Overview

URL get.freetopdomino.com/
IP20.189.78.99
ASNMICROSOFT-CORP-MSN-AS-BLOCK
Location Hong Kong
Report completed2022-09-27 22:12:49 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
2022-09-27 2 get.freetopdomino.com/ Generic/Spear Phishing
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-27 2 get.freetopdomino.com/ Phishing
2022-09-27 2 get.freetopdomino.com/haykaljb1/sound/toast.mp3 Phishing
2022-09-27 2 get.freetopdomino.com/haykaljb1/sound/theme.mp3 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed
2022-09-27 2 freetopdomino.com Sinkholed


Files

No files detected



Passive DNS (23)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS sdomino.boxiangyx.com (1) 581682 2021-06-29 03:11:55 UTC 2022-09-24 22:06:39 UTC 47.246.44.206
mnemonic passive DNS encrypted-tbn0.gstatic.com (1) 0 2016-10-13 06:07:35 UTC 2022-09-27 17:42:45 UTC 142.250.74.78 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS www.bosbosgames.com (1) 638577 2021-05-06 05:59:45 UTC 2022-09-24 22:06:39 UTC 170.33.97.2
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-27 04:52:25 UTC 23.36.76.226
mnemonic passive DNS ocsp.digicert.com (12) 86 2012-05-21 07:02:23 UTC 2022-09-27 12:08:14 UTC 93.184.220.29
mnemonic passive DNS i.ibb.co (11) 13485 2018-11-25 10:13:48 UTC 2022-09-27 09:28:01 UTC 51.210.3.236
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.100
mnemonic passive DNS ajax.googleapis.com (3) 12905 2015-02-02 18:56:09 UTC 2022-09-27 21:53:24 UTC 172.217.21.170
mnemonic passive DNS cdn.lordicon.com (3) 283079 2018-09-03 19:35:32 UTC 2022-09-27 14:54:39 UTC 143.204.55.98
mnemonic passive DNS static.neptunegame.com (12) 180311 2022-06-06 08:56:55 UTC 2022-09-24 12:55:20 UTC 35.244.144.129
mnemonic passive DNS raw.githubusercontent.com (1) 35802 2014-03-01 07:08:08 UTC 2022-09-27 07:28:37 UTC 185.199.108.133
mnemonic passive DNS get.freetopdomino.com (38) 0 2022-08-10 00:40:25 UTC 2022-09-27 02:45:04 UTC 20.189.78.99 Unknown ranking
mnemonic passive DNS code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2022-09-27 04:52:54 UTC 69.16.175.42
mnemonic passive DNS rawcdn.githack.com (4) 72170 2019-01-11 12:00:35 UTC 2022-09-27 17:33:52 UTC 104.21.234.230
mnemonic passive DNS ocsp.pki.goog (5) 175 2017-06-14 07:23:31 UTC 2022-09-27 04:53:14 UTC 142.250.74.3
mnemonic passive DNS unpkg.com (1) 11693 2016-01-07 23:26:01 UTC 2022-09-27 06:19:01 UTC 104.16.125.175
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-27 05:14:54 UTC 34.218.164.174
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-27 13:22:33 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-27 14:55:40 UTC 143.204.55.27
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-27 05:14:54 UTC 143.204.55.25
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-27 04:52:33 UTC 34.117.237.239
mnemonic passive DNS cdnjs.cloudflare.com (3) 235 2020-10-20 10:17:36 UTC 2022-09-27 05:23:18 UTC 104.17.25.14
mnemonic passive DNS stackpath.bootstrapcdn.com (1) 2467 2018-04-05 04:41:29 UTC 2022-09-27 12:49:17 UTC 104.18.11.207


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 20.189.78.99

Date UQ / IDS / BL URL IP
2022-11-15 14:51:56 +0000
0 - 0 - 45 eventts19.com/ 20.189.78.99
2022-11-15 14:47:11 +0000
0 - 0 - 3 confirmation-228910567730001.ml/upgradenext213.php 20.189.78.99
2022-11-15 14:44:25 +0000
24 - 0 - 28 bugcodashopp.2waky.com/ 20.189.78.99
2022-11-15 08:00:48 +0000
0 - 0 - 2 confirmation-228910567730005.ml/ 20.189.78.99
2022-11-15 02:29:30 +0000
0 - 0 - 28 richmaxprize.com/seasonm 20.189.78.99

Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK

Date UQ / IDS / BL URL IP
2022-11-27 17:45:42 +0000
0 - 0 - 4 grubwav15134.bowohoster.my.id/vhsfhqpdhdsih6 20.169.80.28
2022-11-27 17:45:26 +0000
0 - 0 - 2 grubwav15134.bowohoster.my.id/vhsfhqpdhdsih6/ 20.169.80.28
2022-11-27 17:19:41 +0000
0 - 0 - 2 www.attemplate.com/eur/c8eca3ca-1276-46d5-9d9 (...) 13.107.219.53
2022-11-27 17:14:44 +0000
1 - 0 - 1 app.secads.club/15Gxy3 20.113.67.50
2022-11-27 17:08:27 +0000
0 - 0 - 5 aafcuu-firstcu.ath.cx/login/login.php 20.26.233.152

Last 2 reports on domain: freetopdomino.com

Date UQ / IDS / BL URL IP
2022-09-27 22:12:49 +0000
0 - 0 - 79 get.freetopdomino.com/ 20.189.78.99
2022-09-11 03:35:38 +0000
0 - 0 - 59 freetopdomino.com/ 20.189.78.99

Last 2 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-04 06:17:05 +0000
0 - 0 - 82 topbosz.com/ 20.189.78.99
2022-09-03 18:34:37 +0000
0 - 0 - 79 topbosz.com/ 20.189.78.99


JavaScript

Executed Scripts (8)


Executed Evals (6)

#1 JavaScript::Eval (size: 141, repeated: 1) - SHA256: 080b76dd188847147e3819271e0da54df5ccdfae55f749f999027ad85f629fa2

                                        [function _expression_function() {
    var $bm_rt;
    $bm_rt = thisComp.layer('Color  & Stroke Change').effect('Axis')('Point');;
    scoped_bm_rt = $bm_rt
}]
                                    

#2 JavaScript::Eval (size: 146, repeated: 1) - SHA256: 3a1f2df1d098e803d13c99a3b854487a85b4a75281b31add094b571cc5990fd4

                                        [function _expression_function() {
    var $bm_rt;
    $bm_rt = thisComp.layer('Color  & Stroke Change').effect('Secondary')('Color');;
    scoped_bm_rt = $bm_rt
}]
                                    

#3 JavaScript::Eval (size: 210, repeated: 1) - SHA256: e47c63eec005d03389e4b59e06f3739330228285a51a401aa491762cde6e92af

                                        [function _expression_function() {
    var $bm_rt;
    var checkbox = thisComp.layer('02092020').effect('02092020002')('Checkbox');
    if (checkbox == 1) {
        $bm_rt = 20;
    } else {
        $bm_rt = 0;
    };;
    scoped_bm_rt = $bm_rt
}]
                                    

#4 JavaScript::Eval (size: 184, repeated: 1) - SHA256: 1424e6eae693aceb34561dd67a2d86afdbd84f4d583ba95a1a586e76f5a53919

                                        [function _expression_function() {
    var $bm_rt;
    var temp;
    temp = thisComp.layer('Color  & Stroke Change').effect('Scale')('Slider');
    $bm_rt = [
        temp,
        temp
    ];;
    scoped_bm_rt = $bm_rt
}]
                                    

#5 JavaScript::Eval (size: 163, repeated: 1) - SHA256: 65c10e9b680aeb39cf190497a408291ff21d140f96d00bbd8cb0497e96a2022e

                                        [function _expression_function() {
    var $bm_rt;
    $bm_rt = $bm_mul(20 / 100, thisComp.layer('Color  & Stroke Change').effect('Stroke')('Slider'));;
    scoped_bm_rt = $bm_rt
}]
                                    

#6 JavaScript::Eval (size: 144, repeated: 1) - SHA256: 74cb159011fcc614cede0aadd59c8986276490c8cf1720e2d1b207ec1756afd0

                                        [function _expression_function() {
    var $bm_rt;
    $bm_rt = thisComp.layer('Color  & Stroke Change').effect('Primary')('Color');;
    scoped_bm_rt = $bm_rt
}]
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 741, repeated: 1) - SHA256: a64192afe2438d781ea2b21c5f33dccfd25b60d53099d24901c69f2a0f3358fa

                                        < script >
    document.addEventListener('keydown', function() {
        if (event.keyCode == 123) {
            alert("Swiper jangan mencuri ~AlexHost");
            window.location = 'https://www.facebook.com/yulio6166';
            return false;
        } else if (event.ctrlKey && event.shiftKey && event.keyCode == 73) {
            alert("Swiper jangan mencuri ~AlexHost");
            window.location = 'https://www.facebook.com/yulio6166';
            return false;
        } else if (event.ctrlKey && event.keyCode == 85) {
            alert("Swiper jangan mencuri ~AlexHost");
            window.location = 'https://www.facebook.com/yulio6166';
            return false;
        }
    }, false);
window.addEventListener('contextmenu', function(e) {
    // do something here... 
    e.preventDefault();
}, false); < /script>
                                    


HTTP Transactions (114)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4009
Expires: Tue, 27 Sep 2022 23:19:28 GMT
Date: Tue, 27 Sep 2022 22:12:39 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 21:15:33 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7GWGQTTLXRj6RdNwuZaqgbsflyDGEHV7BH6cF9p87ei7dT4Ua2h1_A==
Age: 3426


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: modjPAWv6CEN6kh0ktjjZkbQcOSGE0JNn16IzkzS3bZI4theO7Q_rg==
age: 46106
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET / HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 7276
content-encoding: gzip
vary: Accept-Encoding
date: Tue, 27 Sep 2022 22:12:39 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Size:   7276
Md5:    805a2660ba67442ec1aa9e2fb928407c
Sha1:   d82bd87b25da87a5f2731273f5bd788fe76b3663
Sha256: 077de0b1256b4924b0aa0f07b468436c3f499219fdf62482bb401639207fea74

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /jquery-1.10.2.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         69.16.175.42
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Tue, 27 Sep 2022 22:12:39 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 32788
Last-Modified: Wed, 16 Feb 2022 10:50:39 GMT
Accept-Ranges: bytes
Server: nginx
ETag: W/"620cd6ff-16bb3"
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-HW: 1664316759.dop026.sk1.t,1664316759.cds243.sk1.c


--- Additional Info ---
Magic:  ASCII text, with very long lines (32072)
Size:   32788
Md5:    68cc08e82915da8b82fc6be74ab86365
Sha1:   4089530b0c00f6cbd1452d7f873be85454196fd1
Sha256: 6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5553
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:39 GMT
Last-Modified: Tue, 27 Sep 2022 20:40:06 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3572
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:39 GMT
Last-Modified: Tue, 27 Sep 2022 21:13:07 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5001
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:39 GMT
Last-Modified: Tue, 27 Sep 2022 20:49:18 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1037
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:39 GMT
Last-Modified: Tue, 27 Sep 2022 21:55:22 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /haykaljb1/css/style.css HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: text/css
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:39 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3141
date: Tue, 27 Sep 2022 22:12:39 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text
Size:   3141
Md5:    e7af86f0a200a9657589d1c9e9b24f0b
Sha1:   557e15fc6bb2e72fb0c4ccdf765d18a2744b9d40
Sha256: 7a72dedddebac8b5b577b4f3dec46924743a95aaa7f80f75b9bd3ec4657e6e46

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 5845
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed9-1149f"
last-modified: Mon, 04 May 2020 16:12:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 6472402
expires: Sun, 17 Sep 2023 22:12:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J2w0B4TtwN1qCfFMOUGC7Lpw5wQlg0PQEGXPbKtKd9U7ANZxk6ukdW4FNxKTm9TrCYYWcg44VRQizfZEY8DXeBMnHOxMyrOKb4sJhSaZaRp4%2B521T39rIB0BCo8FGMwpvSfDRBAt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 751795037fd20b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   5845
Md5:    a7e25a22602a2b2ed35f90fd5210cff1
Sha1:   148c4f275b60e6cf6253d6b4c7bdc486515b2202
Sha256: 312d94bafa68e11e3a4a8d7c06bc25ee161d1d965afb1fa99db79815a272d0bf
                                        
                                            GET /ajax/libs/font-awesome/5.15.2/css/all.min.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 10472
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5fff7431-e7d0"
last-modified: Wed, 13 Jan 2021 22:29:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 9766216
expires: Sun, 17 Sep 2023 22:12:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5AThlWmimu4y1hagcnPF%2BNSydpJHvnvhfUXf%2BPOqAh1UIxif%2FWQUXz4T8x95s5QGfyh31ren3m1DvH85gwKCdA7%2F7jhXPFRcIg0fK9VL%2FlrhvkVFeT%2BuOUXlA6ySLX8lQ4BQQ8Sp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 751795037fd70b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (59158)
Size:   10472
Md5:    3e4019642322c3e0f1db17e4411b7d49
Sha1:   4481a79c38f6ff4651621e30fc05f4b6f4e2c98c
Sha256: abfa1d2f03f268a7ac776f6a9c22f53ef759a6110b3a61eb0f7dce9bd446c8d8
                                        
                                            GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1123136
expires: Sun, 17 Sep 2023 22:12:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpPVbfMUPXxzAFbUE5xgliA7H360%2BpLKERb%2BW5UqG31hU1L%2Fz%2B2qeNvEnUUXT77SwBTUBNiF139TEDHrwff474N0wI9oluBvkz06ea51OBJ%2F%2BlvlTrHoDnu3WaiGcw70VMLfbNqs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 751795038fe90b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30837)
Size:   5631
Md5:    109d1ed85cd01f9cdab73a4cac5bf80d
Sha1:   d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
Sha256: 8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
                                        
                                            GET /AlexHostX/logAlex/6e61ca3b0b15b5e31a9a43579821321116c6af0c/higgs_domino.webp HTTP/1.1 
Host: rawcdn.githack.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.21.234.230
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 191
location: https://raw.githubusercontent.com/AlexHostX/logAlex/6e61ca3b0b15b5e31a9a43579821321116c6af0c/higgs_domino.webp
expires: Tue, 27 Sep 2022 23:29:46 GMT
cache-control: max-age=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 36212
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Duz%2BdFkXXmAAnrAe3CB%2Fwu9kSdXmKIWqotl635PqbI%2B4rs8skNDdFzSXAV00FCuYoevnppquYD%2FOEILoCqCiiTB6KpKEBRiNDUNSXg5LLjscWggffu5Hcio8GScZsqPazbMSDI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751795039d867723-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   191
Md5:    071fd8ecafea25912fcd3ac36da047f8
Sha1:   1df9fbcde3170de426d4ca7fa23870e69ac7f5a7
Sha256: 6a0441175769a66b712c9e317a0c46df05120400370b4f9fc9828d30e9338b08
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:39 GMT
Server: ECS (amb/6BAB)
Content-Length: 727

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 481
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:39 GMT
Last-Modified: Tue, 27 Sep 2022 22:04:39 GMT
Server: ECS (amb/6B8F)
X-Cache: HIT
Content-Length: 727

                                        
                                            GET /mTFjbDs/20211222-204532.png HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 25737
last-modified: Wed, 22 Dec 2021 13:45:42 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 640 x 141, 8-bit/color RGBA, non-interlaced\012- data
Size:   25737
Md5:    9a46966c3c044e99f546151eeab2a3e9
Sha1:   1891ef386cd62bb68ba9baf785389bfc092a9f26
Sha256: d3b66006a9d8b35703c809e699b0b4fbcc926e73793676d35b49aaafa22ec1ac
                                        
                                            GET /zVFLth7/Screenshot-20211222-195339-picsay.jpg HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 14067
last-modified: Wed, 22 Dec 2021 13:05:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, software=PicSay Pro 1.8.0.5, datetime=2021:12:22 20:00:59], baseline, precision 8, 373x103, components 3\012- data
Size:   14067
Md5:    c07f625ec1ecc8a3175ca6c3030b820f
Sha1:   9206556e330c1e2af19dfc348dd51ba1fc31ab06
Sha256: d08d82f77d0b7428f260f41544e851bbff74191bc57d46483b95a93111dc2afa
                                        
                                            GET /t2936HC/Screenshot-20211222-195244-picsay.jpg HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 13820
last-modified: Wed, 22 Dec 2021 13:05:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, software=PicSay Pro 1.8.0.5, datetime=2021:12:22 19:58:27], baseline, precision 8, 374x102, components 3\012- data
Size:   13820
Md5:    79ecdc5c6559017839798d8a7906f0a0
Sha1:   9353787bcc85f5f70a0f3f351811903f52be0d41
Sha256: d8814e8fd2162ab44d5ce61f479b9c65f3f9b886b009ff4b63a5a53040a727bd
                                        
                                            GET /2kj90F1/Screenshot-20211222-195229-picsay.jpg HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 10277
last-modified: Wed, 22 Dec 2021 13:05:22 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, software=PicSay Pro 1.8.0.5, datetime=2021:12:22 19:57:43], baseline, precision 8, 287x83, components 3\012- data
Size:   10277
Md5:    fd59ec6717fef281b5fb5bc086f0628c
Sha1:   9eabb5c4ec824b1aec5a81a694b6bb393fbe4eb1
Sha256: 8d96544028ad229b8d383aa2ca1a97e4580bb3ad4c2bc99a9d888b3403a5c563
                                        
                                            GET /boxicons@2.0.9/css/boxicons.min.css HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.16.125.175
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Tue, 27 Sep 2022 22:12:39 GMT
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"f925-BeqWOuFeYgoFGuw/jd5Lb4VJnJY"
via: 1.1 fly.io
fly-request-id: 01FZVE9XVWJMBTMXMQTG7BWXWH-ams
cf-cache-status: HIT
age: 15202084
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 751795026d340b02-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (63781), with no line terminators
Size:   11758
Md5:    3f28b5b6263fdb13ed3fdb132fce9ae8
Sha1:   e06a62d99406694f5016c44fade3b4e611c72aa0
Sha256: 85593d7625aedf42d080caea7ecc981a3428b6d1719da2af79a49b3f36e1c3d7
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 22:12:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /1zJBTQv/Screenshot-20211222-194048-removebg-preview.png HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 57412
last-modified: Wed, 22 Dec 2021 12:50:02 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 348 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size:   57412
Md5:    eef6e852cc8ae2b0fc842590dcde2f87
Sha1:   aff75ad0ad6d3995c0ad59541b8eaf6dc8e91291
Sha256: 5de8c77afd79839df151609a77adcc8086925dececa0213a5fc2012615045fbd
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 22:12:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /TB6hwv4/Screenshot-20211222-195314-picsay.jpg HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 9404
last-modified: Wed, 22 Dec 2021 13:05:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, software=PicSay Pro 1.8.0.5, datetime=2021:12:22 19:59:52], baseline, precision 8, 289x79, components 3\012- data
Size:   9404
Md5:    b296c96646f9d52c750a855985387e4d
Sha1:   0fc5ae3b302dcedecef055b757bc3699bbabcb21
Sha256: cfd75b2190a9e3a9f4a21fb123b273d075fd10b504d06b0868b236fb3347b5a6
                                        
                                            GET /bzSh05H/Screenshot-20211222-195512-picsay.jpg HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 13473
last-modified: Wed, 22 Dec 2021 13:05:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, software=PicSay Pro 1.8.0.5, datetime=2021:12:22 20:01:37], baseline, precision 8, 367x111, components 3\012- data
Size:   13473
Md5:    4801ffb11af6570db8863f4b5beab4ce
Sha1:   6b110326b6abca83af312ea4834561bd40d82a61
Sha256: b54172cc99a5426e08caf53ce0821e9ece9840baa869ebe573ef3901dbf18f85
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:39 GMT
Last-Modified: Tue, 27 Sep 2022 21:27:32 GMT
Server: ECS (dcb/7EC9)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5AKUlUba78O0aqiReK5gSjjvmXDmZeIAwwxdN959HXjn1VKQ45c-gg==
Age: 2707

                                        
                                            GET /54C0QcF/Screenshot-20211222-192311-removebg-preview.png HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 94505
last-modified: Wed, 22 Dec 2021 12:33:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 225 x 352, 8-bit/color RGBA, non-interlaced\012- data
Size:   94505
Md5:    798b02f4018e4ea9862b0048a7062e70
Sha1:   678dc05e4e3813f240b86ac873ebdee0317c48fa
Sha256: dd63d0cbf6a1cb91f80ec6b34e8c6d3acac75754651b1a0c69da160e66ee2235
                                        
                                            GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.170
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 10:39:21 GMT
expires: Fri, 22 Sep 2023 10:39:21 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 473598
last-modified: Fri, 08 May 2020 07:05:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   31021
Md5:    903bc7a7e510f87aa5d0201eb59a0832
Sha1:   ac9aa4dd94cde1bcba9037e94087138b127e41fc
Sha256: 41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f
                                        
                                            GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.170
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 09:02:32 GMT
expires: Fri, 22 Sep 2023 09:02:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 479407
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32061)
Size:   29671
Md5:    b90b3d2618cce9d766152cd3092b5c27
Sha1:   496339457cd00caab8118e2e1f30ea18dc05b9f4
Sha256: b7b155aa8c6b5db28f9a6b41e88c96e9462c196c700add426f8ef32c9ce1ed41
                                        
                                            GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.170
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 14:39:25 GMT
expires: Fri, 22 Sep 2023 14:39:25 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 459194
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32180)
Size:   29707
Md5:    f16500423cc2867eff8b773df637c48f
Sha1:   1cd32d75b59a89c3a70274e383151a61ce0594f4
Sha256: 6ca5dc8ad67639c69117ace46c93703cf5fff82824cfc0bada0cf0fb3b2d41d7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5530
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:39 GMT
Last-Modified: Tue, 27 Sep 2022 20:40:30 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /libs/mssddfmo/lord-icon-2.1.0.js HTTP/1.1 
Host: cdn.lordicon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.98
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
content-length: 185
location: https://cdn.lordicon.com/mssddfmo.js
server: nginx/1.14.2
date: Tue, 27 Sep 2022 11:08:07 GMT
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1MNxhGPBqBZzqO6J-jwq90QQ9CTlmgcz-u-wSVyxMJYa-Co8KqSODQ==
age: 39872
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   185
Md5:    4c555068310076e85908835c721911f5
Sha1:   9ec990aabb4391e139034f68e5e657e0f1d0b74d
Sha256: 568b4de0ad30e85670e724dc30ccb675924353b77807356c5ad7f29c8c38f510
                                        
                                            GET /tPXzRNn/rechnage-btn.png HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 896
last-modified: Wed, 22 Dec 2021 11:54:01 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 173 x 60, 8-bit colormap, non-interlaced\012- data
Size:   896
Md5:    8584d130d1448ef6a6ea84dd1b11542b
Sha1:   722c1f9508b44231c03d897fcea096edfff4b07e
Sha256: 9adfe598738ae3a515d504a676386d75e49cd2d8b40f27f6306296bae80f3b14
                                        
                                            GET /LhLHY4R/cutout-1640175232.png HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 1339088
last-modified: Wed, 22 Dec 2021 12:14:10 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1052 x 813, 8-bit/color RGBA, non-interlaced\012- data
Size:   1339088
Md5:    d61460f23cb966fe03d003d9b3ac9e5b
Sha1:   54cba32c398909a1f978ef823db12717bbbf159b
Sha256: 981190fde982a2102b5bf118995306f8a27b9589e83d523c62f304818c8774ae
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:39 GMT
Server: ECS (amb/6BC1)
Content-Length: 727

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 22:12:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 22:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 23:08:53 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AOvPwd0UTIfrLixNlREPAg5N4xfygxV_it0jckyjpPdeSyd9Z6cIkQ==
Age: 113


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /images/website/cooperation.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 4873
last-modified: Sun, 27 Sep 2020 19:44:35 GMT
etag: "5f70eba3-1309"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced\012- data
Size:   4873
Md5:    5382901791553f8393279f85e6461044
Sha1:   2ad314af4afd8e5ceb9f0afdf929a5396270fece
Sha256: e577bbb2f6b6b9a09e7f6a56331c54e4c86f40ec5f9cc8e363da7c4bf920f479
                                        
                                            GET /images/website/ico_facebook.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 1089
last-modified: Tue, 15 Jan 2019 08:25:59 GMT
etag: "5c3d9917-441"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 62 x 62, 8-bit colormap, non-interlaced\012- data
Size:   1089
Md5:    0dbac63b086c858d2bb9b1b372c699ac
Sha1:   f76dc5225fb92019c85dfb1755634fb019524050
Sha256: 6f19be48d532dfb4f321ebeb4f35310e76e27d7a67e73f4e869ede111f0236fb
                                        
                                            GET /images/website/ico_mail.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 1401
last-modified: Tue, 15 Jan 2019 08:25:59 GMT
etag: "5c3d9917-579"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 62 x 62, 8-bit colormap, non-interlaced\012- data
Size:   1401
Md5:    b10e4586c62db8adc2c386da76d8c3e6
Sha1:   dc0c07b51b0fa280c57d918776ef2e31545d7050
Sha256: 7ec08e01686f722c13ba4313fe27c730ca02fd065a725960f394cf76f8256114
                                        
                                            GET /images/website/ins.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 10768
last-modified: Mon, 02 Sep 2019 03:18:37 GMT
etag: "5d6c8a0d-2a10"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 268 x 268, 8-bit colormap, non-interlaced\012- data
Size:   10768
Md5:    fbda01ac67e17da8746bfe47bc3ec175
Sha1:   6acaf506f199cf67090adc8531abca2d3315bdb9
Sha256: 83f99b81d31385353aac7f1c78d6f8d5c7d80e517cb5c14a29f1ea583ce00778
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:39 GMT
Last-Modified: Tue, 27 Sep 2022 22:12:39 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 727

                                        
                                            GET /nnRvXLj/cutout-1640173531.png HTTP/1.1 
Host: i.ibb.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.210.3.236
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 136919
last-modified: Wed, 22 Dec 2021 11:47:29 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 640 x 486, 8-bit/color RGBA, non-interlaced\012- data
Size:   136919
Md5:    8f1dc836af8dea6a19ef8df053106bdf
Sha1:   62cebb8173438a971f4d3399247bede580b3c155
Sha256: 536f4f9dcac1ec3e90462bce72ee98484c2f8bfb7598bdeb3f012252f2997170
                                        
                                            GET /AlexHostX/logAlex/6e61ca3b0b15b5e31a9a43579821321116c6af0c/higgs_domino.webp HTTP/1.1 
Host: raw.githubusercontent.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://get.freetopdomino.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.199.108.133
HTTP/2 200 OK
content-type: image/webp
                                        
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
etag: W/"d9527d165e24e9571f1b1849da54a3241f813f3517452ffa33d21cd9b98fdaf8"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: ED9E:40BB:1B9AEA:28B699:63337557
accept-ranges: bytes
date: Tue, 27 Sep 2022 22:12:40 GMT
via: 1.1 varnish
x-served-by: cache-bma1639-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664316760.815127,VS0,VE190
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 8696e103a37ca882b57ecfd6016bdc801206b09e
expires: Tue, 27 Sep 2022 22:17:40 GMT
source-age: 0
content-length: 43656
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   43656
Md5:    767df14ef1034a96416741103cf9f4f9
Sha1:   c9cc7a33c625ac767e5ca441570041142da28e6b
Sha256: 5fc4b0a80e12e40d6b26e8e52f1117a6fbef2cff6399c18b7101bbb6df05e84f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4786
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:40 GMT
Last-Modified: Tue, 27 Sep 2022 20:52:55 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /images/website/btn_receive_pup.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:40 GMT
content-length: 4697
last-modified: Thu, 21 Feb 2019 02:15:31 GMT
etag: "5c6e09c3-1259"
expires: Sun, 26 Mar 2023 22:12:40 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 248 x 78, 8-bit colormap, non-interlaced\012- data
Size:   4697
Md5:    9bce3003acc1283c30ba8c3f60f1a1e2
Sha1:   1cb34ab4975698b764ab553e52d79b80d7fcdc12
Sha256: dccbf0003961459ac7f2744a5a469a5b15b9a735b0e48348cc0aed0eebea81cd
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:40 GMT
Server: ECS (amb/6BAB)
Content-Length: 727

                                        
                                            GET /images/website/webShop/colse_exchange.png HTTP/1.1 
Host: sdomino.boxiangyx.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         47.246.44.206
HTTP/2 200 OK
content-type: image/png
                                        
server: Tengine
content-length: 2746
date: Mon, 05 Sep 2022 14:24:55 GMT
last-modified: Wed, 12 Jun 2019 06:06:48 GMT
etag: "5d009678-aba"
expires: Wed, 05 Oct 2022 14:24:55 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
ali-swift-global-savetime: 1662387895
via: cache19.l2de2[0,0,304-0,H], cache6.l2de2[3,0], cache4.se1[0,0,200-0,H], cache3.se1[2,0]
age: 1928865
x-cache: HIT TCP_HIT dirn:2:463616670
x-swift-savetime: Mon, 05 Sep 2022 20:01:38 GMT
x-swift-cachetime: 2571797
timing-allow-origin: *
eagleid: 2ff62c9716643167604287466e
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 50 x 53, 8-bit colormap, non-interlaced\012- data
Size:   2746
Md5:    28157c0a71562b6999586445cf226e2b
Sha1:   69d5df37b71b5a86b1817c0bd47fcf0baf383f23
Sha256: 2b8fc3da893107ff17c22a6d1e01a655fa67a0753dcaa8dc2fda02611e3f3e5c
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SxFzKpaINlYOyuKqZY3CIQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.218.164.174
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IHGYQC2C5vsAxWn64eLCpO+v+M4=

                                        
                                            GET /images/website/img_swiper_2_07.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 108026
last-modified: Wed, 05 Aug 2020 08:11:57 GMT
etag: "5f2a69cd-1a5fa"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 658 x 362, 8-bit colormap, non-interlaced\012- data
Size:   108026
Md5:    69ae4e8748f839bb54447ac2559792f1
Sha1:   6586536afdbbf88522406d9d800cb183e4f82f0c
Sha256: 6165bdc8e8a7f1690e49403676fb0a17ada1ae1f1770c099690db2c6eee8cd7b
                                        
                                            GET /images/website/img_swiper_2_05.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 116823
last-modified: Wed, 05 Aug 2020 08:11:57 GMT
etag: "5f2a69cd-1c857"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 658 x 362, 8-bit colormap, non-interlaced\012- data
Size:   116823
Md5:    43aa92cac8e458e0e457559a6645877c
Sha1:   49047a61717b60051e1091a39624e8f16b4a71bd
Sha256: ade4ad845b0e767236de200685898be4f27748b29ce2f952926a7002fcef797a
                                        
                                            GET /images/website/img_swiper_2_03_1.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 116228
last-modified: Tue, 11 Aug 2020 07:15:08 GMT
etag: "5f32457c-1c604"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 658 x 362, 8-bit colormap, non-interlaced\012- data
Size:   116228
Md5:    26ab886c632c49ee28c77d3ec291da9e
Sha1:   043ddfc699353839941f6d690fd84518e52698f2
Sha256: 7c20aae4cc7241a368eb05f50d58da5348c33cde3d9946a2888998e4e592bba4
                                        
                                            GET /images/website/img_swiper_2_04.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 119249
last-modified: Wed, 05 Aug 2020 08:11:57 GMT
etag: "5f2a69cd-1d1d1"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 658 x 362, 8-bit colormap, non-interlaced\012- data
Size:   119249
Md5:    3db1f3ff93ee6bc780fe504cb18a4584
Sha1:   12e512ff43ab72718f2c9da97ff32115f92a424f
Sha256: 10e6f666fac4540724d1685d3999fb2e287bf66f51af1a3f3a317b53bb81eefb
                                        
                                            GET /images/website/img_swiper_2_02_1.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 116324
last-modified: Tue, 11 Aug 2020 07:15:08 GMT
etag: "5f32457c-1c664"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 658 x 362, 8-bit colormap, non-interlaced\012- data
Size:   116324
Md5:    a53845a92ec388d15619a54717493337
Sha1:   e44abad944221c032fa13ecf6e2f04b3a956ed5a
Sha256: d4eec2792b15fba21694e5b49f527b08028c410e7bc974678402e68fa582b03a
                                        
                                            GET /images/website/img_swiper_2_06.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 120887
last-modified: Wed, 05 Aug 2020 08:11:57 GMT
etag: "5f2a69cd-1d837"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 658 x 362, 8-bit colormap, non-interlaced\012- data
Size:   120887
Md5:    b7aaa6069cc7d4fb760cbc5c116805b5
Sha1:   a78bf70cd74082fc08219d9400ee7f40e81969f1
Sha256: 8be7d3c0dd3d50e0ff2a826620b38c3678bb07e3225d6b31e4dbf97667372f97
                                        
                                            GET /images/website/img_swiper_2_01.png HTTP/1.1 
Host: static.neptunegame.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.244.144.129
HTTP/2 200 OK
content-type: image/png
                                        
server: BKWS
date: Tue, 27 Sep 2022 22:12:39 GMT
content-length: 126594
last-modified: Wed, 05 Aug 2020 08:11:57 GMT
etag: "5f2a69cd-1ee82"
expires: Sun, 26 Mar 2023 22:12:39 GMT
cache-control: max-age=15552000,public
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 658 x 362, 8-bit colormap, non-interlaced\012- data
Size:   126594
Md5:    a81ee33b7164d550bb0f4669267f2229
Sha1:   1d3f2f29782d0a8c5ed0da56c133ea2a1c515721
Sha256: 4c0c041b27a0f61a877e3fdf2c88d0e5eda1d959933406b0b3be6f5eab958534
                                        
                                            GET /haykaljb1/img/koin/3.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:39 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 511017
date: Tue, 27 Sep 2022 22:12:39 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   511017
Md5:    c1ad88528a87951f1a1d0f48029a650e
Sha1:   d37bc2737aeda144d91fd4b637cdd56c6b8b182a
Sha256: 2a42f67b8fda88619ae04ccf60c3b75e9209ee1f751157766a75e20cbbcecc92

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/koin/4.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:39 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 454892
date: Tue, 27 Sep 2022 22:12:39 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   454892
Md5:    1f2e15375dac911c4de6d8173f8fc105
Sha1:   1997dcb0b07821542cc7d411a9ccee81522fb6be
Sha256: 39f9348440b885b3054dbcb28590f8ea713554b1a21ac5e8e6868770717e87ab

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/koin/2.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:40 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 396655
date: Tue, 27 Sep 2022 22:12:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   396655
Md5:    2dd1541ecd4101501cb1e95e6216f675
Sha1:   97ab51542a4694d7e5b1c7157b5d2f6ba38e7846
Sha256: 502e15c57e4b77b05567c0c342603cd506ee92ea342c2e6e3891ff07f558bb1f

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/koin/8.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:40 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 540630
date: Tue, 27 Sep 2022 22:12:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   540630
Md5:    6d8d93b3f3a695e3f188233456ecae0e
Sha1:   519adb69c26efc6b68888663913e4d81aee00580
Sha256: ac44ffd001e2bc57986890226dfd8aa9e68137d366bbf9112ea6f92b035ff644

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/koin/9.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:40 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 541578
date: Tue, 27 Sep 2022 22:12:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   541578
Md5:    f25c34f6237f12e3703580915b22b35b
Sha1:   9cd9d80899936f0fab9978b338beea24e6e00fbd
Sha256: e1fc032fdb2b9c66146369f55fa14e69fb9991bbc4fec9dacadab9dd1e91afb0

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/koin/7.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:40 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 503911
date: Tue, 27 Sep 2022 22:12:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   503911
Md5:    18ac565c0a57350a77f458be4f01a85f
Sha1:   a1e3dffe6284ddbfb17f6cc57833b307901e3f01
Sha256: cf19536c869504d99011c95c83456e91dc7e22c3c60501951e4fcb5ed810011d

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/koin/6.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 504749
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   504749
Md5:    f88fbbe02bb5fc4e96805fb3d31161e1
Sha1:   4e7ef3ee08815458540bce8536d9206e2e9f4068
Sha256: f4959b42e3c924f666a2101f8e66bae5c06a1a859862777bb0bf18948cebe395

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/koin/5.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 457582
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   457582
Md5:    c45a91d8c2642e9f401a2b86b8640742
Sha1:   54a75bab52727f515e026e93c3d059605be01207
Sha256: f72ef1d1e999a6fb3d1a8763955ecba420fb653add1c44360921228b68404ea7

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/koin/1.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 360587
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   360587
Md5:    f87ae4afca4b65636748bcce49328220
Sha1:   5af13c3112525f441ded4121980bd98c67479b93
Sha256: 9c0112f478d6e4abedd813667bbaecc9074cf3ba3e4769015ac9dab675529ffd

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/sound/toast.mp3 HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 206 Partial Content
content-type: audio/mpeg
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
content-range: bytes 0-6389/6390
content-length: 6390
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural\012- data
Size:   6390
Md5:    e0b7b70f05afd310e41cbb3a6ab57823
Sha1:   96dbf2c782aa7cdf98aafdccd5dc871b7e9ab7f7
Sha256: 567a460666fc9a2265e165323cdb005d3dc397bc6bd790fb7d5b43cc96d83a9b

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/14.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 11205
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 144 x 126, 8-bit/color RGBA, non-interlaced\012- data
Size:   11205
Md5:    539e183e87ddead0d56114ae9579901d
Sha1:   d8e7616292d832131087dfbea5709b1118a80697
Sha256: 3a1987bc7f1d4e0a544a2d61684511e2d757e5bb9c7b3311c5bf7908f24e5048

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/4.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 35602
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 151 x 148, 8-bit/color RGBA, non-interlaced\012- data
Size:   35602
Md5:    cd4706b9eb27d9d256a7f3fa2528ee95
Sha1:   77b9423e5e8e28cc3d2878627d1ac2b9a4059e62
Sha256: 2a93d6218c88513d3a24961c1548836d64c27c6a24da6e818eade951b9ef4152

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/3.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 36653
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 154 x 154, 8-bit/color RGBA, non-interlaced\012- data
Size:   36653
Md5:    064d363e0e91c401b1f9474fc3e768ec
Sha1:   427a63c7ded852392067cd109529aa8ab1588da8
Sha256: d3c6a6dfb5bd37023040cd0066341ba4cf568f7a5fcf4013d02edaf9b8dff562

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/berlian/6.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 592614
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   592614
Md5:    53e52d5ae6d0e26a375b8fc9c227d8fb
Sha1:   2ed5097e80d568363beb3d33727a3ffe69315672
Sha256: 1cdbdbb8da3d7542155086e2c5cb49893f3cc0cf38345d3d257731baea0d8576

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/12.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 10815
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 92 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size:   10815
Md5:    1d88f09f46337c60eca507341104ddda
Sha1:   847692e2f3d65ef834c7a92edc060a90d974afd7
Sha256: 44ebe6b06cfef158596db789acc73ecc24b57bc3f52373ef84b11dd8e59f3a0b

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8127
Expires: Wed, 28 Sep 2022 00:28:08 GMT
Date: Tue, 27 Sep 2022 22:12:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8127
Expires: Wed, 28 Sep 2022 00:28:08 GMT
Date: Tue, 27 Sep 2022 22:12:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8127
Expires: Wed, 28 Sep 2022 00:28:08 GMT
Date: Tue, 27 Sep 2022 22:12:41 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14464
x-amzn-requestid: 5cbbafdb-3f69-4ee2-9e46-c1ff0ed4ef14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPFiooAMFulA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-633a649700e040b91deadb64;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cNryG5vkxZuFATZfcNW9Z1-0teUBWLRyWslX1onwYlDCQBUjU2xVdA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 1598
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14464
Md5:    aa5cad224dbddd71881bd07255beb4da
Sha1:   bc214d60be395d4cf753216ff8f9691c33d25e75
Sha256: 82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fcxclGRP3zfWwb6opjYU2bL9VAq_mCSNjFtfp9iMLq6tbZu57EDqpQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:04 GMT
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
age: 1357
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13299
Md5:    ad84ed0c5b2090df7996007514cf1984
Sha1:   651600f2ef18cecc2e38370069bbb5e1d86f68e0
Sha256: a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa8d9d6-9650-4c92-a2db-529657be591b.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10031
x-amzn-requestid: 0ac9a228-b6ce-4695-b269-f6a5ba959576
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4HTsoAMF8dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-1d1cacef2608d5820b2bc1b1;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kqeQV7wIw3SgSUFs3Nd3ZOV_0b9ETAw1X1_c40UXEjLZAT-JTqIQhQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:04 GMT
age: 1357
etag: "e26e7e4f7c67d680f0c2d0fa84dcb77ffbef6a49"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10031
Md5:    07f06c54e3b1431203308e4134e7efcb
Sha1:   e26e7e4f7c67d680f0c2d0fa84dcb77ffbef6a49
Sha256: 2814f21c6a21623c189163672867272eb24f754d3d22a8285349e5dd9f6b49f7
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9314
x-amzn-requestid: ed84d0e5-30c5-4841-ba9d-3626234b2056
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VbFqBoAMFy-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c22-5d0ccbc31fb085be45ef947b;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: yBDUlVwqRnXuJKsaz3vbFNhtNvihQMuk5wX5y4UmEKm1D21wSVdJHQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "60c873f097c85376797fed366804119f7e9c445e"
age: 1423
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9314
Md5:    3c58fdf09a7d552be0c8666522a29de7
Sha1:   60c873f097c85376797fed366804119f7e9c445e
Sha256: 24569f084d3fd428526503bde8b3da64152911934cd5e0e9140c06d954e4bcd9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11314
x-amzn-requestid: 0ceafc65-764c-4367-b031-257061eb65d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF00oAMFUpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-0d46481b7394081b14a81131;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ve8l6PxpMuBLt5BxwywNpqM2ISt0zy2r_gweYnVw4X65PBEhpMbckg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:00 GMT
age: 1601
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11314
Md5:    ee83d08d024d127fad5918e1ffacb78b
Sha1:   8ad289a77705358ab660b6123e9d90de991b6c13
Sha256: aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32ba25b9-e398-414a-9dde-2f155c8c15f3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9407
x-amzn-requestid: 97cabe42-e11e-47ee-bb7b-d193b703ddad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPEpmIAMF_AA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-3d8db9cc3ff1d8305fae4d24;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 3upcqY5Ak2VMUrhEKOdfnd9jrX9R_Gt_g5Avyn3xVIhfQGiao4sl8A==
via: 1.1 76dcc62b68091cc715d50b5017be77fc.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:04 GMT
etag: "cff7127ee9309fcc0ad5143112ef832667ba8be0"
age: 1357
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9407
Md5:    be4273ebf3ccd4e408ed8f336d5120e5
Sha1:   cff7127ee9309fcc0ad5143112ef832667ba8be0
Sha256: 37dfdb5cf400e8bf3f314c67a641dd5fcba0f3937ff7249d2819a498436bafb4
                                        
                                            GET /haykaljb1/img/dekorasi/10.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 34688
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 147 x 144, 8-bit/color RGBA, non-interlaced\012- data
Size:   34688
Md5:    b93c01836a3d421fe926dc88de978436
Sha1:   7d653a96312928037132cb4872d53dedf9901f1e
Sha256: d85ac2d615a9938b2fe8d70b297aa30ac6a77619d5d91fc520349b2880b6a0a3

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/11.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 36905
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 153 x 157, 8-bit/color RGBA, non-interlaced\012- data
Size:   36905
Md5:    a0cdb9e11be4a00a2f83fe3c7a4bb7a7
Sha1:   0b339679fbf6fce02eab327700bb1ecefd47ecf5
Sha256: d60eb1e71512b4f79a0cfe502b75103df824ecb88465609597f465b725bede59

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/15.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 7965
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 107 x 99, 8-bit/color RGBA, non-interlaced\012- data
Size:   7965
Md5:    cdc935c160428c5bfa6f3bbb61fe0729
Sha1:   351d2979c1e54485c78da69489454936be0b094d
Sha256: 3e31c403a7912cbd4067b05e61094e99c3810c45f5ecf80bf63f307008abd7d1

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/17.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 11686
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 126 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size:   11686
Md5:    1aab14a330f1e21ac8a8322d1d5690fa
Sha1:   86daa146ff572b6457bdc3f2a79c9822f7cd438c
Sha256: 2fdecdccf1b2fe09c817f5f08477524a1f04b96c4de6943629ecef0f876c050a

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/berlian/5.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 591587
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   591587
Md5:    c33ae7ec190adace27a448ebfde9291b
Sha1:   8dfb7e927373ccd927000e1188c1e57b8043d8f6
Sha256: d78eee6a3d926a3be51899df182f06881738700c02d7b6ae463da0862810be12

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/20.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 10638
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 135 x 145, 8-bit/color RGBA, non-interlaced\012- data
Size:   10638
Md5:    deadc0b65e2673212d5521a3833df13c
Sha1:   f41ea8d903daa9e8036ee5f28ac369512154d456
Sha256: bdee69755ec197940cc790805ad19b2d079a73b44f6cdff7fe79404b9e3f4e26

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/16.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 13832
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 153 x 131, 8-bit/color RGBA, non-interlaced\012- data
Size:   13832
Md5:    b2e7b1b8e2f7585bf991c31f60359549
Sha1:   3fc7ab43289cf58e8f6797353d4701e96ad0a644
Sha256: f5279be28e3df9878ec342bc2eb37125755beda5bfe00093d790bb0061fa2739

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/berlian/4.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 586465
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   586465
Md5:    e72501c6fc3e995aaad2571595419d2e
Sha1:   cd0dca8278dafc354b865cd9b2e703ecc0c75a27
Sha256: 72f80666e638d2e0fbcf6d6e4eb21bbaa79287e588c09a59dff09c1866fc130a

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/berlian/1.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:41 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 587662
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   587662
Md5:    17c7fc556d74fada9ab177594ad7b57e
Sha1:   e17296f5ca4f152e33128c261f125463718f8b65
Sha256: fa090f607b69df35688e4d482d27805278821905d4abc39be318c4361b1edd0d

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/1.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 36160
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 156 x 158, 8-bit/color RGBA, non-interlaced\012- data
Size:   36160
Md5:    8fbf86000bc45b3b2ff9e53e421a2725
Sha1:   2ec052bd9d50a4b3d06bb242f244c4f3cf07d5e2
Sha256: 982a27713b5bb632a39bbcbf54c3d42c784ca8feee1f16e0e518dee5200262e0

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/18.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 8361
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 107 x 114, 8-bit/color RGBA, non-interlaced\012- data
Size:   8361
Md5:    9eb8a030da6e8e077ce66d4db66ea98e
Sha1:   980c42090c77c5ae6a17dfeab69e93e9fa73ab16
Sha256: 161b4852deb8e953c19a3b5c60de379675dd21892b8d3e9025ea14a20526428f

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/berlian/3.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 585427
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   585427
Md5:    0c61614fb6f882b8681c5af48df7981d
Sha1:   601f7daa6a9ba2126135278a0791d9a217b8b73c
Sha256: 7a4beea234b42692051fc78fadddc014bd4b9b9bf83674509da9e1db0a531e6b

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/19.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 12469
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 146 x 154, 8-bit/color RGBA, non-interlaced\012- data
Size:   12469
Md5:    9f4981597a131e60eff567f856714c6d
Sha1:   01dd9f7574e7865238f0280d83d36c298946ed83
Sha256: 4645da349a2e0c28069f2f0662238224a86f334e19a9af5018072536e625d9f0

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/2.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 37829
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 151 x 154, 8-bit/color RGBA, non-interlaced\012- data
Size:   37829
Md5:    6a39d44395b507e08fd0ac2f9cc24603
Sha1:   fb3ef166dcf76c08c8063930ed8dbed1bd93f9cc
Sha256: 4314b3d27f82ba3e3cee7dfad1cfb5c4e5651e877aa1273fbae5baf9c6d34b06

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/8.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 36395
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 151 x 151, 8-bit/color RGBA, non-interlaced\012- data
Size:   36395
Md5:    90a7d962b85d6f916d79d3d4e1849ae7
Sha1:   d0094eba6d4e31485c83982f6251a77ac4039456
Sha256: e6f2623b82396431a0267c9aefe2ec391a2c56b0f63d7e3583812be162c38533

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/5.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 37786
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 154 x 164, 8-bit/color RGBA, non-interlaced\012- data
Size:   37786
Md5:    d40af8edf821c1bd3f0b12cb6cdb5781
Sha1:   8f775149328b1df5b84aa8a94370b95d99453a8e
Sha256: bd3f78901d8a5e16556875fc55240fbd725775f87845fb2db47d353ff2bba2c3

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/13.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 10001
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 113 x 108, 8-bit/color RGBA, non-interlaced\012- data
Size:   10001
Md5:    3196c80a8a3073cbfdb3412f90883a53
Sha1:   416c3ce248edf3c83b18577d56e0afb065e25598
Sha256: df453dbe6984e5387a46cdbab376c63ed0a85b8bbc2b1b23de47843510e36956

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/7.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 37053
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 149 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size:   37053
Md5:    eabb70801fb269f5a3de44baedbb9c74
Sha1:   d5871d6c0ae57f9828f7f2c5d04b07fb7bd2690f
Sha256: d8c8288da4fba712c8ac658d944d9c6ebbec870a9554013614dba3b3ec5632e4

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            GET /haykaljb1/img/dekorasi/9.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 38800
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 158 x 157, 8-bit/color RGBA, non-interlaced\012- data
Size:   38800
Md5:    01643d65736e3f1e5a725d75214a3814
Sha1:   df555d70aec4b9386bf47e09bfe9d34a785e36c7
Sha256: da0b3b58a22309b3f949e43c54509310118161d8e9937ef5f9b8200fbc101c91

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 22:12:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /images?q=tbn:ANd9GcRd9tHZRMC3UW7nRU5dSitnrHkxC4oHL6LoNw&usqp=CAU HTTP/1.1 
Host: encrypted-tbn0.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.78
HTTP/2 200 OK
content-type: image/jpeg
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 30690
date: Tue, 27 Sep 2022 22:12:42 GMT
expires: Wed, 27 Sep 2023 22:12:42 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Aug 2021 21:10:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 554x554, components 3\012- data
Size:   30690
Md5:    17aaa2ddf08a352eac4676460be1be86
Sha1:   ec4b4586a05fd64b39570f8a193dad285f63a246
Sha256: 349a427acd6cbf69938ec4aeecba671595892fdcefac0c17ebe2a552940e26dd
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 22:12:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /haykaljb1/img/berlian/2.png HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 22:12:42 GMT
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
accept-ranges: bytes
content-length: 586449
date: Tue, 27 Sep 2022 22:12:42 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size:   586449
Md5:    5759c23634ce4fb86ff009d75dcd71f9
Sha1:   0daad8e07430ae14920e77b43f0fc486a4354bb4
Sha256: f2279ff88663f197ba08453540d2f63d264f1b6e7f853c397d903b2c22229bda

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 22:12:43 GMT
Server: ECS (amb/6BC1)
Content-Length: 471

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.bosbosgames.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         170.33.97.2
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Tue, 27 Sep 2022 22:12:43 GMT
Content-Length: 3074
Connection: keep-alive
Set-Cookie: aliyungf_tc=1dd4474ba9f9539e9a08e1d79e2e3885d51bfcb831d0944bdda02e7483242079; Path=/; HttpOnly
Accept-Ranges: bytes
ETag: W/"3074-1632472003000"
Last-Modified: Fri, 24 Sep 2021 08:26:43 GMT


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   3074
Md5:    5d26b0cd6f3b253b005d454bcad1f6f9
Sha1:   3f2ed546a4523ed41abc31f983841d05ece1e2b1
Sha256: 0508d1050eaf8e943e0e60007b13036d081828400aff3932a7f56a1a81cc0873
                                        
                                            GET /AlexHostX/protect/a64076479559076b6e31356a0fb6188d291204ce/watermark.css HTTP/1.1 
Host: rawcdn.githack.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.234.230
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Tue, 27 Sep 2022 22:12:39 GMT
etag: W/"8cbc601be6a6a4a8de11e874a08f4635bb2103954e29be8f44a2287251cf89b8"
x-content-type-options: nosniff
x-github-request-id: 5B3C:4976:637B93:6ABF09:62C0A41D
via: 1.1 varnish
x-served-by: cache-hel1410027-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1656792093.487857,VS0,VE218
vary: Authorization,Accept-Encoding,Origin
x-fastly-request-id: 7d426eef06f3d9def44ebd751dc65235333b1c3c
source-age: 0
expires: Sun, 02 Jul 2023 20:01:33 GMT
cache-control: max-age=31536000, public, immutable
x-robots-tag: none
access-control-allow-origin: *
x-githack-cache-status: MISS
cf-cache-status: HIT
age: 7524512
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZyinxnAPHfK%2FfuN3opt0p3Skx9ESO1UqKiVEHy%2B1rbOsaA1T4DumH4INmiIA3W6pFUgDbSTKdzRKQZF0Bz6BcXB9bgx8D0dbN%2FGdvU0cd9rqu2XGuGzdD6kH6jd63ltgE%2FDSE4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751795046ee07723-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /AlexHostX/protect/aaa1462a19b8d8b6cbd68101a5ac89f4955b49de/input-exception.js HTTP/1.1 
Host: rawcdn.githack.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.234.230
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 27 Sep 2022 22:12:39 GMT
etag: W/"7efc1fe69d2bae7cf5f7f6503e53cd6825675b937514a5660fadff678c23ad05"
x-content-type-options: nosniff
x-github-request-id: BFC8:13DE2:381BBB:3C3E84:620D4605
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1645044130.872247,VS0,VE184
vary: Authorization,Accept-Encoding,Origin
x-fastly-request-id: bf3b051db80155bbd014f6542505d017efdca279
source-age: 0
expires: Sat, 05 Aug 2023 05:14:31 GMT
cache-control: max-age=31536000, public, immutable
x-robots-tag: none
access-control-allow-origin: *
x-githack-cache-status: STALE
cf-cache-status: HIT
age: 1118054
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZBTzOGI%2BeMlZbX99gKJ%2FA%2Bm7D3MgIbXvGwe51q4E9ba%2BoFl4Iu8LW%2Flm7Rl6fw44MgJ9VyD9ZprUyInvv26p2uXblMZxoXsJMulmlxGEQMmk%2FAVhu5jWeo7wLpI9aaUmw2mo2L0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751795047ee87723-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1 
Host: stackpath.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.11.207
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Tue, 27 Sep 2022 22:12:39 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/15/2021 21:49:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
cdn-cache: HIT
cf-cache-status: HIT
age: 9763513
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 751795038bffb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /AlexHostX/all.asset/c9f3ddecc56e688f8660a2d31a5beea4909fa5b9/alex-facebook.css HTTP/1.1 
Host: rawcdn.githack.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.freetopdomino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.234.230
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Tue, 27 Sep 2022 22:12:39 GMT
etag: W/"0a8f3f8981d9c9102640cd89134620b5b03a473db8c3d339e31ddde5838eb64c"
x-content-type-options: nosniff
x-github-request-id: 8D0C:F96D:117070B:12456EB:617A6314
via: 1.1 varnish
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1635410709.943455,VS0,VE184
vary: Authorization,Accept-Encoding,Origin
x-fastly-request-id: fd6966b4cae299fa4cde1d9b0f6fd2b4f1494f2d
source-age: 0
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, immutable
x-robots-tag: none
access-control-allow-origin: *
x-githack-cache-status: STALE
cf-cache-status: HIT
age: 28849893
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wyoRmmCnA5ugV8fcGi4yDBP2bcxzD5wbokc9oq%2FzhrSKBpdsCtcd9Ogfao%2FeQgDyVmrT3AkPf0nDJTy%2FhbPdxBRef6CoPfYtgnjjFSK3i1YChxz4wL7RCVy4zy%2FbhMO%2BYZnbibI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 751795039d7f7723-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nkmsrxys.json HTTP/1.1 
Host: cdn.lordicon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://get.freetopdomino.com/
Origin: http://get.freetopdomino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.98
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx/1.14.2
date: Mon, 26 Sep 2022 04:00:25 GMT
x-powered-by: lordicon
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=432000
etag: W/"7ee3-yNoKsJ8m8Uke7zfeTv4j1Gm3dA8"
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Rj1z7rhrTFjMC1tePixwek3Im0xPDMIhq0hUHN6Q9mWHqox6Bjv0Ow==
age: 151934
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /mssddfmo.js HTTP/1.1 
Host: cdn.lordicon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://get.freetopdomino.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.98
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx/1.14.2
date: Tue, 27 Sep 2022 03:32:00 GMT
x-powered-by: lordicon
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=432000
accept-ranges: bytes
last-modified: Wed, 16 Feb 2022 20:01:24 GMT
etag: W/"44383-17f04200e97"
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -FoTPFCphxC9qLN-CeQsGtcCyEu0ZquYiSwP8aYQEAIMXikM09CcpA==
age: 67239
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /haykaljb1/sound/theme.mp3 HTTP/1.1 
Host: get.freetopdomino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://get.freetopdomino.com/

                                         
                                         20.189.78.99
HTTP/1.1 206 Partial Content
content-type: audio/mpeg
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Sat, 05 Feb 2022 14:23:30 GMT
content-range: bytes 0-474294/474295
content-length: 474295
date: Tue, 27 Sep 2022 22:12:41 GMT
server: LiteSpeed


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
    - quad9: Sinkholed