cf4a75af1c1f50b26d41e8d2aca76942b844319fa22dea226191","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.57262Z","times_seen":639,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/xl.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/xl.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2458\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2458,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"84094baf12f6cd3d4d8cf7557478370f","sha1":"6adfff2597d1986ca93211709d92364b7f31994f","sha256":"d64a7c2b38bd2b08c842b2f714e402f0ee9ed9884171a6e1e95f57cd57ccf748","sha512":"dc262d4198e9b38b9cac4987ac803b9ec8e2466510793608869213a56110a44f696935d767fa4ddebd00873886715bb784ff039fe24fae0c166530cb14e90849","ssdeep":"","tlshash":"9751f80da68218158beb99c106ea40224f064f44ce84e0e7b44ed4665ab42ec6dad9d7","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T21:11:29.53875Z","times_seen":1077,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/ovo.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/ovo.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2315\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":2315,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"c651afdf017b6e14b8ccf644fffb90e3","sha1":"cdefc9ffd4d0a101dd34fa8d0d72f31e20c203be","sha256":"860d314b9b8e36b5b22a81e02ea6d13290d85203ecb2e0ee3803ff5115ded872","sha512":"fc639ac833e9f4f15c6238d0c39ca5753acf20769db0a0a204a1554cfaf5fdb6bdcd75ad8f4fbb3643e9b11a9979548f9d4d6794eab648a875a202e86a293c59","ssdeep":"","tlshash":"d0412b46e6929d06079cfa9164e702bad6610f90e4f0e82b749ed40d0fe42fc6a6d5d3","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T21:11:29.5785Z","times_seen":1082,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/rtv/012603032146000/v0/amp-loader-0.1.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"142.251.142.225","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:35:49 GMT","end":"Mon, 22 Jun 2026 08:35:48 GMT"},"fingerprint":{"sha1":"64:36:03:BA:E6:36:1D:72:CB:98:C7:11:D9:8E:7C:1F:6A:03:40:33","sha256":"76:A3:36:B6:E9:D6:FC:48:B6:5F:E5:E8:12:BA:E2:18:57:74:80:40:92:BD:73:3F:C0:FA:D2:FF:77:5C:20:44"}}},"request":{"raw":"GET /rtv/012603032146000/v0/amp-loader-0.1.mjs HTTP/1.1\r\nHost: cdn.ampproject.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://galabet388.org\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"amphtml-china-available\"\r\nreport-to: {\"group\":\"amphtml-china-available\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/amphtml-china-available\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 3921\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 16 Apr 2026 10:52:09 GMT\r\nexpires: Fri, 16 Apr 2027 10:52:09 GMT\r\ncache-control: public, max-age=31536000\r\nage: 344610\r\netag: \"43c0c1e3818fdba7\"\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12361,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (12245)","md5":"c7fcfc2dad8a5a21597675f84c0a2cec","sha1":"b43be391d0a3bf209b3f01cf0f29b68311c03ab7","sha256":"44c1a7b71b2869d83d2f5198514dfb2e60b49c51b1edad87daa2af977842b045","sha512":"cd2e09e595efa89578bc1b4358d69798fa62e91e52eb29ae72999b4136eb6a4d66a0a897d43ad136cb3070303e197a1c5421762c1348e6fff712ba30a49c8b30","ssdeep":"384:Eo39KdedznnHXcxZgulqaa5F4g5A4WR2vCk:F39KMdT3cLgulDa5F4g5A4WR2vCk","tlshash":"1a429360a50be2ac530342b488f5b956757ccd4fb8104075f0604eeedb8ae54bdbba6e","first_seen":"2026-03-18T09:15:17.817764Z","last_seen":"2026-04-21T05:39:20.95071Z","times_seen":367,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/webfonts/fa-brands-400.eot#iefix","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/webfonts/fa-brands-400.eot HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://galabet388.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/vnd.ms-fontobject\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 129734\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":129734,"size_decoded":0,"mime_type":"application/vnd.ms-fontobject","magic":"Embedded OpenType (EOT), Font Awesome 5 Brands Regular family","md5":"12728563d2c5cc4b11d0fedb4251c128","sha1":"ca3e7236f551f08cd1c1b55f1fe39d4510097fb0","sha256":"215e24cbb139aa941622943edf144fb54fb119334ecab2efeb06b1d35feee681","sha512":"def1da7bb514b4836a5730b4098da93ffeeb0dece4587bacce168bd3a9c0bb51565856ae8603a2121d519b95c4e1823b019b9b17078d44aa82a7d5b8a43a1a04","ssdeep":"3072:bzWRC3JMtlRcn2tZ+8b6I9JevNViPVkWvLk:/3JMtjVtMGJeFQPVvzk","tlshash":"bcc3bf06b3dfcf9fc11369be48d0955ba6e5b508ab112692ff4b2e2dc0176c84c7931a","first_seen":"2023-11-07T05:16:27Z","last_seen":"2026-04-20T10:36:02.864071Z","times_seen":561,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":93,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-fishing.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-fishing.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 6168\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":20395,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1819c49d6da1dcf13dc861e71944c5da","sha1":"92665c967c880845012703d29f7f2ae40142bef7","sha256":"633c84abdadbbe425c75326d7f008a4934225ec8b18b1913331fbc63617433d4","sha512":"80d5029a9305bd7d3f984dd7c41fc792a49f56c98b0f5ef775ec66160e013ceae0a95ee193487dcfe479fa511dcb1efadf74d1e483613a2d672507a65b435427","ssdeep":"192:NZe0uWLKbMkpbqwG8UYMao1X90CAoasSTHdpvLX4AxFl6fY9ZFudw6TJoGiy5d+o:be0/LKbNmApcTRaxfbdl1udtTJuy5d+o","tlshash":"bb9285320b104ae4a76d755c7ce65f9b7f6a8cb9a080418283f6bdc554b3ffb200895b","first_seen":"2024-05-01T03:50:06Z","last_seen":"2026-04-21T01:36:37.553049Z","times_seen":1394,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/bri.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/bri.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2644\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2644,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"33b1568e97e2d3eb1f0e1fc24c13844c","sha1":"e76fd8087d2b1c706db27e318e728dadbb7cd2d9","sha256":"da04be9d1425d3021cff275d345cc1528863d6f93b48068f7867145424211039","sha512":"730731d241b2dbb9b740b8a592327904f7474fc8038e11b500bca4ec2d240766ef62b97288497765c85fb605a9f70746bcae1a67ab6b75110f9071c3fc0da164","ssdeep":"","tlshash":"25512b9de5274d41a3cddc403874e165c9639dc0cbe1f4a3fb0ec58a5d226e494591d7","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-20T17:49:56.251127Z","times_seen":1067,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/jenius.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/jenius.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2586\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2586,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"a526cd682aa74c97bdb4e9062dd3bb47","sha1":"9a576b670aa5ff27c5377431444a5b6e6fad059a","sha256":"887520873e323d8af25fc9ca54158e474139b38d78f0ae1097ba0bd27c09084c","sha512":"bd14d5c0424148137d6093f709b8a22265701ebeae2345415449e022c52f28e3f01e1709c06df9becfbf8af1a28539c6d60ddb0d0b828a4d70762e408f24ba02","ssdeep":"","tlshash":"5f51e729d445af023a0ce44724fa817baa0785c0cfe2f12bd58fd5372d647d999991cb","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T21:11:29.580413Z","times_seen":1083,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Hot%20Games/Lucky%20Neko.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.585Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Hot%20Games/Lucky%20Neko.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 36621\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":36621,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Macintosh), datetime=2021:10:21 18:50:58], baseline, precision 8, 200x200, components 3","md5":"66871e8d699d8104a2e5127c5e388d55","sha1":"2f0ced559bfeee0db7b781e1fe30ee45c048393a","sha256":"ff2f019ff72505b31c9c11b57226063a245ed9dffd7109aaffbdca0b9b9a4261","sha512":"323e8ac749e225552ceaf2c26be4155c73d4b425196b940cc2ebf5e519b43dc6e62d1a86f374861137f45c537c8f9c154c5f6e11ec7cf1cb187fcfffbea0e372","ssdeep":"768:BYyq49n3wUkaz4l3WGolyag1Ty8oW+gD+bkhS82vIYD:BOqgEk5Glyag2fgYkhS82vIo","tlshash":"06f2e1b97642cd21ef55bc70b2e69f8bb1417268d39302b5f89dda0a3f005b05ec7269","first_seen":"2023-10-19T09:39:50Z","last_seen":"2026-04-21T01:36:37.537023Z","times_seen":556,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-casino.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-casino.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2910\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8470,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d3f6db64f19005491ec2f3ccec8a4957","sha1":"02cddda4df6cafa00b756eaa9094b808946a98f5","sha256":"1682180332236ff6d603316b2d09d1c467523dca0729d7653ef121518f3b2d29","sha512":"340a586c601ed1cba203e45ac120d1b21e0d29ab1358dcfb4a1fa5fdfaa682e582bfeac42056ef08df7ed07e2b7d5c70b568744348c849e7b0bffbcefe26315a","ssdeep":"192:dYpgRwmUX9gg1nlu7f7sQD2HPP9nSvBjJ9h0N9jeG:dAh7qWu7fjD2vP9EjQJD","tlshash":"1a0206170302dbdafb9d4628a929148db5d0dcdbd4b0e0d0ab6b3416e58d8e5be4c7bc","first_seen":"2024-05-01T03:50:06Z","last_seen":"2026-04-21T01:36:37.572002Z","times_seen":1336,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/icon-livechat-gray.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/icon-livechat-gray.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 460\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":813,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c0af3bfd49ffc5ae11ba860786cda75d","sha1":"c598e7d6678d0fc928d2c6eaeff83f0b5311daff","sha256":"d1e72ffd39a829fe41c1a53795d8418fea166a070252308ea1098b0b7c2f74aa","sha512":"c65e0fcccaabf7def73e8618cfaed9eeecaf4a47698b732c3d185fc7397c9572d1375600545deddf2bd57aba69ef1049ff28142d2aeb861a3774ad0a0072f356","ssdeep":"","tlshash":"e8011ea8cb38cab0e14c1b004be8271335b10422daba9c0c43297d85e853e902005cae","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.553547Z","times_seen":1217,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Hot%20Games/Dreams%20of%20Macau.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Hot%20Games/Dreams%20of%20Macau.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 33935\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":33935,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Macintosh), datetime=2021:10:21 18:50:55], baseline, precision 8, 200x200, components 3","md5":"3d218252b813a47945bce969481cec2a","sha1":"3199e0c2707cd99412db4ba96313b5dafd4febb4","sha256":"55d0b099a391cfa01804ad42e78e873b2ad0529945b4911cc6e51549e6fed246","sha512":"1145e85ced54c033e541b6c8a353353a0793e37b8fe406f7c2e96d718e704c46bbe0a21974258eaae08b549f96974c37c00a91c3202b8837cc8e7c2b9138e712","ssdeep":"768:BYyWjr/8FQL5TvRWnH7ViPfU0mx7EsZ0B0:BC/8FQFTvgbVS6x7J6y","tlshash":"78e2df676a6b8e09e7d2b3710dd1a78e9333e014e2a3162074adcd567bb1df9c81f404","first_seen":"2023-11-01T07:44:49Z","last_seen":"2026-04-21T01:36:37.573901Z","times_seen":540,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/provider/joker.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/provider/joker.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4467\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4467,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"d6046ada089141ed514a2c248ba348a9","sha1":"ac6af3ec4c8d0025c3498501f0b5ff169f50fdab","sha256":"a5894ebe20a0a276641ce8fe77f073ea3127a35e307937d00d46606a6d07e5e1","sha512":"9bec604475449cfffc72317d9ece25fb7ec460b1f463d288052c6a436d26848116b60832425da59d040aa1f43ed4964d575442480231030d8e797a89daa3a494","ssdeep":"96:aqQRGY0xUhfkh08d2luU5IqeesF93z/mc1MYtWum:aq+0xUS2U2lueny93z/mcyYtWum","tlshash":"fe918e58dd037e0e5d5e0a9230e85d9688bb8502deb4b81e78d7c2cb42f8166c85f6f7","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-04-21T01:36:37.590746Z","times_seen":1183,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/btpn.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/btpn.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2243\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2243,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"976c8fc9ca31651f1c1ac1a0bca5f8b5","sha1":"475e902161a298719789a4ef4d23c2a873c599ac","sha256":"45482f8a293b7acb55f6a149ecc4854bb2eec381edf7ea5e470a2d8941cf1afc","sha512":"8538e4af5b9d5df88cdae37c2ce17d76091b11697e908eb4ac3da485ba8805f0dc66fc49f29cf9736ec14758000e383734b7827cfb03c17108b28c5a14b0bcf6","ssdeep":"","tlshash":"6a41f788da018d0253cfc96b3ce544464d22a940c6e4e6b7538a80890dbe0fdaf6edcb","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-20T17:49:56.251675Z","times_seen":1067,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/bank/gopay.png","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:39.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/bank/gopay.png HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:39 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2566\r\ndate: Mon, 20 Apr 2026 10:35:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2566,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"b8771de54536e9d754dc58a51d9da827","sha1":"5740b8950fb4137da7040b6e929fef6a371504d1","sha256":"450c5693b4a594e025753ada485c95646f6f9b95434887a2b9be52776aad1397","sha512":"6388ef540f6228b2423372814408aaa0bdc01ea66dc9dcaee162c9b0813677177fadac544b34ac7f6b3b472bfd186b9f1d6a86921e3f5794a6b2fa9fa8a06f9b","ssdeep":"","tlshash":"fd511a1dfd04bc43315de2671ce15526ca04acc0cde1da2bb65fc417aa746d04aaa9ef","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-04-20T21:11:29.506044Z","times_seen":1084,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Popular%20Games/Gem%20Saviour%20Conquest.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Popular%20Games/Gem%20Saviour%20Conquest.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 34313\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":34313,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Macintosh), datetime=2021:10:21 18:50:56], baseline, precision 8, 200x200, components 3","md5":"71b340a6582cd6572fbd740351d64752","sha1":"705d9a5521ca685be0579e856963cd27aa71dcbf","sha256":"ce9809485b50a33b290c7714993955d4659bb6a99fcaf2412b935d1c305be716","sha512":"232ddd7bbecf41ad9dc5a5c4767bf9142ea8454471572aba4fff069a0f994f31418a785f86ecab6198272495067391737edbb35873c126648e178cc51ecdc77d","ssdeep":"768:BYyJinTDpSYGacHkNe+G0SzKJb/BlfAXjv9:BFIEYGdEStzAZ54","tlshash":"51f2d1718627ee52f7d6e97496f3dab66131a2464782f1b3384c69a33740d7d0dce180","first_seen":"2023-11-01T07:44:49Z","last_seen":"2026-04-21T01:36:37.587853Z","times_seen":541,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/icon/poker.svg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/icon/poker.svg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1316\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3335,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"8cb5b8bd0db8b52d981ad352ee20a3ac","sha1":"522967c1b7749313146b736684ebd3d8bb93ef79","sha256":"53b6b3266be8d3af546bae96df6c049329e77ec0aea0051a98ebd5ba18176a6e","sha512":"917d6ad55b24ca4bb5211a20c41a92b6cc7a14994fa214b63ec8fa999ef6a83ae24312e209b20801ecd35e15537ffeeee4d9bc1df2067832a6321117d9b4d95d","ssdeep":"","tlshash":"f361d46b03169bdef79d4624a565108db6e0c8cbe4a4f0c0bb6b3415e4cd8ea7d4d3e8","first_seen":"2024-05-01T03:50:06Z","last_seen":"2026-04-20T10:36:02.870078Z","times_seen":451,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"galabet388.org/wp-content/themes/buaya77/images/games/Popular%20Games/Roma.jpg","fqdn":"galabet388.org","domain":"galabet388.org","tld":"org"},"ip":{"addr":"198.177.120.53","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://galabet388.org/","date":"2026-04-20T10:35:38.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"galabet388.org","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 22 Jun 2025 00:00:00 GMT","end":"Mon, 22 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:FB:CE:D6:79:FC:FF:4D:9B:51:66:7D:70:07:D7:38:E5:B9:AF:86","sha256":"A2:3A:E6:DA:05:F8:0C:E9:DB:6A:15:69:18:B7:B0:B9:3A:E1:42:58:89:48:5B:93:29:EA:53:4C:84:F5:6B:5F"}}},"request":{"raw":"GET /wp-content/themes/buaya77/images/games/Popular%20Games/Roma.jpg HTTP/1.1\r\nHost: galabet388.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://galabet388.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 27 Apr 2026 10:35:38 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 25 Nov 2025 08:16:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 26330\r\ndate: Mon, 20 Apr 2026 10:35:38 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":26330,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 200x200, components 3","md5":"c9e032f7a27afec0ead5cdb273c4b4a3","sha1":"1d74ac19c6085d7129e554dba0e56f88b363db86","sha256":"b603fc6599e9c677b21158ba859949e135bc16afa97dcb05159264e18a24fdf5","sha512":"60ef2ba164b0797157d3944d57d2042e00a58a76af2bc1ad1635dc11f4b91e7ce9d11f93afd1d18f8d01d6275c7a68fed4ed4f22b554d0577d06e688de2c3f69","ssdeep":"768:Er/UDPp1Pl1pkd9Cg46W9NjdTSpvMEmgz7:EQjPlPkp46W4VmS7","tlshash":"6ec2e14dc5918f03ae823ed428ff06f72f88be6051be0599c5fe8e6209369f456a7150","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-04-21T01:36:37.538713Z","times_seen":539,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"galabet388.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"galabet388.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}